PRIVACY AND USE STATEMENT
The Oklahoma State University Foundation is committed to protecting the confidentiality of private, non-public donor and alumni information. Respect for a donor’s right to privacy is a standard of integrity for all Oklahoma State University Foundation activities. This policy is issued by the Oklahoma State University Foundation Board of Trustees and is intended to provide information regarding the collection, use and release of donor information. The Oklahoma State University Foundation created this policy in accordance with the Generally Accepted Privacy Principles (“GAPP”).
GUIDELINES ON COLLECTION, USE AND RELEASE OF OKLAHOMA STATE UNIVERISTY FOUNDATION INFORMATION
a. The Oklahoma State University Foundation (the “Foundation”) collects and retains certain information that is confidential and/or proprietary in nature, including personal information; trade secrets; proprietary methods; financial, business and marketing information; personnel data; data regarding constituents or donors; and other data that is the property of and integral to the operation and success of the Foundation; including but not limited to the specific following examples (collectively, the “Confidential Information”):
- Information pertaining to constituents (whether personal, financial, biographical or gift related) other than publicly available information or information authorized to be released by the constituent, including but not limited to, constituent lists, financial information, estate planning information, bank account numbers, credit card numbers, social security numbers, information stored and maintained in the Foundation’s development database, and all electronic and telephonic communications related to planned or charitable giving between the Foundation and constituents;
- Information relevant to Foundation fundraising and investment practices, financial affairs, all related past, current, and planned campaigns and developmental activities, current or planned operational methods and processes, and any specialized know-how related to the above activities;
- Current and anticipated fundraising or other types of organizational projections, including financial studies, financial and fundraising plans, and computer software and programs specifically developed for or by the Foundation to conduct its activities;
- Electronic data in order to provide a positive website experience, offer programs, products and services and report on user activity, as more partially set forth in the Electronic Data Information page, posted on the www.osugiving.com website; and
- Non-public information concerning the Foundation’s affairs, however documented; and all material derived thereof such as notes, analysis, compilations, studies, summaries, prepared by or for the Foundation, containing or based, in whole or in part, on any information included in the foregoing.
b. The Confidential Information is received from various sources including, but not necessarily limited to, the constituent; Oklahoma State University (the “University”) pursuant to a development services agreement; third parties; and other information gathered from the Foundation Board of Trustees members, University affiliates, volunteers, and Foundation staff. The Confidential Information is maintained, corrected and updated as necessary.
c. The Foundation retains the Confidential Information for purposes of, among other things, aiding the University in fulfilling the University’s mission of excellence. To succeed in this support, the Foundation must earn and maintain the trust of past, present, and future constituents. A constituent’s trust in the Foundation is enhanced when there is openness and communication. For this reason, the Foundation voluntarily makes public the following types of information:
- Annual report,
- Gift club guidelines,
- Mission and vision statements,
- Names of Board of Governors and Board of Trustees,
- Audited financial statements, and
- Endowment, investment and spending policies.
d. This voluntary disclosure of information is in addition to all materials the Foundation is required to disclose by law, such as:
- IRS form 990 (without schedule attachments),
- IRS form 1023 (tax determination letter), and
- Articles of Incorporation.
f. Notwithstanding the foregoing, Confidential Information may be made available on an as-needed basis to Foundation Board of Trustees members, University affiliates, volunteers and Foundation staff. The information made available for such internal uses may include, but is not necessarily limited to, giving history, as well as other information necessary for gift processing, cultivation, solicitation and stewardship purposes. Furthermore, Confidential Information may be otherwise released to other third parties; but only after consent is obtained from the constituent, if otherwise required by law, for the purposes of advancing the Foundation through resource development efforts that require certain Confidential Information to develop strategies and present gift proposals, for the purposes of providing names and addresses of memorial fund donors to family members, or for purposes of publishing an alumni directory as more particularly set forth in the Alumni Directory Policies and Procedures adopted by the University, the Foundation and the Oklahoma State University Alumni Association (the “Alumni Directory Policy”).
g. Confidential Information will only be released to third parties upon receipt of a signed nondisclosure and confidentiality agreement by the receiving party, unless otherwise required to be disclosed by law or unless otherwise set forth in the Alumni Directory Policy for purposes of publishing an alumni directory. All Foundation staff shall sign confidentiality agreements and will be subject to Foundation hiring procedures and performance appraisals relating to the protection of Confidential Information. In addition, all Foundation staff shall complete a privacy and security awareness course within the first month following employment and shall thereafter complete such course on an annual basis in order to retain access privileges. Furthermore, the Foundation applies security safeguards for Confidential Information and shall undergo periodic risk assessments.
j. The Foundation complies with the Payment Card Industry Data Security Standards (PCI DSS). One-time gifts or recurring gifts may be made online through the Foundation’s website (www.osugiving.com), by calling the Foundation (800-622-4678), or by mailing to the Foundation’s lockbox or physical locations. Online donations are processed through the Foundation’s secure online website, which does not store credit card information. Gifts called into or mailed to the Foundation are processed by Foundation staff via the Foundation’s secure online website or merchant services online terminal. Once the constituent’s credit card information is entered online, the Foundation immediately redacts the credit card number.
k. The OSU Foundation Privacy Incident and Breach Management Program, as implemented, updated and amended from time to time by the OSU Foundation, shall be followed in the event of a privacy incident or breach.
l. Refusal of a constituent to provide certain Confidential Information to the Foundation may result in the inability of the Foundation to provide certain benefits to the constituent, such as naming recognition and gift receipts. In the event a constituent’s Confidential Information needs to be updated or in the event a constituent does not wish to receive marketing or other solicitation materials from the Foundation, such constituent may make such a request by contacting firstname.lastname@example.org or 800-622-4678. Upon authentication of the identity of the requesting constituent, the constituent’s record will be updated and/or flagged according to the constituent’s request, until receipt of further notice by the constituent. The Foundation does not use government-issued identifiers (for example, Social Security numbers) for authentication of the requesting constituent’s identity. Comments, inquiries or disputes relating to privacy related issues may be directed to the Foundation’s legal department by calling 800-622-4678.
ELECTRONIC DATA INFORMATION
OSUGIVING.COM AND SECURE.OSUGIVING.COM
The Oklahoma State University Foundation (the “Foundation”) collects electronic data in order to provide a positive website experience, offer programs, products and services and report on user activity. Please be aware that none of these tools provide the Foundation with the ability to read any data residing on your computer.
DATA SECURITY AND STORAGE
The Foundation adheres to accepted industry security standards that are designed to protect any non-public personal information on this website against accidental or unauthorized use, access or disclosure. The technology we use is specifically designed for web servers. All of your personal information resides in the United States of America in a secure database behind a firewall where it cannot be accessed without proper authorization. Secure Sockets Layer (“SSL”) technology encrypts your personal information as well as your history if it is transmitted over the Internet. In addition, we periodically subject this website to simulated intrusion tests.
You also have a responsibility in keeping the personal information that is available on the Foundation site secure by keeping your account name and password confidential. This will help prevent any potential unauthorized access to your account.
SERVICE PROVIDER AND PARTNER COLLECTION OF INFORMATION
This site uses third-party click tracking analytics tools (such as Google Analytics) to capture click through statistics.
PERSONALLY IDENTIFIABLE INFORMATION
You have the option to register with osugiving.com and secure.osugiving.com. The site registration form requires you to provide your full name, address, city, state, country, zip code, email address, school name, date of birth, and create a username and password. You may also choose to provide additional optional information, such as, maiden name and graduation year. You may update this information at any time. You may opt out of receiving email communications from the Foundation.
Cookies are used on websites to gather information about how individuals use and navigate the Foundation website. Cookies cannot extract any personal information about you, nor can they read any data that resides on your personal computer or device. The data collected from these sources are used to recognize repeat users and track usage patterns. Specifically, the Foundation uses “cookies” which are small pieces of information sent by a web server and stored by a member’s web browser. Cookies allow a web server to preserve state with an individual user, or session, across page requests.
The following are examples of how we use the information collected from these cookies:
- Tracking resources and data accessed on the site
- Recording general site statistics and activity
- Troubleshooting website problems
- Tracking what tools users are accessing on the site
- Determine when and if a user completed a questionnaire
- Evaluating and reporting on a user’s activity or participation in an event
We may combine any of this information with other information that we have about you for data analytics, marketing and reporting, but only as permitted by law.
CREDIT CARD TRANSACTIONS
Some features of this website enable credit card transactions. This feature is completely voluntary for users. The Foundation complies with the Payment Card Industry Data Security Standards (PCI DSS). One-time gifts or recurring gifts may be made online through the Foundation’s website (www.osugiving.com), by calling the Foundation (800-622-4678), or by mailing to the Foundation’s lockbox or physical locations. Online donations are processed through the Foundation’s secure online website, which does not store credit card information. Gifts called into or mailed to the Foundation are processed by Foundation staff via the Foundation’s secure online website or merchant services online terminal. Once the constituent’s credit card information is entered online, the Foundation immediately redacts the credit card number.
DATA RETENTION AND DESTRUCTION
The Foundation complies with the laws and regulations related to both the length of time that it retains your electronic personal information and its proper destruction.
By visiting this site and by providing your personally identifiable information to us, you understand and consent to the collection, use, processing, transfer, and disclosure of your personally identifiable and non-personally identifiable information globally – including to the United States – in accordance with this privacy statement. Therefore, by visiting this site and by providing such information, you consent to the transfer of such information across country borders, and to the use, processing, and disclosure of such information in global locations. Your consent shall be deemed to include your consent to transfer of the personally identifiable or non-personally identifiable information to locations that may have different levels of privacy protection than in your own country.
LINKS TO OTHER SITES
This site may contain links to other sites. This site is not responsible for the privacy practices or the content of any such sites.
CHANGES TO PRIVACY STATEMENT
The Foundation may change this statement from time to time. When updates are made, the date at the bottom of the statement will be updated to reflect that a revision has occurred. We encourage you to periodically reread this statement to see if there have been changes that may affect you.
ALUMNI DIRECTORY JOINT POLICY
Oklahoma State University (the “University”), the Oklahoma State University Alumni Association (the “Alumni Association”) and the Oklahoma State University Foundation (the “Foundation,” and together with the University and Alumni Association, the “University Affiliates”), all recognize that alumni directories are an important tool in alumni relations and provide a valuable benefit to alumni of Oklahoma State University. The Foundation maintains a database of constituent information for gift processing, cultivation, solicitation and stewardship purposes (the “Development Database”) for the benefit of the University Affiliates. Because the information in the Development Database may be used by the Alumni Association for creation and publication of alumni directories, the University Affiliates need certain policies and procedures in order to best protect the confidentiality and proprietary information contained in the Development Database to the fullest extent provided by law.
Through the Alumni Association’s access to the Development Database, the Alumni Association may use certain information (the “Alumni Information”) pertaining to all living and deceased alumni, including individuals who attended the University but did not graduate (collectively, “Alumni” or individually, an “Alumnus”) to publish an alumni directory in accordance with this policy and the Alumni Directory Procedures, which procedures shall be created from time to time by and among the University Affiliates.
The Alumni Association shall have the first right to publish an alumni directory. The Alumni Association shall notify the University and the Foundation of its plans to publish an alumni directory. All proposed directory plans are subject to review and approval by the University Affiliates, including, without limitation, for compliance with policies and procedures, methodology, vendor contracts, and coordination of the downloading and uploading of data from the Development Database. The Alumni Association will also consult with the University and the Foundation regarding Alumni contact and marketing methods.
All Alumni – meaning all living and deceased alumni of the University, including individuals who attended the University but did not graduate – may be included in the alumni directory. Alumni Information relating to any particular Alumnus shall only be included in the directory after such Alumnus has received proper notice of the intent to publish that Alumnus’ Alumni Information (see below). Once properly notified, the following Alumni Information will be published for such Alumnus, depending on how the Alumnus responds to the notice:
- a. NO RESPONSE. If the Alumnus does not respond to the notice, only the following Alumni Information may be included in the alumni directory: first and last name, city, state, degree(s), school(s), and year(s) attended will be included in an alumni directory.
- b. RESPONSE. If the Alumnus responds to the notice with instructions on what Alumni Information can or cannot be included in the directory for the Alumnus, the directory shall include only the information authorized by the Alumnus, if any.
Proper notice for purposes of this policy means a multi-medium notification approach for each Alumnus, with a minimum of three (3) notification attempts over a period of ninety (90) days, before any Alumni Information may be included in a directory. Such notice may be through at least two (2) of the following mediums, if available: regular mailings, post-cards, emails, telephone calls and other forms of notice approved by the University Affiliates. The Alumni Association’s proposed mailing or other notifications must be submitted to the University and the Foundation for approval prior to any mailing or other notification to Alumni.
All information should be excluded for Alumni who elect to be excluded from the directory, whose mailing is returned as non-deliverable, who missed the deadline due to returned mail, or who are listed in any University Affiliates’ records as “Do Not Give Out Information,” “Do Not Include in Directory,” “Do Not Solicit,” or words to similar effect.
The alumni directory in whatever form produced must be distributed only to Alumni or Alumni Association members. The alumni directory must not be placed or be accessible in a library or in any other facility that is generally available to the public or anyone other than authorized employees of the University Affiliates and persons described above who are eligible to receive a copy of or have access to the alumni directory.
Failure to comply with this policy and the Alumni Directory Procedures may result in denial of future access to Alumni Information and other disciplinary action.
This policy is jointly adopted by the University Affiliates.