The GGFF’s Privacy Policy

Security and privacy are at the core of The GGFF’s practices; we care deeply about protecting the personal information of our donors and website visitors. Our goal is to be as transparent and forthright as possible about the data we collect, with whom we share this data, and how this data is used.

The GGFF will not sell, trade, or share personal information about our financial donors with anyone else, nor will we send mailings to our financial donors on behalf of other organizations. We may enter your name into one of our databases so we can contact you to obtain your input, provide information about our programs and events, or request contributions.

As with many other websites, the servers used to operate The GGFF website (hereinafter “the Site) may collect certain data pertaining to you and the equipment and communications method you use to access the internet and the Site.

What we Collect

The data we collect may include: user information (name, email, physical address and/or billing address, company name, phone number, job candidate information, geographic location, payment information, etc.), digital information (IP address, browser information and history, device information, meta data, certain provided social media identifiers, etc.), and information from other sources (publicly available information, information you provide at seminars, information you consent to be provided to us by third parties, etc.) We may also collect Site comments, survey responses and visitor interactions.

How is data used

To provide services and content
Account registration
Payment processing
Customer and technical support
Marketing, including customized advertising
Customized content
Business communications
Analytics and for statistical purposes
Maintain quality of services
Security, Compliance, and Legal reasons

Although, like many other websites, our Site may at any time, in our discretion, use “cookies” to help recognize visitors when they return to the Site or as they navigate through the different portions of the Site. We do not currently use cookies or other tracking mechanisms to collect personal or individually identifiable information.

While some aspects of the Site may provide information that is intended for children, we do not knowingly or intentionally collect personal or identifying information from children. We strongly recommend that children get their parent or guardian’s consent before providing any personal information. If you are under the age of 18, please use our Site only under adult supervision and with the involvement of a parent or guardian.

Protection of Data

The GGFF takes reasonable measures to secure and protect information transmitted via or stored on the Site. Nevertheless, no security system is impenetrable. We cannot and do not guarantee that information that users of the Site may happen to transmit or otherwise supply, or that any communications or electronic commerce conducted on or through the Site, is or will be totally secure. You agree to immediately notify us of any breach of the Site security or this Privacy Policy of which you become aware.

For any questions regarding this Policy or any of our privacy practices, you are welcome to contact us any time at the2gf2@gmail.com, Attn: Data Protection

GDPR and Switzerland Addendum to the Privacy Notice

Effective Date: May 19, 2023

This GDPR Privacy Notice Addendum is for residents of the European Economic Area (EEA) and Switzerland, and supplements the information contained in The GGFF’s Privacy Policy. This Addendum applies solely to EEA and Swiss Data Subjects including those covered by the European Union’s General Data Protection Regulation 2016/679 (GDPR) and applicable Swiss data protection laws.

In addition to the rights described, where the GDPR or related data protection laws apply, the following rights may be available to you:

Access: You have the right to access personal data we hold about you, how we use it, and who we share it with.
Correction: You have the right to correct any personal information held about you that is inaccurate and have incomplete data completed.
Erasure: You have the right to request we erase the personal information we hold about you in certain circumstances (e.g.; it is no longer necessary for us to hold that information; you have withdrawn your consent; we are processing the personal information on the basis of our legitimate interest and you object to such processing; or you believe your personal information is being unlawfully processed by us). We will retain the personal data if there are valid grounds under law for us to do so (e.g., for the defense of legal claims or freedom of expression).
Restriction of processing to storage only: In certain circumstances, you have the right to require us to stop processing the personal information we hold about you other than for storage purposes (e.g., for a period of time to determine the accuracy of your personal information or when exercising your right to object; or if you require us to retain the personal information for certain purposes such as the defense of legal claims). If we stop processing the personal data, we may use it again if there are valid grounds under law for us to do so.
Objection: In certain circumstances, you have the right to restrict or object to our processing of your personal information. We may continue to process your personal data if there are valid grounds under law for us to do so (e.g., compelling legitimate grounds or for the defense of legal claims).

Please note that as set out above a number of these rights only apply in certain circumstances, and all of these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests or where we are required by law to retain your personal information.

We will respond to requests to exercise these rights without undue delay and at least within one month (though this may be extended by a further two months in certain circumstances).

LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

Depending on what personal information we collect from you and how we collect it, we rely on various grounds for processing your personal information under the GDPR, including the following:

In order to perform our contractual relationship, including setting up your requested payments, renewals and processes;
Based on the consent of volunteer applicants for assessing qualifications, conducting interviews and making recruiting decisions;
Because it is in our legitimate interest to run an effective and efficient non-profit business and provide you with useful content;
In order to comply with any applicable legal obligations we may have to collect this personal information from you; and/or
Because you have provided your consent for us to do so.

INTERNATIONAL DATA TRANSFER

In order for us to fulfill your request, your personal information will be transferred to, stored at, and processed in jurisdictions other than where you live, including in the United States. For instance, your personal information may be processed by Team Members in the Philippines, who work for our organization. Laws in these countries may differ from the laws applicable to your country of residence and may not offer the same level of protection. In addition, in certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Our Services are largely operated in the United States. If you are located in the EEA or Switzerland please be aware that in order to provide access to our Services, the personal information you provide will be processed in the United States.

To exercise your rights, please submit a request to us by:

Sending an email to the2gf2@gmail.com.

We will need to verify your identity before processing your request. In order to verify your identity, we will generally require the matching of sufficient information you provide us to the information we maintain about you in our systems. If you are using an authorized agent, please note that you will be required to verify your identity and provide written confirmation that you have authorized the agent to make a request on your behalf. For requests to access or delete, we may require you to verify your identity directly with us, and directly confirm with us that you provided the authorized agent permission to submit the request.

CONTACT US AND COMPLAINTS

If you have any questions about this Privacy Notice Addendum or our data handling practices, or you wish to make a complaint, you may contact us at the2gf2@gmail.com : Attn: Data Protection Officer

If you think we have infringed data protection laws, you can file a claim with the data protection supervisory authority in the EEA country in which you live or work, Switzerland, or where you think we have infringed data protection laws, as applicable to you.

UK GDPR Addendum to the Privacy Notice

This UK GDPR Privacy Notice Addendum is for residents of the United Kingdom (UK) and supplements the information contained in the 2GF2’s Privacy Policy and other addendums relevant to you. This Addendum applies solely to UK data subjects who are covered by Data Protection Act 2018 (DPA 2018), and the UK General Data Protection Regulation (UK GDPR).

In addition to the rights described, where the UK GDPR and UK Data Protection Act or related data protection laws apply, the following rights may be available to you:

Access: You have the right to access personal data we hold about you, how we use it, and who we share it with.
Correction: You have the right to correct any personal information held about you that is inaccurate and have incomplete data completed.
Erasure: You have the right to request we erase the personal information we hold about you in certain circumstances (e.g., it is no longer necessary for us to hold that information; you have withdrawn your consent; we are processing the personal information on the basis of our legitimate interest and you object to such processing; or you believe your personal information is being unlawfully processed by us). We will retain the personal data if there are valid grounds under law for us to do so (e.g., for the defense of legal claims or freedom of expression).
Restriction of processing to storage only: In certain circumstances, you have the right to require us to stop processing the personal information we hold about you other than for storage purposes (e.g., for a period of time to determine the accuracy of your personal information or when exercising your right to object; if you require us to retain the personal information for certain purposes such as the defense of legal claims). If we stop processing the personal data, we may use it again if there are valid grounds under law for us to do so.
Objection: In certain circumstances, you have the right to restrict or object to our processing of your personal information. We may continue to process your personal data if there are valid grounds under law for us to do so (e.g., compelling legitimate grounds or for the defense of legal claims).

We will respond to requests to exercise these rights without undue delay and at least within one month (though this may be extended by a further two months in certain circumstances).

LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION.

Depending on what personal information we collect from you and how we collect it, we rely on various grounds for processing your personal information under the UK GDPR, including the following:

In order to perform our contractual relationship, including setting up your requested payments, renewals and processes;
Because it is in our legitimate interest to run an effective and efficient non-profit business and provide you with useful content;
In order to comply with any applicable legal obligations we may have to collect this personal information from you; and/or
Because you have provided your consent for us to do so.

INTERNATIONAL DATA TRANSFER

In order for us to fulfill your request or provide the Services to you, your personal information will be transferred to, stored at, and processed in jurisdictions other than where you live, including in the United States. For instance, your personal information may be processed by staff operating outside the UK, who is part of our team. Laws in these countries may differ from the laws applicable to your country of residence and may not offer the same level of protection. In addition, in certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Our Services are largely operated in the United States. If you are located in the UK please be aware that in order to fulfil your request or provide access to our Services, the personal information you provide will be processed in the United States.

CONTACT US AND COMPLAINTS

If you have any questions about this Privacy Notice Addendum or our data handling practices, or you wish to make a complaint, you may contact us at the2gf2@gmail.com Attn: Data Protection Officer

If you think we have infringed data protection laws, you can file a claim with the UK Information Commissioner’s Office (the “ICO”).

ADDENDUM FOR CALIFORNIA USERS

Effective Date: September 21, 2023

This Privacy Notice Addendum for California Residents (the “CA Privacy Notice”) supplements the information contained in the GGFF’s Privacy Policy and applies solely to residents of California, (“consumers” or “you”).

In addition to the rights described, where the California Consumer Privacy Act 2018 (“CCPA”) or related data protection laws apply, you may: 

Request to know the categories of personal information we collect about you, as well as the sources from which the personal information is collected; the business or commercial purpose of our collection; the categories of third parties with whom we provide your personal information; and the specific pieces of personal information we hold about you.
Request certain information regarding the opt out of our disclosure of your personal information to third parties.

Request that we delete the personal information we hold about you in certain limited circumstances.

Information We Collect as a Business Under the California Consumer Privacy Act (“CCPA”)

We collect personal information, meaning information that identifies, relates to, references, describes, or is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or device. For the purposes of this CA Privacy Notice, personal information does not include: 

Publicly available information from government records. 
Deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to a consumer.

We collect personal information from and about consumers for a variety of business purposes. To learn more about the types of personal information we collect, the sources from which we collect or receive personal information, and the purposes for which we use this information, please refer to the “What We Collect” and “How Data is Used” sections in our Privacy Policy. 

In the last 12 months, we have collected the following categories of personal information from the sources and for the purposes stated below.

Categories and Examples of Personal Information that may be Collected

We collect this information from you when you, visit our websites, establish an account or use our online contact us portal. We use this information to stay in contact with you for business purposes, confirm your identity and authenticate you.

Personal Identifiers: Name, alias.

Contact Information: home, postal or mailing address, home phone number, cell phone number email address, or other similar identifiers.

Commercial Information: Donations made and information relating to your donation.

Internet/Network Information: IP address, browser or device information.

Other Personal Information: Information you provide to us when you register for or attend an event organized or hosted by us, information you permit us to see when interacting with us through social media, or comments and opinions you provide to us such as when you post on message boards, blogs or complete an online form.

Inferences: Information generated from your use of the websites reflecting predictions about your interests and preferences.

Sensitive Personal Information: Certain information such as social security, driver’s license, state identification card, or passport number may be collected to confirm your identify or facilitate payment. However, we do not use or disclose the information for any reason except as necessary to perform the Service requested or to meet our legal obligations.

Categories and Examples of Information Collected from Volunteer Applicants

Pre-Hire Information: Information provided in your application or resume, information gathered as part of background screening and reference checks, information recorded in interview notes by persons conducting volunteer interviews for the organization, information contained in candidate evaluation records and assessments, voluntary disclosures by you.

Protected Classifications: Race, ethnicity, national origin, sex, gender, sexual orientation, gender identity, religious or philosophical beliefs, age, physical or mental disability, medical condition, veteran or military status, familial status, language, or union membership when volunteered or required by law.

Employment History: Information regarding prior work experience, positions held.

Inferences: Based on analysis of the personal information collected, we may develop inferences regarding a volunteer applicants’ preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes for purposes of volunteering.

Education Information: Information contained in your resume regarding educational history and information in transcripts or records of degrees and vocational certifications obtained.

How We Use Personal Information and Sensitive Personal Information of Volunteer Applicants

The Personal Information and Sensitive Personal Information we collect from volunteer applicants, and our use of Personal Information and Sensitive Personal Information, may vary depending on the circumstances. Generally, we may use or disclose Personal Information and Sensitive Personal Information we collect from you or about you for one or more of the following purposes:

To fulfill or meet the purpose for which you provided the information. For example, if you provide your name and contact information to become a volunteer, we will use that Personal Information in connection with that process.
To comply with local, state, and federal law and regulations requiring employers to maintain certain records (such as immigration compliance records, travel records, personnel files, wage and hour records, payroll records, accident or safety records, and tax records), as well as local, state, and federal law, regulations, ordinances, guidelines, and orders relating to COVID-19.
To manage and process payroll and/or organization-related travel and expenses.
To evaluate applicants and candidates for recruitment.
To obtain and verify background checks on applicants and to verify any references.
To communicate with volunteers regarding volunteer application related matters such as upcoming deadlines, action items, and other alerts and notifications.

Retention of Personal Information of Volunteer Applicants

The organization will retain each category of Personal Information in accordance with our data retention schedule. For more information please emailprivacy@2gf2.com.

Where We Obtain Personal Information

We obtain the categories of personal information listed above from the following sources:

Directly from you;
From our partners and affiliates;
From third parties whom you direct to share information with us; and
From your online browsing and usage activity on our websites.

Purposes for Collecting Personal Information

We may collect, use or disclose personal information about you for one or more of the following business and/or commercial purposes: 

To provide the requested Services to you; 
To take actions reasonably anticipated within the context of your application;
To provide you with useful content; 
To ensure the proper functioning of our Services; 
To offer and improve our Services;
To provide you with requested information or technical support; 
To facilitate your movement through our websites or your use of our Services;
To do a better job of advertising and marketing our Services (subject to your consent where required by applicable law);
To advertise and market third party products and Services (subject to your consent where required by applicable law); 
To diagnose problems with our servers or our Services;
In connection with our security and compliance programs; 
To administer our websites; 
To communicate with you; 
To target current or prospective customers with our Services through online advertisements served on third-party sites by third-party vendors, such as Google (subject to your consent where required by applicable law); and 
To assist us in offering you a personalized experience or otherwise tailor our Services to you.

Disclosure of Personal Information

In the previous 12 months, we have disclosed the categories of personal information we collect to the following third parties for the business purpose set out in the table below.

Categories and Examples of Personal Information Collected and Disclosed to Third Parties

Identifiers: Service providers and vendors, partners, authorized users within your organization and other members
our corporate family.

Commercial Information: Service providers and vendors, partners, authorized users within your organization and
other members of our corporate family.

Internet/Network Information: Partners and other members of our corporate family.

Other Personal Information: Third party service providers, vendors  and partners.

Inferences: Third party service providers and vendors, partners and other members of our corporate family.

We do not sell personal information to third parties.

Your California Privacy Rights

As a California resident, you may be able to exercise the following rights with respect to your personal information that we have collected, subject to certain exceptions:

The Right to Know

You have the right to request any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon our verification of your identity:

The specific pieces of personal information we have collected about you;
The categories of personal information we have collected about you;
The categories of sources of your personal information;
The categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
The categories of personal information we have sold about you (if any), and the categories of third parties to whom the information was sold; and
The business or commercial purposes for collecting or, if applicable, selling the personal information.

The Right to Request Deletion

You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.

You have the right to direct us not to sell personal information we have collected about you to third parties now or in the future. You may opt out here.

The Right to Non-Discrimination

You have the right to non-discrimination for exercising these rights.

“Shine the Light”

California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information to a third party for the third party’s direct marketing purposes.

How to Exercise Your California Consumer Rights

To exercise your California Consumer Rights, please submit a request to us by:

Sending an email to privacy@2gf2.com.

ADDENDUM FOR BRAZIL USERS

Effective December 20, 2022

This Privacy Notice Addendum for users located in Brazil (the “Brazil Privacy Addendum”) supplements the information contained in the The GGFF Privacy Policy (the “Privacy Policy”), and applies solely to Brazilian Residents (“Consumers” or “you”). We adopt this Brazil Privacy Addendum to comply with Brazil’s Lei Geral de Proteção de Dados (“LGPD”). Capitalized terms used but not defined below have the definitions assigned to them in the Privacy Notice.

In addition to the rights described, where the Lei Geral de Proteção de Dados (LGPD) applies, you may:

Ask that we provide confirmation of the existence of the processing of your personal data.
Access the personal data we hold about you and certain information about how we use it and who we share it with including information about any public and private entities.
Request the deletion of personal information we have collected from you, subject to certain exceptions.
Ask us to anonymize, block, or delete unnecessary or excessive data or data that is not being processed in compliance with the LGPD.
Ask us to provide information about the possibility of denying consent for the processing of your personal data and the consequences of such denial.

LEGAL BASIS FOR PROCESSING YOUR INFORMATION

Depending on what information we collect from you and how we collect it, we process your information for the following reasons:

In order to administer our contractual relationship, including setting up your requested payments, renewals and processes;
Because it is in our legitimate interest to run a successful and efficient non-profit business and provide you with useful content; In order to fulfill any legal obligations we may have to collect this information from you; and/or
Because you have provided your consent for us to do so.

SHARING WITH THIRD PARTY SERVICE PROVIDERS AND VENDORS

Occasionally, we enter into contracts with selected third parties to assist us in servicing you (for example, providing you with customer service, fraud detection and deterrence or access to advertising assets and providing us with information technology and storage services) or to assist us in our own marketing and advertising activities (including providing us with analytic information and search engine optimization services). Additional information about certain third-party service providers we share personal information with is available here. Our contracts with such third parties prohibit them from using any of your personal information for any purpose beyond the purpose for which it was shared.

DATA TRANSFERS

In order for us to provide our Services and comply with our legal obligations, personal information you provide to us and information we collect about you, your usage and devices will be transferred to, stored and processed in the United States. Your information may also be processed by our team in the Philippines, who work with us. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Brazil Privacy Addendum.

COOKIES

YOUR PRIVACY RIGHTS

As a user located in Brazil, you may be able to exercise the following rights with respect to your personal information that we have collected, subject to certain limitations:

To exercise your rights under the LGPD, please submit a request to us by:

Sending an email to the2gf2@gmail.com

COMPLAINTS

If you have any questions about this Brazil Privacy Addendum or our data handling practices, or you wish to make a complaint, you may contact us at  the2gf2@gmail.com;

Suggested text: Our website address is: https://2gf2.org.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.

•

Terms and Conditions

The Gareth Gawaine Forbes Foundation for Underserved Youths

Privacy Policy