Council on Foundations
2121 Crystal Drive, Suite 700
Arlington, VA 22202
What Information We Collect
You do not need to give us any personal information to browse Council websites. As a general matter, when we do request your information it is completely voluntary to provide it to us and is a combination of personal and business related information. Information we typically collect and store includes:
- Your name
- Your job title
- Your organization/company/related business name
- Your email address (can be either business or personal depending on what you provide us)
- Your phone number (can be either business or personal depending on what you provide us)
- Your mailing and billing address (can be either business or personal depending on what you provide us)
- Your Council on Foundations’ website username (typically the email address you provided)
In some circumstances, we may also ask you to provide the following information:
- Your professional photograph/headshot
- Your demographic information
- Your resume/CV
- Your social media handles (can be either business or personal depending on what you provide us)
- Your professional biography
- Your professional interest areas
When you create a website account with us, you must provide a password to be able to log into Council websites. All passwords are encrypted, and only you have the ability to edit your password. If you need to reset your password, you can request a password reset at https://account.cof.org or contact firstname.lastname@example.org to send you a password reset email.
When you purchase products, services, event registrations, and other for-sale items from us, we will collect payment information from you at the time. If you elect to pay with a credit card, that information is never stored on our servers nor on any third-party platform we employ to process credit card transactions. Council staff will never have access to your credit card data unless you provide it directly to us. If you provide your credit card data to us verbally or through our secure fax number, that information is never duplicated and is destroyed after the proper processing of your request.
When completing forms on Council websites, the IP address of the network you are using may also be collected with the personal information you provide. Your IP address is used by the Council only to administer Council websites and help diagnose server and website error reports and is not stored on your customer record. We do not collect IP addresses on anonymous forms and surveys.
When you sign into Council websites, a log of the date and time of that login is recorded.
Other information than that outlined here may be requested depending on the circumstances, but it is completely voluntary to provide it.
In addition, when you interact with Council websites, our servers may keep a log that does not identify you personally (“non-personal information”) since we do not combine it with any identifying information. We use this data to ensure the security and performance of our websites and mitigate website and server issues. This data includes:
- Device information used for accessing the website such as device type, platform, IP address, geolocation information, unique device identifiers, browser type, browser language, and other transactional information; and
- Other “traffic data” such as time of access, date of access, error reports, pages accessed, and referring website addresses.
Other non-personal information we may collect includes:
- Demographic data such as age, gender, general interests, and five-digit zip code;
- Usage information about what is accessed on the website including pages viewed and time spent on the website; and
- Search terms and search results.
There are many ways that you can control non-personal data that your computer sends to us but it depends largely on privacy settings you control through your internet browser. We suggest that you visit your internet browser setting options to limit or stop this data from being sent to us.
How We Collect Information
The following lists the most common ways in which we collect your identifying information:
- When you register for an account on the website;
- When you sign up to receive email from us;
- When you participate in surveys, panels, or research;
- When you register for and participate in our programs, activities, initiatives, and events;
- When you request information or assistance;
- When you fill out an application to become a member of the Council on Foundations;
- When you purchase a product, service, subscription, event registration or other for-sale item from us;
- When you apply to participate in Council programs and initiatives;
- When you participate in communities, chat rooms, and other interactive services;
- When you provide user-generated content on any of our websites that permits it; and
- In conjunction with any other place on our websites where you knowingly enter personal information.
We may also collect and store other publicly available organization information from third-party sources (e.g. Foundation Center, GuideStar, Internal Revenue Service of the United States, etc.) on your customer record, including annual giving amount, assets, and other data reported via IRS forms 990 and 990-PF.
How We Use Your Information
In general, we use the personal information we collect from you to pursue our mission and to engage in the activity for which we collect it. Most commonly, we also use your personal and non-personal information in theses specific ways:
- For editorial purposes;
- Responding to your inquiries;
- Communicating with you about your account or transactions with us;
- Sending you newsletters, mailings, and information about programs, initiatives, activities, for-sale items, and events by email or another medium;
- Processing your membership application;
- Event or program registration;
- Optimizing or improving our programs, services, and operations;
- Research and development;
- Verifying your account and account activities;
- Detecting, investigating, and preventing activities that may violate our policies or be illegal;
- Improving and personalizing our websites and communications;
- Performing statistical, demographic, and marketing analyses regarding website traffic and usage patterns; and
- Managing our organization.
How We Share Your Information
The Council is dedicated to ethical practices in all of our operations and to protecting the privacy of all visitors to our websites and all individuals whose data we collect and store. Except as outlined in the paragraphs below, we do not sell, barter, give away, rent, or permit anyone outside the Council on Foundations to use or access your personal information.
We use independent contractors and third-party agents, affiliates, platforms, and partners to perform functions and provide services such as marketing, analytics, e-commerce, customer record retention, online communities, etc. on our behalf. These entities have access to the personal information needed to perform their functions and are contractually obligated to maintain the confidentiality and security of any personal information we collect. They are restricted from using, selling, distributing, or altering this data in any way other than to provide the requested services to the Council on Foundations. These individuals and organizations are also contractually obligated to be GDPR compliant for information related to EU data subjects.
Your email address will only be used within the Council. The Council does not share, sell or rent email addresses to anyone outside the organization. If you do not wish to receive email correspondence from us, please select the unsubscribe link in one of the emails you received from us. You can also email your request to email@example.com or call 703-879-0600. Please note, the Council may still contact you via email for business related matters (e.g. invoices, order confirmations, event registrations, etc.).
The Council sometimes shares publicly some of the data we collect (e.g. your name, job title, organization affiliation, personal biography, professional photograph, etc.) with approval. If the Council were ever to share publicly any of your information, we request permission to do so beforehand.
Council websites make chat rooms, forums, email lists and message boards available to its users. Please remember that any information that you disclose in these areas becomes public information and you should exercise caution when deciding to disclose your personal information. The Council cannot ensure or warrant the security of any information you transmit to the public through our website and you do so at your own risk.
"Cookies" are small pieces of information that are stored by the browser you used to access our websites. We may also use web beacons and flash cookies. These are invisible graphics on a web page or in an email that is programmed to collect information about your use of a website or email. Most browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. Please note, if you disable cookies, the performance of Council websites may be affected, and you may not be able to access certain areas on our websites. More information about cookies and how you can delete and disable them can be found at http://www.allaboutcookies.org/.
Specific cookies we use and what we use them for on our websites :
Hubspot: The Council uses Hubspot to send out email communications and track email subscriptions. Hubspot cookies allow us to understand who interacts with our emails (e.g. opens and clicks links). This gives us the ability to understand what people we communicate with our interested in and the ability to tailor and improve our electronic communications. Most interactions you have with our websites that originate from an email we send you are tracked. To learn more about Hubspot cookies and to opt-out, visit https://legal.hubspot.com/privacy-policy.
How We Secure Your Data
The Council uses a variety of security measures to protect your data. We maintain physical, electronic and procedural safeguards to help prevent unauthorized access to and improper use of personally identifiable information.
We protect the security of credit card transactions initiated through this website using a number of measures such as encryption, access controls, network firewalls, and physical security. We are PCI compliant. When we work with other companies to process credit card transactions, those companies also use encryption and other appropriate security measures.
No website or electronic data can ever be completely secure, but the Council works to maintain up-to-date and appropriate security mechanisms.
How You Access Your Data & GDPR
The General Data Protection Regulation (“GDPR”) is a European Regulation concerning the use and processing of personal information. We are committed to processing your information in compliance with the GDPR.
We will use reasonable efforts to securely process all personal information in line with the rights specified under the GDPR, in particular those related to the following requests:
- Access to your personal information;
- Correction of the personal information that we hold;
- Deletion of your personal information;
- A restriction of processing of your personal information;
- Transfer of your personal information to another party; or
- Objection to processing of your personal information based on the Council‘s legitimate interest (or those of a third party) to use it and there is something about your particular situation that causes you to object to such processing.
You have the right to lodge a complaint regarding any violations of the GDPR with the applicable supervisory data protection authority (i.e., in the country where you reside).
You have the right to request to access, rectify or request erasure of personal data, or restrict or object to the processing concerning your personal data.
If you would like to request that we delete your personal information, please send your request to firstname.lastname@example.org. We will respond to you to confirm receipt of your request. Except in situations where we are unable to comply due to a legal obligation or an ongoing contractual relationship, we will comply with such request within thirty (30) calendar days.
To view and edit the majority of personal information the Council has stored for you, you can login onto https://account.cof.org. For a complete record of all data we have for you, please send your request to email@example.com. Please note, the Council may still maintain a record of any transactions with you (without any personally identifiable information attached) to maintain a history of the interaction.
Last updated: September 5, 2018