Privacy Policy

By visiting our websites, you are accepting the practices described in this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use this website or any other Council website.

The Council on Foundations (the Council) has created this privacy policy in order to demonstrate its firm commitment to the privacy of all individuals who access our websites and with whom we do business. The following describes the Council's information gathering and dissemination practices. The privacy statement may change at any time; any changes will be posted on this page. Should you have additional questions, comments, or concerns please contact:

Council on Foundations
Customer Service
2121 Crystal Drive, Suite 700
Arlington, VA 22202
e-mail: membership@cof.org
Phone: 703-879-0600

The following topics describe how the Council uses information voluntarily submitted to us by our members and other visitors to this site, www.cof.org, and other websites under the Council’s control including account.cof.org, exchange.cof.org, and learn.cof.org. When applicable this Privacy Policy also applies to information that you may submit to us offline. This Privacy Policy does not apply to third party websites you may visit through a link on our website.  Similarly, the Council does not assume responsibility for any data sharing you may engage in on third party websites.

What Information We Collect

You do not need to give us any personal information to browse Council websites. As a general matter, when we do request your information it is completely voluntary to provide it to us and is a combination of personal and business related information. Information we typically collect and store includes:

  • Your name
  • Your job title
  • Your organization/company/related business name
  • Your email address (can be either business or personal depending on what you provide us)
  • Your phone number (can be either business or personal depending on what you provide us)
  • Your mailing and billing address (can be either business or personal depending on what you provide us)
  • Your Council on Foundations’ website username (typically the email address you provided)

In some circumstances, we may also ask you to provide the following information:

  • Your professional photograph/headshot
  • Your demographic information
  • Your resume/CV
  • Your social media handles (can be either business or personal depending on what you provide us)
  • Your professional biography
  • Your professional interest areas

When you create a website account with us, you must provide a password to be able to log into Council websites. All passwords are encrypted, and only you have the ability to edit your password. If you need to reset your password, you can request a password reset at https://account.cof.org or contact membership@cof.org to send you a password reset email. 

When you purchase products, services, event registrations, and other for-sale items from us, we will collect payment information from you at the time. If you elect to pay with a credit card, that information is never stored on our servers nor on any third-party platform we employ to process credit card transactions. Council staff will never have access to your credit card data unless you provide it directly to us. If you provide your credit card data to us verbally or through our secure fax number, that information is never duplicated and is destroyed after the proper processing of your request. 

When completing forms on Council websites, the IP address of the network you are using may also be collected with the personal information you provide. Your IP address is used by the Council only to administer Council websites and help diagnose server and website error reports and is not stored on your customer record. We do not collect IP addresses on anonymous forms and surveys.

When you sign into Council websites, a log of the date and time of that login is recorded.

Other information than that outlined here may be requested depending on the circumstances, but it is completely voluntary to provide it. 

In addition, when you interact with Council websites, our servers may keep a log that does not identify you personally (“non-personal information”) since we do not combine it with any identifying information. We use this data to ensure the security and performance of our websites and mitigate website and server issues. This data includes:

  • Device information used for accessing the website such as device type, platform, IP address, geolocation information, unique device identifiers, browser type, browser language, and other transactional information; and
  • Other “traffic data” such as time of access, date of access, error reports, pages accessed, and referring website addresses.

Other non-personal information we may collect includes:

  • Demographic data such as age, gender, general interests, and five-digit zip code;
  • Usage information about what is accessed on the website including pages viewed and time spent on the website; and
  • Search terms and search results.

You can learn more about this in the How We Use Cookies section.

There are many ways that you can control non-personal data that your computer sends sent to us but it depends largely on privacy settings you control through your internet browser. We suggest that you visit your internet browser setting options to limit to stop this data from being sent to us.

How We Collect Information

The following lists the most common ways in which we collect your identifying information:

  • When you register for an account on the website;
  • When you sign up to receive email from us;
  • When you participate in surveys, panels, or research;
  • When you register for and participate in our programs, activities, initiatives, and events;
  • When you request information or assistance;
  • When you fill out an application to become a member of the Council on Foundations;
  • When you purchase a product, service, subscription, event registration or other for-sale item from us;
  • When you apply to participate in Council programs and initiatives;
  • When you participate in communities, chat rooms, and other interactive  services;
  • When you provide user-generated content on any of our websites that permits it; and
  • In conjunction with any other place on our websites where you knowingly enter personal information.

We may also collect and store other publicly available organization information from third-party sources (e.g. Foundation Center, GuideStar, Internal Revenue Service of the United States, etc.) on your customer record, including annual giving amount, assets, and other data reported via IRS forms 990 and 990-PF.

How We Use Your Information

In general, we use the personal information we collect from you to pursue our mission and to engage in the activity for which we collect it. Most commonly, we also use your personal and non-personal information in theses specific ways:

  • For editorial purposes;
  • Responding to your inquiries;
  • Communicating with you about your account or transactions with us;
  • Sending you newsletters, mailings, and information about programs, initiatives, activities, for-sale items, and events by email or another medium;
  • Processing your membership application;
  • Event or program registration;
  • Optimizing or improving our programs, services, and operations;
  • Research and development;
  • Verifying your account and account activities;
  • Detecting, investigating, and preventing activities that may violate our policies or be illegal;
  • Improving and personalizing our websites and communications;
  • Performing statistical, demographic, and marketing analyses regarding website traffic and usage patterns; and
  • Managing our organization.

 We may use your personal and non-personal information in other ways as stated in this privacy policy.  

How We Share Your Information

The Council is dedicated to ethical practices in all of our operations and to protecting the privacy of all visitors to our websites and all individuals whose data we collect and store. Except as outlined in the paragraphs below, we do not sell, barter, give away, rent, or permit anyone outside the Council on Foundations to use or access your personal information.

We use independent contractors and third-party agents, affiliates, platforms, and partners to perform functions and provide services such as marketing, analytics, e-commerce, customer record retention, online communities, etc. on our behalf. These entities have access to the personal information needed to perform their functions and are contractually obligated to maintain the confidentiality and security of any personal information we collect. They are restricted from using, selling, distributing, or altering this data in any way other than to provide the requested services to the Council on Foundations. These individuals and organizations are also contractually obligated to be GDPR compliant for information related to EU data subjects.

Your email address will only be used within the Council. The Council does not share, sell or rent email addresses to anyone outside the organization. If you do not wish to receive email correspondence from us, please email your request to membership@cof.org or call 703-879-0600. Please note, the Council may still contact you via email for business related matters (e.g. invoices, order confirmations, event registrations, etc.).

The Council sometimes shares publicly some of the data we collect (e.g. your name, job title, organization affiliation, personal biography, professional photograph, etc.) with approval. If the Council were ever to share publicly any of your information, we request permission to do so beforehand.

Council websites make chat rooms, forums, email lists and message boards available to its users. Please remember that any information that you disclose in these areas becomes public information and you should exercise caution when deciding to disclose your personal information. The Council cannot ensure or warrant the security of any information you transmit to the public through our website and you do so at your own risk.

How We Use Cookies

"Cookies" are small pieces of information that are stored by the browser you used to access our websites. We may also use web beacons and flash cookies. These are invisible graphics on a web page or in an email that is programmed to collect information about your use of a website or email. Most browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. Please note, if you disable cookies, the performance of Council websites may be affected, and you may not be able to access certain areas on our websites. More information about cookies and how you can delete and disable them can be found at http://www.allaboutcookies.org/.

Specific cookies we use and what we use them for on our websites :

SalesForce SSO: When you log into cof.org, account.cof.org, exchange.cof.org, learn.cof.org and bmc.cof.org, SalesForce issues a session cookie to keep you logged in for the duration of your session. This cookie also allows you to more easily log in across those websites. This session cookie does not include your username or password nor any other personal or confidential information. If you block these cookies, you will not be able to login to the Council’s website that are considered legally necessary. Please note: this is not a shared login between any other service or website other than the Council websites stated. You can access the SalesForce privacy policy at https://www.salesforce.com/company/privacy/.

Hubspot: The Council uses Hubspot to send out email communications and track email subscriptions. Hubspot cookies allow us to understand who interacts with our emails (e.g. opens and clicks links). This gives us the ability to understand what people we communicate with our interested in and the ability to tailor and improve our electronic communications. Most interactions you have with our websites that originate from an email we send you are tracked. To learn more about Hubspot cookies and to opt-out, visit https://legal.hubspot.com/privacy-policy.

Google Analytics: The Council uses Google Analytics to understand how people use our websites and to make them better. Google Analytics may collect the IP address assigned to you when you access our website, but we do not combine that data with any other data to which we have access to personally identify you.  We also use Google’s Ad network to identify aggregate demographic and interest data about visitors to our websites. You can access Google’s privacy policy and learn how to opt-out at https://policies.google.com/privacy and you can change your preferences or opt-out of Google Ads at https://adssettings.google.com

ShareThis: Council websites use the ShareThis service for you to easily share pages on our websites via social media networks and email. In some cases, the ShareThis service may show you as being logged into social media networks and email providers through the use of cookies. The Council does not nor does ShareThis have access to your social media and email logins through the ShareThis network. The Council also does not have access to any personal data you may transmit when using this service. The Council may be able to view that a page was shared through the service but not who shared it or what message was transmitted while sharing. If you do not want any of your personal data being transmitted through the ShareThis network or your transaction being logged, do not use this service on our websites. You can find out more information about the ShareThis service, the cookies they use, and easily opt-out of the service at https://www.sharethis.com/privacy/.  

How We Secure Your Data

The Council uses a variety of security measures to protect your data. We maintain physical, electronic and procedural safeguards to help prevent unauthorized access to and improper use of personally identifiable information.

We protect the security of credit card transactions initiated through this website using a number of measures such as encryption, access controls, network firewalls, and physical security. We are PCI compliant.  When we work with other companies to process credit card transactions, those companies also use encryption and other appropriate security measures.

No website or electronic data can ever be completely secure, but the Council works to maintain up-to-date and appropriate security mechanisms.

How You Access Your Data & GDPR

The General Data Protection Regulation (“GDPR”) is a European Regulation concerning the use and processing of personal information. We are committed to processing your information in compliance with the GDPR.

We will use reasonable efforts to securely process all personal information in line with the rights specified under the GDPR, in particular those related to the following requests:

  • Access to your personal information;
  • Correction of the personal information that we hold;
  • Deletion of your personal information;
  • A restriction of processing of your personal information;
  • Transfer of your personal information to another party; or
  • Objection to processing of your personal information based on the Council‘s legitimate interest (or those of a third party) to use it and there is something about your particular situation that causes you to object to such processing.

You have the right to lodge a complaint regarding any violations of the GDPR with the applicable supervisory data protection authority (i.e., in the country where you reside). 

You have the right to request to access, rectify or request erasure of personal data, or restrict or object to the processing concerning your personal data.

If you would like to request that we delete your personal information, please send your request to membership@cof.org.  We will respond to you to confirm receipt of your request.  Except in situations where we are unable to comply due to a legal obligation or an ongoing contractual relationship, we will comply with such request within thirty (30) calendar days.

To view and edit the majority of personal information the Council has stored for you, you can login onto https://account.cof.org. For a complete record of all data we have for you, please send your request to membership@cof.org. Please note, the Council may still maintain a record of any transactions with you (without any personally identifiable information attached) to maintain a history of the interaction.

We hold your information and use it as described in this Privacy Policy and will use reasonable measures to ensure that your personal information is only transferred to third parties who also maintain at least the standard of protection required under the GDPR. We consider that the Council has a legitimate interest in collecting and processing your information when you provide it to us.

Council websites are published in the United States and are subject to laws of the United States. If you are located in a country outside the United States and voluntarily submit personal information to us, you thereby consent to the general use of such information as provided in this Privacy Policy and to the transfer of that information to, and/or storage of that information in, the United States. The Council on Foundations shall not be liable under any circumstances for damages resulting from use of information collected from visitors to our websites.

Last updated: May 25, 2018