Privacy Notice

When this notice applies

Our sites
This notice applies to personal data we collect, including through this website, other Foundation registration or other website, mobile applications, online portals, electronic forms, surveys, interactive exhibits, and any other channel or mobile feature that we operate (collectively, “our sites”). In these instances, the Foundation is the controller responsible for your personal data.

Supplemental privacy notices
This notice may be supplemented by a supplemental privacy notice applicable to a particular interaction with us, which may be either embedded in this notice or made available to you separately. We will tell you when a supplemental privacy notice applies.

Links to third-party sites
This notice does not apply to any third-party sites that may link to, or be accessible from, our sites. We are not responsible for any of the content, features, functionality, or privacy practices of other linked sites or services. The data collection and use practices of any linked third-party site will be governed by that third party’s applicable privacy notice, statement, or policy, and its terms of use. We encourage you to read them.

What data we collect about you

Data you provide about yourself
We collect your personal data when you voluntarily provide it to us. For example, you may give us: your email address, country of residence, and areas of interest if you choose to receive newsletters, updates, or other information from us; your contact information, and any other personal data you choose to include, if you email, text, or instant message us, or contact us through our sites; and any personal data contained in, or included with, any proposal documents, feedback, comments, photos, videos, or other information you submit via online portals, forms, surveys, or interactive portions of our sites.

It is always your choice whether to provide this personal data. However, some personal data must be provided to participate in certain programs, activities, or events (such as to sign up for a newsletter, apply for a job, or register to participate in one of our events), so the decision not to provide information might limit or eliminate such functions of our sites or your ability to participate in such programs, activities, or events. Please do not disclose more personal data than is requested.

Personal data you provide about others
Do not provide personal data about others unless you are authorized or required to do so by contract or applicable law. You may provide personal data on behalf of another person if you have provided them with a copy of this notice and any applicable supplemental privacy notice, and obtained their explicit consent. We may ask you to provide evidence of that notice and consent.

Data we receive from third parties and other sources
We may receive personal data about you from other sources, including your company/organization, professional references, publicly-available sources, third-party analytics providers, and other third parties. For example, we may receive your personal data if: someone at your company/organization designates you as a contact person for that company/organization or includes information about you in proposal documents; another visitor includes it in any feedback, comments, photos, videos, or other information submitted via online portals, electronic forms, surveys, or interactive portions of our sites; or one of our employees or service providers provides or a third party acting on apparent authority provides it to us when registering you to access our facilities or our sites, apply for a job, or participate in one of our events.

Payment Processors
If you make a donation or any purchase via the sites, the transaction may be handled by our service providers or third parties responsible for processing your transaction (“Payment Processors”). Please be aware that Payment Processors have their own privacy policies and those terms will apply to you regarding how that Payment Processor handles your personal data. Depending on your donation or purchase, it may be made via the sites or you may be re-directed to a third-party site for payment. If your donation or purchase is made via the sites, in order for the Payment Processor to process your transaction, we may require payment, credit card, or other credit-related information. If you are re-directed to a third-party site for your donation or purchase, please be sure to review any linked policies provided during payment processing as they will apply to you.

Data we collect automatically, including cookies, pixels, and similar technologies
We may collect some personal data automatically. For example, when you visit our sites, we may collect your Internet Protocol (“IP”) address, Internet service provider (“ISP”) information, and browser type and language. We also may use cookies, pixels, and similar technologies to collect data about your interaction with our sites, including, for example, referring webpage, pages visited on our sites, and crash data. In addition, we may link the information we collect automatically or the information from any cookie or pixel with the information you provide in other contexts on our sites (newsletters, etc.) to personalize, connect and streamline your experience when visiting our sites. For example, this may include connecting your use of our site from your desktop, mobile, or other device. Please see Cookies & Similar Technologies for more information, including how to manage cookies, pixels, and similar technologies.

Special categories of data
We will not intentionally collect any “special categories of data” under the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (“UK GDPR”), or the Protection of Personal Information Act (“POPIA”) without your explicit consent for one or more specified purposes or as otherwise permitted or required by applicable law. Special categories of data include personal data (a) revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; or (b) concerning health or data concerning a natural person’s sex life or sexual orientation.

Minors
Our sites are not intended for minors (individuals under the age of 13, or equivalent minimum age depending on jurisdiction), and we do not knowingly collect personal data from minors. If you become aware of any personal data we have collected from a minor, please contact us. If we learn that we have collected personal data from a minor, we will take steps to delete the data without notice as soon as possible.

How we use your data

Purposes
We may use your personal data to: send you information that you have expressly chosen to receive [with your consent]; review and respond to proposal documents, feedback, comments, photos, videos, or other information you submit via online portals, electronic forms, surveys, or interactive portions of our sites [for our legitimate interests and/or to perform a contract with you]; administer and inform our program strategies and charitable activities [for our legitimate interests]; administer, safeguard, and improve our sites, systems, facilities, events, and other business operations [for our legitimate interests]; protect our rights and the safety of others [for our legitimate interests]; contribute to our archive of information in the public interest [for our legitimate interests]; and/or comply with applicable law, court order, subpoena, or legal process served on us [to comply with legal obligations].

Additional purposes
Additional purposes for using your personal data may be described in a supplemental privacy notice.

Legal bases under the GDPR, UK GDPR, or POPIA
If you are in the European Economic Area (EEA), the United Kingdom (UK) or South Africa, we will collect and use your personal data only if we have one or more legal bases for doing so under the GDPR, UK GDPR, or POPIA. The legal bases depend on your interaction with us and our sites. This means we collect and use your personal data only where: you have given your consent for one or more specific purposes; it is necessary to perform a contract we are about to enter into or have entered into with you; it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; it is necessary to protect the vital interests of you or another natural person; or it is necessary to comply with a legal obligation. We will indicate the legal basis or bases on which we are relying for each purpose. Where we are relying on consent as the legal basis, we will notify you and seek additional consent before using your personal data for a new purpose that is inconsistent with the original purpose for which we collected it.

When we share your data

Employees, agents, affiliates, service providers, and partners
We may share your personal data with our employees, agents, and affiliates who have a business need to know, our services providers (including contingent workers, consultants, contractors, vendors, and out-sourced service providers) to process it for us based on our instructions and for no other purpose, and with partners that are collaborating with us to fund projects or host events. We do not share your personal data with any third party (including our service providers) for marketing purposes unless you have provided consent for us to do so. If you believe personal data you provided to us is being misused by a third party, please contact us right away.

Other visitors to our sites
If you submit feedback, comments, photos, videos, or other information to interactive portions of our sites, such submission may be made publicly available to anyone who visits those areas of our sites. Other visitors may access, re-post, or use such submission. Even if you remove or delete your submission, copies may remain in cached or archived areas of our sites or retained by other visitors. Please use your discretion when submitting personal data in these contexts.

Law enforcement
We may share your personal data with law enforcement, other government agencies or authorities, or third parties as required by applicable law, court order, subpoena, or legal process served on us.

How we store and protect your data

Storage and transfers
Your personal data may be stored in your region or in any other country where we or our service providers have facilities. We may also allow employees and service providers located around the world to access personal data as provided in this notice. If your personal data is subject to GDPR, UK GDPR, or POPIA, we will ensure your legal rights and protections travel with any such “transfer” of your personal data as required by applicable law. We do this by signing “standard contractual clauses” approved by the European Commission that give personal data the same protection it has in the European Union, and/or otherwise requiring that our service providers protect personal data in accordance with applicable law. We will also comply with similar applicable laws regarding the storage and transfer of personal data in other jurisdictions where your personal data may be collected or provided.

Storage period
We will store your personal data until it is no longer needed to fulfill the purpose(s) for which it was collected or as otherwise required or permitted by law. After such time, we will either delete or anonymize your personal data or, if this is not possible, we will securely store your personal data and isolate it from any further use until deletion is possible. We may dispose of any data in our discretion without notice, subject to applicable law. Please contact us if you would like more details regarding our retention periods for different categories of personal data.

Protection
As the transmission of data via the internet is not completely secure, we cannot guarantee the security of your information transmitted to our sites and any such transmission is at your own risk. However, we maintain appropriate technical and organizational measures, including performing regular self-assessments, to prevent unauthorized disclosure of, or access to, personal data. We limit access to personal data and require that employees authorized to access personal data maintain the confidentiality of that data. We hold our service providers to at least the same data privacy and security standards to which we hold ourselves.

How you can access and control your data; your rights

To the extent provided by applicable laws, you may have the right to obtain confirmation that we hold personal data about you; to access, correct, or delete your personal data; to withdraw any consent you previously provided to us; to object to or restrict our processing of your personal data in any other context; to deactivate, block, anonymize, or delete personal data as appropriate; or to request and receive a copy of the personal data you have provided us and to transmit this data to a third party. To exercise any of these rights that you are not able to do directly, please contact us.

How to contact us

contact@towercapital.org