Claude Worthington Benedum Foundation
Effective Date: January 21, 2019
2. INFORMATION WE COLLECT
Depending on how you use our Services, the information we collect includes, but is not limited to, the following categories of information about you and your organization:
(1) Institution Information
When you submit an application to our Grants Program, we collect information about the organization which the grant application purports to benefit such as the following to help us to assess whether or not to approve your grant application: name of the organization; legal name, unit, and AKA of the organization if applicable, address of the organization; tax ID, contact phone number, Fax number, website address of the organization; current annual operating budget of the organization; information relevant to the compliance with the Patriot Act (such as whether or not your organization has transferred funds outside of the United States); and the ABA/account number of the organization’s bank (“Institution Information”).
(2) Personal Data
When you submit an application to our Grants Program, we also collect personal information of the organization’s contact person such as name, job title, email address, mailing address, and telephone number (“Personal Data”) to communicate grant related information.
(3) User Content
When you submit an application to our Grants Program, we may also collect documents such as your organization’s financial statement, letter of determination, and current members of governance structure (“User Documents”) to help us to access whether or not to approve your grant application. When you submit an inquiry and comments about our Site and Services, you may provide us with inputs and insights online or through emails and phone calls (“User Inputs”).
(4) Other Information
You understand and agree that as part of our obligation to exercise due diligence with respect to any grant and to comply with other legal requirements, Benedum may seek information about your organization and people involved with your organization from a variety of sources.
(5) Information We Do Not Intend to Collect
We do not intend to collect or retain records of any sensitive personal data, data regarding minority status, or unauthorized third party data.
3. AUTOMATICALLY COLLECTED INFORMATION
Each time you visit Benedum’s website, Benedum, its partners, and/or vendors automatically collect the following anonymous information to improve the overall quality of your online experience.
(1) Aggregated Data
Benedum collects data for internal reporting and counts, tracks, and aggregates the visitor’s activity for the purpose of analysis of general traffic flow and feature usage related to the Site. Information we collect to observe site traffic includes, but is not limited to, your browser based information and general location. We may remove personal identifiers from Personal Data or may use pseudonymization to disassociate the individual from the Personal Data, allowing statistically accurate analysis of data without exposing any individual’s identity. We compile traffic-based statistics that show the numbers and frequency of visitors to our Site and its individual pages. These are an aggregated statistical report that we use internally to better understand our Site traffic, manage our Site, and help diagnose any problems. The statistics contain no personally identifiable information and cannot be used to gather such information. To these ends, Benedum may include information about you in aggregated group data. Such anonymous data may be shared with our affiliates, business partners, service providers and/or vendors; if it does so, Benedum will not disclose your individual identity.
(2) IP Addresses
An IP address is a number that automatically identifies the computer or device you use to access the Internet. The IP address enables our server to send you the web pages that you want to visit, and it may disclose the server owned by your Internet Service Provider. Benedum may use IP addresses to conduct analyses and performance reviews and to administer the Site, and also may use other information provided by you or your browser for purposes such as enabling support for applications and services being used.
(4) Google Analytics
We use Google Analytics to better understand and personalize your use of the Services. Google Analytics collects information such as: browser, operating system, gender, age, device category, mobile device information, country, user type, service provider, what website the user used prior to coming to our Site, number of users, new users, sessions, average session duration, average pages accessed per session and user bounce rate. To process analytics data when you visit our Site, Google Analytics may use various technologies including cookies to identify your browser and computer device. Google does not receive your user account information, email address, or other personally identifiable information from us through the use of Google Analytics.
4. HOW WE USE YOUR DATA
5. SHARING YOUR DATA WITH THIRD PARTIES
We share some of your data with, or obtain data from, the following categories of third parties:
(1) In General
Benedum may share your data with (a) any U.S. or international governmental department or agency, including regulatory authorities with a legitimate interest in the data; (b) any third party with your consent; (c) any other third party where Benedum has a legitimate interest in doing so including but not limited to when Benedum must verify information relating to Grants Program applicants; and (d) any other entity or individual if Benedum is satisfied that the third party has a legitimate interest in such information including but not limited to when there is a need for those third parties to update and maintain their databases, to provide services to or for applicants; and for other purposes in support of Benedum’s mission.
(2) Disclosures to Third Parties Vendors
We may share your data under confidentiality agreements and any required data processing agreements with other third parties that work with or on behalf of Benedum to provide products and services such as, but not limited to, those who provide (i) email or mail services; (ii) cloud hosting services; (iii) analysis of usage of the Benedum Site; (iv) support and maintenance of the Services; (v) services to assist us in processing grant applications; and (vi) surveys. We also may share your data with our legal, regulatory, audit, and other professional advisors. Those companies may use your data to assist us in our operations consistent with our legitimate business interests.
(3) Disclosures to Other Organizations
Some of your data will be shared with any other organizations with your approval or where Benedum has a legitimate interest in doing so, including but not limited to: (i) when Benedum must verify information relating to applicants; (ii) where Benedum is satisfied that the third party has a legitimate interest in such information, including but not limited to where there is a need for those third parties to update and maintain their databases, to provide services to or for applicants; and (iii) for other purposes in support of Benedum’s mission.
(4) Disclosures under Special Circumstances
We may disclose your data to respond to subpoenas, court orders, legal processes, regulatory authority investigations, or governmental regulations or inquires, or to establish or exercise our legal rights or defend against legal claims, or when we believe it is necessary to share such information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law or to protect the public.
Where applicable and mandated by privacy laws, Benedum may share your data with those parties under restrictions such as the requirement to keep your data confidential, destroy data once it no longer is needed for the intended purpose, and/or to prevent unauthorized release of such data. Benedum conducts such exchanges in a secure manner designed to protect against unauthorized access.
6. HOW LONG WE KEEP YOUR DATA
We keep your data only for as long as is reasonably necessary to achieve the purposes for which it was collected, whether that is to provide services to you, for our own legitimate interests (described above), or so that we can comply with the law. We reserve the right to retain it to the full extent not prohibited by law. We may delete data in our discretion, so you should retain your own records, and not rely upon our storage of any data, content, or other data.
We will actively review the information we hold and when there no longer is a user, legal, or business need for us to hold it, we will either delete it securely or in some cases irreversibly anonymize it. When we delete any information, it will be deleted from our active databases but may remain in our archives.
7. HOW WE PROTECT YOUR DATA
To prevent unauthorized access, maintain data accuracy, and facilitate the correct use of your data obtained through our Site, we have put in place appropriate physical, technical, and operational measures to safeguard and secure your data we collect online against unauthorized access, unlawful use, accidental loss, corruption, or destruction.
We use technical measures such as encryption and password protection to protect your data and the systems where they are stored. However, messages you send to us through the Internet or otherwise electronically may not be secure. We recommend that you do not send any confidential information to us by email. If you choose to send confidential information to us, you accept the risk that a third party may intercept this information.
Although Benedum takes measures designed to protect your data in its systems, you also must be vigilant in protecting access to your information online and assume responsibility for protecting your Personal Data. Treat your usernames and passwords with care. Do not share them or enter them into fraudulent sites. Benedum is not liable for any consequences resulting from any compromise to your username and password.
8. LOCATION OF YOUR PERSONAL DATA /DATA TRANSFER
If you choose to access or use the Services offered by Benedum, you consent to the worldwide transfer and processing of your information, even in jurisdictions that may have less restrictive privacy practices than your own.
If we do transfer Personal Data outside the United States, we will make sure that it is protected in the same way as if it were being used in the United States. When required by law, we will use one of the following safeguards to ensure your Personal Data is protected:
• Transfer the data to a non-European Economic Area (EEA) country that has privacy laws at least as protective as those within the EEA, or
• Put in place a contract with the recipient of the data, which means the recipient must protect the data to the same standards as required within the EEA, or
• Transfer it to organizations that are part of the Privacy Shield. The Privacy Shield is a framework that sets out the standards for data to be sent between the United States and European countries. The Privacy Shield ensures that data are protected to the same standards as used within the EEA.
By submitting any Personal Data or by using our Site and without limitation to any other rights or obligations we have, you consent to such transfer to and processing in the United States and these other countries and you acknowledge that your information may be subject to access by law enforcement and other government entities including courts and tribunals, in accordance with laws applicable in those jurisdictions.
9. CONSENT TO ELECTRONIC NOTICE UPON SECURITY BREACH
We will safeguard your Personal Data and prevent such information from unauthorized access, disclosure, or use. If we or a Recipient is required by law to provide notice of unauthorized access to or other compromise to your Personal Data, you agree that we (or they) may do so when required (or voluntarily) by posting notice on our Site or sending notice to any email address we have for you, in our (or their) good faith discretion. You agree that notice to you will count as notice to others for whom you are acting, and agree to pass the notice on to them.
10. YOUR RIGHTS OVER YOUR PERSONAL DATA
Where provided by applicable data privacy laws, you may have the right to review, verify, correct, and request erasure of the Personal Data that we hold about you under certain circumstances. You may also have the right to limit, restrict, or object to the processing of your Personal Data, and to request that we transfer your Personal Data to another party under certain circumstances.
Access to your Personal Data is available through your Benedum login credentials (username and password). When you apply for a Benedum Grant, you have an opportunity to correct or update most information you have provided to our Grants Program. If you are an existing Benedum user, you can log in to your Benedum account to update your Personal Data held there.
Where applicable data privacy laws provide you with the rights such as: (i) to review, verify, correct, or request erasure of your Personal Data; (ii) to limit, restrict, or object to the processing of your Personal Data; (iii) to request a transfer of your Personal Data to another party; or (iv) to file a complaint concerning Benedum’s processing of your Personal Data, you may contact us at info@Benedum.org or write to us at Benedum Foundation, ATTN: Data Protection, 1400 Benedum-Trees Building, 223 Fourth Avenue, Pittsburgh, Pennsylvania 15222. To protect your privacy and security, we may take reasonable steps to verify your identity before fulfilling your request.
13. CONTACT US