This Policy describes the types of information we may collect from you or that you may provide when you visit the Website and our practices for collecting, using, maintaining, protecting, and disclosing that information. This Policy applies to information we collect: (i) on the Website, and (ii) in email and other electronic messages between you and the Website.
If you have any questions about this policy or about how we use your personal information, please contact us at firstname.lastname@example.org or via our contact details below.
If you do not agree to this Policy for any reason, please do not use the Website.
What Information We Collect
You may visit our Website without being required to provide your name, email address, or similar personal information. However, we may collect several types of information from and about users of the Website, including information:
- by which you may be personally identified, such as name, mailing address, email address, and telephone number ("personal data");
- that is about you but individually does not identify you ("anonymous data"); and/or
- about your internet connection, the equipment you use to access the Website, and usage details.
We collect this information in the following ways:
Directly from you when you provide it to us. You may give us your personal data by filling in forms (such as grant applications), or by corresponding with us through the Website, by email, or otherwise. This includes personal data you provide (i) when you send an email inquiry to the Foundation, (ii) when you sign up to receive email newsletters from us, (iii) in connection with grant applications or awards, or (iv) when you register for and/or participate in our programs, initiatives, and events.
Automatically as you navigate through the Website. Information collected automatically may include usage details, IP addresses, and information collected through browser cookies. A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Website.
From third parties, such as our grantee organizations. We may receive personal data about you from third parties and other sources, including your organization/company, publicly available sources, and third-party analytics providers. For example, we may receive your personal data if someone at your organization designates you as a contact person for that organization or includes information about you in a grant application.
How We Use Your Information
We may use the information we collect to:
- communicate with you, including to respond to your inquiries and provide information you request from us;
- provide, maintain, and improve the Website, including research and analytics regarding users of the Website and usage patterns;
- notify you about changes to the Website or the Policy;
- process grant applications and manage grants;
- send you email newsletters, mailings, and other information about programs, grants, initiatives, and events;
- process your event or program registration; or
- administer and protect the Website, including to detect, investigate, and prevent activities that may violate our policies or be illegal.
We process personal data on the following legal bases: (1) where you have given us your consent; (2) as necessary to perform our agreements; (3) as necessary to comply with legal obligations to which we are subject; and/or (4) as necessary for our legitimate interests in providing services where those interests do not override your fundamental rights and freedom related to data privacy.
We will only use your personal data for the purposes for which we collected it, unless we reasonably determine that we need to use it for another reason that is compatible with the original purpose(s) and/or as required or permitted by law. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
How We Share Your Information
The Foundation does not sell, rent, or otherwise disclose your personal data to any third parties, except as described below.
We may disclose your personal data to third-party service providers who use the information to perform services on our behalf, such as website hosting, information technology services, and data management. We require all third-party service providers to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may use or disclose your personal data as we deem necessary or appropriate under applicable laws; to respond to requests from public, governmental, and regulatory authorities; to comply with court orders, litigation procedures, and other legal processes; to obtain legal remedies or limit our damages; and to protect the rights, safety, or property of our employees, you, or others.
No data transmission over the internet can be 100 percent secure; therefore, the Foundation cannot ensure or warrant the security of any information submitted on or to the Website.
Nevertheless, we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, and third-party service providers who need to know that information in order to provide services to us and yourself. We maintain physical, electronic, and procedural safeguards to protect your personal data.
We have put in place procedures to address any personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We retain your personal data only for as long as is necessary for our legitimate interests, in accordance with our retention policies, and in accordance with applicable laws.
Changes to Our Policy
We may make changes to this Policy from time to time. We will post any changes to this page along with a notice at the end of the Policy of the last date that any changes were made. Your continued use of the Website following the posting of any changes will mean you accept those changes.
Users from Outside the United States
The Website is operated and controlled by the Foundation in the United States. By using the Website, you:
- acknowledge that your information will be processed as described in the Policy; and
- consent to having your information transferred to the Foundation and/or our third party service providers, in the United States or elsewhere, as described in the Policy.
If you are an EU national and reside in the EU, or are a non-EU national residing in the EU, we will transfer your personal data to the United States in accordance with EU data protection law requirements and/or by using standard contractual clauses that have been approved by the European Commission. Such a transfer may also take place with your explicit consent and/or if necessary in order to perform a contract with you or fulfill your request.
Individual Rights. If you are an EU national and reside in the EU, or are a non-EU national residing in the EU, you may have the following rights under data protection laws with respect to the personal data you provide to us:
- To request access to or correct your personal data.
- To request your personal data be erased if it is no longer necessary for the purposes for which it was processed; you have withdrawn your consent to, or object to, its processing and there is no other legitimate grounds for processing it; or you consider it has been unlawfully processed.
- To request that processing of your personal data be restricted if you contest the data’s accuracy, its processing is unlawful, or you have objected to its processing and await verification of our legitimate grounds for processing it.
- To request transfer of your personal data to another company under certain circumstances.
- To lodge a complaint with your national data protection regulator if you feel that your personal data has been unlawfully processed.
If you wish to exercise any of the rights set out above, please Contact Us.
Controller. If you are an EU national and reside in the EU, or are a non-EU national residing in the EU, the data controller (as defined under EU data protection law) will be The Andrew W. Mellon Foundation.
This Website is directed solely at adults. If you are under the age of thirteen (or if being a 'minor' is defined as a younger age in your relevant jurisdiction, that relevant age), please do not provide us with any of your personal data, including your email address.
Any questions or comment about this Policy and/or our privacy practices should be sent to the Foundation at: email@example.com or at the address listed below.
The Andrew W. Mellon Foundation
140 East 62nd Street
New York, New York 10065
Attn: Office of the Vice President, General Counsel & Secretary
Last revised: May 25, 2018