The Southern Illinois University Foundation (hereafter referred to as “Foundation”) and the Southern Illinois University Alumni Association (hereafter referred to as “Association”) are jointly committed to maintaining the trust and confidence of our alumni, members, donors, and friends.
An important benefit of your affiliation with the Foundation and/or the Association is the opportunity to receive communications, offers, products, and services. For this reason, we want you to understand how we obtain information and protect your privacy.
If you are an alumnus of Southern Illinois University Carbondale (hereafter referred to as “University”), information is obtained from your University student record. Nonpublic personal information about alumni, members, donors, and friends is obtained from personal interactions, communications, surveys, transcript requests, and activities with the University and its affiliates.
The Foundation and/or the Association restrict information access to only those who perform authorized activities. The Foundation and the Association have implemented physical, electronic, and managerial procedures to safeguard and secure this information, prevent unauthorized access, maintain data accuracy, and ensure its appropriate use.
You may withdraw from any of our services by notifying the Senior Data Analyst, Southern Illinois University Carbondale, Colyer Hall, Mail Code 6805, 1235 Douglas Drive, Carbondale, IL 62901. Phone: 618/453-4900.
Personally Identifiable Information
Collection of information is limited to publicly available sources, correspondence, and constituent relationships, including information from donor engagement and fundraising activities. Information gathered is used in pursuit of the institutional mission and goals of the Foundation, Association and University and its programs. This information may be shared with Foundation development, the Association, University administration, affiliated organizations, authorized users, and third-party contractual partners such as vendors for data services or marketing purposes. Vendors are required to have contracts with controls on data use and are prohibited from selling or repurposing constituent data.
In addition, we may share information as:
- permitted by the Foundation and University policies;
- consent is given by the individual;
- authorized by an approved Foundation, University, or Association contract for service;
- permitted by law.
Information collected and stored is not sold, rented, marketed, or allowed to be used in a manner inconsistent with the mission and goals of the Foundation, the Association, and the University.
The Foundation maintains physical and electronic safeguards to protect against the loss or misuse of data under our control. These safeguards include restricted access to computer systems, firewalls, encryption, and secure authentication methods. Information is always transferred to authorized users in a secure, password protected manner.
While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information as no method of transmission over the Internet or method of electronic storage is fully secure. In the event we are required by law to inform you of a breach to your personal information, we will notify you electronically, in writing, or by telephone, if legally permitted.
Non-personally identifiable information collected automatically and cookies
In some cases, information that is not personally identifiable may be automatically collected and/or logged. For example, information about the browser, operating system, IP address, and the domain name of sites that are linked to the Foundation website. When you view the Foundation website, some data may be stored on your computer. These small pieces of data are called “cookies.” These cookies allow us to tailor a website or advertisement to better match your interests and preferences. Personally identifiable information is not stored on cookies. With most Internet browsers, you can alter user preferences to erase cookies from your hard drive, block cookies, or have it prompt you to either accept or refuse to store the cookie. Refer to your browser instructions or help screen to learn more about these functions.
Third-party sites and services
The Foundation website may incorporate or contain links to third-party websites, products, and services. Our services may also use or offer services from third parties − for example, a third-party customer relationship management (CRM) software. Information collected by third parties, which may include such things as contact details, is governed by their privacy practices. The Foundation encourages you to learn about the privacy practices of those third parties.
The Foundation is committed to complying with the Children’s Online Privacy and Protection Act (COPPA). The Foundation does not knowingly collect information on children under 13 years of age without the consent of a parent or guardian. Users under the age of 13 and their parents and guardians are cautioned that the collection of personal information volunteered by children online or by e-mail will be treated the same as information given by an adult until the Foundation becomes aware that the user is under the age of 13.
General Data Protection Regulation (GDPR) Privacy Notice
1. Commitment to protecting privacy and transparency
Southern Illinois University Foundation (“Foundation”) is committed to respecting and protecting the privacy rights of persons in the EEA—comprised of the European Union (“EU”) and the countries of Iceland, Norway, and Lichtenstein—pursuant to the EU General Data Protection Regulation (“GDPR”). This GDPR Privacy Notice describes the Foundation’s commitment to the privacy of persons in the EEA.
2. Does this GDPR Privacy Notice apply to me?
This GDPR Privacy Notice applies to you if:
- You are a “Person” or “Data Subject”—meaning a natural person, not a corporation, partnership, or other legal entity—who is currently physically present in the EEA;
- It is with respect to your “Personal Information”—meaning any information relating to an identified or identifiable person—that is provided while you are physically present in the EEA;
- Such Personal Information is not earlier or later provided to the Foundation while you are outside the EEA; and
- Such Personal Information is provided to the Foundation:
- During the course of the Foundation offering you goods or services;
- While you are associated with any of the Foundation’s programs.
3. What Personal Information Does the Foundation Process?
We process your Personal Information, meaning we collect, record, organize, structure, store, adapt, alter, retrieve, consult, use, disclose by transmission, disseminate, make available, align, combine, restrict, erase, or destroy your Personal Information.
A. General Categories
Depending on the specific purpose for processing Personal Information, The Foundation may process the following general categories of Personal Information:
- Telephone numbers
- Email addresses
- Identification numbers including but not limited to social security numbers and driver’s license numbers
- The Foundation identification numbers
- Personal identification numbers
- Demographic information, including residential information
- Education history
- Entrance exam scores
- Background check information, including criminal records
- Personal references
- Emergency contact information
- Financial information and family financial information including credit and debit-card numbers, tax information, financial aid information, and insurance and benefits information
- Transaction history
- Business information
- Passport and visa information
- Work history
- Donation history
- Insurance information
- Military service
- IP addresses
- Location information
- Device information
- Education records including but not limited to coursework, correspondence, evaluations, disciplinary complaints, and other records, and files maintained by The Foundation as part of the educational process
- Any requests for accommodations or leave
- Medical history and treatment information
- Family medical history information
- Disability information
- Biometric and genetic information
- Purchasing activity to secure food, lodging, and other services for you
B. Special Categories
In order to fulfill certain purposes, the Foundation may need to request special categories of Personal Information—information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data; biometric data for the purpose of uniquely identifying a natural person; data concerning health or treatment; or data concerning a natural person’s sex life or sexual orientation.
Before the Foundation processes your special-category Personal Information or your criminal-conviction Personal Information, if any, the Foundation will ask for your affirmative consent unless the Foundation has another legal basis for the processing, in which case the Foundation will inform you of that basis. In this Notice, these special categories are referred to as Sensitive Personal Information.
4. How Does the Foundation Receive Your Personal Information?
The Foundation may collect your Personal Information in various ways, for example:
if you supply Personal Information when using our Website such as signing up to receive more information, entering your data on a form for event registration, and/or asking about volunteer opportunities or other ways you can support us;
- when you inquire about or if you agree to make a donation to the Foundation;
- when you provide Personal Information to the University or the Association;
- from web tools, cookies, and related technologies; and
- if you provide your details to the Foundation for another purpose.
5. Who Processes Your Personal Information?
Your Personal Information may be processed by Foundation directors, employees, advancement staff, and volunteers as may be necessary to carry out the purposes for processing the information and the activities of the Foundation.
- Related Organizations:
The Foundation may share your Personal Information with the University and the Association, each of which shares our commitment to treating Personal Information responsibly.
- Third Parties:
We never sell, trade, or rent your Personal Information. We do not disclose Personal Information to third parties unless we are legally required to do so or where we need assistance of data processors (acting under our instructions) or as mentioned above in the “Related Organizations” section.
We will take reasonable steps so that any Personal Information we collect is only used by those third parties for specific, lawful purposes in line with this GDPR Privacy Notice. We always aim to make sure your Personal Information is treated by third parties to the same standard as you would reasonably expect to be applied in the EEA.
Please note that the Foundation may provide anonymized data developed from Personal Information to third parties, such as our peers, industry groups, and government entities, and that such anonymized data is outside the scope of this GDPR Privacy Notice.
6. How Long Does the Foundation Keep Your Personal Information?
The Foundation keeps records in accordance with all applicable laws and for purposes of business continuity and in support of anticipated constituent requests. Retention schedules are the Foundation’s official policy for the retention and disposal of Personal Information; retention schedules are developed in accordance with all applicable laws, regulations, and best practices. The Foundation’s retention policy states that all retained information must be stored in a manner designed to ensure its accessibility, integrity, confidentiality, authenticity, and legibility.
Foundation staff is responsible for the creation of records retention schedules in consultation with their specific departments/units and legal counsel as necessary. Retention schedules include information regarding format, document creation date, office of record, retention period, method of disposition and document type description. Foundation staff is also responsible for the destruction of records stored in accordance with these schedules.
7. What Are Your Rights as a Data Subject?
As a Data Subject pursuant to the GDPR, you have certain rights. This GDPR Privacy Notice summarizes what these rights under the GDPR involve and how you can exercise these rights. More detail about each right, including exceptions and limitations, can be found in Articles 15-21 and 77 of the GDPR.
Please note: Nothing in this GDPR Privacy Notice is intended by The Foundation to waive sovereign immunity or any other defenses or immunities afforded by any or all U.S. federal law, Illinois state law, other applicable state law in the United States, and EU law.
The Right of Access
You have the right to request that the Foundation confirm whether it is processing your Personal Information. If the Foundation is processing your Personal Information, you have the right to access that Personal Information, and the Foundation will provide you with a copy of that Personal Information unless prevented by applicable law.
The Right of Correction
You have the right to request that the Foundation correct any inaccurate Personal Information that it maintains about you. You also have the right to request that the Foundation complete any incomplete Personal Information that it maintains about you, which could be accomplished by incorporating a supplementary statement that you submit. If the Foundation concurs that the Personal Information is incorrect or incomplete, the Foundation will promptly correct or complete it.
The Right to Erasure
You have the right to request the erasure of Personal Information that the Foundation maintains about you in certain circumstances. These circumstances are identified in Article 17 of the GDPR and include that the Personal Information is no longer necessary in relation to the purpose(s) for which it was collected.
Subject to applicable U.S., state, and EU law, and Foundation policies, including but not limited to its Privacy Statement, and provided that there are no overriding legitimate grounds for the Foundation to retain the Personal Information, the Foundation will comply with the request and will take reasonable steps to inform any third parties with whom the Personal Information was shared.
The Right to Restrict Processing of Personal Information
You have the right to request that the Foundation restrict the processing of your Personal Information where one of the reasons identified in Article 18 of the GDPR apply. These reasons include that the Personal Information is inaccurate, the processing is unlawful, or the Foundation no longer needs the Personal Information.
If the Foundation grants your request to restrict processing, the Foundation will only process that Personal Information with your consent, for the protection of the rights of another natural or legal person, for reasons of important public interest, for the establishment, exercise or defense of legal claims, or as otherwise required by applicable U.S., state, or EU law.
The Right to Data Portability
Where the basis for processing is either consent or performance of a contract between you and the Foundation, and where the processing is carried out by automated means, you have the right to receive your Personal Information that you have provided to the Foundation. The Foundation will provide the Personal Information in a structured, commonly used, and machine-readable format. Where technically feasible and upon your request, the Foundation will transmit the Personal Information directly to another entity.
The Right to Withdraw Consent
If the basis for processing your Personal Information is consent, you may revoke your consent at any time. Upon receipt of your notice withdrawing consent, and if there are no other legal grounds for the processing, the Foundation will stop processing the Personal Information unless the processing is necessary for the establishment, exercise, or defense of legal claims. Revoking consent does not affect the lawfulness of processing that occurred before the revocation.
The Right to Object to Processing
In certain situations, you may have the right to object to processing of your Personal Information
- Public Interest or Legitimate Interests. If the basis for processing your Personal Information is public interest or legitimate interests, you have the right to object to processing the Personal Information. The Foundation will cease processing unless it demonstrates overriding legitimate grounds for processing or the processing is necessary for the establishment, exercise, or defense of legal claims.
- Direct Marketing. If the Foundation is using your Personal Information for direct marketing purposes such as fundraising, you have the right to object at any time, and the Foundation will stop using your Personal Information for that purpose.
The Right to File a Complaint
You have the right to submit a complaint with an EU supervisory authority, in particular the one in the EU Member State of your habitual residence, place of work, or place of the alleged violation, if you believe that the Foundation’s processing of your Personal Information violates the GDPR.
For more information on the process for submitting a complaint, consult the relevant EU supervisory authority: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/ index_en.htm.
8. How to Exercise Your Rights
In order to exercise any of these rights, except the right to file a complaint with an EU supervisory authority, you should submit your request to the Foundation’s Compliance Officer:
Email: SIUF Compliance Officer | email@example.com
Address: 1235 Douglas Dr., MC 6805, Carbondale, IL 62901 USA
At that time, you will be asked to:
- Identify yourself
- Provide information to support that the GDPR applies to you (see Section 2, above).
- Identify the specific information or data that you are concerned about.
- State what right(s) you wish to exercise
To expedite processing your request, please identify the data-collection location (e.g., the website where your Personal Information was collected), if known.
9. How Does the Foundation Respond to Requests for Personal Information?
In addition to the rights provided by the GDPR, you may also have rights with respect to your Personal Information pursuant to U.S. federal law, state law, or Foundation policy. When you submit a request to the Foundation to exercise your rights, it will respond in accordance with existing Foundation policies and procedures that implement the relevant privacy law(s).
10. Existence of Automated Individual Decision-Making
The Foundation, in conjunction with the University and the Association, uses automated decision-making, including profiling, to help identify prospective supporters of the University and its activities. The logic takes an all-factor approach to assessing a possible donor’s propensity to support the University and may result in a prospective donor being contacted to explore support opportunities.
You will not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for entering into or performing a contract or unless you explicitly consent.
11. Transfer of Personal Information outside the EEA
The Foundation is based in the U.S. and is subject to U.S. and Illinois law. Personal Information that you provide to the Foundation will generally be hosted on U.S. servers. To the extent that the Foundation needs to transfer your information either (a) from the EEA to the U.S. or another country or (b) from the U.S. to another country, the Foundation will do so on the basis of either (i) an “adequacy decision” by the European Commission; (ii) EU-sanctioned “appropriate safeguards” for transfer such as model clauses, a copy of which you may request, if applicable, by contacting the Foundation as set forth in Section 12; (iii) your explicit and informed consent; or (iv) it being necessary for the performance of a contract or the implementation of pre-contractual measures with the Foundation, in which case the Foundation will inform you of the intent to transfer the Personal Information. Please note that the U.S. is not currently considered a safe harbor country under the GDPR.
12. How Do I Contact the Foundation, the Data Controller?
The Foundation is the data controller. If you have any questions about anything contained in this GDPR Privacy Notice, please contact the Foundation’s Compliance Officer:
Email: SIUF Compliance Officer | firstname.lastname@example.org
Address: 1235 Douglas Dr., MC 6805, Carbondale, IL 62901 USA
If you are interested in reviewing an English version of the GDPR, please see http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN.
14. Updates to GDPR Privacy Notice
The Foundation may update this GDPR Privacy Notice from time to time. Any changes will become effective upon posting of the revised GDPR Privacy Notice.