Privacy Pledge

The Southern Illinois University Foundation (hereafter referred to as “Foundation”) and the Southern Illinois University Alumni Association (hereafter referred to as “Association”) are jointly committed to maintaining the trust and confidence of our alumni, members, donors, and friends.

An important benefit of your affiliation with the Foundation and/or the Association is the opportunity to receive communications, offers, products, and services. For this reason, we want you to understand how we obtain information and protect your privacy.

If you are an alumnus of Southern Illinois University Carbondale (hereafter referred to as “University”), information is obtained from your University student record. Nonpublic personal information about alumni, members, donors, and friends is obtained from personal interactions, communications, surveys, transcript requests, and activities with the University and its affiliates.

The Foundation and/or the Association restrict information access to only those who perform authorized activities. The Foundation and the Association have implemented physical, electronic, and managerial procedures to safeguard and secure this information, prevent unauthorized access, maintain data accuracy, and ensure its appropriate use.

You may withdraw from any of our services by notifying the Senior Data Analyst, Southern Illinois University Carbondale, Colyer Hall, Mail Code 6805, 1235 Douglas Drive, Carbondale, IL 62901. Phone: 618/453-4900.

PRIVACY POLICY

The Southern Illinois University Foundation Privacy Policy was developed to explain our online information practices and the way your information is collected and used on our site. The Foundation is committed to the ethical collection and use of information in the pursuit of legitimate institutional goals. We support and further the individual’s fundamental right to privacy.

Personally Identifiable Information

Collection of information is limited to publicly available sources, correspondence, and constituent relationships, including information from donor engagement and fundraising activities. Information gathered is used in pursuit of the institutional mission and goals of the Foundation, Association and University and its programs. This information may be shared with Foundation development, the Association, University administration, affiliated organizations, authorized users, and third-party contractual partners such as vendors for data services or marketing purposes. Vendors are required to have contracts with controls on data use and are prohibited from selling or repurposing constituent data.

In addition, we may share information as:

permitted by the Foundation and University policies;
consent is given by the individual;
authorized by an approved Foundation, University, or Association contract for service;
permitted by law.

Information collected and stored is not sold, rented, marketed, or allowed to be used in a manner inconsistent with the mission and goals of the Foundation, the Association, and the University.

The Foundation maintains physical and electronic safeguards to protect against the loss or misuse of data under our control. These safeguards include restricted access to computer systems, firewalls, encryption, and secure authentication methods. Information is always transferred to authorized users in a secure, password protected manner.

While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information as no method of transmission over the Internet or method of electronic storage is fully secure. In the event we are required by law to inform you of a breach to your personal information, we will notify you electronically, in writing, or by telephone, if legally permitted.

Non-personally identifiable information collected automatically and cookies

In some cases, information that is not personally identifiable may be automatically collected and/or logged. For example, information about the browser, operating system, IP address, and the domain name of sites that are linked to the Foundation website. When you view the Foundation website, some data may be stored on your computer. These small pieces of data are called “cookies.” These cookies allow us to tailor a website or advertisement to better match your interests and preferences. Personally identifiable information is not stored on cookies. With most Internet browsers, you can alter user preferences to erase cookies from your hard drive, block cookies, or have it prompt you to either accept or refuse to store the cookie. Refer to your browser instructions or help screen to learn more about these functions.

Third-party sites and services

The Foundation website may incorporate or contain links to third-party websites, products, and services. Our services may also use or offer services from third parties − for example, a third-party customer relationship management (CRM) software. Information collected by third parties, which may include such things as contact details, is governed by their privacy practices. The Foundation encourages you to learn about the privacy practices of those third parties.

Google Analytics

The Foundation uses a tool called “Google Analytics” to collect information about use of this site. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. The sole purpose of the information the Foundation gets from Google Analytics is to improve this site. Google Analytics collects only the IP address assigned to each unique visitor on the date they visit this site, rather than a name or other identifying information. The Foundation does not combine the information collected through Google Analytics with personally identifiable information. Although Google Analytics plants a permanent cookie on the web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about site visits is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. Google Analytics can be prevented from recognizing all return visits to any website by disabling cookies on the browser.

Opt-out: Google Analytics opt-out browser add-on

Children

The Foundation is committed to complying with the Children’s Online Privacy and Protection Act (COPPA). The Foundation does not knowingly collect information on children under 13 years of age without the consent of a parent or guardian. Users under the age of 13 and their parents and guardians are cautioned that the collection of personal information volunteered by children online or by e-mail will be treated the same as information given by an adult until the Foundation becomes aware that the user is under the age of 13.

General Data Protection Regulation (GDPR) Privacy Notice

1. Commitment to protecting privacy and transparency

Southern Illinois University Foundation (“Foundation”) is committed to respecting and protecting the privacy rights of persons in the EEA—comprised of the European Union (“EU”) and the countries of Iceland, Norway, and Lichtenstein—pursuant to the EU General Data Protection Regulation (“GDPR”). This GDPR Privacy Notice describes the Foundation’s commitment to the privacy of persons in the EEA.

2. Does this GDPR Privacy Notice apply to me?

This GDPR Privacy Notice applies to you if:

You are a “Person” or “Data Subject”—meaning a natural person, not a corporation, partnership, or other legal entity—who is currently physically present in the EEA;
It is with respect to your “Personal Information”—meaning any information relating to an identified or identifiable person—that is provided while you are physically present in the EEA;
Such Personal Information is not earlier or later provided to the Foundation while you are outside the EEA; and
Such Personal Information is provided to the Foundation:
- During the course of the Foundation offering you goods or services;
- While you are associated with any of the Foundation’s programs.

3. What Personal Information Does the Foundation Process?

We process your Personal Information, meaning we collect, record, organize, structure, store, adapt, alter, retrieve, consult, use, disclose by transmission, disseminate, make available, align, combine, restrict, erase, or destroy your Personal Information.

A. General Categories

Depending on the specific purpose for processing Personal Information, The Foundation may process the following general categories of Personal Information:

Names
Addresses
Telephone numbers
Email addresses
Identification numbers including but not limited to social security numbers and driver’s license numbers
The Foundation identification numbers
Personal identification numbers
Usernames
Passwords
Demographic information, including residential information
Education history
Entrance exam scores
Background check information, including criminal records
Personal references
Emergency contact information
Financial information and family financial information including credit and debit-card numbers, tax information, financial aid information, and insurance and benefits information
Transaction history
Business information
Passport and visa information
Work history
Donation history
Insurance information
Military service
IP addresses
Location information
Device information
Metadata
Education records including but not limited to coursework, correspondence, evaluations, disciplinary complaints, and other records, and files maintained by The Foundation as part of the educational process
Any requests for accommodations or leave
Medical history and treatment information
Family medical history information
Disability information
Biometric and genetic information
Photographs
Purchasing activity to secure food, lodging, and other services for you

B. Special Categories

In order to fulfill certain purposes, the Foundation may need to request special categories of Personal Information—information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data; biometric data for the purpose of uniquely identifying a natural person; data concerning health or treatment; or data concerning a natural person’s sex life or sexual orientation.

Before the Foundation processes your special-category Personal Information or your criminal-conviction Personal Information, if any, the Foundation will ask for your affirmative consent unless the Foundation has another legal basis for the processing, in which case the Foundation will inform you of that basis. In this Notice, these special categories are referred to as Sensitive Personal Information.

4. How Does the Foundation Receive Your Personal Information?

The Foundation may collect your Personal Information in various ways, for example:

if you supply Personal Information when using our Website such as signing up to receive more information, entering your data on a form for event registration, and/or asking about volunteer opportunities or other ways you can support us;

when you inquire about or if you agree to make a donation to the Foundation;
when you provide Personal Information to the University or the Association;
from web tools, cookies, and related technologies; and
if you provide your details to the Foundation for another purpose.

5. Who Processes Your Personal Information?

Foundation:
Your Personal Information may be processed by Foundation directors, employees, advancement staff, and volunteers as may be necessary to carry out the purposes for processing the information and the activities of the Foundation.
Related Organizations:
The Foundation may share your Personal Information with the University and the Association, each of which shares our commitment to treating Personal Information responsibly.
Third Parties:
We never sell, trade, or rent your Personal Information. We do not disclose Personal Information to third parties unless we are legally required to do so or where we need assistance of data processors (acting under our instructions) or as mentioned above in the “Related Organizations” section.

We will take reasonable steps so that any Personal Information we collect is only used by those third parties for specific, lawful purposes in line with this GDPR Privacy Notice. We always aim to make sure your Personal Information is treated by third parties to the same standard as you would reasonably expect to be applied in the EEA.

Please note that the Foundation may provide anonymized data developed from Personal Information to third parties, such as our peers, industry groups, and government entities, and that such anonymized data is outside the scope of this GDPR Privacy Notice.

6. How Long Does the Foundation Keep Your Personal Information?

The Foundation keeps records in accordance with all applicable laws and for purposes of business continuity and in support of anticipated constituent requests. Retention schedules are the Foundation’s official policy for the retention and disposal of Personal Information; retention schedules are developed in accordance with all applicable laws, regulations, and best practices. The Foundation’s retention policy states that all retained information must be stored in a manner designed to ensure its accessibility, integrity, confidentiality, authenticity, and legibility.

Foundation staff is responsible for the creation of records retention schedules in consultation with their specific departments/units and legal counsel as necessary. Retention schedules include information regarding format, document creation date, office of record, retention period, method of disposition and document type description. Foundation staff is also responsible for the destruction of records stored in accordance with these schedules.

7. What Are Your Rights as a Data Subject?

As a Data Subject pursuant to the GDPR, you have certain rights. This GDPR Privacy Notice summarizes what these rights under the GDPR involve and how you can exercise these rights. More detail about each right, including exceptions and limitations, can be found in Articles 15-21 and 77 of the GDPR.

Please note: Nothing in this GDPR Privacy Notice is intended by The Foundation to waive sovereign immunity or any other defenses or immunities afforded by any or all U.S. federal law, Illinois state law, other applicable state law in the United States, and EU law.

The Right of Access

You have the right to request that the Foundation confirm whether it is processing your Personal Information. If the Foundation is processing your Personal Information, you have the right to access that Personal Information, and the Foundation will provide you with a copy of that Personal Information unless prevented by applicable law.

The Right of Correction

You have the right to request that the Foundation correct any inaccurate Personal Information that it maintains about you. You also have the right to request that the Foundation complete any incomplete Personal Information that it maintains about you, which could be accomplished by incorporating a supplementary statement that you submit. If the Foundation concurs that the Personal Information is incorrect or incomplete, the Foundation will promptly correct or complete it.

The Right to Erasure

You have the right to request the erasure of Personal Information that the Foundation maintains about you in certain circumstances. These circumstances are identified in Article 17 of the GDPR and include that the Personal Information is no longer necessary in relation to the purpose(s) for which it was collected.

Subject to applicable U.S., state, and EU law, and Foundation policies, including but not limited to its Privacy Statement, and provided that there are no overriding legitimate grounds for the Foundation to retain the Personal Information, the Foundation will comply with the request and will take reasonable steps to inform any third parties with whom the Personal Information was shared.

The Right to Restrict Processing of Personal Information

You have the right to request that the Foundation restrict the processing of your Personal Information where one of the reasons identified in Article 18 of the GDPR apply. These reasons include that the Personal Information is inaccurate, the processing is unlawful, or the Foundation no longer needs the Personal Information.

If the Foundation grants your request to restrict processing, the Foundation will only process that Personal Information with your consent, for the protection of the rights of another natural or legal person, for reasons of important public interest, for the establishment, exercise or defense of legal claims, or as otherwise required by applicable U.S., state, or EU law.

The Right to Data Portability

Where the basis for processing is either consent or performance of a contract between you and the Foundation, and where the processing is carried out by automated means, you have the right to receive your Personal Information that you have provided to the Foundation. The Foundation will provide the Personal Information in a structured, commonly used, and machine-readable format. Where technically feasible and upon your request, the Foundation will transmit the Personal Information directly to another entity.

The Right to Withdraw Consent

If the basis for processing your Personal Information is consent, you may revoke your consent at any time. Upon receipt of your notice withdrawing consent, and if there are no other legal grounds for the processing, the Foundation will stop processing the Personal Information unless the processing is necessary for the establishment, exercise, or defense of legal claims. Revoking consent does not affect the lawfulness of processing that occurred before the revocation.

The Right to Object to Processing

In certain situations, you may have the right to object to processing of your Personal Information

Public Interest or Legitimate Interests. If the basis for processing your Personal Information is public interest or legitimate interests, you have the right to object to processing the Personal Information. The Foundation will cease processing unless it demonstrates overriding legitimate grounds for processing or the processing is necessary for the establishment, exercise, or defense of legal claims.
Direct Marketing. If the Foundation is using your Personal Information for direct marketing purposes such as fundraising, you have the right to object at any time, and the Foundation will stop using your Personal Information for that purpose.

The Right to File a Complaint

You have the right to submit a complaint with an EU supervisory authority, in particular the one in the EU Member State of your habitual residence, place of work, or place of the alleged violation, if you believe that the Foundation’s processing of your Personal Information violates the GDPR.

For more information on the process for submitting a complaint, consult the relevant EU supervisory authority: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/ index_en.htm.

8. How to Exercise Your Rights

In order to exercise any of these rights, except the right to file a complaint with an EU supervisory authority, you should submit your request to the Foundation’s Compliance Officer:

Email: SIUF Compliance Officer | compliance@foundation.siu.edu
Telephone: 618-453-4900
Address: 1235 Douglas Dr., MC 6805, Carbondale, IL 62901 USA

At that time, you will be asked to:

Identify yourself
Provide information to support that the GDPR applies to you (see Section 2, above).
Identify the specific information or data that you are concerned about.
State what right(s) you wish to exercise

To expedite processing your request, please identify the data-collection location (e.g., the website where your Personal Information was collected), if known.

9. How Does the Foundation Respond to Requests for Personal Information?

In addition to the rights provided by the GDPR, you may also have rights with respect to your Personal Information pursuant to U.S. federal law, state law, or Foundation policy. When you submit a request to the Foundation to exercise your rights, it will respond in accordance with existing Foundation policies and procedures that implement the relevant privacy law(s).

10. Existence of Automated Individual Decision-Making

The Foundation, in conjunction with the University and the Association, uses automated decision-making, including profiling, to help identify prospective supporters of the University and its activities. The logic takes an all-factor approach to assessing a possible donor’s propensity to support the University and may result in a prospective donor being contacted to explore support opportunities.

You will not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for entering into or performing a contract or unless you explicitly consent.

11. Transfer of Personal Information outside the EEA

The Foundation is based in the U.S. and is subject to U.S. and Illinois law. Personal Information that you provide to the Foundation will generally be hosted on U.S. servers. To the extent that the Foundation needs to transfer your information either (a) from the EEA to the U.S. or another country or (b) from the U.S. to another country, the Foundation will do so on the basis of either (i) an “adequacy decision” by the European Commission; (ii) EU-sanctioned “appropriate safeguards” for transfer such as model clauses, a copy of which you may request, if applicable, by contacting the Foundation as set forth in Section 12; (iii) your explicit and informed consent; or (iv) it being necessary for the performance of a contract or the implementation of pre-contractual measures with the Foundation, in which case the Foundation will inform you of the intent to transfer the Personal Information. Please note that the U.S. is not currently considered a safe harbor country under the GDPR.

12. How Do I Contact the Foundation, the Data Controller?

The Foundation is the data controller. If you have any questions about anything contained in this GDPR Privacy Notice, please contact the Foundation’s Compliance Officer: