A “controller” is the legal entity which, alone or jointly with others, determines the purposes and means of the processing of personal data. SFGHF is the data controller for all data described by this policy.
Information Collection, Use, Access, and Retention.
We collect information in several ways through our Site. When you use our Site, we collect personal information about you that you affirmatively choose to provide to us. For instance, when you donate money, you must provide your first name, last name, email address, mailing address, and payment information. You may also, if you choose, provide your phone number as well as answers to several additional questions. When you donate a car we collect information about the car you are donating in addition to the information we collect in connection with a monetary donation. We also collect personal information in other ways, such as when you subscribe to our newsletter, sign up for our email list (online or in person), contact us by email or traditional mail, make a purchase from our online store, and/or contact us by telephone.
When you interact with our Site, we also collect limited non-personally identifying information that the browser you used makes available automatically. This information includes the internet address of the computer or network you used to access our site, the date, time, and page(s) you visited on our site, the browser and operating system you used, and the referring page (the webpage that contained the link to our site that you clicked on to get there).
When you make a donation or purchase from our store, we will collect your payment information. We use third-party vendors (our “Payment Processing Vendors”) to collect and process your payment information. Your credit card information is not held by us and we use our Payment Processing Vendors because the safety of your credit card information is important to us, and our Payment Processing Vendors specialize in the secure online capture and processing of credit and debit card transactions. As with all our third party vendors, we have agreements in place with our Payment Processing Vendors that ensures that they comply with the terms of this policy.
We have a legitimate business interest in ensuring that our Site operates correctly and efficiently. To that end, we use the aggregated nonpersonal data and information from all users of our Site to measure server performance, analyze user traffic patterns, and improve the content of our Site. We sometimes track the keywords that are entered into our search engines to measure interest in specific topics and to improve the consumer experience on the site.
We have a legitimate business interest in communicating with you about your donations and subscriptions, and will use your personal information to send you important non-commercial emails, such as administrative notices related to your donations and/or subscriptions. Unless you opt out, we will include your name in the annual report to recognize your support when you make a donation.
We may share your information with key partners and affiliates. We have contractual relationships with all such partners and affiliates that require them to safeguard your information and allow you to opt out of receiving further information from them. Partner and affiliate use of your data is governed by their own privacy policies, and is not controlled by SFGHF. If you do not wish to be contacted by a particular partner nor affiliate, follow the unsubscribe instructions in an email you receive from them, or by follow any other instructions the partner provides you. If you would like SFGHF to stop sharing your information with its partners, submit a request by sending an e-mail to firstname.lastname@example.org that contains the email address and/or mailing address you wish to revoke consent for third-party sharing.
We also have a legitimate business interest in complying with our legal obligations. To that end, we may release personal information if we believe in good faith that: the law or legal process requires it; we have received a valid administrative request from a law enforcement agency; or such release is necessary to protect our rights, property, or safety, or that of our respective affiliates, business partners, customers, or others. Because the law provides we must retain and maintain records relating to donors, we are also obligated under the law to keep certain of your information and disclose it upon request or subpoena to government entities, such as the Internal Revenue Service.
Pursuant to your reasonable request, we will provide you or a third-party you specify with a list of all of your personal information that SFGHF has collected.
Similarly, upon your request, we will make corrections to our records of your personal data.
As described above, some of the online services available through our Site allow you to provide personal information. All personal information we collect is stored and processed in the United States.
We will retain your personal information while you have an active relationship with SFGHF, including if you have subscribed to a newsletter, opted in to receive fundraising content from us, have made a donation, or have affirmatively made requests of us that we, or our data processors, are fulfilling. If SFGHF determines that it no longer requires your information for the purposes set forth above, it will delete your information consistent with its retention policies.
If you would like us to delete all of your personal information and/or remove your name and address from promotional lists (including any personal information gathered by our service providers) and place your name on our “do not contact” list, contact our Data Privacy Team at email@example.com and request that you be placed on our “do not contact” list. Please note that because names may be similar, you must include in your request all associated email addresses and phone numbers (if any) that you wish to be removed in the body of the email. We reserve the right to contact you for administrative purposes to request more information in order to assist us in deleting your content. We will make commercially reasonable efforts to delete your information within thirty (30) days from our active files, provided, however, that we may retain—for legal compliance purposes only—your request and associated email in a hashed format so that we do not inadvertently restore your information to our database. Please note that requests to update your personal information may take up to five (5) business days. You may also request that we stop processing your information without deleting it, and we will comply within ten (10) days of receipt of such a request.
Notwithstanding the above, SFGHF will retain your information indefinitely if it believes in good faith that it has a legal obligation to do so, including for tax purposes, but will only use that information for the specific necessary purpose for which it was retained.
The Do-Not-Track Signal (“DNT”) is used by some web browsers to automatically request that a web application disable site tracking. Because the DNT often does not reflect the actual preferences of an individual consumer, our website does not respond to the DNT. Instead, and in order to allow you to personalize your experience with our Site, you may elect not to receive marketing messages and/or have certain cookies placed on their browser, as discussed earlier in this Policy.
The Site is a general audience website, intended for adult use. We do not market to, and do not knowingly collect any personally identifiable information from children under sixteen (16) years of age. Children should always get permission from their parents before sending any personal information about themselves (such as their names, email addresses, and phone numbers) over the Internet, to us or to anyone else. We encourage you to become involved in your children’s online experience, and to share your knowledge and experience with your young ones. If you’re under 16, please do not register for any of our services or provide us with any personally identifying information (such as your name, email address or phone number). Please contact our customer service department if you are aware of any personal information supplied to the Site by a child under the age of sixteen (16).
We take reasonable and appropriate security measures to protect unauthorized access, alteration or destruction of data located on and collected by our Site. We exercise reasonable care to protect your non-public personal information. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. While we strive to protect your non-public personal information, we cannot guarantee the security of any information you transmit to us or receive from us while it is in transit. Once we receive your personal information, we maintain physical, electronic and procedural safeguards to protect it. If a data breach occurs, we will notify you and the proper EEA authority (if required) within seventy-two (72) hours (if reasonably feasible).
How to Contact Us
San Francisco General Hospital Foundation
P.O. Box 410836
San Francisco, CA 94141-0836