Privacy Policy

Your privacy is important to us. The following privacy policy outlines the types of information the San Francisco General Hospital Foundation (“SFGHF,” “we,” “our,” or “us”) gathers when you visit our website (, the “Site”) as well as information you provide to us in person or through the mail, and steps we take to safeguard it. SFGHF is located at 2789 25th Street, Suite 2028, San Francisco, CA 94110, and is responsible for the content of the Site as well as the collection and management of user information. This Policy was last updated on 12/17/2018.

Data Controller:
A “controller” is the legal entity which, alone or jointly with others, determines the purposes and means of the processing of personal data. SFGHF is the data controller for all data described by this policy.
Information Collection, Use, Access, and Retention.


We collect information in several ways through our Site. When you use our Site, we collect personal information about you that you affirmatively choose to provide to us. For instance, when you donate money, you must provide your first name, last name, email address, mailing address, and payment information. You may also, if you choose, provide your phone number as well as answers to several additional questions. When you donate a car we collect information about the car you are donating in addition to the information we collect in connection with a monetary donation. We also collect personal information in other ways, such as when you subscribe to our newsletter, sign up for our email list (online or in person), contact us by email or traditional mail, make a purchase from our online store, and/or contact us by telephone.

To help us serve you better, we collect information that identifies the computer or browser used to access our Site, as well as the user account associated with that computer/browser if you are logged in. Cookies are pieces of information placed in the settings of your web browser by a website server to identify your computer when you return to a website. Whenever a site welcomes you and tailors data to your specifications, it is reading a cookie left in your browser and identifying information that you may have registered during previous visits, such as your viewing preferences. The use of cookies is a standard practice among Internet websites and most Internet web browsers may be customized to reject cookies, to only accept or reject cookies by user intervention, or to delete cookies. Please note that some website features may not function properly if all cookies are blocked. Except as noted below, the cookies placed by our Site do not collect any personal information, and are essential to provision of a functional website and/or app, which we have a legitimate interest in providing (these are known as “Necessary Cookies” and include cookies that drive your navigation on our Site). Once you leave our Site, these Necessary Cookies are no longer used.

When you interact with our Site, we also collect limited non-personally identifying information that the browser you used makes available automatically. This information includes the internet address of the computer or network you used to access our site, the date, time, and page(s) you visited on our site, the browser and operating system you used, and the referring page (the webpage that contained the link to our site that you clicked on to get there).


When you make a donation or purchase from our store, we will collect your payment information. We use third-party vendors (our “Payment Processing Vendors”) to collect and process your payment information. Your credit card information is not held by us and we use our Payment Processing Vendors because the safety of your credit card information is important to us, and our Payment Processing Vendors specialize in the secure online capture and processing of credit and debit card transactions. As with all our third party vendors, we have agreements in place with our Payment Processing Vendors that ensures that they comply with the terms of this policy.


We have a legitimate business interest in ensuring that our Site operates correctly and efficiently. To that end, we use the aggregated nonpersonal data and information from all users of our Site to measure server performance, analyze user traffic patterns, and improve the content of our Site. We sometimes track the keywords that are entered into our search engines to measure interest in specific topics and to improve the consumer experience on the site.

We have a legitimate business interest in communicating with you about your donations and subscriptions, and will use your personal information to send you important non-commercial emails, such as administrative notices related to your donations and/or subscriptions. Unless you opt out, we will include your name in the annual report to recognize your support when you make a donation.

Unless you request that we do not, we will use your e-mail address and/or other personal information to contact you regarding future giving opportunities and events. Even after you have agreed to receive such messages, you can let us know at any time if you would prefer not to receive any or all of this information either directly or through our Site, by following the unsubscribe instructions in any email you receive from us, or by sending an e-mail to that contains the email address you wish us to unsubscribe from our lists. As noted above, even if you opt out of receiving marketing messages, we will still send you important non-commercial messages so long as you maintain your donations and/or subscriptions, or have maintained any electronic account with us. If you want to delete your account completely, you may do so by requesting we close your account as outlined in the Retention section of this Privacy Policy.

We may share your information with key partners and affiliates. We have contractual relationships with all such partners and affiliates that require them to safeguard your information and allow you to opt out of receiving further information from them. Partner and affiliate use of your data is governed by their own privacy policies, and is not controlled by SFGHF. If you do not wish to be contacted by a particular partner nor affiliate, follow the unsubscribe instructions in an email you receive from them, or by follow any other instructions the partner provides you. If you would like SFGHF to stop sharing your information with its partners, submit a request by sending an e-mail to that contains the email address and/or mailing address you wish to revoke consent for third-party sharing.
We also have a legitimate business interest in complying with our legal obligations. To that end, we may release personal information if we believe in good faith that: the law or legal process requires it; we have received a valid administrative request from a law enforcement agency; or such release is necessary to protect our rights, property, or safety, or that of our respective affiliates, business partners, customers, or others. Because the law provides we must retain and maintain records relating to donors, we are also obligated under the law to keep certain of your information and disclose it upon request or subpoena to government entities, such as the Internal Revenue Service.

SFGHF uses third parties to process your personal data when it serves a legitimate business purpose (such as our Payment Processing Vendors). Our contracts with these third party processors require them to comply with the terms and the intent of this privacy policy, and to make all commercially reasonable efforts to safeguard your information.


Pursuant to your reasonable request, we will provide you or a third-party you specify with a list of all of your personal information that SFGHF has collected.

Similarly, upon your request, we will make corrections to our records of your personal data.


As described above, some of the online services available through our Site allow you to provide personal information. All personal information we collect is stored and processed in the United States.

We will retain your personal information while you have an active relationship with SFGHF, including if you have subscribed to a newsletter, opted in to receive fundraising content from us, have made a donation, or have affirmatively made requests of us that we, or our data processors, are fulfilling. If SFGHF determines that it no longer requires your information for the purposes set forth above, it will delete your information consistent with its retention policies.

If you would like us to delete all of your personal information and/or remove your name and address from promotional lists (including any personal information gathered by our service providers) and place your name on our “do not contact” list, contact our Data Privacy Team at and request that you be placed on our “do not contact” list. Please note that because names may be similar, you must include in your request all associated email addresses and phone numbers (if any) that you wish to be removed in the body of the email. We reserve the right to contact you for administrative purposes to request more information in order to assist us in deleting your content. We will make commercially reasonable efforts to delete your information within thirty (30) days from our active files, provided, however, that we may retain—for legal compliance purposes only—your request and associated email in a hashed format so that we do not inadvertently restore your information to our database. Please note that requests to update your personal information may take up to five (5) business days. You may also request that we stop processing your information without deleting it, and we will comply within ten (10) days of receipt of such a request.

Notwithstanding the above, SFGHF will retain your information indefinitely if it believes in good faith that it has a legal obligation to do so, including for tax purposes, but will only use that information for the specific necessary purpose for which it was retained.

Do-Not-Track Signal

The Do-Not-Track Signal (“DNT”) is used by some web browsers to automatically request that a web application disable site tracking. Because the DNT often does not reflect the actual preferences of an individual consumer, our website does not respond to the DNT. Instead, and in order to allow you to personalize your experience with our Site, you may elect not to receive marketing messages and/or have certain cookies placed on their browser, as discussed earlier in this Policy.

Children’s Access

The Site is a general audience website, intended for adult use. We do not market to, and do not knowingly collect any personally identifiable information from children under sixteen (16) years of age. Children should always get permission from their parents before sending any personal information about themselves (such as their names, email addresses, and phone numbers) over the Internet, to us or to anyone else. We encourage you to become involved in your children’s online experience, and to share your knowledge and experience with your young ones. If you’re under 16, please do not register for any of our services or provide us with any personally identifying information (such as your name, email address or phone number). Please contact our customer service department if you are aware of any personal information supplied to the Site by a child under the age of sixteen (16).


Our website may contain links to other sites, including those of our business partners. Those sites may have their own privacy policies, or no privacy policies at all. The SFGHF is not responsible for the privacy practices employed by other sites and those other sites have not agreed to our privacy policy. The SFGHF has no control over or responsibility for any unaffiliated third party sites or the content contained in them, and we provide these links solely for the convenience of our visitors. We do not sponsor, endorse, or otherwise recommend such sites or any products or services they may offer. In short, once you leave our Site, we are no longer responsible for the collection practices of the companies operating those sites.

Site Security

We take reasonable and appropriate security measures to protect unauthorized access, alteration or destruction of data located on and collected by our Site. We exercise reasonable care to protect your non-public personal information. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. While we strive to protect your non-public personal information, we cannot guarantee the security of any information you transmit to us or receive from us while it is in transit. Once we receive your personal information, we maintain physical, electronic and procedural safeguards to protect it. If a data breach occurs, we will notify you and the proper EEA authority (if required) within seventy-two (72) hours (if reasonably feasible).

How to Contact Us

Should you have other questions or concerns about our privacy policy, please contact our office by phone at (628) 206-4478, Monday through Friday, 9am to 5:00pm, Pacific Time, by email to, or by regular mail to:

San Francisco General Hospital Foundation
P.O. Box 410836
San Francisco, CA 94141-0836

Policy Changes

We reserve the right, at our sole discretion, to change, modify, add, or remove any portion of this Privacy Policy, in whole or in part, at any time. Modification of changes in the Agreement will be disseminated via our Site, including posting on our website at By using the Site you agree to be bound by any such revisions and should therefore periodically visit the page to determine the then current terms of use to which you are bound.