Protecting your privacy is a fundamental component of our service at the Saint Agatha Foundation (“the Foundation ”). The Foundation is committed to maintaining the confidentiality, integrity and security of personal information entrusted to us by donors. Article 5 of the General Data Protection Regulation (“GDPR”) states that Personal Data must be processed lawfully, fairly and in a transparent manner. In line with the GDPR changes, we are providing our Privacy Notice so you can better understand why and how we collect, process and destroy your data. Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.
For purposes of this Privacy Notice, the following terms will be defined as follows:
- “Personal Data” or “Personal Information” means any information about an individual from which that person can be identified. Personal Data and/or Personal Information does not include data where the identity has been removed (i.e., anonymous data).
- “Special Categories” means more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation.
- “Data Subject” refers to any individual person who can be identified, directly or indirectly, via an identifier such as name, ID number or location data.
Identity of the firm
The Foundation, located at 165 Township Line Road, Suite 1200 Jenkintown, PA 19046, United States, is considered a data controller under GDPR. We determine the purpose for which, and manner in which, any Personal Data is processed.
What types of Personal Data do we collect?
The Foundation collects both anonymous data and Personal Data volunteered by you. Personal Information is anything which enables you to be identified in some way, such as your name and an email address. The types of Personal Information collected might include name, date of birth, e-mail address, postal address, telephone number, and bank transfer details. We also use “cookies,” which are text files placed on your computer, to collect information about how the site is used. Our cookies do not save or store any Personal Information.
Lawful basis for data processing
Where we process your Personal Data as your data controller, we rely on the following (as applicable):
- Performance of Contract: We will rely on performance of contract as a legal basis when we process your data to perform a contract we have entered into with you.
- Legitimate Interest: We may sometimes rely on legitimate interest. We will only rely on legitimate interest when we have balanced our legitimate interest against your fundamental rights (see below for additional detail); and
- Legal Obligation: We strictly comply with all applicable laws and regulations as it relates to processing, including the Internal Revenue Code of 1986, as amended, as it relates to the disclosure of donor names on IRS Form 990 (Return of Organization Exempt from Income Tax).
Data inquiries and updates
If you want to review, change or update the Personal Information that you have provided to us; request that you be removed from a mailing list; or address any other privacy concerns you may have, please contact our office toll-free at (888) 878-7900, or by putting your request in writing to Saint Agatha Foundation, Data Privacy Team, 165 Township Line Road, Suite 1200, Jenkintown, PA 19046. These requests can also be made via email to: DataPrivacy@NPTrust.org.
Purpose of data collected
You may, at times, be asked to supply Personal Information, for example when you inquire about our activities, request information, or make a contribution. The Foundation collects data from its website for a number of reasons: to understand more about how the site is used by visitors; to provide you with the services, products or information you have requested; and for administration purposes. The Foundation may need to share your Personal Information partners, associated organizations and agents for these purposes. If you supply such information, the Foundation is legally bound to ensure that such information is only used for the purpose for which it was requested and also to ensure that the data is held securely.
Who we share our information with
We will not share Personal Information about you with third parties without your consent. There may be times when we are required, by law, to pass on some of this Personal Data to:
- Law enforcement agencies; government bodies; tax authorities; courts tribunals and complaints/dispute resolution bodies;
- Other bodies as required by law or regulation.
Security and encryption
Information that you provide to us is stored on secure servers in the United States. We have put into effect appropriate procedures to safeguard and secure the information we collect online. When using our forms to register or receive information from the Foundation, we use the Secure Service Layer (SSL) encryption method for all secure submissions. This method is generally accepted to ensure that the transmission of Personal Information is secure. Common browsers make it obvious when information is being passed in a secure manner by displaying either a completed key or a closed lock on the screen.
The Foundation will retain your Personal Data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal or tax requirements, in accordance with the organization’s Data Retention Policy.
Your rights and your personal data
Please be aware that you have the following data protection rights:
- The right to be informed about the Personal Data the Foundation collects from and processes about you;
- The right to access Personal Data the Foundation processes about you;
- The right to ratification of your Personal Data;
- The right to erasure of your Personal Data in certain circumstance;
- The right to restrict processing of your Personal Data;
- The right to data portability in certain circumstance;
- The right to object to the processing of your Personal Data; and
- The right not to be subject to automated decision making and profiling.
Where we may seek to further process your Personal Data for reasons other than the original purpose for which it was collected, the Foundation shall process such data in a manner compatible with the original purpose.
The Foundation has put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties on a ‘need to know’ basis. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. The Foundation will only transfer Personal Data to a third party if they agree to comply with those procedures and policies, or put in place adequate measures prior to receiving it. Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorized purposes) of the Personal Data.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We occasionally process your Personal Information under the “Legitimate Interests” legal basis. Where this is the case, we have carried out a “Legitimate Interests Assessment” pursuant to which we weigh your interests and any risk posed to you against our own, and confirm that such interests are proportionate and appropriate such as for the purposes of Human Resources, marketing and/or day-to-day operations.
When sending marketing materials to financial advisors and/or donors (or other recipients), we may have the option to rely on the financial advisor’s or donor’s consent, or on Legitimate Interest. We only rely on the Legitimate Interests legal basis for marketing if we have assessed that the information being sent is beneficial to the recipient, and we have weighed our interests against the recipient’s own and there is little to no risk posed, the method and content is non‑intrusive, and the material being sent is something the recipient would usually expect to receive.
Cookies, analytics and traffic data
Changes to our Privacy Notice
The Foundation reserves the right to amend this Privacy Notice. Any changes we may make to our Privacy Notice in the future will be posted on this page and, where appropriate, notice will be provided to you by email.