Privacy Policy

Contents

Who We Are and How to Contact Us

Jurisdiction-Specific Rights: Oregon, EEA and U.K.

Children Under the Age of 16

Personal Data We Collect and Process

How We Use Your Personal Data

Sharing Your Personal Data 

Data Retention

Data Protection and Security

Oregon Privacy Addendum

EEA and U.K. Privacy Addendum

Cookie Policy

 

The Oregon State University Foundation, which includes the Oregon State University Alumni Association, Inc. (collectively, the “Foundation,” “we,” “us,” “our”), respects your privacy and values your trust. We use the personal data we collect to further the mission of the Foundation, which is to partner with Oregon State University (“OSU”), engage our community, inspire investment and steward resources to enhance OSU’s excellence and impact. The personal data we collect will depend on the nature of our interactions with you and the specific services we provide.

It is the policy of the Foundation to respect the privacy of its donors, alumni and others with whom the Foundation interacts. This privacy policy applies to personal data collected through our websites, which include https://www.fororegonstate.org, https://www.thebeavercaucus.org, https://www.damproudday.org, https://www.oregonstater.org, https://www.ourbeavernation.com, https://www.oregon4hfoundation.org, https://blogs.oregonstate.edu/alumnicenter/ and any other domain owned or operated by the Foundation (“Sites”), as well as any other interactions we may have with you (collectively with the Sites, the “Services”).

Please read this privacy policy carefully. It was last updated on the date indicated above. We will post any changes to it here so you will know what personal data we gather, how we might use that personal data and whether we will disclose that personal data to anyone so that you are informed of your rights and can make choices in utilizing our Services. The Foundation reserves the right to change this privacy policy and the collection and use of personal data at any time.

By accessing and using our Services, you consent to the most recent personal data practices described in this privacy policy. Accordingly, if you do not agree to the terms of this privacy policy, do not use the Services.

The Foundation is an Oregon nonprofit corporation that is legally separate and independent from OSU. For more information on the privacy practices of OSU, please contact OSU or read their privacy policy here.

 

Who We Are and How to Contact Us:

If you have a question or concern about this privacy policy, please contact us:

Attn: OSUF Privacy
Oregon State University Foundation
4238 SW Research Way
Corvallis, OR 97333

Phone: 800-354-7281
Email: privacy@osufoundation.org

 

Jurisdiction-Specific Rights: Oregon, EEA and U.K.

If you are a resident of Oregon, this entire privacy policy applies to you. However, please see our Oregon Privacy Addendum, which will inform you about your specific rights under Oregon law.

If you are located in the European Economic Area (“EEA”) or the United Kingdom (“U.K.”), this entire privacy policy applies to you. However, please see our EEA and U.K. Privacy Addendum, which provides more information about which specific rights you have regarding the processing of your personal data under European law.

 

Children Under the Age of 16

Our Sites are not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Sites. We do not knowingly collect personal data from children under the age of 16. If you are under 16 years old, do not use or provide any information on the Sites or on or through any of its features. If we learn we have collected or received personal data from a child under 16 years of age without verification of parental consent, we will delete that personal data. If you believe we might have any personal data from or about a child under 16 years old, please contact us.

 

Personal Data We Collect and Process

“Personal data” is any data or unique identifier that is linked to, or is reasonably linkable to, you or one of your devices as a consumer. It does not include deidentified data or data that is lawfully available through federal, state or local government records, widely distributed media or information reasonably understood to have been made lawfully available to the public by you.

We collect the following personal data you provide directly to us. For example, we collect personal data when you interact with us as a donor, volunteer or alum, create an account to access certain features of our Services, send us an email, fill out a form, respond to a survey, register for an event or otherwise communicate with us. The personal data that we may collect includes, but is not limited to:

  • Personal Details: These details include your name, demographic information, contact details (such as address, email and phone number), marital status, birth date, country of residence and official identification numbers.
  • Academic Information: We may collect personal data related to your academic background, including student identification information, declared major and minor, number of credits earned, attendance dates, graduation status, scholarship details, academic involvement (e.g., student council or other academic programs), name of school attending and graduation class and degree.
  • Financial Information: We collect personal data related to gift agreements, contributions, outstanding balances and giving totals.
  • Donor Profile Information: We collect personal data pertaining to philanthropic interests, relationship to OSU (e.g., graduation year, area of study), personal background and any additional relevant information. We also collect personal data on contribution amounts, organizational affiliations and any legal documents associated with donations.
  • Engagement Data: We gather personal data when you volunteer, register for and attend Foundation events, when you engage the custom search engine within the Sites and when you otherwise provide personal data to us. This includes personal data about your involvement with the Foundation, personal background, dietary restrictions and any additional relevant information.
  • Communication Records: We maintain personal data about your interactions with the Foundation, including time and subject of your inquiries, as well as your preferred communication methods and information you provide in forms or surveys.
  • Photo and Video: We may collect photos and videos in furtherance of our mission. For more information see our Photography and Video section.
  • Security and Monitoring: To ensure safety and quality assurance, we may collect video or audio recordings on our premises or during phone or videoconference interactions.

If you voluntarily provide us with your personal data, such as when you make a contribution, provide feedback, complete a survey, interact with us on social media or send us an email, we may gather personal data through that communication. On certain pages on our Sites, such as our giving page, event registration form or an information request form, you may be asked to provide personal data such as demographics, credit card and other information. We do not gather this personal data on our Sites or our affiliated giving websites without your permission. We may request your permission when you make donations or in other forms that you complete, online or otherwise.

Processing of Donations

We accept donations from you only and do not directly collect or store payment information. We use third-party, PCI-compliant payment processors, which collect payment information on our behalf in order to complete transactions with our donors. While our administrators are able to view and track actual donations via the client portals of the payment processors, we do not have access to, or process, credit card information. Please see the respective privacy notices of our listed payment processors for more information on their data collection and processing activities.

Social Media

We use social media plug-ins (e.g., Facebook, LinkedIn, YouTube, X (formerly Twitter) and Instagram). These features may collect your IP address and/or other personal data as set forth in each social platform’s privacy policy, which page you are visiting on our Sites, and may set a cookie to enable the feature to function properly. We also have a presence on some social media platforms, including Facebook, LinkedIn, YouTube, X (formerly Twitter) and Instagram. We may in some instances collect personal data when you interact with the Foundation accounts or otherwise communicate with us through those accounts. Any personal data that you post on social media is governed by each social platform’s privacy policy, and any personal data that we collect via our social media accounts will be processed in accordance with this privacy policy.

For residents of the EEA or U.K., please see our EEA and U.K. Privacy Addendum for more information regarding our legal relationship with some of those social media platforms.

Online Activity

When you visit the Sites, we collect information about your online activity. Information may be collected in a variety of ways, including indirectly.

When you access or use the Sites, we may automatically collect certain personal data about you, including:

  • Log Data: As is true of most websites, we gather certain personal data automatically and store it in log files. This information may include IP addresses, browser type, device identifier, ISP, referring/exit pages, operating system, date/time stamp, clickstream data, platform type and number of clicks in order to analyze trends, administer the Sites, and collect broad demographics, information and other usage data for aggregate use. We may combine this automatically collected log information with other personal data. We use log data to monitor use of our Services, for security purposes and for technical administration. The Foundation utilizes a variety of third-party vendors to assist in collecting and analyzing such data.
  • Device Information: We may collect personal data about the device you use to access our Sites, including the hardware model, operating system and version, unique device identifiers and mobile network information.
  • Information Collected by Cookies and Other Tracking Technologies: We and our service providers may use various technologies to collect personal data, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us to, among other things, improve our Services and your experience, see which areas and features of our Services are popular and count visits. Web beacons are clear, electronic images that may be used on our Services or in our emails and help deliver cookies, count visits, conduct cross-contextual behavioral advertising, understand usage and campaign effectiveness and determine if an email has been opened and acted upon. Some of these technologies may collect personal data about your online activities over time and across different websites. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out through our cookie banner. You can also delete cookie files from your hard drive, or avoid them altogether, by configuring your browser to reject them or to notify you when a cookie is being placed on your device. Not all features of the Services will function as intended if you reject cookies. You can find out more about cookies at https://www.allaboutcookies.org/.

For more information on the cookies we use, please see our Cookie Policy.

Information Received from Third Parties

In furtherance of the Foundation’s philanthropic mission, we collect your personal data from third parties where authorized by data protection laws, as well as collect information about you from other companies and organizations. When gathering your personal data, we may obtain it from various external sources, in accordance with applicable data protection laws:

  • Oregon State University: We may collect personal data from OSU as our primary institutional partner, particularly regarding alumni and prospective donors.
  • Social Media Platforms: Your public interactions with the Foundation on social media and the personal data you disclose may be collected and used.
  • Third-Party Marketing Partners: These entities may provide us with certain personal data about your philanthropic interests and giving capacity.
  • Independent Organizations: Various other organizations, including other charitable organizations, may serve as sources of personal data.

This personal data collection enhances our ability to provide you with tailored services and make informed decisions. We prioritize data accuracy and transparency, with the objective that all personal data gathered is relevant, up-to-date and obtained through lawful means.

Sensitive Data

“Sensitive data” represents a specialized category of personal data requiring elevated protection and careful handling. We only collect the following categories of sensitive data when you provide it to us with consent for the purposes described in this policy. We do not sell or use your sensitive data for targeted advertising purposes, and only use your sensitive data as permitted by law. The Foundation may track sensitive data if provided.

  • National origin when required by law
  • Biometric information: Facial recognition data (to be able to find and identify photographs of individuals in our image library software Canto) and meta data from photographs
  • Other information that may be required by law

We may collect sensitive personal data exclusively:

  • For legitimate organizational purposes
  • With explicit individual consent
  • In compliance with regulatory requirements
  • In execution of our programs and in furtherance of our mission

Our approach prioritizes:

  • Minimal data collection (in accordance with this privacy policy)
  • Purpose-specific utilization
  • Confidentiality
  • Regulatory compliance

You may have additional rights related to sensitive data. For more information, please see our Oregon Privacy Addendum if you are an Oregon resident or the EEA or the EEA and U.K. Privacy Addendum if you are a resident of the EEA or U.K.

Photography and Video

Photos or video taken at our events, programs or other interactions you have with us may be used in publications such as brochures, newsletters, magazines and video presentations. Such photos or videos may also be used electronically in online publications, our Sites, emails, social networking websites, such as Facebook, Instagram, YouTube, LinkedIn, or X (formerly, Twitter), or in other electronic or print forms of media. These images and videos may be retained in perpetuity as historical and archival records of the Foundation. The Foundation will use such images and videos in accordance with this Policy. If you are pictured and would like us to discontinue using the photo, please contact us at privacy@osufoundation.org.

 

How We Use Your Personal Data

We may use personal data we collect or that you provide to us for the following:

  • Donor Services: To provide and improve services related to donor recognition, events and other donor support functions; to manage donations, track donor history and administer charitable funds; and/or to maintain relationships with donors, organize Foundation events, facilitate giving programs and foster ongoing engagement with the philanthropic community
  • Financial Management: To process donations, manage charitable funds, and handle any financial transactions with the Foundation. The Foundation does not retain consumers’ credit card, bank or investment account information
  • Communication and Outreach: To send important updates and notices, respond to inquiries, organize events and maintain ongoing connection with OSU alumni, donors, students, faculty, staff, supporters and community partners. To provide information about Foundation programs and events to prospective donors and the wider community
  • Foundation Research and Program Improvement: To conduct internal analysis for the improvement of Foundation programs, operations and services
  • Legal Compliance: To fulfill legal obligations and comply with applicable laws and regulations (e.g., to assist with necessary documentation and compliance with charitable giving regulations)
  • Security and Data Protection: To maintain Foundation data security and donor privacy, including necessary notifications
  • Partnerships: To provide you with certain alumni exclusive goods and services
  • Additional Services and Benefits: To provide other services to donors, prospective donors, alumni and other persons
  • Mission Driven: To further our mission, which is to partner with OSU to engage our community, inspire investment and steward resources to enhance OSU’s excellence and impact

Any email address you provide may be used to send you information, respond to inquiries and/or other requests or questions. We may also use your personal data to contact you about services that may be of interest to you (e.g., Oregon State University Alumni Association branded credit card or insurance products). If you do not want us to use your personal data in this way, please contact us at privacy@osufoundation.org.

 

Sharing Your Personal Data

We share your personal data internally at the Foundation to facilitate and manage the purposes listed above.

We may share user personal data with third parties for purposes related to the pursuit of our philanthropic mission. These are the following categories of third parties with whom we share your personal data:

  • We share your personal data with OSU to support the overall mission of OSU.
  • We may share your personal data to third-party representatives with whom we contract with to update our files, process and manage your financial payments and donations, as well as share to OSU-affiliated organizations in support of OSU’s goals and objectives. Our service providers also include third-party service providers that provide IT and web hosting, data analysis, information technology and related infrastructure provisions, solicitation or acknowledgment of charitable gifts, aggregate analysis and marketing activities as well as professional advisors such as auditors and attorneys.
  • We may share your personal data to provide you with certain benefits and opportunities. For example, we may share your personal data with our corporate sponsors to connect you with their goods or services.
  • We may also publicize your name, year of graduation and your category of support in our honor roll of donors, annual report and/or other donor recognition publications, which are publicly available, unless you specifically ask to remain anonymous (email privacy@osufoundation.org).
  • We may also share your personal data with government and law enforcement agencies, regulators or other relevant authorities to comply with legal processes applicable to us, enforce our terms of use or other policies or to pursue available legal remedies or defend against legal claims. We may also share your personal data with lawyers and all interested parties, but exclusively in the case of the management of possible disputes and other legal matters where appropriate.
  • We may also share your personal data with other third parties as you may so request, and as permitted by Foundation policies and applicable law.

 

Data Retention

See the table below for our personal data retention periods.

Record and Personal Data Categories 

Retention Period 

Communications 

Identifiers, financial information and sensitive data 

6 months 

Scholarship/Academic Information 

Identifiers and academic records  

3 years 

Volunteer Information 

Identifiers 

4 years after service ends 

Video and Photography 

(e.g., identifiers and/or sensitive data) 

Archival: Permanent 

Event/Ceremony Recordings: 10 years (unless archival) 

Donor/Volunteer Headshots: 7 years post-exit (unless archival) 

Security Video: 30 days (unless held for investigatory purposes) 

Legal Compliance 

Identifiers, financial information, academic records, video, photography and sensitive data 

7 years or as long as legally required, whichever is longer 

User Submitted Content (social media) 

Identifiers 

2 years (unless archival) 

Donor Profiles 

Identifiers, financial information and sensitive data 

Active Donors: 10 years from last donation, provided the Foundation may seek renewed consent to retain information  

Legacy Donors (major gifts, endowments and similar donations): 25+ years based on ongoing relationship 

Location Data 

(e.g., general region, state and/or zip code) 

1 day to 24 months 

Online Identifier 

(e.g., mobile types, mobile device type, browser type, IP address, unique identifiers, domain names, access times and geolocation information) 

1 day to 24 months 

Internet Activity 

(e.g., time of website access, browsing activity and traffic data, including setting of non-essential cookies) 

1 day to 24 months 

 

Additionally, we will retain personal data we collect from you where we have an ongoing legitimate need to do so (for example, to comply with applicable legal, tax or accounting requirements). Additionally, we cannot delete personal data when it is needed for the establishment, exercise or defense of legal claims (also known as a “litigation hold”). In this case, the personal data must be retained as long as needed for exercising respective potential legal claims.

 

Data Protection and Security

We maintain reasonable technical and organizational measures designed to protect personal data from loss, misuse, alteration or unintentional destruction. We have implemented various security measures designed to protect both the personal data and the general information that we receive from you through the Services. Whenever you give out personal data online, there is a risk that third parties may intercept and use that information. Although we seek to protect your personal data and privacy, we cannot guarantee the security of any personal data you disclose online. To the extent permitted under applicable law, we assume no liability or responsibility for disclosure of your personal data due to errors in transmission, unauthorized access by third parties or other causes beyond our control.

Additionally, we carefully review payment systems used to ensure they meet our security expectations and are legally compliant.

Notwithstanding, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Services may not be secure. Therefore, take special care in deciding what personal data you send to us via email. For any questions about the security of your personal data, please contact privacy@osufoundation.org.

 

Links to Other Sites

Our Sites contains links to third party websites, such as email services, account portals, online donor pages, social media, corporate sponsors and events registration pages. We are not responsible for the content or the privacy practices employed by those other websites. A link to another website does not constitute an endorsement of that website or any of the content or information provided by that website. We encourage our visitors and users to be aware when they leave our Sites and to read the privacy policies of each website they visit.

 

Your Privacy Rights in Certain Jurisdictions

State consumer privacy laws may provide their residents with additional rights regarding our use of their personal data.

To learn more about consumer privacy rights in Oregon and how to exercise those rights, see our Oregon Privacy Addendum. Similarly, if you are a resident of the EEA or U.K., see our EEA and U.K. Privacy Addendum.

Email Subscription

You can unsubscribe from our marketing emails from the Foundation and its affiliates by following the instructions in any marketing email you receive from us. Unsubscribing will not stop us from sending emails about your past, current or future transactions with us. OSU maintains its own subscriptions, which are not governed by this policy.

“Do-Not-Track” Requests and GPC

At this time, we do not recognize automated “do-not-track” (“DNT”) browser signals. For more information on DNT settings generally, please visit https://www.allaboutdnt.com.

Beginning in January 2026, we will honor universal opt-out mechanisms (e.g., the Global Privacy Control).

 

International Transfers

We are located in the United States, and the personal data that we collect is stored on servers located in the United States. This means that your personal data will be collected, processed and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the General Data Protection Regulation 2016/679 (“GDPR”) in the European Union.

By sending us personal data, you agree and consent to the processing of your personal data in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the EEA).

We have implemented safeguards designed to ensure that the personal data we process remains protected in accordance with this privacy policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take at our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal data. We may implement other mechanisms and take similar appropriate safeguards with our third-party service providers and partners.