Last updated: February 25, 2023
HADAO collects personal information from members through the registration process on our website, including name, email address, phone number, and affiliation with Harvard. We use this information to manage your membership and communicate with you about HADAO news and events.
Members may also use the online portal to update their personal information, including contact information and communication preferences. HADAO will never sell or share your personal information with third parties without your consent, except as the law requires.
It is important to note that by using the online portal, members assume responsibility for maintaining the accuracy and completeness of their personal information. HADAO is not responsible for any errors or omissions in member information that may affect our ability to communicate with you or provide services. Members may contact HADAO to update their personal information or request that their data be deleted from our database.
As a not-for-profit organization, HADAO will only collect personal information from members necessary to provide services and fulfill its mission. Examples of personal data that HADAO may collect include:
- Email address
- Postal address
- Phone number
- Affiliation with Harvard University (for Harvard alumni)
- Donation history (if applicable)
KYC stands for “Know Your Customer,” and it is a process of verifying the identity of a customer or client. In the case of HADAO, KYC refers to verifying that an individual is a Harvard Alum or a Friends of Harvard, as these groups are eligible for membership in the organization.
To complete the KYC process, HADAO may ask for information from potential members, such as their name, contact information, and Harvard affiliation. This information may be used to verify the individual’s identity and eligibility for membership.
HADAO takes the privacy and security of member information seriously and will only use the information collected to verify eligibility and provide membership services. All information collected during the KYC process will be confidential and only accessible to authorized HADAO personnel.
HADAO may use Payment Processors to handle donations or purchases on its website. “Payment Processors” are third-party companies responsible for processing transactions, such as credit card payments, and may require you to provide personal and financial information.
HADAO’s chosen Payment Processor is Givebutter, which processes transactions securely and by industry standards. Givebutter is responsible for handling your payment information and ensuring that your transaction is completed securely. HADAO is not responsible for errors, omissions, or issues using Givebutter or any other Payment Processor.
Please note that by using Givebutter or any other Payment Processor to make a transaction on the HADAO website, you are subject to their terms of service and privacy policies, which may differ from those of HADAO. It is your responsibility to review and understand the terms and policies of the Payment Processor before making a transaction.
Data we Collect Automatically
General Data Protection
We do not collect any “special categories of data” as defined by the EU General Data Protection Regulation (GDPR), UK GDPR, or Protection of Personal Information Act (POPIA) without your explicit consent or as permitted by law. Special categories of data include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or data concerning a person’s sex life or sexual orientation.
Minors Data Collection
We take the privacy of minors (individuals under the age of 13 or equivalent minimum age depending on the jurisdiction) very seriously, and our sites are not intended for use by children. We do not knowingly collect personal data from minors. If you become aware of any personal data we have collected from a minor, please contact us immediately. If we learn that we have collected personal data from a child, we will take prompt steps to delete the data without notice.
How we use information
The personal data we collect may be used for various purposes, as outlined below:
- Processing donations: HADAO may use the personal information collected from donors to process donations and ensure that the donation is properly credited.
- Sending receipts: HADAO may use the personal information collected from donors to send receipts for their donations. These receipts may be required for tax purposes.
- Communicating with donors: HADAO may use the personal information collected from donors to communicate with them about the organization’s activities, events, and campaigns. This may include newsletters, emails, and other marketing materials.
- Improving donor relations: HADAO may use the personal information collected from donors better to understand their interests, preferences, and donation history. This information can help HADAO improve donor relations and provide a more personalized experience.
- Send you the information you have expressly chosen to receive [with your consent]: We may use your personal data to send you newsletters, updates, and other promotional materials about our organization, events, and services. We will only send you such materials if you have given us your explicit consent.
- Review and respond to proposal documents, feedback, comments, photos, videos, or other information you submit via online portals, electronic forms, surveys, or interactive portions of our sites [for our legitimate interests and to perform a contract with you]: We may use your personal data to review and respond to any proposals, feedback, comments, photos, videos, or other information that you submit via online portals, electronic forms, surveys, or interactive portions of our sites. This will be done to perform our contractual obligations to you or our legitimate interests.
- Administer and inform our program strategies and charitable activities [for our legitimate interests]: We may use your personal data to administer and inform our program strategies and philanthropic activities. This will help us to achieve our charitable objectives and fulfill our mission.
- Administer, safeguard, and improve our sites, systems, facilities, events, and other business operations [for our legitimate interests]: We may use your personal data to administer, safeguard, and improve our sites, systems, facilities, events, and other business operations. This will help us ensure that our operations run smoothly and efficiently.
- Protect our rights and the safety of others [for our legitimate interests]: We may use your personal data to protect our rights and the safety of others. This will help us prevent fraud, abuse, and other illegal activities.
- Please contribute to our archive of information in the public interest [for our legitimate interests]: We may use your personal data to contribute to our library of information in the public interest. This will help us to preserve historical information and contribute to general knowledge.
- Comply with applicable law, court order, subpoena, or legal process served on us [to comply with legal obligations]: We may use your personal data to comply with applicable law, court order, subpoena, or legal process served on us. This will help us to comply with our legal obligations and protect our organization from legal liability.
We may share your personal information with third-party service providers and other entities as necessary to fulfill the purposes for which the information was collected, such as processing donations, providing technical support, or conducting research. These third parties may include payment processors, marketing and advertising providers, and website analytics providers.
We take appropriate measures to ensure that any third-party service providers with whom we share personal information are subject to applicable data protection and security measures, including contractual provisions that require them to maintain the confidentiality and security of personal information and use it only for the purposes for which it was disclosed.
We may also share personal information with law enforcement agencies, regulatory bodies, or other government authorities, as required or permitted by law or to protect our rights, property, or safety or the rights, property, or safety of others.
In addition, we may share aggregated or anonymized data, which does not identify any individual, with third parties for research or analytical purposes.
It is important to note that we do not sell or rent your personal information to third parties for any purpose.
We take the security of personal information seriously and have implemented reasonable measures to protect against unauthorized access, use, alteration, and disclosure of personal information under our control. We use various technical and organizational security measures to protect your personal information, including firewalls, encryption, access controls, and regular security audits.
All sensitive information provided to us is transmitted using Secure Socket Layer (SSL) technology. SSL technology is an industry standard for protecting sensitive information sent over the internet. We also limit access to personal information to only those employees, contractors, and agents who have a legitimate need to access the information to perform their job functions and have been trained on the importance of maintaining the confidentiality and security of personal information.
In addition to technical and organizational measures, we regularly conduct security audits and reviews of our systems, networks, and applications to identify and address potential vulnerabilities or threats. We also have protocols to respond to data security incidents, including notifying affected individuals and authorities as required by applicable law.
While we take reasonable steps to protect personal information, no system can be completely secure. Therefore, we cannot guarantee the absolute security of personal information. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us of the problem by contacting us using the information provided in the “Contact Us” section of our website.
Donors have definite choices regarding the use of their personal information. For example, they can opt out of receiving marketing emails or delete their personal information from your database.
To opt out of receiving marketing emails, donors can usually click on the “unsubscribe” link included in the email, or they can contact your organization directly to request to be removed from the email list.
Donors can contact your organization to delete their personal information from your database and request that their data be deleted. Your organization should have clear procedures for handling these requests and ensuring that the donor’s information is deleted securely.
It is important to note that certain information may need to be retained for legal or administrative purposes, such as transaction records or tax documentation. However, any information not required to be included should be deleted promptly.
Your organization should make these choices clear and easy for donors to exercise and respond promptly to requests to opt out or delete personal information.
HADAO is committed to protecting children’s privacy using our not-for-profit donation portal. We comply with the Children’s Online Privacy Protection Act (COPPA) and other applicable laws and regulations relating to children’s privacy.
Notice to Parents and Verifiable Parental Consent
Collection of Personal Information
We only collect personal information from children necessary to provide our donation not-for-profit portal’s services. We collect the following types of personal information:
- Email address
- Payment information (if donating)
We do not collect sensitive information, such as Social Security numbers or information about a child’s location.
Review and Deletion of Personal Information
Parents have the option to review and delete their child’s personal information. If you want to review or delete your child’s personal information, please contact us at firstname.lastname@example.org.
Confidentiality, Security, and Integrity of Personal Information
We take reasonable steps to maintain the confidentiality, security, and integrity of the personal information we collect from children. We have implemented physical, technical, and administrative safeguards to protect against unauthorized access, disclosure, or use of personal information.
We use age verification tools to ensure children do not provide false age information. If we determine that a user is under 13, we will obtain verifiable parental consent before collecting personal information.
Changes to Our COPPA Policy
We reserve the right to modify our COPPA policy at any time. If we make material changes to the policy, we will notify parents and obtain verifiable parental consent before collecting personal information from children under 13.
If you have any questions or concerns about our COPPA policy, please contact us at email@example.com.
Following this COPPA policy, HADAO is committed to providing children with a safe and secure environment to support our not-for-profit organization.
Additional Data Collection for HADAO Event Participants
When you register for an event organized by HADAO, we may ask for personal information such as your name, company/organization, professional title, email address, phone number, emergency contact details, dietary or disability-based accommodation needs, and any other optional information. We may collect your photograph and presentation materials if you participate as a presenter, panelist, or facilitator. We may also collect feedback and evaluations about you as a presenter, panelist, or facilitator. We will indicate the required data on the event registration materials and why.
We may provide a mobile app for significant events for communication and information sharing. If you download the mobile app, the app store may require the device identifier associated with your device, but we will not collect any personal data through the app.
Sometimes, we offer to book your travel/hotel, arrange ground transportation, or reimburse certain out-of-pocket expenses. If so, we may ask for additional personal information such as your full name, gender, date of birth, home airport, airline and seat preference, frequent flyer number, global entry number, special meal needs, hotel preference, and any other travel-related information. If international travel is involved, we may require your passport number, passport expiration date, and passport country of issuance. We may request your flight arrival/departure information and mobile phone number for ground transportation. If we reimburse expenses, we may require your bank account number and other personal data needed to transfer funds to you.
We may also take photographs or record audio/video during the event in public areas. If we do, we may store photographs containing your likeness and recordings of your voice and likeness. We may associate your image and the sound of your voice with your name if you are identified during the recording or identify yourself by name.
Please get in touch with us if you have any questions about the data we collect.
How we use the additional data
Event registration: We use this information to register you for the event and send you event-related emails. We also use it to print your physical badge, track and administer dietary and physical accommodation requests, share your materials with other event participants and contact you about future events. We may also review and respond to your feedback via registration forms or post-event surveys.
Travel/hotel bookings, ground transportation, and expense reimbursement: We use this information to assist you with travel/hotel bookings, arrange ground transportation, and reimburse certain out-of-pocket expenses.
Event photography and audio or video recordings: We use, edit, copy, exhibit, publish, or distribute photos and audio or video recording for any charitable purpose relating to the event or foundation events.