The Tulsa Community College Foundation (TCCF) is committed to protecting the confidentiality of private, non-public donor and alumni information. Respect for a donor’s right to privacy is a standard of integrity for all TCCF activities. This policy is issued by the TCCF Board of Trustees and is intended to provide information regarding the collection, use and release of donor information. The TCCF created this policy in accordance with the Generally Accepted Privacy Principles (“GAPP”).
Guidelines on Collection, Use and Release of TCCF Information
- TCCF collects and retains certain information that is confidential and/or proprietary in nature, including personal information; trade secrets; proprietary methods; financial, business and marketing information; personnel data; data regarding constituents or donors; and other data that is the property of and integral to the operation and success of the Foundation; including but not limited to the specific following examples (collectively, the “Confidential Information”):
- Information pertaining to constituents (whether personal, financial, biographical or gift related) other than publicly available information or information authorized to be released by the constituent, including but not limited to, constituent lists, financial information, estate planning information, bank account numbers, credit card numbers, social security numbers, information stored and maintained in the Foundation’s development database, and all electronic and telephonic communications related to planned or charitable giving between the Foundation and constituents;
- Information relevant to Foundation fundraising and investment practices, financial affairs, all related past, current, and planned capital campaigns and developmental activities, current or planned operational methods and processes, prospective donors, and any specialized know-how related to the above activities;
- Current and anticipated fundraising or other types of organizational projections, including financial studies, feasibility studies, financial and fundraising plans, and computer software and programs specifically developed for or by the Foundation to conduct its activities;
- Electronic data in order to provide a positive website experience, offer programs, products and services and report on user activity, as more particularly set forth in the Privacy Notice page, posted on the www.tccfoundation.org website; and
- Non-public information concerning the Foundation’s affairs, however documented; and all material derived thereof such as notes, analysis, compilations, studies, summaries, prepared by or for the Foundation, containing or based, in whole or in part, on any information included in the foregoing.
- The Confidential Information is received from various sources including, but not necessarily limited to, the constituent; Tulsa Community College (the “College”) pursuant to a development services agreement, College affiliates, third parties, and information gathered from the Foundation Board of Trustees members, volunteers, and Foundation staff. The Confidential information is maintained, corrected and updated as necessary.
- The Foundation retains the Confidential Information for purposes of, among other things, aiding the College in fulfilling the College’s mission of excellence; operating, maintaining, and providing the services of the Foundation; and communicating with constituents. To succeed in this support, the Foundation must earn and maintain the trust of past, present, and future constituents. A constituent’s trust in the Foundation is enhanced when there is openness and communication. For this reason, the Foundation voluntarily makes public the following types of information:
- Annual report, if available
- Mission and vision statements,
- Board of Trustees Member Names, and
- Audited financial statements.
- This voluntary disclosure of information is in addition to all materials the Foundation is required to disclose by law, such as:
- IRS form 990 (without schedule attachments),
- IRS form 1023 (tax determination letter), and
- Articles of Incorporation.
- Notwithstanding the foregoing, Confidential Information may be made available on an as-needed basis to Foundation Board of Trustees members, College affiliates, volunteers, and Foundation staff. The information made available for such internal uses may include, but is not necessarily limited to, contact information and/or giving history, as well as other information necessary for gift processing, cultivation, solicitation and stewardship purposes. Furthermore, Confidential Information may be otherwise released to other third parties; but only after consent is obtained from the constituent, if otherwise required by law, for the purposes of advancing the Foundation through resource development efforts that require certain Confidential Information to develop strategies and present gift proposals, for the purposes of providing names and addresses of memorial fund donors to family members, or for purposes of publishing an alumni directory.
- Confidential Information will only be released to third parties contracted for work on the Foundation’s behalf upon receipt of a signed nondisclosure and confidentiality agreement by the receiving party, unless otherwise required to be disclosed by law. All Foundation staff shall sign confidentiality agreements. In addition, all Foundation staff shall complete a privacy and security awareness course on an annual basis in order to retain access privileges. Furthermore, the Foundation applies security safeguards for Confidential Information and shall undergo periodic risk assessments.
- The Confidential Information collected by the Foundation may be stored and processed in the United States, or any other country in which the Foundation’s service providers maintain facilities. The Foundation may transfer information that it collects and processes, including personal information, to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from United States law, please note that we will not transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction.
- The Foundation complies with the Payment Card Industry Data Security Standards (PCI DSS). One-time gifts or recurring gifts may be made online through the Foundation’s website (www.tccfoundation.org), by calling the Foundation (918-595-7836), or by mailing to the Foundation’s lockbox or physical locations. Online donations are processed through a third party system on the Foundation’s secure online website that does not store credit card information. Credit card gifts called into or mailed to the Foundation are processed by Foundation staff via the Foundation’s secure online website or merchant services online terminal. Once the constituent’s credit card information is entered online, the Foundation immediately redacts or destroys the credit card number.
- Refusal of a constituent to provide certain Confidential Information to the Foundation may result in the inability of the Foundation to provide certain benefits to the constituent, such as naming recognition and gift receipts. In the event a constituent’s Confidential Information needs to be updated, or in the event a constituent does not wish to receive marketing or other solicitation materials from the Foundation or does not want the Foundation to store their personal data, such constituent may make such a request by contacting the President of the Foundation. Upon authentication of the identity of the requesting constituent, the constituent’s record may be updated, flagged, or deleted according to the constituent’s request and applicable law, until receipt of further notice by the constituent. A constituent may also have a right under applicable law to request that the Foundation refrain from processing any of their personal data in the future, on legitimate grounds. The Foundation does not use government-issued identifiers (for example, Social Security numbers) for authentication of the requesting constituent’s identity. Comments, inquiries or disputes relating to privacy related issues may be directed to the Foundation’s President.
European Union Residents
- If a constituent is a resident of the European Union subject to the General Data Protection Regulation (“GDPR”), and the Foundation is storing or processing that constituent’s personal information pursuant to their consent under the GDPR, the constituent may have the right to withdraw their consent at any time by contacting the President of the Foundation. The constituent may have additional rights under the GDPR, such as the right to data portability, the right to object to processing if processing is based on legitimate interests, the right to object to processing of personal data for marketing purposes, and the right to complain to a supervisory authority. Any questions regarding the information in this paragraph may be directed at the President of the Foundation.
- The Foundation may use an automated process to obtain and analyze a constituent’s personal data. The results of that automated process may highlight certain attributes of a constituent, such as their financial information, that the Foundation may use to provide services and fulfill its mission.
- The Foundation will retain Confidential Information, including all personal data collected and processed, for as long as the individual subject to the data is engaged with the Foundation or for the period of time necessary to fulfill the purposes for which the Foundation initially collected the information, unless otherwise required by law.
Notice to California Users
The California Consumer Privacy Act, effective Jan 1, 2020 applies to any business, including any for-profit entity that collects consumers' personal data, which does business in California, and satisfies at least one of the following thresholds:
- Has annual gross revenues in excess of $25 million;
- Possesses the personal information of 50,000 or more consumers, households, or devices; or
- Earns more than half of its annual revenue from selling consumers' personal information.
TCCF does not meet any of these criteria and is thus exempt. However, we recognize the intentions of the Act are to provide California residents with the right to:
- Know what personal data is being collected about them
- Know whether their personal data is sold or disclosed and to whom.
- Say no to the sale of personal data.
- Access their personal data.
- Request a business to delete any personal information about a consumer collected from that consumer.
- Not be discriminated against for exercising their privacy rights.
TCCF does not rent/lease or sell personal data collected on this website.
Electronic Data Information
The Tulsa Community College Foundation (the “Foundation”) collects electronic data in order to provide a positive website experience, offer programs, products and services and report on user activity. For information about the data collected please see the College’s Privacy Notice.
Alumni Directory Joint Policy
Tulsa Community College (the “College”), the Tulsa Community College Alumni Association (the “Alumni Association”) and the Tulsa Community College Foundation (the “Foundation,” and together with the College and Alumni Association, the “College Affiliates”), all recognize that alumni directories are an important tool in alumni relations and provide a valuable benefit to alumni of Tulsa Community College. The Foundation maintains a database of constituent information for gift processing, gift prospecting, cultivation, solicitation and stewardship purposes (the “Development Database”) for the benefit of the College Affiliates. Because the information in the Development Database may be used by the Alumni Association for creation and publication of alumni directories, the College Affiliates need certain policies and procedures in order to best protect the confidentiality and proprietary information contained in the Development Database to the fullest extent provided by law.
Through the Alumni Association’s access to the Development Database, the Alumni Association may use certain information (the “Alumni Information”) pertaining to all living and deceased alumni, including individuals who attended the College but did not graduate (collectively, “Alumni” or individually, an “Alumnus”).
The Alumni Association shall have the first right to publish an alumni directory. If needed, the Alumni Association shall notify the College and the Foundation of its plans to publish an alumni directory. All proposed directory plans are subject to review and approval by the College Affiliates, including, without limitation, for compliance with policies and procedures, methodology, vendor contracts, and coordination of the downloading and uploading of data from the Development Database. The Alumni Association will also consult with the College and the Foundation regarding Alumni contact and marketing methods.
All Alumni – meaning all living and deceased alumni of the College, including individuals who attended the College but did not graduate – may be included in the alumni directory. Alumni Information relating to any particular Alumnus shall only be included in the directory after such Alumnus has received proper notice of the intent to publish that Alumnus’ Alumni Information (see below). Once properly notified, the following Alumni Information will be published for such Alumnus, depending on how the Alumnus responds to the notice:
1.a. NO RESPONSE. If the Alumnus does not respond to the notice, only the following Alumni information may be included in the alumni directory: first and last name, city, state, degree(s), school(s), and year(s) attended will be included in an alumni directory.
2.b. RESPONSE. If the Alumnus responds to the notice with instructions on what Alumni Information can or cannot be included in the directory for the Alumnus, the directory shall include only the information authorized by the Alumnus, if any.
Proper notice for purposes of this policy means a multi-medium notification approach for each Alumnus, with a minimum of three (3) notification attempts over a period of ninety (90) days, before any Alumni Information may be included in a directory. Such notice may be through at least two (2) of the following mediums, if available: regular mailings, post-cards, emails, telephone calls and other forms of notice approved by the College Affiliates. The Alumni Association’s proposed mailing or other notifications must be submitted to the College and the Foundation for approval prior to any mailing or other notification to Alumni.
All information should be excluded for Alumni who elect to be excluded from the directory, whose mailing is returned as non-deliverable, who missed the deadline due to returned mail, or who are listed in any College Affiliates’ records as “Do Not Give Out Information,” “Do Not Include in Directory,” “Do Not Solicit,” or words to similar effect.
The alumni directory in whatever form produced must be distributed only to Alumni or Alumni Association members. The alumni directory must not be placed or be accessible in a library or in any other facility that is generally available to the public or anyone other than authorized employees of the College Affiliates and persons described above who are eligible to receive a copy of or have access to the alumni directory.
Failure to comply with this policy and the Alumni Directory Procedures may result in denial of future access to Alumni Information and other disciplinary action.
This policy is jointly adopted by the College Affiliates.