Privacy Statement
PRIVACY POLICY TOPICS
INFORMATION WE COLLECT
USE OF COOKIES & IP ADDRESS
STATISTICS
DONATIONS & EVENT REGISTRATIONS
LINKS TO OTHER WEBSITES
USE OF YOUR INFORMATION
SECURITY
INFORMATION REQUESTS
OPTING OUT OF EMAIL
ADDITIONAL DATA PROTECTION RIGHTS FOR EU RESIDENTS (GDPR)
ADDITIONAL DATA PROTECTION RIGHTS FOR GRATEFUL PATIENTS
MINOR'S PRIVACY
ACCEPTANCE OF PRIVACY POLICY
COPYRIGHT STATEMENT
CONTACT US
OUR COMMITMENT
It is the policy of The University of New Mexico Foundation, Inc. (the “Foundation”) to respect the privacy of its website users. This website privacy policy outlines our procedures with respect to website management and how we protect information gathered via this website and affiliated giving websites, and about what choices you have concerning our use of such information. This policy, together with our Terms of Use and Conditions, sets out the basis by which data we collect from you will be used, disclosed, processed, and handled.
Read this website privacy policy carefully and refer to it regularly. Your continued use of the website will be deemed your agreement that your information may be used in accordance with this policy.
Please note that the Foundation reserves the right to change this policy without prior notice. If we materially change this policy, we will post a notice of those changes on the website. If you do not agree with the changes, then you may consider not using the website, and you may notify us that you do not want your information used in accordance with the changes.
INFORMATION WE COLLECT
We gather information about you online if you voluntarily provide us with your information, such as when you make a contribution, complete an online form, register for an event, or communicate by sending us an email or completing a survey. On certain pages on our website, such as in connection with making a contribution online, or if you ask by email for more information about our programs or objectives, you may be asked to provide information such as name, address, phone number, fax number, email address, demographics, credit card, and other information. We do not gather this personal information on our website or our affiliated giving websites without your consent and active participation.
We also gather details of your visits to our website and the resources you access, including but not limited to traffic data, location data, and other communication data such as your IP address, the date and time you accessed or left the website and which pages you viewed. Some parts of our website use cookies and other technologies to collect this information about your general internet usage. See Use of Cookies & IP Address and Statistics, below, to learn more.
We may gather information about you available via public websites and social media sources.
By submitting a telephone number to the Foundation, you agree that a representative of the Foundation can contact you at the number you provide, potentially using automated technology (including texts/SMS messaging) or a pre-recorded message. Your consent is not an obligation to receive any of our products and/or services.
USE OF COOKIES & IP ADDRESS
The Foundation may place “cookies” on a visitor’s computer to provide a more efficient and convenient service to you. Cookies do not generally contain personally identifiable information. However, the Foundation reserves the right to associate personally identifiable information with cookies. We do not track our users across time or across websites. Our website does not use flash cookies.
None of this information will be disclosed to outside parties unless required by law. All visitors have the option to decline cookies. Please note that should you choose to decline cookies you may be unable to access parts of our website.
STATISTICS
As do most standard web servers, ours uses log files which include IP addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the website, collect broad demographic information for aggregate use.
The Foundation utilizes a third-party vendor, Google Analytics, to assist in collecting and analyzing such data. Refer to Google’s privacy policy for more information on how Google uses and discloses the information collected.
Statistics from email are collected and analyzed on both an individual and an aggregate basis. We use these statistics to better provide services to the public.
DONATIONS & EVENT REGISTRATIONS
Online donations and event registrations are processed by affiliated vendors, including but not limited to Anthology, Authorize, Pentera, and Ruffalo Noel Levitz.
The Foundation complies with the Payment Card Industry Data Security Standards (PCI DSS). Payment card and other information you provide when making an online donation is provided to a third-party vendor for the purpose of processing and recording gifts. All payment card information is encrypted at the time of processing and not stored for further use.
Gifts may be made online through the Foundation’s website. Online donations are processed through the Foundation’s secure online website, which does not store payment card information.
Donations may also be made by calling the Foundation (505-313-7600 | Option 4), or by mailing to the Foundation (700 Lomas Blvd. NE, Woodward Building 2, Albuquerque, NM 87102).
Gifts called into or mailed to the Foundation are processed by Foundation staff via the Foundation’s secure online website or online terminal interface. The Foundation uses Authorize.net, a United States-based payment gateway service provider, to securely process payment card transactions. Once the payment card information is entered online, Foundation staff immediately redacts the payment card number and follows proper retention and destruction guidelines.
Provider partners agree not to use any information they receive in connection with work for the Foundation in any manner inconsistent with this privacy policy. The providers have been charged with protecting this information in accordance with the prevailing industry standards as maintained by the provider and described more fully in their respective privacy policies
LINKS TO OTHER WEBSITES
Our website may contain links to affiliated vendor websites, such as email services, online donor pages, and events registration pages. The Foundation uses all information gathered online, either in aggregate or on an individual basis, from its website, email or social media strictly for Foundation and University-related business. By accessing third-party websites through our website, you are consenting to the terms and privacy policies of those websites. We do not accept any responsibility or liability for their policies, as we have no control over them.
USE OF YOUR INFORMATION
The information that we collect and store relating to you is primarily used to enable us to communicate with you and send to you, with your consent, information you have chosen to receive. We also may use your personal information to administer and inform our programs and initiatives, and we routinely share this information with the University and University-affiliated organizations like the Alumni Association and the Lobo Club. We may also use and disclose to third parties aggregated information and statistics regarding donations and contributions to the Foundation.
The Foundation also maintains a database of former student and donor records which allows us to provide excellent and efficient service to you and the University. Information in this database may be accessible to, or shared with, the University and other University-affiliated organizations such as the Alumni Association and the Lobo Club. You may wish to review the privacy policy of the University and its affiliated organizations to learn more about how they may utilize this information.
We may disclose your information to third-party representatives with whom we contract to update our files. We may use any information you disclose to us or in online applications to process your donations or to call, mail and market information about the University or the Foundation to you. We may also publicize your name and your category of support as part of donor recognition, annual report and/or other donor recognition publications, which are publicly available, unless you specifically ask to remain anonymous.
The Foundation does not sell, trade, or rent any of your information to other organizations.
Other than as indicated above, we will not provide your information to any other third party unless required by law to do so.
SECURITY
The Foundation operates data networks protected by industry standard firewall and password protection systems. Our databases are password protected. The information you provide is stored in a secured location and is used and disclosed only as set forth in this policy. User information is accessible only to designated staff who need the information to perform a specific function or task related to the Foundation’s mission, such as gift recording, assisting and communicating with donors, or providing donors with reports and receipts.
Our online giving page is a secured website, evidenced by the lock icon located on user browser pages. Our systems make it difficult for your information to be stolen or intercepted while it is being transferred over the Internet and while it is stored on our system. However, no encryption system can guarantee perfect security with the Internet, and therefore we cannot guarantee the security of data sent to us electronically on our website, and transmission of such data is therefore entirely at your own risk.
INFORMATION REQUESTS
If you have provided us with any information during a prior visit to or use of the Foundation website, as applicable and/or as required by law, you may request the right to review the information and make any corrections you deem appropriate. If your information changes (such as zip code, phone, email, or postal address), or to otherwise fulfill your reasonable requests regarding your personal information, please contact us. contact@unmfund.org.
OPTING OUT OF EMAIL
Email recipients may unsubscribe from Foundation-related emails by clicking on the unsubscribe link at the bottom of the message sent, or by contacting us by phone at 505-313-7600 or email at contact@unmfund.org.
ADDITIONAL DATA PROTECTION RIGHTS FOR EU RESIDENTS (GDPR)
The Foundation is committed to the lawful, fair, and transparent processing of your personal data. We will only collect personal data for specific and legitimate purposes, ensure that processing is limited to what is necessary, update or remove inaccurate data and maintain policies and procedures to keep personal data safe and protected against unauthorized or unlawful processing.
In certain circumstances, you have the following data protection rights:
Right to be Informed – through this Privacy Notice you are being informed about the collection and use of your personal information.
Right of Access – you have the right to ask us for a copy of your personal information.
Right of Rectification – you have the right to ask us to correct information you think is inaccurate or incomplete.
Right to Erasure (“the right to be forgotten”) – under certain circumstances, you have the right to ask us to delete your personal information.
Right to Restrict Processing – you have the right to limit the processing of your personal information.
Right to Data Portability – you have the right to ask that we transfer your personal information to another organization.
Right to Object – you have the right to object to the processing of your personal information.
Rights in Relation to Automated Processing and Profiling – you have the right not to be subject to solely automated decisions in the processing of your personal information.
To the extent applicable, the EU’s General Data Protection Regulation provides further information about your rights. You also have the right to lodge complaints with your national or regional data protection authority.
If you are inclined to exercise these rights, we request an opportunity to discuss with you any concerns you may have. To protect the personal information we hold, we may also request further information to verify your identity when you seek to exercise these rights. Upon a request to erase information, we will maintain a core set of personal data to ensure we do not contact you inadvertently in the future or subsequently add additional data about you during a periodic update. The Foundation may also need to retain some information for legal purposes, including U.S. IRS compliance. In the event of an actual or threatened legal claim, we may retain your information for the purposes of establishing, defending against, or exercising our rights with respect to such claim.
If you provide information directly to the Foundation from the European Economic Area (EEA), you consent to the transfer of your personal information outside of the EEA to the United States. You understand that the current laws and regulations of the United States may not provide the same level of protection as the data and privacy laws and regulations of the EEA. You are under no statutory or contractual obligation to provide any personal data to us.
ADDITIONAL DATA PROTECTION RIGHTS FOR GRATEFUL PATIENTS
Because the Foundation raises funds, from patients and others, to support UNM Health and Health Sciences, this policy also addresses the permitted use and disclosure of protected health information (PHI) for fundraising purposes in accordance with University policy and the Health Insurance Portability and Accountability Act (HIPAA).
I. Fundraising Definition and Coordination
Under HIPAA, a "fundraising communication" is a communication to an individual by a covered entity (the University) or the entity's business associate (the Foundation) for the purposes of raising funds for the covered entity. Fundraising communications include, but are not limited to, solicitations for donations or gifts, sponsorship of events, and communications for events or activities held to raise funds for the covered entity.
All fundraising activities involving PHI are coordinated with HSC.
Pursuant to HIPAA, the fundraising activity must be for the benefit of the University. Accordingly, the Foundation may not use or disclose PHI for fundraising purposes that benefit a person or entity other than the University. This means that University PHI may not be used or disclosed for fundraising to benefit a department or school outside HSC (such as the School of Engineering), or a third-party, or outside organization.
II. Permissible Internal Use of PHI for Fundraising, Without Patient Authorization
Federal and state laws permit limited PHI to be used within the Foundation for fundraising purposes with appropriate notice in the Privacy Policy and without prior patient authorization. As explained further below, the PHI must be the minimum necessary for the specific purpose. This “limited PHI” is as follows:
Name
Address
Date of birth
Gender
Dates of health care service
Other common elements of demographic information, including phone number and email address
General department of health care serviceName of treating physician
Any new data extract report from HSC systems to the Foundation are reviewed and approved by HSC leadership. Foundation fundraising staff members are not permitted to directly access HSC electronic or paper medical records for fundraising purposes.
The “minimum necessary” standard of HIPAA applies to using these data elements for fundraising. This means only the minimum PHI needed for a specific activity will be used. For example, if an annual appeal requires using name, address, and limited other information excluding treatment physician and general department of service, then only those necessary data fields are to be used for that fundraising activity.
Conversations with individuals (including patients) about possible "areas of giving interest" are permissible without prior written authorization, provided that their medical information is not used for a fundraising purpose. For example, Foundation fundraising staff may speak with a grateful patient to explore areas of giving interest (e.g., support for the new hospital, for technology, for research, or for general departments of care), as long as only the limited PHI above is used. Diagnosis and other PHI cannot be disclosed or used for fundraising without prior written patient authorization.
III. Permissible External Disclosure of PHI for Fundraising, Without Patient Authorization
Certain limited PHI may be disclosed outside of the Foundation without prior written patient authorization, including to another University business associate, for purposes of fundraising on behalf of the Foundation. Note that pursuant to state law, the list of limited PHI that may be externally disclosed is narrower than for internal uses listed in Section II above. Any disclosure must also meet the necessary minimum standard, as explained above.
Pursuant to state law, information revealing the medical history, mental or physical condition, or treatment of a patient may not be disclosed outside of the Foundation for fundraising purposes without written patient authorization. Accordingly, physician names and departments of health care service that may reveal medical history, condition, or treatment, or outcome information may not be disclosed for a fundraising purpose without written patient authorization.
Disclosure by the Foundation to another business associate (a consultant or other person or entity, who is not part of the University or Foundation staff and who performs a service involving PHI on the Foundation’s behalf) requires a Business Associate Agreement.
IV. Fundraising Activities that Require Patient Authorization
The Foundation does not receive, use or disclose any PHI that exceeds limited PHI for a fundraising purpose. This includes diagnosis, treatment, or any other information apart from Limited PHI allowable for fundraising under HIPAA.
HIPAA protects individuals' privacy for 50 years after death, and so these fundraising rules apply to both living and deceased patients. If an authorization is needed for a patient donor who has since died, it may be obtained from his/her personal representative, pursuant to HIPAA.
V. Opt-Out Requirement
All fundraising communications from the Foundation include clear and conspicuous instructions, in “plain language,” on how an individual may opt-out from receiving fundraising communications from the Foundation.
The following Grateful Patient opt-out options have been approved for the Foundation:
Select the appropriate unsubscribe link in the footer of email message received.
Email optout@unmfund.org.
Call 505-277-2000 and leave a message.
The Foundation has flexibility to define the scope of the opt-out. This means an opt-out may allow patients to opt-out of a specific fundraising campaign for HSC, or all fundraising communications. HIPAA requires a covered entity to track every opt-out strictly and immediately, so the Foundation must adhere to this requirement and not make a fundraising communication to a person who has opted out of the same.
VI. Patient Self-Disclosure
In some cases, donors may self-disclose medical information in conversation with a Foundation staff member or in the process of making a donation, including their status as a patient of HSC, diagnosis, or treatment. Self-disclosed medical information outside the scope of PHI allowable for fundraising by HIPAA will not be stored, documented, or used by the Foundation for any purpose.
MINOR'S PRIVACY
Our website is designed and intended for those 18 and older. We do not knowingly collect personal information from minors under the age of 18. If you have reason to believe that a person under the age of 18 has provided Personal Information to us, please contact us as provided in the Contact Us section below with sufficient detail to enable us to delete that information from our databases.
ACCEPTANCE OF PRIVACY POLICY
By using www.unmfund.org you signify your acceptance of our Privacy Policy. If you do not agree to this policy, please do not use our website. Your continued use of the Foundation website following the posting of changes to these terms will mean that you accept these changes. If you do not agree with any changes to these terms, please stop using our website and notify us that you do not want your information used in accordance with the changes.
COPYRIGHT STATEMENT
All documents, webpages, photographs, and images are the property of or licensed by The University of New Mexico Foundation, Inc., except where noted otherwise. Permission is required to copy, download, or use any text, photographs, or image files. For copyright information regarding the Foundation homepage, contact us at contact@unmfund.org.
CONTACT US
We welcome any queries, comments, concerns, or requests you may have regarding this Privacy Policy. Please do not hesitate to contact us at:
The University of New Mexico Foundation, Inc.
700 Lomas Blvd. NE
Woodward Building 2
Albuquerque, NM 87102
Pat Allen, General Counsel, pat.allen@unmfund.org, 505-313-7605