PSUF | Privacy

Portland State University Foundation Privacy Policy

Last modified: July 1, 2025

At the Portland State University Foundation (“Foundation,” “we,” or “us”), we advance Portland State University’s (“PSU”) mission through philanthropy. We partner with donors, alumni, and community supporters to create opportunities that support and enhance PSU. As such, PSUF respects your need for privacy and aims to protect your personal data.

Purpose and Scope

The purpose of this Privacy Policy (“Policy”) is to inform you about the categories of personal data we collect when you visit the psuf.org or any other online platforms owned and operated by the Foundation (the “Website”), or otherwise interact at all with the Foundation (collectively with the Website, the “Services”); our practices for collecting, using, disclosing, retaining, and protecting your personal data; and your rights to ensure proper management of this information.

Applicability

This Policy applies to anyone who provides personal data to the Foundation, who authorizes the Foundation to obtain personal data from third parties, or who accesses or uses the Services. Terms used in this Policy may have different but substantially analogous terms in different jurisdictions and are intended to apply across jurisdictions except where expressly limited.

By accessing and using the Services you acknowledge that you have read and understood the content of this Policy. Accordingly, if you do not agree to the terms of this Policy, do not use the Website or Services.

Jurisdiction-Specific Rights: Oregon, EEA & U.K.

If you are a resident of Oregon, this entire Policy applies to you. However, please see our Oregon Privacy Addendum, which will inform you of your rights under Oregon law.

If you are located in the European Economic Area (“EEA”) or the United Kingdom (“U.K.”), this entire Policy applies to you. However, please see our EEA and U.K. Privacy Addendum which provides more information about which rights you have regarding the processing of your personal data.

Updates and Modifications

Updates to this Policy may be made from time to time to comply with changing regulations or internal data privacy procedures. In the event of an update, the revised policy statement will be posted at: PSU Foundation - Privacy.

About Us and How to Reach Our Privacy Team

If you have a question or concern about this Policy, please contact us:

Attn: Security
Portland State University Foundation
1600 SW 4^th Avenue, Suite 730
Portland, OR 97201
United States of America
Phone: 503-725-4478
Email: privacy@psuf.org

Minors and Privacy: Children Under 16

Our Website is not intended for children under sixteen (16) years of age. No one under age sixteen (16) may provide any information to or on the Website or when accessing or using any Services. We do not knowingly collect personal data from children under the age of sixteen (16). If you are under sixteen (16) years old, do not use or provide any information on this Website or on or through any of its features. If we learn we have collected or received personal data from a child under sixteen (16) years of age, without verification of parental consent, we will delete that personal data. If you believe we might have any personal data from or about a child under sixteen (16) years old, please contact us.

Personal Data We Collect: Direct and Indirect Sources

Personal Data We Collect and How We Collect It

We collect personal data you send to the Foundation for purposes relevant to the Foundation’s operations in pursuit of its philanthropic mission. When you interact with the Foundation, we gather various types of personal data, including:

Identifying Information: We may collect personal data details, such as your name, demographic information, and contact details (such as address, zip code, email, and phone number). Additionally, identifiers may include student identification information, marital status, birth date, maiden name, veteran status, official identification numbers (e.g., Social Security number for scholarship purposes), and any and all other personal data you disclose to us.
Academic Information: We may collect personal data related to your academic background, including, student identification information, declared major and minor, number of credits earned, attendance dates, graduation status, scholarship details, academic involvement (e.g., student council or other academic programs), and graduation class and degree.
Donor Profile Information: We collect personal data pertaining to your giving capacity, philanthropic interests, relationship to PSU (e.g., if you are a current student, alumni, faculty, staff, or otherwise), financial information, personal background, real estate and business securities, and any additional relevant personal data. We also collect personal data on contribution amounts, organizational affiliations, giving history, and any legal documents associated with donations.
Event and Volunteer Participation: When you register for or attend Foundation events or participate in volunteer activities, we collect personal data. This may include personal data about your involvement with the Foundation, personal background, dietary restrictions, and any additional relevant personal data.
Correspondence and Communication Records: We maintain personal data about your interactions with the Foundation, including the time and subject of your inquiries, as well as your preferred communication methods, engagements with the custom search engine within the Website, and other personal data you provide in forms you fill out.
Security and Monitoring: To ensure safety and quality assurance, we may collect video or audio recordings on our premises or during phone interactions. We may also collect photos and videos in furtherance of our mission. For more information see our Photography and Video section.

We may also collect any other personal data that you provide to us.

Personal Data We Collect Indirectly from You

We gather personal data about your use of the Services through cookies and other technologies. We may collect the following personal data through cookies on the Website: standard web browser information, including browser type, Internet Protocol address, pages viewed on the Website, and links clicked, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the Website.

Tracking Technologies

We also collect personal data from you when you access the Website and when you subscribe to our email services. We may collect personal data about the computer, mobile device or other device you use to access the Website such as IP address, geolocation information, unique device identifiers, browser type, browser language or other information of this nature in order to improve our Services.

On the Website, we may use web analytics tools, including primarily Google Analytics. Google Analytics provides that it collects information anonymously and reports Website trends without identifying individual visitors. We use the information collected to understand how our visitors are using the Website and make improvements for a better online experience. Google Analytics uses third-party cookies to track visitor interactions and collects an anonymized version of the Internet protocol (IP) address of Website visitors in order to provide us with a sense of where our visitors come from. Google Analytics provides that it does not store or report to us visitors’ actual IP address information.

Use of Cookies and Similar Technologies

Cookies are small files that are stored on your computer (unless you block them). The Website may use cookies to:

Understand and save your preferences for future visits.
Compile aggregate data about Website traffic and Website interaction so that we can offer better Website experiences and tools in the future.
Speed up your searches.
Store information about your preferences, allowing us to customize our Website according to your individual interests.

The Foundation uses Google Custom Search for website searching. Foundation search results do not contain ads and do not generate ad-related cookies. Google does use cookies to identify what website the user is on when performing a search and to track user preferences and search history. You can control and/or delete cookies as you wish – for details, see www.aboutcookies.org.

Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email that are designed to: (1) collect usage information, like ad impressions or clicks, and email open rates; (2) measure popularity of Services and associated advertising or promotion; and (3) access user cookies.

For more information regarding our cookies, including the precise cookies we use, please see the consent mechanism on the Website or (i.e., the pop-window that allows you to opt-out or opt-in to the placement of certain cookies).

System Logs and Data Collection

The Foundation’s servers automatically collect and log information when you use the Website or the Foundation’s computer systems. Log data may include your Internet Protocol (IP) address, date and time the Website or systems were used, and technical information about your devices and preferences.

Log data may be used to facilitate your access to Services, monitor system performance, troubleshoot problems, and facilitate the Foundation’s response in the event of prohibited uses of computing resources, or unauthorized access to sensitive data. Log files are stored for at least five (5) days and no longer than they are needed for performance monitoring, troubleshooting, and forensic purposes.

Processing and Managing of Donations

We accept donations from you only and do not directly collect or store payment information. We use third-party, PCI-compliant, payment processors, which collect payment information on our behalf in order to complete transactions with our donors. While our administrators are able to view and track actual donations via the user portals of the payment processors, we do not have access to, or process, credit card information.

Social Media Interactions and Data Use

We use social media plug-ins (e.g., Instagram, Facebook, LinkedIn, X (formerly Twitter), YouTube, and Threads). These features may collect your IP address (and/or other information as set forth in each social platform’s privacy policy), which page you are visiting on our Website, and may set a cookie to enable the feature to function properly. We also have a presence on some social media platforms, including Instagram, Facebook, LinkedIn, X (formerly Twitter), YouTube, and Threads. Through our accounts on social media platforms, we may in some instances collect personal data when you interact with our page or otherwise communicate with us through those accounts. Any personal data that you post on social media is governed by each social media platform’s privacy policies, and any personal data that we collect via our social media accounts will be processed in accordance with this Policy.

Personal Data Obtained From Third-Party Sources

We collect personal data from third parties to support the Foundation’s operations in alignment with its philanthropic mission. When gathering your personal data, we may obtain personal data from various external sources, in compliance with applicable data protection laws:

Portland State University: As our primary institutional partner, we may receive personal data regarding alumni, donors, and prospective donors to facilitate engagement and outreach. We also have a web presence on some PSU websites where we may collect your personal data.
Social Media Platforms: Your public interactions with the Foundation on social media, including comments, likes, shares, and other engagements, may be collected and used.
Community Platforms: We may obtain personal data from third party online platforms. For example, the Foundation facilitates an online book club and a digital advocacy program.
Third-Party Marketing and Fundraising Partners: These entities may provide us with certain personal data about your philanthropic interests, engagement with nonprofit initiatives, and giving capacity.
Independent Organizations: Various other organizations, including other charitable organizations, may serve as sources of personal data.

This personal data collection enhances our ability to provide you with tailored services and make informed decisions. We prioritize data accuracy and transparency, with the objective that all personal data gathered is relevant, up-to-date, and obtained through lawful means.

Sensitive Data We Collect and Process

Sensitive data represents a specialized category of personal data requiring elevated protection and careful handling. We collect the following categories of sensitive data:

Gender identity
Racial and ethnic background
National origin
Citizenship or immigration status
Personal beliefs systems, including religious affiliation
Health-related information (such as disclosed medical conditions or diagnoses)
We may also collect any other sensitive data that you provide to us with your consent

We may collect sensitive data exclusively:

For legitimate Foundation purposes, including to advance our philanthropic mission (as stated above)
With explicit individual consent
In compliance with regulatory requirements

Our approach prioritizes:

Minimal data collection (in accordance with this Policy)
Purpose-specific utilization
Confidentiality
Regulatory compliance

Withdrawing Your Consent

You may have additional rights related to sensitive data. For more information, please see our Oregon Privacy Addendum if you are an Oregon resident or our EEA and U.K. Privacy Addendum if you are a resident of the EEA or U.K..

Photography and Video

Photos or video taken at our events, programs, or other interactions you have with the Foundation may be used in publications such as brochures, newsletters, magazines, and video presentations. Such photos or videos may also be used electronically in online publications, our on the Website, emails, social networking websites, such as Facebook, LinkedIn, X (formerly Twitter), YouTube, and Threads, or in other electronic or print forms of media. These images and videos may be retained in perpetuity as historical and archival records of the Foundation. The Foundation will use such images and videos in accordance with this Policy. If you are pictured and would like us to discontinue using the photo, please contact us at privacy@psuf.org.

How We Use Your Personal Data

We may use your personal data for the following purposes:

Donor Services and Engagement: To manage donations, track donor history, and oversee the distribution of charitable funds; to enhance and provide support related to donor recognition, events, and other engagement opportunities; and/or to maintain relationships with donors, organize Foundation events, facilitate giving programs, and foster ongoing engagement with the philanthropic community.
Financial Management: To process donations, manage charitable funds, and handle any financial transactions with the Foundation.
Alumni Relationships: To cultivate relationships with PSU alumni, organize events, and provide important updates.
Regulatory Compliance and Documentation: To assist with the preparation of necessary documentation and adherence to applicable charitable giving regulations.
Communication and Outreach: To send important updates and notices, respond to inquiries, and maintain an ongoing connection with donors, supporters, and community partners.
Foundation Research and Program Improvement: To conduct internal analysis for the improvement of Foundation programs, operations, and services.
Legal Compliance and Obligations: To fulfill legal obligations and comply with applicable laws and regulations.
Security and Data Protection: To maintain Foundation data security and donor privacy, including necessary notifications.
Marketing and Awareness Campaigns: To provide information about Foundation programs and events to prospective donors and the wider community.
Additional Services and Benefits: To provide other services to donors, prospective donors, alumni, and other persons.

Any email address you provide may be used to send you information, respond to inquiries, and/or other requests or questions. We may also use your personal data to contact you about services that may be of interest to you. If you do not want us to use your personal data in this way, please contact us.

Sharing and Disclosure of Your Personal Data

We may share user personal data with third parties for purposes related to the pursuit of our philanthropic mission.

Third-Party Service Providers

We engage trusted third-party service providers to assist us in various operational aspects:

Donation processing and management
Communication services for donors and supporters
Data analysis to improve our fundraising strategies
IT and cloud service providers
Payment processors for donations, pledges, fees, and purchases
Data storage and analysis for donors

These providers are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them.

Collaboration with Research Partners

To contribute to the advancement of higher education through philanthropy, we may share anonymized or aggregated data with:

Researchers studying giving trends
Organizations working to improve higher education fundraising
Entities conducting studies to enhance donor engagement

Additional Personal Data Disclosures

We may also disclose your personal data to fulfill the purpose for which you provide it and for any other purpose disclosed by us when you provide the personal data.

We may also disclose your personal data to legal, financial, insurance and other advisors in connection with corporate transactions, the management of our organization and operations, to defend against legal claims; to investigate, prevent, or act against illegal activities, suspected fraud, situations involving potential threats to safety, or violations of our terms of use; to protect our operations, assets, and intellectual property; to allow us to pursue appropriate legal remedies or limit damages; to pursue any reorganization, merger, sale, joint venture, assignment, transfer of assets, or other disposition of all or any portion of our organization, assets, or stock; or as otherwise required by law or pursuant to a lawful order.

Your Choices Regarding the Use and Disclosure of Your Personal Data

We strive to provide you with choices regarding the personal data you provide to us. We have created mechanisms to provide you with the following control over your personal data:

Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this Website may then be inaccessible or not function properly.

We do not control third parties’ collection or use of your personal data to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your personal data collected or used in this way. You can opt-out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website.

We may send you promotional or marketing emails. You can object to these emails at any time by selecting the “unsubscribe” link at the end of all our marketing and promotional update communications to you by removing yourself from the mailing list or contacting us.

Residents of Oregon and the EEA or UK may have additional rights. Please see the appropriate addendum for more information.

Accessing, Updating, and Correcting Your Personal Data

You can review and change your personal data by visiting the Website and logging into your account profile page or contact us at the information provided in our About Us and How to Reach our Privacy Team section.

Personal Data Retention Practices

See the table below for our personal data retention periods.

Record and Personal Data Categories	Retention Period
Communications Identifiers, financial information, and sensitive data	6 months
Scholarship/Academic Information Identifiers and academic records	3 years
Volunteer Information Identifiers	3 years
Video and Photography (May include identifiers and/or sensitive data)	Documentary: Permanent
	Event/Ceremony Recordings: 10 years (unless documentary)
	Donor/Volunteer Headshots: 7 years post-exit (unless documentary)
	Security Video: 30 days (unless held for investigatory purposes)
Legal Compliance Identifiers, financial information, academic records, video, photography, and sensitive data	7 years
User Submitted Content Identifiers	2 years (unless documentary)
Donor Profiles Identifiers, financial information, and sensitive data	Active Donors: 10 years from last donation, provided the Foundation may seek renewed consent to retain information
	Legacy Donors (major gifts, endowments, and similar donations): 25+ years based on ongoing relationship
Location Data (e.g., general region, state, and/or zip code)	1 day to 13 months
Online Identifier (e.g., mobile types, mobile device type, browser type, IP address, unique identifiers, domain names, access times, and geolocation information.)	1 day to 13 months
Internet Activity (e.g., time of website access, browsing activity, and traffic data, including setting of non-essential cookies.)	1 day to 13 months

Additionally, we will retain personal data we collect from you where we have an ongoing legitimate need to do so (for example, to comply with applicable legal, tax or accounting requirements). Additionally, we cannot delete personal data when it is needed for the establishment, exercise or defense of legal claims (also known as a “litigation hold”). In this case, the personal data must be retained as long as needed for exercising respective potential legal claims.

“Do Not Track” and GPC

Your Internet browser and mobile device may allow you to adjust your browser settings so that “do not track” (DNT) requests are sent to the websites you visit. Our Website does not currently respond to DNT signals due to the absence of an industry-standard protocol. For more information on DNT settings generally, please visit https://allaboutdnt.com. As of January 1, 2026, we will honor opt-out preference signals, including the Global Privacy Control (GPC).

Safeguarding Your Personal Data

We employ a variety of reasonable technical and procedural measures designed to protect your personal data from misuse and unauthorized access. These measures include policies that aim to limit access to your personal data to the fewest number of individuals who need that personal data for operational and strategic purposes. Firewalls, intrusion detection and prevention, log monitoring, data encryption, and other technical measures are used to safeguard your personal data from unauthorized access. Any payment transactions will be encrypted using SSL technology.

The safety and security of your personal data also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of personal data via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

Third-Party Websites and External Links

Our Website contains links to PSU and our affiliated vendor websites, such as email services, online donor pages, social media, and events registration pages. We are not responsible for the content, or the privacy practices employed by those other websites. A link to another website does not constitute an endorsement of that website or any of the content or information provided by that website. We encourage our visitors and users to be aware when they leave our Website and to read the privacy policies of each website they visit.

International Personal Data Transfers

We are located in the United States, and the personal data that we collect is stored on servers located in the United States. This means that your personal data will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the General Data Protection Regulation 2016/679 (“GDPR”) in the European Union.

By sending us personal data, you agree and consent to the processing of your personal data in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Economic Area).

We have implemented safeguards designed to ensure that the personal data we process remains protected in accordance with this Policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take at our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal data. We may implement other mechanisms and take similar appropriate safeguards with our third party service providers and partners. Further details can be provided upon request.

Oregon Privacy Addendum

This Oregon Privacy Addendum (the “Oregon Privacy Addendum”) supplements the information in our privacy policy located at PSU Foundation - Privacy (the “Policy”), which informs you about the categories of personal data we collect when you visit the PSU Foundation - Home Page, psuf.org, or any other online platforms owned and operated by the Foundation (the “Website”), or otherwise interact at all with the Foundation (collectively with the Website, the “Services”); our practices for collecting, using, retaining, and protecting your personal data; and your rights to ensure proper management of this information.

Specifically, this Oregon Privacy Addendum provides residents of Oregon additional information about their privacy rights under the Oregon Consumer Privacy Act (“OCPA”). This Oregon Privacy Addendum is intended only for residents of Oregon.

Your Privacy Rights Under Oregon Law

Right to Know the Personal Data We Collect

You have the right to know whether we are processing your personal data, what personal data is being collected about you, whether it is disclosed, and to whom (as provided in the Policy). For the purposes of OCPA and this Policy, “personal data” is any data or unique identifier that is linked to, or is reasonably linkable to, you or one of your devices as an individual. It does not include deidentified data or data that is lawfully available through federal, state, or local government records, widely distributed media, or information reasonably understood to have been made lawfully available to the public by you.

Right to Access and Requesting a Copy of Your Personal Data

You can request access to your personal data. This enables you to receive a copy of the personal data we hold about you. We may request specific personal data from you to enable us to verify your identity. Your right to access your personal data is not absolute. If we cannot provide you with access to your personal data, we will inform you of the reasons, subject to any legal restrictions.

Right to Request Correction of Your Personal Data

The Foundation aims to ensure the personal data we possess is accurate. If you believe personal data about you is incorrect, incomplete, or outdated, you may request the correction or an update of that information. We will use commercially reasonable efforts to revise it.

Right to Request Deletion Your Personal Data

You may ask us to delete or remove personal data where there is no legal reason for us to continue using it.

Right to Opt-Out of Processing Personal Data

You may opt-out of our processing of your personal data in connection with the sale of your personal data, targeted advertising or the purpose of profiling you in furtherance of decisions that produce legal effects or effects of similar significance.

Right to Withdraw Consent

You have the right to withdraw any consent you may have previously given us at any time. If you withdraw your consent, this will not affect the lawfulness of our collecting and processing your personal data up to the point in time that you withdraw your consent. Even if you withdraw your consent, we may still use your personal data, provided it has been fully deidentified and does not personally identify you.

Using an Authorized Agent for Requests

If your state allows you to designate an authorized agent to exercise any of the rights listed above on your behalf, we will require proof that the agent has been authorized to act for you. Additionally, we will ask you to verify your identity directly and confirm that you have granted the agent permission to make the request.

If you designate an authorized agent through an internet link, browser setting, browser extension, global device setting, or other technology to opt-out of processing your personal data, we will honor the request once we verify, using commercially reasonable efforts, both your identity and the agent’s authority to act on your behalf.

How to Exercise Your Privacy Rights

If you wish to contact us in connection with the above, please contact us. Include your name, address, email, phone number, and the specific request you would like to make. Parents and legal guardians may contact us on behalf of their minor children. Similarly, an authorized agent may submit a request on behalf of a consumer.

We will respond to your or your authorized agents written request without undue delay. We may require additional personal data to authenticate your request. If we are not able to honor any part of your request using commercially reasonable methods, we will notify you and, in our response, we will explain as to why we cannot do so.

Right to Appeal Our Decision

If we deny your request to exercise your privacy rights as described above, you may appeal our decision by writing to us at the address from which our response was sent within 45 days of the date of our response. Please provide any additional, relevant information you believe we should consider in evaluating your appeal.

If we refuse your request again, you may have the right to file a complaint with the Attorney General. Please see https://www.doj.state.or.us/ for more information on contacting the Attorney General.

Nondiscrimination and Your Rights

We do not discriminate against individuals who exercise their privacy rights.

Personal Data Retention

For personal data retention information, please see our Personal Data Retention Practices section.

How to Contact Us for Privacy Inquiries

To ask questions or comment about this Oregon Privacy Addendum, our Policy, and our privacy practices, or to exercise your rights hereunder, please see contact us at the information provided in our About Us and How to Reach our Privacy Team section.

EEA and U.K. Privacy Addendum

The Foundation has updated its policies regarding the recording and use of personal data for individuals residing in the European Economic Area (“EEA”) and the United Kingdom (“U.K.”), in compliance with the General Data Protection Regulation 2016/679 (“GDPR”).

How We Use and Process Your Personal Data Under GDPR

As explained in our privacy policy located at PSU Foundation - Privacy (the “Policy”), which informs you about the categories of personal data we collect when you visit the PSU Foundation - Home Page, psuf.org, or any other online platforms owned and operated by the Foundation (the “Website”), or otherwise interact at all with the Foundation (collectively with the Website, the “Services”); our practices for collecting, using, retaining, and protecting your personal data; and your rights to ensure proper management of this information.

For our users located in the EEA and the U.K., we must have a valid legal basis in order to process your personal data. Generally speaking, the main legal bases under the GDPR that justify our collection and use of your personal data are:

Performance of a contract – When your personal data is necessary to enter into or perform our contract with you.
Consent – When you have consented to our use of your personal data via a consent form (online or offline).
Legal obligation – When we need to use your personal data to comply with our legal obligations.
Legal claims – When your personal data is necessary for us to defend, prosecute or make a claim.
Legitimate interests – When we use your personal data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights. For instance, our processing of your personal data in connection with our Services is within our legitimate interests because the nature of the information (while still personal data) is widely available and distributed across the internet and otherwise. These interests include, but are not limited to fundraising activities, donor engagement and stewardship, managing and improving the Foundation operations, ensuring facility security, supporting PSU through philanthropy, maintaining donor and supporter relationships, engaging benefactors and the broader community, and promoting the Foundation events and charitable initiatives. Moreover, we provide adequate notice, access and choice (including the ability to delete account data within the alumni or donors account) and technical and organizational measures with respect to the donor account. If we rely on our (or another person’s) legitimate interests for using your personal data, we will undertake a balancing test to ensure that our (or the other person’s) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal data. You can ask us for information on this balancing test by contacting us.

Below are the general purposes and corresponding legal bases (in italics) for which we may use your personal data:

Personal Data Category	Purpose	Legal Basis
Identifier (e.g., name, email, phone number, phone number, address, student/official identification information, marital status, birth date, Social Security number, maiden name, veteran status, relationship to PSU)	To process donations and issue tax receipts	Performance of a contract
	Community Services/Events	Legitimate interest: To host, organize, and/or sponsor fundraising events and community programming, based on legitimate interests in supporting PSU and fostering effective donor engagement.
	To develop and maintain donor profile	Legitimate interest: To understand donor interests, managing relationships, and tailoring services, based on legitimate interests in supporting PSU and fostering effective donor engagement.
	Tax, compliance, employment, litigation, and other legal rights and obligations	Legal obligation
	To feature donors, alumni, staff, faculty, and community members in promotional materials.	Consent
	Review of applications for program or financial opportunities	Legitimate interest: To evaluate scholarship applications and administer awards, based on legitimate interests in advancing educational opportunities and supporting academic achievement for students aligned with the Foundation’s mission.
Financial Information. (e.g., real estate, business securities, contribution amounts, organizational affiliations, giving history, and any legal documents associated with donations)	To process donations	Performance of a contract
	To develop and maintain donor profile	Consent
	Review of applications for program or financial opportunities	Legitimate interest: To evaluate scholarship applications and administer awards, based on legitimate interests in advancing educational opportunities and supporting academic achievement for students aligned with the Foundation’s mission.
	Tax, compliance, employment, litigation, and other legal rights and obligations	Legal obligation
Academic Information (e.g., academic background)	Financial disbursement	Performance of a contract.
Academic Information (e.g., academic background)	Review of applications for program or financial opportunities	Legitimate interest: To evaluate scholarship applications and administer awards, based on legitimate interests in advancing educational opportunities and supporting academic achievement for students aligned with the Foundation’s mission.
Data Subject Submitted Content (e.g., interactions with the Foundation through social media and/or survey responses)	To provide or improve Services	Legitimate interest: To process user-submitted content, based on legitimate interests in enhancing community engagement, improving Services, and advancing organizational goals through feedback and public contributions in accordance with the Foundation’s mission.
	Tax, compliance, employment, litigation, and other legal rights and obligations	Legal obligation
Photo and Video (e.g., identifiers and/or sensitive data)	Community Services/Events	Legitimate interest: To document and promote community services and events through photography and videography, based on legitimate interests in fostering community engagement, preserving such activities, and enhancing public awareness of the Foundation’s initiatives in accordance with the Foundation’s mission.
	To feature donors, alumni, staff, faculty, students, and community members in promotional materials	Consent
	Security	Legitimate interest: (1) Fraud prevention; (2) for the proper functioning of our services; and (3) to protect stored personal information from unlawful, accidental, and/or malicious actions or events.
Location Data (e.g., region, state/province, and/or zip code)	Analytics	Consent
	Security	Legitimate interest: (1) Fraud prevention; (2) for the proper functioning of our services; and (3) to protect stored personal information from unlawful, accidental, and/or malicious actions or events.
Online Identifiers (e.g., mobile types, mobile device type, browser type, IP address, unique identifiers, domain names, access times, and geolocation information)	Analytics	Consent
	Security	Legitimate interest: (1) Fraud prevention; (2) for the proper functioning of our services; and (3) to protect stored personal information from unlawful, accidental, and/or malicious actions or events.