Effective Date: July 26, 2022
The Pew Charitable Trusts (“Pew,” “we,” “us,” or “our”) values your private information and understands the need for security and trust surrounding such information. We are committed to protecting your Personal Data, which refers to any data that is used or could be used to identify you (such as your name, email address, street address, or job title).
This Policy addresses data subjects whose personal data we:
- Receive on our family of websites, which include www.pewtrusts.org and other websites that may link to this Policy from time to time (collectively, the “Sites”).
- Receive when you interact with us on third-party websites or applications, such as social media platforms.
- Receive and process for any of our public policy outreach, philanthropic, or fundraising activities.
This Policy does not address applicants applying for employment, which is covered in our Applicant Data Privacy Notice.
Please review the entire Policy and feel free to contact us using the contact information below if you have any questions.
Our Role With Respect To Your Personal Data
Within the scope of this Policy, we act as a data controller for the Personal Data we process. This means that we decide how and why Personal Data is collected and further processed.
Lawful Bases For Processing
We must have a valid reason to use your Personal Data. This is called the “lawful basis for processing.”
We may process your Personal Data on the basis of:
- Your consent.
- The need to perform a contract with you.
- Our legitimate interests or those of a third party, such as our interest in marketing activities.
- The need to comply with the law.
- Any other ground, as required or permitted by law.
To the extent our legitimate interests serve as lawful basis for processing, those legitimate interests include:
- Monitoring for security purposes.
- Preventing fraud or abuse.
- Marketing efforts.
- Improving our content, products, and services.
- Any other ground, as required or permitted by law.
When we process your Personal Data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of the processing we may have completed prior to your consent withdrawal. The withdrawal of your consent will also not affect the validity of our Personal Data processing performed on other lawful grounds.
What Personal Data We Collect And How We Obtain It
We may collect the following kinds of Personal Data when you use the Sites:
Personal Data you provide directly to us
For certain activities, such as when you subscribe to our updates or newsletters or contact us directly, we may collect some or all of the following types of Personal Data:
- Contact information, such as your full name, email address, mobile phone number, and mailing address.
- Your username and password.
- Your likeness, image, name, and/or voice recordings, if you provide us with a signed release form.
- Any other information you choose to provide to us.
We may combine such information with information we may already have about you.
Information we collect automatically
Types of Personal Data we collect automatically include:
- Your internet protocol (IP) address.
- Device and advertising identifiers.
- Browser type.
- Operating system.
- Internet service provider.
- Pages that you visit before and after using our Sites.
- The date(s) and time(s) of your visit(s).
- Information about the links you click, the pages you view, the general manner in which you navigate the Sites, and other standard analytics and server log information.
- Location information when you use our Sites, such as your computer’s IP address.
- Technical data to address and fix technical problems and improve our Sites, including the memory state of your device when a system or app crash occurs while using our Sites.
- Note: Your device or browser settings may permit you to control the collection of this technical data. This data may include information you were using or editing when a problem occurred, or the contents of your communications.
Information we collect from other sources
We may collect the following categories of Personal Data about you from other sources, including through the third-party services and organizations listed below:
- Identifying information (e.g., name).
- Contact information (e.g., mailing address, phone number, email address).
- Demographic information (e.g., age or age ranges, geographic).
- Professional information (e.g., professional degree, job title, employer, department).
- Device information (e.g., IP address, MAC address, browser fingerprint).
- Social network information (e.g., friends, connections, group memberships).
- Behavioral information (e.g., browsing behavior, links clicked).
- Preference information (e.g., subscriptions, news articles, interests).
We collect the above categories of Personal Data through the following types of third-party services and organizations:
- Social media platforms (e.g., Facebook, Google, LinkedIn, Twitter).
- Analytics tools (e.g., Google Analytics, Facebook Pixels).
- Service providers (e.g., website hosting providers, advertising platforms).
- Publicly available sources (e.g., LinkedIn profile, company website).
Our Purposes For Processing Personal Data
We may process your Personal Data for the following purposes:
- To provide and improve the Sites.
- To contact you, including for fundraising purposes.
- To fulfill your requests for products, services, and information.
- To send you promotional materials.
- To analyze the use of the Sites and user data to understand and improve the Sites.
- To customize the content you see when you use the Sites.
- To prevent potentially prohibited or illegal activities and otherwise in accordance with our Terms and Conditions.
- For any other purposes disclosed to you at the time we collect your Personal Data or pursuant to your consent (including using your likeness, image, name, and/or voice on Pew’s website, social media channels, multimedia materials, print materials, podcasts, and any other works made by Pew, where you have provided us with your consent to do so).
How Long We Keep Your Personal Data
We will retain your Personal Data for as long as is necessary to fulfill the purpose for which we collected your Personal Data and any other permitted linked purpose and in compliance with our data retention policies. For example, we will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Generally, we retain usage data for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Sites and services, or we are legally obligated to retain this data for longer time periods.
If your Personal Data is used for more than one purpose, we will retain it until the purpose with the longest retention period expires, but we will stop using it for the purpose with a shorter retention period once that period expires. Our retention periods are also based on our organization’s needs and good practice.
Sharing Of Personal Data With Third Parties
We are committed to maintaining your trust, and we want you to understand when and with whom we may share the Personal Data we collect.
Authorized third-party vendors and service providers. We may share your Personal Data with third-party vendors and service providers that help us with specialized services, including billing, payment processing, email deployment, business analytics, marketing, advertising, performance monitoring, hosting, and data processing. We take steps to prevent these third parties from using your information for any purpose other than the services they are providing.
Corporate affiliates. We may share your Personal Data with our corporate affiliates that are subject to this Policy.
Business transfers. We may share your Personal Data in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
Legal purposes. We may disclose Personal Information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims, or government inquiries and to protect and defend the rights, interests, health, safety, and security of The Pew Charitable Trusts, our affiliates, users, or the public.
With your consent or at your direction. We may share Personal Data for any other purposes disclosed to you at the time we collect the Personal Data or pursuant to your consent or direction.
If you access third-party services such as Facebook, Google, LinkedIn, or Twitter from the Sites or share information about your experience on the Sites with others, these third-party services may be able to collect information about you, including information about your activity on the Sites, and they may notify your connections on the third-party services about your use of the Sites, in accordance with their own privacy policies.
We use reasonable measures to help protect your Personal Data from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. Examples of reasonable measures we use include restricting access to our sites and system based on roles, encrypting personal data at rest and in transit, and other commercially appropriate policies, procedures, and technologies for data we store or process. We make all required and reasonable efforts to ensure that all our third-party processors and vendors protect any of your Personal Data that we have shared with them.
Your Rights And Choices
You may opt out of our email newsletters by clicking “unsubscribe” at the bottom of each newsletter and following the subsequent instructions. You may also opt out of all communications from Pew by contacting us using the contact information provided below. Where you have provided us with your consent to use your likeness, image, name, and/or voice on Pew’s website, social media channels, multimedia materials, print materials, podcasts, and any other works made by Pew, you can later withdraw your consent, although given the nature of the internet, it may not be possible to ensure the complete removal of your information from the internet.
You may be able to refuse or disable cookies by adjusting your web browser settings. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section). If you choose to refuse, disable, or delete certain technologies, some of the functionality of the Sites may no longer be available to you.
For more information about cookies generally, see our Cookies Policy. For more information about the third parties we collect Personal Data from, please see the section below on Information we collect from other sources.
Rights Of European Economic Area (Eea) Residents Under The GDPR
EEA residents have specific rights with regard to their Personal Data, as described further below. For information on how to exercise these rights, please see How to Exercise Your Rights Under the GDPR.
Your rights as an EEA resident include:
- The right to access Personal Data we have about you. This right allows you to ask for confirmation as to whether Pew processes your Personal Data, and receive information about:
- Our purposes for processing your Personal Data.
- The categories of your Personal Data that we process.
- The categories of sources for your Personal Data.
- The categories of third parties with whom we share your Personal Data.
- How long we keep your Personal Data.
- Your rights to (1) correct your Personal Data, (2) delete your Personal Data, (3) restrict the processing of your Personal Data, or (4) object to the processing of your Personal Data (we have included further details about each of these rights below).
- Your right to submit a complaint to the regulator that enforces the GDPR.
- If we carry out automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
- The right to correct your Personal Data. This is called the right to rectification. It gives you the right to ask us to correct anything that you think is wrong with the Personal Data we have collected about you and to complete any incomplete Personal Data.
- The right to delete your Personal Data. This is also known as the right to erasure, or the right to be forgotten.
- The right to ask us to limit how we process your Personal Data. This is called the right to restrict processing. It is the right to ask us to use or store your Personal Data only for certain purposes. You have this right in certain instances, such as where you believe the data is inaccurate or the processing activity is unlawful.
- The right to ask us to stop using your Personal Data. This is called the right to object. You have this right when we rely on a legitimate interest of ours (or of a third party) to process your Personal Data. You may also object at any time to the processing of your Personal Data for direct marketing purposes.
- The right to “port” or move your Personal Data. This is called the right to data portability. It is the right to ask for and receive a portable copy of your Personal Data so that you can (1) move it, (2) copy it, (3) keep it for yourself, or (4) transfer it to another organization. We will provide your Personal Data in a structured, commonly used, and machine-readable format. When you request this information electronically, we will provide you a copy in electronic format. We will also transfer your Personal Data to another organization at your request.
- The right to withdraw your consent to the processing of your Personal Data. In instances in which we process Personal Data based on your consent, you may withdraw your consent at any time. You may communicate your intent to withdraw consent by contacting us at [email protected] (see How to Exercise Your Rights Under the GDPR).
- The right to submit a formal complaint about our Personal Data processing activities. In accordance with Article 77 of the GDPR, you have the right to submit a complaint to the data protection regulator in the country in which you reside or work, or where the processing activities at issue occurred.
- Rights related to automated decision-making. We sometimes use automated technologies to analyze your Personal Data. For decisions that may seriously affect you, you have the right not to be subject to automatic decision-making, including profling. There are limited exceptions to this right; for example, when we are required to use automated decision-making to perform a contract or when you explicitly consent to the use of automated decision-making. In those instances, however, you retain the right to seek human intervention in the decision and to contest the decision.
How to Exercise Your Rights Under the GDPR
EEA residents may exercise their rights by contacting [email protected]. Before processing your request, we will verify your identity by having you provide information we already know that is not publicly available or likely to be known by an unauthorized individual, such as your email address, phone number, or mailing address. We may also verify your identity by sending a one-time use access code to the email address or phone number we have for you. If necessary, we may request additional information from you in order to verify your identity.
We will respond to your request within one month of receipt. If we need more time (up to three months total), we will inform you of the reason and the extension period in writing.
We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.
Under certain circumstances defined by the GDPR, we may deny your request to exercise the above rights. This limitation does not apply, however, to your right to withdraw consent to the processing of your Personal Data, which you have the right to do at any time.
If we deny your request to exercise your rights, we will inform you of our reason.
Third-Party Advertising, Links, And Content
Some of the Sites may contain links to content maintained by third parties that we do not control. We allow third parties, including business partners, advertising networks, and other advertising service providers, to collect Personal Data concerning your online activities through cookies, pixels, local storage, and other technologies. These third parties may use this information to display advertisements on our Sites and elsewhere online tailored to your interests, preferences, and characteristics. We are not responsible for the privacy practices of these third parties, and the information practices of these third parties are not covered by this Policy.
Some third parties collect information about users of our Sites to provide interest-based advertising on our Sites and elsewhere, including across browsers and devices. These third parties may use the information they collect on our Sites to make predictions about your interests in order to provide you ads (from us and other companies) across the internet. Some of these third parties may participate in an industry organization that gives users the opportunity to opt out of receiving ads that are tailored based on your online activities. Because of differences between using apps and websites on mobile devices, you may need to take additional steps to disable targeted ad technologies in mobile apps. Many mobile devices allow you to opt out of targeted advertising for mobile apps using the settings within the mobile app or on your mobile device. For more information, please check your mobile settings.
To opt out of interest-based advertising across browsers and devices from companies that participate in the Digital Advertising Alliance or Network Advertising Initiative opt-out programs, please visit their respective websites. You may also be able to opt out of interest-based advertising through the settings within the mobile app or on your mobile device, but your opt-out choice may apply only to the browser or device you are using when you opt out, so you should opt out on each of your browsers and devices if you want to disable all cross-device linking for interest-based advertising. If you opt out, you will still receive ads, but they may not be as relevant to you and your interests, and your experience on our Sites may be degraded.
Do-Not-Track Signals and Similar Mechanisms. Some web browsers transmit “do-not-track” signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.
Transfers Of Personal Data To Countries Outside The Eea
When we share your Personal Data with third parties, some of the third parties may be located outside of the European Union or the European Economic Area. In some cases, the European Commission may have determined that in some countries, their data protection laws provide a level of protection equivalent to European Union law. You can see here the list of countries that the European Commission has recognized as providing an adequate level of protection to Personal Data.
We will transfer your Personal Data to third parties in countries not recognized as providing an adequate level of protection to Personal Data only when there are appropriate safeguards in place. These may include the European Commission-approved standard contractual data protection clauses under Article 46.2 of the GDPR or Binding Corporate Rules under Article 47 of the GDPR.
We do not knowingly collect any Personal Data from children under the age of 13 without parental consent, unless permitted by law. If we learn that a child under the age of 13 has provided us with Personal Data, we will delete it in accordance with applicable law.
If you have any questions about this Policy or our practices, please contact us at [email protected].
You may also reach out directly to our Data Protection Officer, VeraSafe:
100 M Street S.E., Suite 600
Washington, D.C. 20003