Jolley Foundation (“Foundation” or “we” or “our” or “us”) takes its grantees, collaborating funders, and website users’ (“User” or “you” or “your”) on-line security and privacy seriously, so the Foundation makes reasonable efforts as described below to ensure its Users’ confidence and protect their on-line security and privacy. This privacy policy aims to give you information on how we collect and process your personal information and other data through your use of our website the (“https://jolleyfoundation.org”) owned and operated by the Foundation, or when you use other services provided by the Foundation (collectively, our “Services”) and information on our practices for collecting, using, maintaining, protecting, and disclosing that information. 

This policy applies to information we collect:

• through use of our Services; or
• in email, text, and other electronic messages between you and the Foundation; or 
• from you offline or through any other means. 

It does not apply to information collected by:

• us if the information collected is of a non-personally identifiable, including, without limitation, log data, domain names of your internet service provider, your approximate geographic location, a record of your usage of our website or Services, time of usage, aggregated personal information, as long as that information cannot be used to specifically identify you; or 
• any third party (like third-party websites), including through any application or content (including advertising) that may link or be accessible as a result of your use of our Services.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Services and not to access the website.  By accessing or using our Services and/or by visiting and/or utilizing the website, you agree to this privacy policy. This policy may change from time to time. Your continued use of our Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates. 

1. Types of Information Collected.

1. Other Information.  We may automatically collect or receive information regarding your use of the website; your interactions with us and our advertising or other information regarding your computer and mobile devices used to access the website (collectively, the “Other Information”).  Such Other Information may include:

1. 1. Traffic Data Collected. The Foundation automatically tracks and collects the following information when the User visits the Foundation’s website, including the User’s: (A) IP address (which may consist of a static or dynamic IP address and will sometimes point a  specific identifiable computer or mobile device); (B) domain server; (C) type of computer; (D) type of web browser and language; (E) pages visited and duration (including date and time); (F) referring and exit pages and URLs; (G) search terms used to access the website; and (H) details regarding your activity on the website and other performance and usage date (collectively “Traffic Data”). 

Traffic Data is anonymous information that does not personally identify the User but is helpful in the Foundation’s efforts to improve the User’s experience on the website. 

1. 2. Cookies. Our website may require you to accept session “cookies” to provide customer experience and efficiencies such as enabling you to login, personalizing your experience, and/or automatically filling in standard information on return visits. We may use both session cookies, which expire once you close your browser, and persistent cookies, which stay on your mobile device until you delete them and other technologies to help us collect data and to enhance your experience with the website. “Cookies” for websites are small pieces of information that are stored locally on your device by your browser and passed back to the server whenever a request for a new page on the site is made. The session cookie is never saved or written to disk. It is discarded when the browser exits, when you log out of the website, or when you have not visited a page on the website for a given period of time, for example 60 minutes. 

Most web browsers automatically accept session cookies, but most browsers also allow you to configure your web browser to refuse them or to notify you before a cookie is set. You also can manually view (and delete) any cookies stored on your computer. If you do not allow session cookies to be set, you may not be able to use our website, access the full content otherwise available through our website and/or use the full features and functionality of our website. 

2. Personal Information Collected. In order for the User to access certain Services that the Foundation offers via the website, the Foundation may require the User to provide information that personally identifies the User (“Personal Information”). Personal Information may include the following: 

• • • Identity Data includes names, title, date of birth, and gender.
    • Contact Data includes mailing address, telephone numbers, email address, and other digital contact information. 
    • Financial Data includes bank account and payment card details.
    • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, and feedback and survey responses.
    • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences. 

We do not collect Personal Information from you when you use the website unless you provide us with the Personal Information voluntarily.

3. How Personal Data is Collected. We collect information about the use of our website, as well as any Personal Information that you provide on the website. We will not share this Personal Information in a manner that is inconsistent with the privacy policy unless required to do so by law. We collect data in a variety of ways, including, but not limited to, directly from you from phones calls, our website (via cookies or as entered by you), information submitted via email, physical mail, online or physical forms, or as collected during the ordinary course of business. We may acquire personal data from third parties while staying compliant with all regulations, such as UK General Data Protection Regulation (“UK GDPR”), the EU General Data Protection Regulations (“EU GDPR”) and the California Consumer Privacy Act (“CCPA”) as amended and extended by the California Privacy Rights Act (“CPRA”). Measures are taken to secure assurance from these sources, ensuring that you have granted consent for the sharing of such information when you initially provided it to the respective third party. 

4. Non-Discrimination Clause. The Foundation is committed to ensuring the privacy and security of your personal data. We adhere to the principles set forth in applicable data regulations to guarantee fair and transparent processing of your information. 

We do not process personal data for any purpose that is incompatible with the purposes for which it was originally collected. We do not engage in any form of discriminatory processing based on race, color, ethnicity, religion, sex, gender identity, sexual orientation, national origin, disability, age, or any other protected characteristic. Our data processing activities are designed to treat all individuals equally and fairly, respecting their rights and privacy. 

If the User communicates with the Foundation by e-mail or completes online registration forms, surveys or other forms, any information provided in such communication also may be collected as Personal Information. If you have any questions about how we handle your personal data or if you believe your privacy rights have been violated, please contact us at info@jolleyfoundation.org with the subject line “Data Privacy Inquiry.”

2. How We Use Your Personal Information. By providing Personal Information on or through the website, the User is authorizing the Foundation to use that Personal Information. The Foundation uses Personal Information (i) to respond to requests and inquiries, (ii) to send the User information about the Foundation, including its affiliates or services, and (iii) to otherwise contact the User.  
   
   
3. Who We Share Your Personal Information With. The Foundation may provide User’s Personal Information for a legitimate business purpose to third parties providing the Foundation services related to the website or the services provided through the website, solely for the purposes of the services provided by such third party and such third parties will have access only to the Personal Information needed to perform the functions and to the extent permitted by applicable law. We do not provide User’s Personal Information to third parties for such parties’ use in marketing or advertising. Specifically, no mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. Except as described herein and as may be required by court order, other governmental agency order, applicable regulations, or other official proceeding, the Foundation does not sell, trade, or otherwise transfer to outside parties Personal Information unless the User provides consent in advance, where such consent must be in writing, which includes by email, except as provided in this Privacy Policy or required by law.   
   
   
4. User Choice Regarding Collection, Use and Distribution of Traffic Data and Personal Information. The User may choose not to allow the use of cookies under Traffic Data. The User’s system settings control the use of cookies (not the Foundation). The User should check whether the User’s browser settings and mobile device allow the User to refuse cookies. If the User does not accept cookies, the User will still have access to some, but not all, of the facilities of the website. The User may choose not to provide the Foundation with any Personal Information. In such an event, the User can still access some of the website; however, the User will not be able to access and use those portions of the website that requires the User’s Personal Information, and the Foundation may not be able to respond to certain inquiries of the User. 
   
   
5. How Long Your Personal information Will Be Kept. We will keep your Personal Information while we are providing services to you. Thereafter, we will keep your Personal Information for as long as is necessary: 

• • •  To respond to any questions, complaints or claims made by you or on your behalf; 
    •  To show that we treated you fairly; or 
    •  To keep records as required by applicable law. 

We will not retain your Personal Information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information.

6. Your California Privacy Rights. California Civil Code Section § 1798.83 permits users of our Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. Additionally, Users of our Services that are California Residents have the right under the CCPA, as amended by the CPRA, and certain other privacy and data protection laws, as applicable, to exercise free of charge: 

Right to Know/Right to Access. You have the right to know, and request disclosure of:

2. 2. • The categories of personal information we have collected about you, including sensitive personal information
      • The categories of sources from which the personal information is collected;
      • Our business or commercial purpose for collecting, selling, or sharing personal information;
      • The categories of third parties to whom we disclose personal information, if any; and
      • The specific pieces of personal information we have collected about you. 

Please note that we are not required to:

2. 2. •  Retain any person information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained.
      • Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in the manner that would be considered personal information; or
      • Provide the personal information to you more than twice in any 12-month period

Right to know What Information Shared. In connection with any personal information, we may disclose to a third party for a business purpose, you have the right to know:

2. 2. • The categories of personal information about you that we disclosed and the categories of third parties to whom the personal information was disclosed; and
      • The categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom the personal information was disclosed for a business purpose. 

Right to Limit Use of Sensitive Personal Information. You have the right to limit the use and disclosure of sensitive personal information to the use which is necessary to: 

2. 2. • Perform the services reasonably expected by an average consumer who requests those goods or services; 
      • To perform the following services: (1) Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes; (2) Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business, provided that the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business; (3) Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business; and (4) Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business; and 
      • As authorized by further regulations. 

Right to Deletion. Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:

• • •   Delete your personal information from our records; and
      • Direct any service providers or contractors to delete your personal information from their records.
      • Direct third parties to whom the business has shared your personal information to delete your personal information unless this proves impossible or involves disproportionate effort. 
  •  
    • Please note that we may not delete your personal information if it is reasonably necessary to:
      • Complete the transaction for which the personal information was collected, provide service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us; 
      • Help to ensure security and integrity to the extent the use of the user’s personal information is reasonably necessary and proportionate for those purposes;
      • Debug to identify and repair errors that impair existing intended functionality;
      • Exercise free speech, ensure the right of another user to exercise his or her right of free speech, or exercise another right provided for by law;
      • Comply with the California Electronic Communications Privacy Act;
      • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
      • Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
      • Comply with an existing legal obligation; or
      • Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information. 

Right to Correction. If we maintain inaccurate personal information about you, you have the right to request us to correct that inaccurate personal information. Upon receipt of a verifiable request from you, we will use commercially reasonable efforts to correct the inaccurate personal information. 

We will use reasonable efforts to comply with your requests within forty-five (45) days of your request but may extend this period an additions forty-five (45) days if necessary. 

Protection Against Retaliation.  You have the right to not be retaliated against by us because you exercised any of you rights under the CCPA/CPRA.  This means we cannot, among other things:

2. 2. • Deny good or services to you
      • Charge different prices or rates for good or services, including through the use of discounts or other benefits imposing penalties;
      • Provide a different level or quality of good or services to you;
      • Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services

7. Your European Privacy Rights. If applicable, you may have rights under European and other laws to have access to your personal information and to ask us to rectify, erase, and restrict use of your personal information. You may also have rights to object to your personal information being used, to ask for the transfer of personal information you have made available to us and to withdraw consent to the use of your personal information. Further information on how to exercise your rights is set out below. 

We will honor your rights under applicable data protection laws. You have the following rights under European laws and may have similar rights under the laws of other countries.

2. 2. • Right to be informed:  The right to know or be notified about the collection and use of your personal information.
      • Right of subject access: The right to make a written request for details of your personal information and a copy of that personal information.
      • Right to rectification: The right to have inaccurate information about you corrected or removed.
      • Right to erasure (‘right to be forgotten’): The right to have certain personal information about you erased. We will use reasonable efforts to comply with your requests within thirty (30) days of your request.
      • Right to restriction of processing: The right to request that your personal information is only used for restricted purposes.
      • Right to opt out of marketing: You can manage your marketing preferences by unsubscribe links found in the communications you receive from us or by visiting the applicable preference center.  Please note that you cannot opt-out of receiving transactional emails related to the website (e.g., requests for information).
      • Right to object: The right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interests.  You also have the right to object at any time to your personal information being processed for direct marketing (including profiling).
      • Right to data portability: The right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable format. 
      • Right to withdraw consent: The right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent. These rights are not absolute, and they do not always apply in all cases. In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If we do not comply with your request, whether in whole or in part, we will explain why. 
      • The right not to be subject to a decision based solely on automated processing     (including profiling) that produced legal effects concerning you or similarly significantly affects you.

For further information on each of the foregoing rights, including circumstances in which they apply, see the guidance from the UK Information Commissioner’s Office on individual rights. 

8. Requests and Inquiries About User Personal Information. You may have any Personal Information submitted to Foundation through the website removed or modified and, to the extent required hereunder or by applicable law, you may access or review the same by sending the Foundation notice of such request through the following email address info@jolleyfoundation.org or by sending a written request to the following address:

Jolley Foundation
Attn: Data Security Dep’t
Post Office Box 8182, Greenville, SC 29615 

Email address: info@jolleyfoundation.org
Phone Number: 864-696-6983 

The request must provide the User’s name and the information to be deleted, accessed, or reviewed or the modifications to be made. You must include either a telephone number or an email address for the Foundation’s use in the event of any questions on the instructions provided by the User. Notwithstanding the foregoing, the Foundation may retain Personal Information to the extent required to comply with applicable regulations or other applicable law. Please note that you may only make a CCPA/CCRA-related access or data portability disclosure requests twice within a 12-month period.  We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person’s behalf.  Any personal information we collect from you to verify your identity in connection with your request will be used sole for purposes of verification.

9. Data Retention. We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your Personal Information so that it can no longer be associated with you, in which case we may use such information without further notice to you. 
   
   
10. Data Security. We have put in place appropriate security measures to prevent your Personal Information from being accidentally lost, misused or accessed in an unauthorized way, altered, destroyed or disclosed. Unfortunately, the transmission of information via the internet is not completely secure, and we cannot guarantee the security of our databases or the databases of third parties, if any, with which we may (to the extent permitted by applicable law) share such Personal Information. Although we do our best to protect your Personal Information, we cannot guarantee the security of your data transmitted to or through our Services, the Web Sites, or the App. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained within the Services, the Web Sites, or the App. In addition, we have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. Specifically, in the event of a security breach involving personal data under GDPR, we will promptly notify the appropriate Supervisory Authority within 72 hours of becoming aware of the breach. Similarly, in the event of a security breach involving personal data under UK GDPR, we will promptly notify the ICO within 72 hours of becoming aware of the breach. If you would like to know more about our data transfer practices or data security measures, please send an email to info@jolleyfoundation.org. 
    
    
11. Consent to Transfer Information to the United States. The website and its servers are operated in the United States. If the User is located in the European Union, Canada or elsewhere outside of the United States, please be aware that information the Foundation collects will be transferred to and processed and, to the extent permitted herein and by applicable law, utilized in the United States. By using the website, and/or providing the Foundation with any information, the User irrevocably consents to this transfer, processing, and use of his or her information in the United States. 
    
    
12. Links, Downloads and User Privacy. The website may contain links to other web sites or forms for download and use. The Foundation is not responsible for the privacy practices, or the content of other websites served by the links and in providing the link the Foundation does not imply any endorsement, recommendation, or approval of such sites. Furthermore, the Foundation is not responsible for the privacy practices of any third party to which User submits any forms containing User’s information. The User accessing any such site or using any forms does so entirely at the User’s own risk. 

13. Children’s Privacy. Foundation does not knowingly collect personally identifying information through the website from online visitors under 13 years of age. No one under age 13 should provide any Personal Information to or through any of the Services. If you are under 13, do not use our Services or provide any information to or through our Services. If we learn we have collected or received Personal Information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at info@jolleyfoundation.org. 

14. Business Transition. In the event the Foundation experiences a business transition, such as a merger, acquisition by another Foundation, sale of all or a portion of its assets, or bankruptcy, the User’s Personal Information will likely be among the assets transferred. The User’s submission of his or her Personal Information is deemed agreement to this potential future transfer.

15. Updates and Changes to the Privacy Policy. The Foundation reserves the right, at any time, to change this Privacy Policy, simply by posting a changed Privacy Policy on this website. The User is responsible to check this Privacy Policy when it uses the website for any such changes to the Privacy Policy.