Privacy Policy

Last updated: April 20, 2022

College Promise, a sponsored project of Rockefeller Philanthropy Advisors, Inc. (collectively “We”, “Us”, or “Our”) respect your privacy and are committed to handling your personal information in a safe and responsible manner and protecting it through our compliance with this Privacy Policy (“Policy”). 

It is important that you read this Policy, together with any other privacy or fair processing policy we may provide on specific occasions when we are collecting or processing your personal information so that you are fully aware of how and why we are using your personal information.

This Policy describes the types of personal information we may collect from you or that you may provide when you visit the websites mypromisetool.org and collegepromise.org (our “Website“), and our practices for collecting, using, maintaining, protecting, and disclosing that information.

Personal Information We Collect About You

“Personal information” is information from which you or other individuals can be identified. We collect several types of personal information from and about users of our Website, including information about:

How We Collect Your Personal Information

We collect your personal information directly from you when you provide it to us. This will include personal information you provide:

We also collect your personal information through our use of automatic data collection technologies – see further in the “Automatic Data Collection Technologies” section below.

We may also collect or receive personal information about you from various third parties and public sources, including but not limited to:

Automatic Data Collection Technologies 

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information from and about your equipment, browsing actions, and patterns, including:

“Do Not Track” – Certain laws, including that of California, require that we inform you on our response to Do Not Track signals. As there is not an industry or legal standard for recognizing or honoring these signals at this time, we don’t respond to them.

The information we collect automatically is statistical data we may use to improve our Website and to deliver better and more personalized service, including by enabling us to:

The technologies we use for this automatic data collection may include:

How We Use Your Personal Information

We have set out below the purposes for which we use your personal information. RPA is required under EU data protection law to identify a legal basis for using your personal information – we have highlighted these in brackets below:

If you do not provide RPA with the personal information required to perform our contract with you or comply with our legal or statutory obligations (highlighted as such in the list above), we may not be able to provide those relevant services to you. If you consent to RPA’s use of your personal information and this consent forms the legal basis of our processing of that personal information, you are entitled to withdraw it at any time – see the “Your Rights With Respect To Your Personal Information” section below for more detail.

Disclosure of Your Personal Information

We may disclose personal information that we collect or that you provide as described in this Policy:

Choices About How We Use and Disclose Your Personal Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your personal information:

Your Rights With Respect To Your Personal Information

If our processing of your personal information is subject to EU data protection law, you have a number of rights.  These include, in certain circumstances:

You may exercise these rights at any time by contacting RPA using the details in the “Contact Information” section of this Policy.

We may not be able to accommodate a request relating to your personal information in certain circumstances prescribed by law. Please contact us using the details in the “Contact Information” section of this Policy if you would like more information.

Data Retention

We will only retain your personal information for as long as reasonably necessary to fulfill the purposes for which we use it, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information, and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

EU Website Users:  International Transfers

We share your personal information within the RPA Group. For our clients in Europe, this may involve transferring your personal information outside of the European Economic Area (“EEA”).  We ensure your personal information is protected by requiring all of our group companies to follow the same rules when processing your personal information. We may also share your personal information with contractors, service providers, and other third parties supporting our business when needed.  Many of these third parties are based outside of the EEA, so their processing of your personal information will involve a transfer of data outside of the EEA. 

Whenever we transfer your personal information out of the EEA, we ensure proper protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA. 

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. For example, all information you provide to us is stored on our secure servers behind firewalls.  In addition, we limit access to your personal information to those employees, agents, contractors, and other third parties who have a business need to know.  They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public areas may be viewed by any user of the Website.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

Changes to Our Policy

We may revise and update this Policy from time to time at our sole discretion. All changes are effective immediately when we post them, and apply to all access to and use of the Website and handling of your personal information thereafter.  It is our policy to post any changes we make to our Policy on this page. If we make material changes to how we treat our users’ personal information, we will notify you through a notice on the Website home page. The date the Policy was last revised is identified at the top of the page.

Contact Information

To ask questions or comment about this Policy and our privacy practices, contact us at:

Address:
Rockefeller Philanthropy Advisors
6 West 48th St.
New York, NY 10036

Email: info@rockpa.org 

Complaints

If you are concerned about how RPA uses your personal information, you have the right to make a complaint to the supervisory authority in your place of work or residence or the place in which the relevant infringement has taken place.