1. Introduction.

Ricardo Fisas Natura Bissé Foundation (“we,” “us,”, “our” or “RFNBF”) is committed to protecting your privacy and the personal information you may share with RFNBF. This Privacy Policy (the “Policy”) describes how we collect, use, store, process, and share your information in relation to the RFNBF website with your navigation, visit and use (https://www. www.ricardofisasfoundation.org) (the “Website”) and the information collected about you and the RFNBF practices for using, maintaining, protecting, and disclosing that information.

2. Information We Collect and Maintain.

The RFNBF collects and maintains personal information that you provide to us when you:
A. Contact us by phone, mail, or email, in person, or via our Website. To receive certain communications from us, including, but not limited to, our Newsletter, you may be required to submit your name and email address to us. Any email you receive from us will include an unsubscribe link that will allow you to opt-out of receiving future emails.
B. Register for an event. We will collect personally identifiable information from you when you register for an event. If you register for an event, you will be asked to provide information about yourself, including, but not limited to, your name, email address, and telephone number. If you register using Social Networking Service credentials, we will collect your credentials in order to identify and log into the third-party application or website and will retain your credentials to collect information from the Social Networking Service. For example, if you sign in with your Facebook or Twitter account, we may collect information from your public profile.
C. Make a contribution. When you will make a contribution, either on our Website, at a special event, over the phone, or by mailing in a check.
D. Submitted a requests or communications. The Website provides users the option to submit questions, feedback, or comments by filling out a form available under the “Contact” link at the bottom of the page. This form asks for your name and email address, and we will use this information to respond to your inquiries. Any communications and contact information that you voluntarily submit to us may be saved indefinitely and in a profile specific to you.
E. Navigate through our Website. When you visit the Website, you can browse without submitting any personal information about yourself. We will, however, receive and store some non-personally identifiable information about your visit, as described below. To participate in certain functionalities, you may be asked to provide personally identifiable information. Personally identifiable information is information that can identify you, including, for example your name or email address. It will always be your choice, or the choice of anyone acting for you, to provide personally identifiable information.

From time to time, we may collect personal information from you in ways not described above, subject to your express approval.

3. Information use.

A. Use of personal information. We may use your personally identifiable information, such as your as name, address, email, and telephone number to send you promotional or informational emails that you expressly choose (or “opt in”) to receive. You may also receive emails or other communications from us in response to inquiries that you submit using the “Contact” link at the bottom of the home page. When you receive a promotional or informational email from us, the email will contain our contact information and an unsubscribe link that will allow you to opt-out of future emails from us. We may also use personally identifiable information to resolve disputes; to detect and protect against errors, fraud, and criminal activity; to assist law enforcement; to enforce this Policy and the Terms of Use; or for any other purpose described in this Policy or that we describe to you at the time of collection.
B. Use of events information. Information given on events attended and publications received.
C. Use of contribution information. Information, including types and amounts of donations and credit card information. We utilize secure transaction methods when collecting credit card information over the internet. The Non-Profit does not disclose credit card account information provided, except for the proper processing of donations.
D. Use of navigate information. We may use information about your equipment, browsing actions, and patterns, including information automatically collected through technical methods such as:
a. Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website.
b. Flash Cookies. Certain features of our website may use local stored objects to collect and store information about your preferences and navigation to, from, and on our website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
c. Web Beacons. Pages of our Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Non-Profit, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
E. Use of non-personally identifiable information. We may use non-personally identifiable information for any lawful purpose, including, but not limited to analyzing trends, administering the Website, tracking users’ movements on the Website, and for management and improvement of the Website. We may also use this information to monitor aggregate metrics such as total number of visitors or pages viewed; or to track submissions in any interactive portion of the Website. We may also combine non-personally identifiable information with non-personally identifiable information collected from other sources.
F. Use of third-party analytics providers. We use third parties to help us operate and improve the Website. We may provide these third parties with information we collect, and they may collect information from you about your use of the Website. If we provide information to third parties, it will, unless specifically noted otherwise in this Policy, be governed by this Policy, and may only be used by those third parties to help us operate or improve our business or the Site and to provide services to us. We do not control information independently collected by third parties and are not responsible for their use of that information.
G. Information retention. We will retain your information indefinitely, or as long as legally required or allowed. We may dispose of any information in our discretion without notice, subject to applicable law. We do not undertake any retention obligations through this statement.

4. Information disclosure.

A. Affiliated entities or service providers. We will not sell or rent any of your personal information to third parties for marketing purposes. However, we may disclose your information to any affiliated entity or organization and to agents and service providers. These third parties may include various business service providers or providers that supply support for the Website or otherwise are working directly with us. Use of information by affiliated entities and organizations will be subject to this Policy or an agreement that is at least as restrictive as this Policy. For information on the use of information by agents and service providers, also see the “Third Party Analytics Providers” Section above.
B. Campaign partners. We may, with your consent, share your personal information with third party campaign partners (“Campaign Partners”). These third parties may include various non-profit organizations or other organizations whose goals and missions align with those of Gates Notes. Campaign Partners may collect information such as your name, address, zip code, email address, or phone number. In some cases, the personal information you share with Campaign Partners may be publicly disclosed. Please review the notices, disclosures, and privacy policies of all third-party Campaign Partners prior to sharing any information with them. We have no control over and are not liable or responsible for the privacy practices, terms of use, or content of Campaign Partner sites. For more information on the use of information by third party Campaign Partners, also see the “Linked Websites” Section below.
C. Legal requirements. In some cases, we may disclose your information (1) as required by any applicable law or legal regulation; (2) if we believe disclosure is needed to protect our rights, property, or safety; (3) to government regulators or law enforcement authorities in connection with any judicial proceeding, court order, subpoena, or legal process served on us or the Website; and (4) to respond to a physical threat to you or another person.
D. Disclaimer. We cannot ensure that all of your information will never be disclosed in ways not otherwise described in this Policy. For example, a third party may unlawfully intercept or access transmissions or private communications, or other users of the Website may abuse or misuse your personal information. No transmission of data over the internet can be 100% secure.

5. Children under the Age of 16.

A. This Website is not for or directed towards children. The RFNBF Website is not intended for children under 16 years of age. Our primary audience is adults and young adults. No one under age 16 may provide any information to or on the Website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this Website or through any of its features, use any of the interactive or public comment features of this Website, or provide any information about yourself to the RFNBF, including your name, address, telephone number, email address, or any screen name or username you may use. If the RFNBF learns it has collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe the RFNBF might have any information from or about a child under 16, please contact us as described in the “Contact Us” section below. We also recommend that children over the age of 16 ask their parents for permission before sending any information about themselves to anyone over the internet.
B. California minors. If you are a California resident who is under age 18 and you are unable to remove publicly-available that you have submitted to us, you may request removal by contacting us at: privacy@ricardofisasfoundation.org. When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information is located, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the Content or information. Removal of your content or information from the Website does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the Content or information posted by you; our obligations under California law are satisfied so long as we anonymize the Content or information or render it invisible to other users and the public.

7. “Do not track” settings.

Most browsers can be set to disable existing cookies, to automatically refuse cookies, or to notify you when you receive a cookie so you can choose whether or not to accept it. Please note that doing so may negatively impact your user experience on the Website, as some features may not work properly when cookies are disabled. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. You may also set your email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our email and performed certain functions with it. Although we do our best to honor the privacy preferences of our users, we are unable to respond to “Do not Track” signals from your browser at this time.

8. Confidentiality.

All information about any financial and non-financial transactions between you and the RFNBF is considered highly confidential, and we employ appropriate security measures designed to protect it. While the information is kept confidential, it is shared with the RFNBF board members, staff, volunteers, and professionals on a need-to-know basis and in compliance with all laws, regulations, court orders, or other governmental requests.

9. Communications.

We will from time to time communicate with you, including by telephone, text, email, and mail, concerning the RFNBF charitable activities, events, and requests for future support. We will not call or email you or send mailings to you on behalf of other organizations without your express consent. To opt out of receiving these communications, you may contact the RFNBF as described in the “Contact Us” section below or by clicking on the “unsubscribe” link in any email communications.

10. Records Retention and Destruction.

Keeping your information secure is of great concern to us. We comply with all Internal Revenue Service, state, and local regulations and our internal policies governing the retention, management, and destruction of your information collected and maintained by the RFNBF. We exercise care in facilitating the transmission of information between your device or computer and our servers (or the third-party servers that operate and store information for the Website). Personally identifiable information collected by the Website is stored in operating environments with restricted access and are not available to the public. While we have mechanisms in place to safeguard your personal information after we receive it, no transmission of data over the internet can be guaranteed to be 100% secure.

11. Accessing, updating, or deleting your personal information.

You can review and request changes to the personal information that the RFNBF has collected about you by contacting the RFNBF as described in the “Contact Us” section below. However, please be aware that the RFNBF may not accommodate a change request that would impact record retention or other operational requirements like remembering email opt-out preferences, violate any law or legal requirement, or cause the information to be incorrect. Deleting your personal information may also require deleting your user account (if any). California residents may have additional personal information rights and choices. Please see RFNBF Privacy Policy for California Residents for more information.
We will make good faith efforts to resolve requests to remove information or correct inaccurate information except where the request is unreasonable, requires disproportionate technical effort or expense, jeopardizes the privacy of others, or would be impractical.
California Civil Code Section 1798.83 permits California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed personal information (as defined under that statute) of that California resident, for direct marketing purposes in the preceding calendar year and the categories of that kind of personal information that was disclosed to them. If you are a California resident and you wish to make such a request, you may do so by contacting us as specified in Section “Contact us” below.

12. Changes to this Policy.

This Policy is current as of the date stated (Effective Date) at the top of this Policy. The RFNBF reserves the right to amend this Policy from time to time. The RFNBF will notify you of any material changes to the Policy by email to the email address specified in your account and/or through a notice on the Website home page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Privacy Policy to check for any changes at www.ricardofisasfoundation.org/privacy-policy. If you do not agree to the updated Policy, you should stop using the Website. Your use of the Website after the Effective Date of the updated version of this Policy will constitute your acceptance of the updated Policy.

13. Contact us.

To opt out of receiving communications from RFNBF, to review the personal information that RFNBF has collected about you, or to ask any other questions regarding this Policy, please contact the RFNBF at the below address or email or submit your request via the RFNBF “Contact Us Form” on the RFNBF Website.

Attn: Data Officer / Legal Department
Postal Address: 2000 Westridge Drive, Suite 100
Irving, Texas 75038
Email: pdo.us@ricardofisasfoundation.org

1. Introduction.

This Privacy Policy for California Residents supplements the information contained in Ricardo Fisas Natura Bissé Foundation’s privacy policy (the www.ricardofisasfoundation.org/privacypolicy) and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you“). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and regulations promulgated thereunder, and any terms defined in the CCPA have the same meaning when used in this Policy.

2. Information We Collect.

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“Personal Information”). Personal Information does not include:
• Publicly available information from government records.
• Deidentified or aggregated consumer information.
In particular, we have collected the following categories of Personal Information from consumers within the last twelve (12) months:

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. YES
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some Personal Information included in this category may overlap with other categories.

C. Protected classification characteristics under California or federal law. Age (40 years or older), race, colour, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). YES
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. YES
E. Biometric information. Genetic, physiological, behavioural, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. NO
G. Geolocation data. Physical location or movements. YES
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO
I. Professional or employment-related information. Current or past job history or performance evaluations. YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. YES
K. Inferences drawn from other Personal Information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes. NO

We obtain the categories of Personal Information listed above from the following categories of sources:
• Directly from you. For example, from forms you complete, donations you make or products and services you purchase.
• Indirectly from you. For example, from observing your actions on our Website.

3. Use of Personal Information.

We may use or disclose the Personal Information we collect for one or more of the following purposes:
• To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our products or services, we will use that Personal Information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to you when collecting your Personal Information or as otherwise set forth in the CCPA. We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

4. Sharing Personal Information.

We may share your Personal Information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the Personal Information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, Company has disclosed Personal Information for a business purpose to the categories of third parties indicated in the chart below. We do not sell Personal Information.

Personal Information Category Category of Third-Party Recipients
Business Purpose Disclosures Sales
A: Identifiers. None None
B: California Customer Records Personal Information categories. None None
C: Protected classification characteristics under California or federal law. None None
D: Commercial information. None None
E: Biometric information. None None
F: Internet or other similar network activity. None None
G: Geolocation data. None None
H: Sensory data. None None
I: Professional or employment-related information. None None
J: Non-public education information. None None

5. Your Rights and Choices.

The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

5.1. Right to Know and Data Portability.

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:
• The categories of Personal Information we collected about you.
• The categories of sources for the Personal Information we collected about you.
• Our business or commercial purpose for collecting or selling that Personal Information.
• The categories of third parties with whom we share that Personal Information.
• If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
• sales, identifying the Personal Information categories that each category of recipient purchased; and
• disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
• The specific pieces of Personal Information we collected about you (also called a data portability request). We do not provide a right to know or data portability disclosure for B2B Personal Information.

5.2. Right to Delete.

You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  1. Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or deidentify Personal Information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

5.3. Exercising Your Rights to Know or Delete.

To exercise your rights to know or delete described above, please submit a request by either:
• Calling us at 972.791.1500 x 6100
• Emailing us at dpo.us@ricardofisasfoundation.org.
• Visiting www.ricardofisasfoundation.org
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Information.
You may also make a request to know or delete on behalf of your child by emailing dpo.us@ricardofisasfoundation.org.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm that the Personal Information relates to you. We will only use Personal Information provided in the request to verify the requestor’s identity or authority to make it.
For instructions on exercising your sale opt-out or opt-in rights, see Personal Information Sales Opt-Out and Opt-In Rights.

5.4. Response Timing and Format.

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact the Foundation’s General Manager. We endeavour to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

6. Non-Discrimination.

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

7. Other California Privacy Rights.

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to dpo.us@ricardofisasfoundation.org.

8. Changes to Our Privacy Policy.

This Privacy Policy is current as of the date stated at the top of this Privacy Policy. We reserve the right to amend this Privacy Policy at our discretion and at any time. When we make changes to this Privacy Policy, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

9. Contact Information.

If you have any questions or comments about this notice, the ways in which the Foundation collects and uses your information described here and in the Privacy Policy, your choices, and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Phone: 972.791.1500 x 6100
Website: www.ricardofisasfoundation.org
Email: dpo.us@ricardofisasfoundation.org
Postal Address: 2000 Westridge Drive, Suite 100, Irving, Texas 75038, Attn: Data Officer / Legal Department
If you need to access this Policy in an alternative format due to having a disability, please contact dpo.us@ricardofisasfoundation.org and/or 972.791.1500 x 6100.