Privacy & Cookies Notice

Print

BILL & MELINDA GATES FOUNDATION PRIVACY & COOKIES NOTICE

Last updated May 17, 2018 Update history

We are committed to the lawful, fair, and transparent collection and use of personal data. This notice is intended to help you understand how our foundation (including our affiliates) collects and uses your personal data, as well as how we share, store, and protect that data. If at any time you have questions about this notice, please let us know.

We may update this notice and any supplemental privacy notices to reflect changes in our practices and applicable law. We will post a notice of any material updates on our sites.

Contents


When this notice applies
What data we collect about you
How we use your data
When we share your data
How we store and protect your data
How you can access and control your data
How to contact us

Supplemental Privacy Notice for Event Participants
Supplemental Privacy Notice for Job Applicants
Cookies & Similar Technologies

When this notice applies


Our sites
This notice applies to personal data we collect, including through our websites, mobile apps, online portals, electronic forms, surveys, and interactive exhibits (collectively, “our sites”).

Supplemental privacy notices
This notice may be supplemented by a supplemental privacy notice applicable to a particular interaction with us, which may be either embedded in this notice (such as the Supplemental Privacy Notice for Job Applicants and Supplemental Privacy Notice for Event Participants) or made available to you separately. We will tell you when a supplemental privacy notice applies.

Links to third-party sites
This notice does not apply to any third-party sites that may link to, or be accessible from, our sites. Your interactions with these sites are governed by the third parties’ applicable privacy notices, statements, or policies. We encourage you to read them.

What data we collect about you


Data you provide about yourself
We collect your personal data when you voluntarily provide it to us. For example, you may give us: your email address, country of residence, and areas of interest if you choose to receive newsletters, updates, or other information from us; your contact information, and any other personal data you choose to include, if you email, text, or instant message us, or contact us through our sites; and any personal data contained in, or included with, any proposal documents, feedback, comments, photos, videos, or other information you submit via online portals, forms, surveys, or interactive portions of our sites.

It is always your choice whether to provide this personal data. However, some personal data must be provided to participate in certain programs, activities, or events (such as to sign up for a newsletter, apply for a job, or register to participate in one of our events), so the decision not to provide information might limit or eliminate certain functions of our sites or your ability to participate. Please do not disclose more personal data than is requested.

Personal data you provide about others
Do not provide personal data about others unless you are authorized or required to do so by contract or applicable law. You may provide personal data on behalf of another person if you have provided them with a copy of this notice and any applicable supplemental privacy notice, and obtained their explicit consent. We may ask you to provide evidence of that notice and consent.

Data we receive from third parties and other sources
We may receive personal data about you from other sources, including your company/organization, professional references, publicly-available sources, third-party analytics providers, and other third parties. For example, we may receive your personal data if: someone at your company/organization designates you as a contact person for that company/organization or includes information about you in proposal documents; another visitor includes it in any feedback, comments, photos, videos, or other information submitted via online portals, electronic forms, surveys, or interactive portions of our sites; or one of our employees or service providers provides or a third party acting on apparent authority provides it to us when registering you to access our facilities or our sites, apply for a job, or participate in one of our events.

Data we collect automatically, including cookies and similar technologies
We may collect some personal data automatically. For example, when you visit a foundation site, we may collect your Internet Protocol (IP) address, Internet service provider (ISP), and browser type and language. We also may use cookies and similar technologies to collect data about your interaction with our sites, including referring webpage, pages visited on our sites, and crash data. Please see Cookies & Similar Technologies for more information, including how to manage cookies and similar technologies.

Special categories of data
We will not intentionally collect any “special categories of data” under the EU General Data Protection Regulation (GDPR) without your explicit consent for one or more specified purposes or as otherwise permitted or required by applicable law. Special categories of data include personal data (a) revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; or (b) concerning health or data concerning a natural person’s sex life or sexual orientation.

Minors
Our sites are not intended for minors (individuals under the age of 13, or equivalent minimum age depending on jurisdiction), and we do not knowingly collect personal data from minors. If you become aware of any personal data we have collected from a minor, please contact us. If we learn that we have collected personal data from a minor, we will take steps to delete the data without notice as soon as possible.

How we use your data


Purposes
We may use your personal data to: send you information you have expressly chosen to receive [with your consent]; review and respond to proposal documents, feedback, comments, photos, videos, or other information you submit via online portals, electronic forms, surveys, or interactive portions of our sites [for our legitimate interests and/or to perform a contract with you]; administer and inform our program strategies and charitable activities [for our legitimate interests]; administer, safeguard, and improve our sites, systems, facilities, events, and other business operations [for our legitimate interests]; protect our rights and the safety of others [for our legitimate interests]; contribute to our archive of information in the public interest [for our legitimate interests]; and/or comply with applicable law, court order, subpoena, or legal process served on us [to comply with legal obligations].

Additional purposes
Additional purposes for using your personal data may be described in a supplemental privacy notice.

Legal bases under the GDPR
If you are in the European Union, we will collect and use your personal data only if we have one or more legal bases for doing so under the GDPR. The legal bases depend on your interaction with us and our sites. This means we collect and use your personal data only where: you have given your consent for one or more specific purposes; it is necessary to perform a contract we are about to enter into or have entered into with you; it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; it is necessary to protect the vital interests of you or another natural person; or it is necessary to comply with a legal obligation. We will indicate in brackets the legal basis or bases on which we are relying following each purpose. Where we are relying on consent as the legal basis, we will notify you and seek additional consent before using your personal data for a new purpose that is inconsistent with the original purpose for which we collected it.

When we share your data


Employees, agents, affiliates, service providers, and partners
We may share your personal data with our employees, agents, and affiliates who have a business need to know, our services providers (including contingent workers, consultants, contractors, vendors, and out-sourced service providers) to process it for us based on our instructions and for no other purpose, and with partners that are collaborating with us to fund projects or host events. We do not share your personal data with any third party (including our service providers) for marketing purposes. If you believe personal data you provided to us is being misused by a third party, please contact us right away.

Other visitors to our sites
If you submit feedback, comments, photos, videos, or other information to interactive portions of our sites, such submission may be made publicly available to anyone who visits those areas of our site. Other visitors may access, re-post, or use such submission. Even if you remove or delete your submission, copies may remain in cached or archived areas of our sites or retained by other visitors. Please use your discretion when submitting personal data in these contexts.

Law enforcement
We may share your personal data with law enforcement, other government agencies or authorities, or third parties as required by applicable law, court order, subpoena, or legal process served on us.

How we store and protect your data


Storage and transfers
Your personal data may be stored in your region or in any other country where we or our service providers have facilities. We may also allow employees and service providers located around the world to access personal data as provided in this notice. If you are in the European Union, we will ensure your legal rights and protections travel with any such “transfer” of your personal data outside the European Economic Area, Switzerland, or Canada. We do this by signing “standard contractual clauses” approved by the European Commission that give personal data the same protection it has in the European Union, and/or requiring that our service providers be certified under the EU-US Privacy Shield Framework or Swiss-US Privacy Shield Framework, as applicable.

Storage period
We will store your personal data until it is no longer needed to fulfill the purpose(s) for which it was collected or as otherwise required or permitted by law. After such time, we will either delete or anonymize your personal data or, if this is not possible, we will securely store your personal data and isolate it from any further use until deletion is possible. We may dispose of any data in our discretion without notice, subject to applicable law. Please contact us if you would like more details regarding our retention periods for different categories of personal data.

Protection
As the transmission of data via the internet is not completely secure, we cannot guarantee the security of your information transmitted to our sites and any such transmission is at your own risk. However, we maintain appropriate technical and organizational measures, including performing regular self-assessments, to prevent unauthorized disclosure of, or access to, personal data. We limit access to personal data and require that employees authorized to access personal data maintain the confidentiality of that data. We hold our service providers to at least the same data privacy and security standards to which we hold ourselves. Our standard information security requirements for service providers are available here: www.gatesfoundation.org/InformationSecurityRequirements.pdf.

How you can access and control your data


Access and control
Generally, newsletters, auto-generated emails, and updates from us will include links to access, correct, or delete your personal data and to manage any subscriptions directly. If you wish to obtain confirmation that we hold personal data about you, access, correct, or delete your personal data, withdraw any consent you previously provided to us, or object to or restrict our processing of it in any other context, please contact us. We will respond to all legitimate requests within 30 days.

Other rights
To the extent provided by applicable laws (including the GDPR), you also may have the right to have the data or content deactivated, blocked, anonymized, or deleted, as appropriate, request and receive a copy of the personal data you have provided us and to transmit this data to a third party, and lodge a complaint with the applicable data protection authority. To exercise any of these rights that you are not able to do directly, please contact us.

How to contact us


If you reside in the EU:

Mail:    

Bill & Melinda Gates Foundation
Attn: Privacy Notice Inquiry
62 Buckingham Gate
Westminster, London
SW1E 6AJ
U.K.

Email:   

privacy@gatesfoundation.org

If you reside outside the EU:

Mail:    

Bill & Melinda Gates Foundation
Attn: Privacy Notice Inquiry
P.O. Box 23350
Seattle, WA 98102
U.S.A.

Email:   

privacy@gatesfoundation.org

Back to top


 

BILL & MELINDA GATES FOUNDATION SUPPLEMENTAL PRIVACY NOTICE FOR EVENT PARTICIPANTS

Last updated May 17, 2018 Update history

This notice supplements our Privacy & Cookies Notice and describes how we collect, use, and share additional personal data when you participate in a foundation event (whether as an attendee, guest, or speaker), and how to access and control this additional data. Please let us know if you have any questions about this supplemental notice.

What additional data we collect about event participants


Event registration
When you register to participate in a foundation event, we will ask you to provide your name, email address, company/organization, professional title, email address, phone number, emergency contact name and phone number, and any dietary or disability-based accommodation needs. In addition, if you participate as a presenter, panelist, or facilitator at the event, we may collect your photograph and presentation materials. We may also collect feedback and evaluations about you as a presenter, panelist, or facilitator. We will indicate on the form which data is required. Please contact us if you have any questions about why certain data is required.

Mobile app
For some large events, you may have the option to download a mobile app for participant communication and information sharing. When you download the app, the app store may require the device identifier associated with your device, but neither we nor our mobile app provider will collect any personal data through the mobile app.

Travel/hotel bookings, ground transportation, and expense reimbursement
For some events and participants, we may offer to book your travel/hotel, arrange ground transportation, and reimburse certain out-of-pocket expenses. If so, we may ask you to provide your full name, gender, date of birth, home airport, airline and seat preference, frequent flyer number, global entry number, special meal needs, hotel preference, and any other travel-related needs. If booking international travel, we may ask you to provide your passport number, passport expiration date, and passport country of issuance. If arranging ground transportation, we may ask you to provide your flight arrival/departure information and mobile phone number. If reimbursing expenses, we may ask you to provide bank account number and other personal data required to transfer funds to you.

Event photography and audio video recordings
We frequently take photos and record audio and/or video in public areas of our events. If so, we may make and store photographs containing your likeness and recordings of your voice and likeness. We may associate your image and the sound of your voice with your name if you are identified during the recording or identify yourself by name.

How we use this additional data


Event registration
We may use this information to register you to attend the event [with your consent]; send email to you (and your assistant if one is indicated) to confirm your registration and provide you with updates regarding the event [with your consent]; print your physical badge at the event [for our legitimate interests]; track and administer dietary and physical accommodation requests [with your consent]; review and potentially share your photo, materials, and other information you have authorized us to share with other event participants [with your consent and for our legitimate interests]; send you reports, materials, and updates [with your consent]; contact you about future events [with your consent]; review and respond to feedback, comments, photos, videos, or other information you submit via registration forms or post-event surveys [for our legitimate interests]; administer, safeguard, and improve our event operations [for our legitimate interests].

Event photography and audio or video recordings
We may use, edit, copy, exhibit, publish, or distribute photos and audio or video recording for any charitable purpose relating to the event itself or foundation events in general [for our legitimate interests].

Travel/hotel bookings, ground transportation, and expense reimbursement
We may use this information to assist you with travel/hotel bookings, arrange ground transportation, and reimburse certain out-of-pocket expenses [with your consent].

When we share this additional data


Event service providers and partners
Unless otherwise stated on a registration site, we use Cvent, Inc. to manage our online registration and mobile app, if applicable. We may share your personal data with Cvent, Inc. (or alternative service provider), other service providers, and event partners as needed to provide you with information and services associated with the event.

Travel/hotel bookings service providers
Unless otherwise stated on a registration site, we use Carlson Wagonlit Travel (CWT) and Corporate Travel Management Inc. (CMT) to manage travel/hotel bookings. If you ask us to book your travel/hotel, we may share your personal data with CWT or CMT (or alternative service provider) to arrange travel/hotel accommodations.

Airlines, hotels, and ground transportation companies
If booking travel/hotel or arranging ground transportation for you, we or our service providers may share your personal data with airlines, hotels, and ground transportation companies for that purpose. When we do, neither we nor our service providers will have direct control over that personal data, and the airline, hotel, or ground transportation company may use your personal data in accordance with its privacy policies.

Expense reimbursement service provider
Unless otherwise stated on a registration site, we use SAP Concur to manage expense reimbursement. If you request expense reimbursement, we may share your personal data with SAP Concur (or alternative service provider) to process your request.

How you can access and control this additional data


You may update your registration information anytime by going directly to your registration account. If you wish to access or correct other personal data, or object to our data processing, please contact us. Please note that neither changes to, or deletion of, such personal data will alter personal data already relied upon or no longer in our control.

How to contact us


Mail:    

Bill & Melinda Gates Foundation
Attn: Global Events
P.O. Box 23350
Seattle, WA 98102

Email:   

eventsregistration@gatesfoundation.org

Back to top


 

BILL & MELINDA GATES FOUNDATION SUPPLEMENTAL PRIVACY NOTICE FOR JOB APPLICANTS

Last updated May 17, 2018 Update history

This notice supplements our Privacy & Cookies Notice and describes how we collect, use, share, and retain additional personal data when you participate in our job application process, and how you can access and control this additional data. Please let us know if you have any questions about this supplemental notice.

What additional data we collect about job applicants


Data you provide about yourself
When you participate in our job application process, we will ask you to provide personal data such as: your name, email address, mailing address, and telephone number; your resume/CV, work experience, educational history, and skills; links to any relevant websites or your LinkedIn profile; whether you are legally authorized to work in the country in which the position is located; whether you will require sponsorship to obtain legal authorization; whether you are 18 years or older; and whether you are currently working for a grantee of ours. In addition, we will ask you to voluntarily provide information regarding your gender, veteran status, ethnicity, and disability status. This information, or your decision not to provide this information, will not impact your application in any way.

Before uploading a resume, please remove any sensitive personal data such as government-issued ID numbers, financial information, photos, dates of birth, etc. We do not need or want that data in a resume.

Data we receive from other sources
We may receive personal data about you from other sources, your references, prior employers, a person or company/organization authorized by you to submit an application on your behalf, and/or publicly-available sources.

Data we collect from consumer reports or consumer investigative reports
If we think there might be a good fit for a position, we may ask you to authorize us to obtain a consumer report or consumer investigative report. A consumer report is a report bearing on credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is expected to be used or collected to serve as a factor in establishing an applicant’s eligibility for employment. An investigative consumer report tends to be the same thing but the information is obtained through personal interviews with neighbors, friends, associates, or acquaintances. Both kinds of reports may include information from court, administrative, and criminal records if and to the extent permitted by applicable law. If you choose not to provide this authorization upon request, we will not be able to offer you employment.

How we use this additional data


General
In addition to the uses specified under the Privacy & Cookies Notice, we may use personal data we collect in this context to: identify and contact applicants [for our legitimate interests]; evaluate applicants and make hiring decisions [for our legitimate interests]; match applicants to other career opportunities within the foundation [for our legitimate interests]; prepare applicants for employment if a job has been offered and accepted [for our legitimate interests and/or to perform a contract with you]; keep records related to our hiring practices [for our legitimate interests and/or to comply with legal obligations]; comply with applicable employment-related laws such as checking names against anti-terrorism lists, complying with immigration restrictions, or assisting the government in an investigation [to comply with legal obligations]. If you are hired as a foundation employee, this information may be used for additional employment and business purposes subject to any internal privacy policies and notices. [for our legitimate interests and/or to perform a contract with you].

Sensitive personal data
We believe our employees should reflect the rich diversity of the global populations we aim to serve, and we support this diversity through all our employment practices. Accordingly, we ask applicants to provide information regarding their gender, veteran status, and ethnicity. If you choose to provide this information, we will keep it separate from your application and use it solely for the purpose of monitoring, informing, and reporting on our diversity efforts [for our legitimate interests].

When we share this additional data


We may share your personal data with service providers (including Workday, Inc., recruiters, and other third parties) that assist us with recruiting, application, and employment processes and our affiliates and other third parties with whom you might work if you are offered and accept the job.

How long we keep this additional data


We store personal data of all applicants in accordance with the Privacy & Cookies Notice. If you accept a job with us, we may retain your application and any other information we relied on during the application process as part of your employee file. Please note that we have the right to delete accounts and application information at any time, so you may want to retain copies of any information, including resumes/CVs, you provide to us during the application process.

How you can access and control this additional data


You may update your contact information anytime by going directly to your account. If you wish to access or correct other personal data, or object to our data processing, please contact us. Please note that neither changes to, or deletion of, such personal data will alter personal data already relied upon or no longer in our control.

How to contact us


Mail:    

Bill & Melinda Gates Foundation
Attn: Human Resources
P.O. Box 23350
Seattle, WA 98102

Email:   

HR@gatesfoundation.org

Back to top


 

BILL & MELINDA GATES FOUNDATION COOKIES & SIMILAR TECHNOLOGIES

Last updated May 17, 2018 Update history

This notice describes the different types of cookies and similar technologies we may use in connection with our sites. Unless you have adjusted your browser setting so that it will refuse cookies, cookies may be issued when you visit our sites. For more information, see managing cookies and similar technologies below. By continuing to use our sites, you consent to the relevant cookies and similar technologies being placed on your computer or device.

Cookies and similar technologies we use


Cookies
Our sites may use cookies, which are small text files stored on your computer or device when you access a website. More information about cookies is available at www.aboutcookies.org. We use cookies to remember you and your preferences and help us understand how you engage with our sites.

Click-through URLs
If you “opt in” to receive newsletters, updates, or other information from us, our emails may use a “click-through URL” linked to content on our sites. When you click one of these URLs, they pass through a separate web server before arriving at the destination page on our sites. We use this click-through data to help us understand how recipients respond to, or interact with, our emails.

Third-party cookies and similar technologies


Third-party analytics services
We use third-party analytics services, including Google Analytics and others, to collect information about your use of our sites and enable us to improve how our sites. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners. Google Analytics and other third-party analytics services use cookies and similar technologies to collect information about use of our sites and to report website trends to us, without identifying individuals to us. We use this information to see the overall patterns of usage on our sites, help us record any difficulties you have with our sites, and tell us whether our communication efforts are effective.

Social media and video sites
If you choose to share our digital content with friends through social networks, such as Facebook and Twitter, or to watch a video posted to a third-party media site (such as YouTube), you may be sent cookies from these third-party websites. We do not control the setting of these cookies, so please check the third-party websites for more information about their cookies and how to manage them.

Managing cookies and similar technologies


Cookies
You do not need to have cookies enabled to browse our sites unless you want us to remember you and your preferences when you return. If you prefer not to allow cookies, most cookies can be managed or blocked through your browser. More information about managing cookies is available at the following links:

Click-through URLs
If you prefer not to be tracked in this way, please do not click text or graphic links in emails you receive from us.

Third-party analytics services
You can opt out of data collection or use by Google and other third-party analytics services we may use on some of our sites at the following links:

Do-not-track requests
There is no standard for how online service should respond to “Do Not Track” signals or other mechanisms that may allow you to opt out of the collection of information across networks of websites and online services. Therefore, we do not honor “Do Not Track” signals. As standards develop, we will revisit this issue and update this notice if our practices change. More information about Do Not Track is available at www.allaboutdnt.org.

Back to top

 

Visit Our Blog