Privacy Policy

Last updated: 17 September 2025

Elaine and Eduardo Saverin Foundation and its affiliates ("we," "our," or "us") are committed to processing personal data in a lawful, fair, and transparent manner. This policy explains the information we collect, why we collect it, how it is used and shared, how we safeguard it, and the rights you may exercise in relation to your personal data. We may update this policy from time to time in line with changes in our practices or the law. Significant updates will be announced on our websites and tools.

Scope of this notice

Our sites and tools

This policy applies to data collected via our websites, platforms, portals, digital repositories, surveys, forums, events, interactive exhibits, and mobile apps that link to this notice (collectively, "our sites and tools"). We act as the controller of personal data collected through these channels.

Supplemental privacy notices

In some cases, additional privacy notices may apply to specific interactions with us. These will either appear within this policy or be provided separately.

Third-party links

This policy does not apply to any third-party applications, integrations, or websites that may link to, or be accessible from, our sites and tools. We are not responsible for the content, features, functionality, or privacy practices of any linked third-party applications, integrations, or websites. Their practices are governed by their own policies, which we recommend reviewing.

Data we collect

Information you provide

You may share personal data voluntarily (e.g., subscribing to newsletters, contacting us, attending events, or submitting proposals or comments). This can include your email address, country of residence, interests, and any data included in submissions. Some functions require certain data, and failure to provide it may limit participation.

Information about others

Only submit personal data about others if authorised by law or consent, and after sharing this policy with them.

Information from third parties

We may collect personal data about you from your organization, public sources, service providers, or partners, for example, if you are listed as a contact person or registered on your behalf.

Interest-based advertising

We may engage partners to deliver interest-based advertising about our work. Where required by law, we will seek your consent first.

Automatic data collection, including cookies, pixels, and similar technologies

We may collect some personal data automatically. For example, when you visit our sites and tools, we may collect your Internet Protocol ("IP") address, Internet Service Provider ("ISP") information, and browser type and language. We also may use cookies, pixels, and similar technologies to collect data about your interaction with our sites and tools, including, for example, referring webpage, pages visited on our sites and tools, and crash data. In addition, we may link the information we collect automatically or the information from any cookie or pixel with the information you provide in other contexts on our sites and tools (newsletters, etc.) to personalise, connect and streamline your experience when visiting our sites and tools. For example, this may include connecting your use of our sites and tools from your desktop, mobile, or other device.

Sensitive personal data

We do not intentionally collect sensitive personal data without your explicit consent, unless permitted or required by law.

Minors

Our sites are not intended for those under 13 (or the legal minimum age in your country). Any personal data found to be collected from minors will be deleted.

How we use your data

Purposes

Generally, we may use your personal data to:

  • provide you with information about our foundation, the initiatives and projects we support, and the broader causes we are committed to, particularly where these relate to your engagement with us or your use of our sites and tools [for our legitimate interests];
  • send newsletters, publications, and other updates that you have specifically requested or chosen to receive [with your consent];
  • review and respond to proposals, reports, deliverables, comments, responses, messages, chats, or any other data or materials that you submit when applying for funding, carrying out a project, or delivering services [for our legitimate interests and/or to enter/perform a contract with you];
  • consider, analyse, and reply to feedback, comments, responses, messages, chats, photos, videos, or any other form of content that you provide through our sites and tools [for our legitimate interests and/or with your consent];
  • use personal data to shape, manage, and guide our philanthropic strategies, ensuring that our charitable activities are effective and aligned with our mission [for our legitimate interests];
  • administer, protect, and enhance our sites and tools, as well as our systems, facilities, events, and other aspects of our operations, to ensure their proper and secure functioning [for our legitimate interests];
  • process personal data as necessary to defend our rights, uphold our obligations, and safeguard the safety and well-being of others [for our legitimate interests];
  • preserve and contribute to our records and archives in the public interest, ensuring that important information is retained for future reference and accountability [for our legitimate interests]; and/or process and disclose personal data when necessary to comply with applicable laws, respond to a court order, subpoena, or other legal process served upon us [to comply with legal obligations].

Legal bases under applicable law

We process personal data only where legally permitted—such as to perform a contract, meet legal obligations, pursue legitimate interests, protect vital interests, maintain archives, or with your consent.

Sharing your data

Employees, agents, affiliates, service providers, and partners

We may share your personal data with our:

  • internal and partners: With employees, affiliates, service providers, or partners where necessary.
  • public submissions: Content posted in interactive areas (e.g., forums or chats) may be visible to other users.
  • legal obligations: With authorities, courts, or law enforcement, where required.
  • control transfer: We will not transfer control of your data without consent, unless legally compelled.

Other visitors to our sites and tools

Any personal data you choose to include in feedback, comments, responses, messages, chats, photos, videos, or other material submitted in the interactive parts of our sites and tools, such as discussion forums, comment sections, or online communities, can be visible to other visitors who access those areas. Other users may be able to view, share, re-post, or otherwise make use of the information you provide. In certain interactive spaces, you may have options to adjust privacy settings in order to control who is able to see your contribution. However, please be aware that even if you later delete or remove your submission, copies may still remain stored in cached or archived sections of our sites and tools, or may be retained by other visitors or participants who previously accessed them.

Law enforcement

Personal data may be shared with law enforcement bodies, government agencies, regulatory authorities, or other third parties where this is necessary to comply with applicable laws. This may include responding to a court order, subpoena, or any other binding legal process served upon us.

Transfer of control

Control of personal data will not be transferred to any third party without your explicit consent, unless such transfer is required in order to meet obligations under applicable law, a court order, a subpoena, or another form of legal process.

Store and protect your data

Storage and transfers

Your personal data may be stored within your own country or in other countries where we or our trusted service providers operate facilities. Employees and service providers located internationally may be permitted to access personal data, in line with the purposes set out in this notice. Whenever personal data is transferred across borders, we ensure that your legal rights and protections continue to apply, as required under relevant law. This is achieved by entering into agreements that include appropriate data protection clauses—such as standard contractual clauses, standard contracts, or other legally required safeguards—and by requiring our employees and service providers to handle personal data in full compliance with the law.

Storage period

Personal data is retained only for as long as it is necessary to achieve the purpose for which it was collected, or for as long as required or permitted by law. Once that period has ended, the data will be either deleted or anonymised. Where immediate deletion is not possible, the data will be securely stored, restricted from further use, and eventually removed as soon as practicable. In certain cases, we may dispose of data at our discretion, without prior notice, provided this is in accordance with applicable law. You may contact us if you would like more detailed information about retention periods that apply to specific categories of data.

Protection

Because transmitting data over the internet is not completely secure, we cannot guarantee the safety of information you send to our sites and tools, and any transmission is carried out at your own risk. Nonetheless, we maintain appropriate technical and organizational safeguards, including regular internal assessments, to minimize risks of unauthorized access, disclosure, or misuse of personal data. Access to personal data is restricted to employees who require it for their work and who are bound by obligations of confidentiality. We also require our service providers to meet strict data privacy and security standards equivalent to our own. Details of our baseline information security requirements for service providers are available upon request.

How to contact us

Please reach us at contact@eesaverinfoundation.org