X-twitter Facebook Instagram
LEARN MORE

Privacy Policy

Effective Date: August 29, 2025

1) Who We Are & Scope

Aureus Foundations (“Company“, “we“, “us” or “our“) is committed to protecting your personal data and privacy. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our website and services (collectively, the “Services“). It also explains your rights in relation to your personal data and how you can exercise those rights.

Aureus includes affiliated initiatives such as the Global Justice Foundation. In some cases, an affiliated initiative may act as an independent or joint controller; where that occurs, we will identify the relevant entity at the point of collection.

This Privacy Policy applies to all users of our Services worldwide, including users in the European Union (EU), European Economic Area (EEA), the United Kingdom (UK), and Canada. We adhere to applicable data protection laws, including the EU and UK General Data Protection Regulation (GDPR) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), where applicable. By using our Services, you acknowledge that you have read and understood this Privacy Policy.

We also comply, where applicable, with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), including requirements relating to the collection, use, disclosure, and security of personal information and the Notifiable Data Breaches scheme.

2) Information We Collect

We collect personal information (“Personal Data“) that you voluntarily provide to us, as well as information automatically collected from your use of our Services. The types of Personal Data we may collect include:

  • Information You Provide to Us: When you create an account, fill out forms, subscribe to our communications, purchase products or services, or contact us, you may provide certain information such as your name, email address, telephone number, mailing address, payment information, and any other information you choose to provide.
  • Information We Collect Automatically: We use cookies and similar technologies to operate the Services, remember preferences, and perform analytics. For details about the categories we use, what they collect, and your choices, please see our Cookie Policy https://globaljusticefoundations.org/cookie-policy/.
  • Information from Third Parties: We may receive information about you from third-party sources. For example, if you choose to connect your account with a social media service or use a third-party login, we might receive certain profile information from that service. We may also receive personal data from marketing partners or service providers to assist us in improving our Services or marketing efforts.

3) How We Use Your Information

We use personal information for the following purposes:

  • To Provide and Maintain the Services: We process your data to create and manage your account, provide the products or services you requested, process transactions, and enable core features of our Services (this is necessary for the performance of a contract with you).
  • To Communicate with You: We use your contact information (like your email address or phone number) to send service-related notices, respond to your inquiries, provide customer support, and keep you informed about your account or transactions.
  • For Personalization and User Experience: We may use your information to personalize content, recommendations, and the user experience on our Services. For example, we remember your preferences and settings to tailor the Services to your interests and improve your satisfaction.
  • Marketing and Newsletters: Where permitted by law, we may use your contact information to send you newsletters, promotions, or marketing communications about our products, services, or events. We will obtain your consent to send you direct marketing where required (for example, if you are an individual in the EU/EEA, UK, or Canada, we will only send you marketing emails if you have opted in). You can opt out of marketing communications at any time (see Your Rights and Choices below).
  • Analytics and Service Improvement: We analyze how users interact with our Services to track aggregate usage, identify trends, and improve the content and functionality of our platform. This helps us better understand user needs, fix issues, and develop new features (supporting our legitimate interests in improving our business and Services).
  • Security and Fraud Prevention: We use personal information to maintain the security of our Services, including detecting and preventing fraud, abuse, and other harmful activities. This can include verifying user identities, monitoring for suspicious activity, and enforcing our Terms of Use.
  • Compliance with Legal Obligations: We process personal data as required to comply with our legal and regulatory obligations. For example, we may retain certain transaction records for tax and accounting purposes, or disclose information if required by law enforcement or court order.

4) Legal Bases for Processing (EU/UK): If you are located in the EU, EEA, or UK, our processing of your personal data will be justified by one of several legal bases under the GDPR/UK GDPR. Depending on the context, we rely on: your consent (for instance, when you subscribe to marketing communications or accept certain cookies); performance of a contract (to provide the Services you have requested); compliance with a legal obligation; and legitimate interests (such as improving our Services or preventing fraud, balanced against your rights and interests). Where we rely on your consent, you have the right to withdraw consent at any time, which will not affect processing already carried out based on consent before its withdrawal.

5) How We Share Your Information

We do not sell your personal information. However, we may share your personal data with third parties under the following circumstances:

  • Service Providers: We share information with trusted third-party companies that perform services on our behalf to support our operations and the Services. This includes, for example, website hosting and cloud storage providers, payment processors, analytics and advertising partners, email and customer support service providers, and other IT or business tools. These service providers are contractually required to protect your information and use it only for the purposes of providing services to us.
  • Affiliates and Business Partners: We may share your information with our affiliates (companies under common ownership or control) for internal administrative purposes or to provide our Services to you. We might also share information with business partners when you participate in co-sponsored events or promotions, but only with your knowledge and, where required, your consent.
  • Legal Compliance and Protection: We may disclose personal information if we are required to do so by law or pursuant to a legal process (such as a subpoena or court order). We may also share data when we believe in good faith that it is necessary to: (i) comply with legal obligations; (ii) protect and defend the rights, property, or safety of Aureus Foundations, our users, or the public; (iii) prevent or investigate potential wrongdoing in connection with the Services; or (iv) protect against legal liability.
  • Business Transfers: If Aureus Foundations is involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, personal information may be transferred to a successor or affiliate as part of that transaction. In such cases, we will ensure that your personal data is afforded confidentiality and, if required by applicable law, we will give you notice and an opportunity to opt out of the transfer.
  • With Your Consent: In any situation where we would like to share your information for purposes other than those listed above, we will do so only if you have given us explicit consent. For example, if you opt-in to have your details shared with a partner for their own marketing, we will honor that consent.

6) International Data Transfers

Aureus Foundations is based in the United States and Australia, but we may process and store your personal information on servers located in other countries. If you are located in the EU/EEA, UK, Australia, Canada, or another region with data protection laws different from our home country, please be aware that your information may be transferred to and maintained in a jurisdiction that may not offer the same level of data protection as your country of residence.

Whenever we transfer personal data internationally, we will take appropriate measures to ensure your information remains protected in accordance with applicable law. For example, if we transfer personal data from the EU/EEA or UK to a country that is not deemed to have adequate data protection by the European Commission, we will implement standard contractual clauses or other appropriate safeguards. Likewise, personal information of Australian or Canadian users transferred outside Australia or Canada will be protected as described in this Privacy Policy, but it may become subject to the laws of the country to which it is transferred (for instance, data hosted in the United States could be accessed by U.S. authorities under U.S. law).

7) Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, and to satisfy any legal, accounting, or reporting requirements. In general, this means we will keep your data for the duration of your relationship with us and for a period afterward where we have an ongoing legitimate need to retain it (for example, to handle any post-termination inquiries or to comply with legal obligations).

Unless a longer period is required or permitted, we apply these standards:

  • Account/profile and relationship records: while your account or relationship is active, plus 24 months.
  • Donations and transactional records (including receipts): 7 years after the end of the relevant financial year.
  • Customer support correspondence and forms: 24 months after resolution.
  • Email delivery logs and correspondence metadata (not content): up to 24 months.
  • Marketing preferences and suppression lists: as long as needed to honor your opt-out.
  • Web server security logs: 30 days unless needed for investigation, then up to 12 months.
  • Analytics data: 18 months (aggregated thereafter where feasible).

This retention period allows us to comply with our legal and financial obligations and to resolve or defend any claims. We may retain data for longer periods if required by law (e.g., certain financial records) or if necessary to protect our legal rights. When your personal information is no longer needed for these purposes, we will securely erase, anonymize, or otherwise dispose of it in accordance with our data retention policies.

8) Data Security

We take the security of your personal data very seriously. Aureus Foundations implements appropriate technical and organizational measures to protect your information from unauthorized access, loss, misuse, or alteration. These measures include, for example, using encryption and secure protocols to transmit sensitive data, maintaining up-to-date firewall and intrusion prevention systems, restricting access to personal data to authorized personnel on a need-to-know basis, and providing privacy and security training for our staff.

Despite our efforts to safeguard your information, no method of transmission over the internet or electronic storage is completely secure. Therefore, we cannot guarantee absolute security. You should also take care with how you handle and disclose your personal information and avoid sending sensitive information through insecure channels. If you have reason to believe that your interaction with us is no longer secure (for example, if you suspect a security vulnerability in our Services), please contact us immediately.

9) Data Breach Notification

We maintain incident response procedures designed to detect, investigate, and remediate potential personal-data breaches. Where required by law, we will notify affected individuals and/or the relevant supervisory authorities without undue delay (for example, consistent with GDPR/UK GDPR requirements to notify competent authorities and, where applicable, affected individuals; the Australian Privacy Act/APPs Notifiable Data Breaches scheme; and PIPEDA “breach of security safeguards” obligations). Notifications will include, where feasible, a description of the incident, categories of data affected, likely consequences, and measures we have taken or recommend you take.

10) Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal data. Aureus Foundations is committed to respecting these rights and has processes in place to enable you to exercise them. These rights include, where applicable:

  • Right to Access: You have the right to request confirmation of whether we are processing personal data about you, and if so, to request a copy of the information we hold about you. We will provide you with a copy of your personal data in a commonly used electronic format, unless you request otherwise.
  • Right to Correction: You have the right to request that we correct or update any inaccurate or incomplete personal information. We encourage you to keep your information up to date and will make reasonable efforts to correct your data upon request.
  • Right to Deletion: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected or when processing is unlawful. Please note that we may need to retain certain information as required by law or for legitimate business purposes (for example, if we must keep records of a transaction, or if retaining certain data is necessary to comply with a legal obligation).
  • Right to Withdraw Consent: If we are processing your personal information based on your consent, you have the right to withdraw that consent at any time. For example, you can opt out of our marketing emails by clicking the “unsubscribe” link or by contacting us. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
  • Right to Object: You have the right to object to our processing of your personal data in certain situations. For instance, you can object to the use of your information for direct marketing, or in cases where we rely on legitimate interests as the basis for processing and you believe your rights override those interests. If you raise an objection, we will halt the processing in question unless we have compelling legitimate grounds to continue or where it is needed for legal reasons.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal information in certain circumstances – for example, while we verify the accuracy of your data or consider an objection you have raised to our processing.
  • Right to Data Portability: Where applicable (for example, under GDPR for EU/EEA or UK residents), you have the right to request a copy of certain personal data in a structured, commonly used, and machine-readable format, and you can ask us to transfer that data to another controller when technically feasible. This right applies to personal information you have provided to us, and that we process by automated means, under consent or contract.
  • Right not to be Subject to Automated Decisions: We do not typically make decisions that significantly affect you based solely on automated processing of personal data. If this changes in the future, and such automated decisions have legal or similarly significant effects, you will have the right to not be subject to those decisions without human intervention, as well as certain rights to understand the decision-making logic.
  • Right to Lodge a Complaint: If you have a concern about our privacy practices, please contact us so we can try to resolve it. If you are not satisfied with our response, you may have the right to lodge a complaint with a data protection authority. For example, if you are in the EEA, you can contact the supervisory authority in your country of residence; in the UK, you can contact the Information Commissioner’s Office (ICO); and in Canada, you can contact the Office of the Privacy Commissioner of Canada (OPC).

To exercise your rights, please contact us using the information provided in the Contact Us section below. We will respond to your request in accordance with applicable data protection laws, and we may ask you to verify your identity before fulfilling certain requests. There is no fee for making a request, but in some cases we may charge a reasonable fee or decline to act if a request is unfounded, repetitive, or excessive as permitted by law.

11) Children

The Services are for general audiences and are not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us so we can take appropriate steps.

12) Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will update the “Last updated” date at the top of the policy. If the changes are material, we will provide a more prominent notice (such as by posting a notice on our website or notifying you via email, where appropriate) to inform you of any significant changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Services after we publish or communicate a notice about changes to this policy will signify your acknowledgement of the updated Privacy Policy.

13) Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us using the details below. We welcome your feedback and will do our best to address any issue promptly.

Email: privacy.officer@globaleducationfoundations.org
U.S. postal: Aureus Foundations, 1235 Pennsylvania Ave, Suite 5006, Washington, DC 20003, USA
Australia postal: Aureus Foundations, Level 10, 20 Martin Place, Sydney NSW 2000, Australia
EU representative: privacy.officer@globaleducationfoundations.org
UK representative: privacy.officer@globaleducationfoundations.org
Data Protection Officer: Data Team

Thank you for reading our Privacy Policy. Your privacy is important to us, and we are committed to safeguarding the personal information you entrust to Aureus Foundations.

 

Scroll to Top