Skip to main content

Privacy Policy

This is the Donor Privacy Policy of the Children’s Tumor Foundation (CTF). CTF maintains the highest level of respect for the privacy of our donors. The Foundation does not sell, trade, or rent donor data. Further information on specific aspects of the Foundation’s commitment to protecting your information is provided below.

To find out how we treat personal data originating from the European Economic Area, please click here.

Effective date / Last modified: 12.17.2019


At the Children’s Tumor Foundation we value the support of our donors and take pride in our responsible stewardship of your support and information. The Foundation and our employees are committed to following the Association of Fundraising Professional’s Donor Bill of Rights to let you know that your commitment to us, in turn receives a commitment from us:

“Philanthropy is based on voluntary action for the common good. It is a tradition of giving and sharing that is primary to the quality of life. To ensure that philanthropy merits the respect and trust of the general public, and that donors and prospective donors can have full confidence in the nonprofit organizations and causes they are asked to support, we declare that all donors have these rights:

I. To be informed of the organization’s mission, of the way the organization intends to use donated resources, and of its capacity to use donations effectively for their intended purposes.

II. To be informed of the identity of those serving on the organization’s governing board, and to expect the board to exercise prudent judgment in its stewardship responsibilities.

III. To have access to the organization’s most recent financial statements.

IV. To be assured their gifts will be used for the purposes for which they were given.

V. To receive appropriate acknowledgement and recognition.

VI. To be assured that information about their donation is handled with respect and with confidentiality to the extent provided by law.

VII. To expect that all relationships with individuals representing organizations of interest to the donor will be professional in nature.

VIII. To be informed whether those seeking donations are volunteers, employees of the organization or hired solicitors.

IX. To have the opportunity for their names to be deleted from mailing lists that an organization may intend to share.

X. To feel free to ask questions when making a donation and to receive prompt, truthful and forthright answers.”



Information Collected

The Children’s Tumor Foundation collects personal information from donors for the purposes of processing payments, donations, and communicating with donors about the Foundation, as well as conducting the operations of the Foundation including fundraising and patient support. This information may include name, amount donated, address, telephone number, donor comments, e-mail address, and any other personal information provided (“Donor Data”). For donations by check, Donor Data also includes the data visible on the check.

As part of providing an online experience, the Children’s Tumor Foundation may store various data that are collected as part of standard web operations (including, but not limited to, IP addresses and cookies). The Foundation may use this data for purposes described in this policy, including analytical needs and improved functionality of our website. The Children’s Tumor Foundation makes limited use of cookies, including third party cookies (such as cookies from payment processors), to track sessions, help store data, and fulfill the purposes set out in this policy. You can prevent or delete our cookies by adapting your browser settings, although this will likely affect the functionality of the website.

The Children’s Tumor Foundation’s website contains links to other sites. Please be aware that the Foundation is not responsible for the privacy practices of such sites (nor does the appearance of external hyperlinks constitute endorsement of the linked sites, or the information, products or services contained therein). The Foundation encourages users to read the privacy statements of every website that collects personally identifiable information.

Donor Data

Donor Data may be used for these kinds of purposes:

  • Distributing receipts and acknowledging donations
  • Informing donors about upcoming fundraising and other activities of the Children’s Tumor Foundation
  • Internal analysis, such as research and analytics
  • Record keeping
  • Reporting to applicable government agencies as required by law
  • Surveys, metrics, and other analytical purposes
  • Other purposes related to the fundraising operations

Anonymous donor information may be used for promotional and fundraising activities. Comments that are provided by donors may be publicly published and may be used in promotional materials. The Foundation may use available information to supplement the Donor Data to improve fundraising efforts. The Foundation may allow donors the option to have their name publicly associated with their donation unless otherwise requested as part of the online donation process. The Children’s Tumor Foundation uses data gathered from payment processors and other service providers only for the purposes described in this policy.

The Children’s Tumor Foundation event leaders and Volunteer Leadership Council have signed agreements with the Foundation. Unless you request otherwise, the Foundation may share information with the appropriate event leaders and volunteers for local newsletters and event announcements.

Financial Information

It is the Foundation’s internal policy to limit access to financial information to professional staff and volunteers who need to process that information for the purposes described above. Personal financial information is not sold to or traded with other parties.

The Children’s Tumor Foundation uses partners to provide online payment processing services. Usually, the privacy policies of these organizations will be presented to you on their respective websites and typically also as part of your donation process. If you pay by credit card, we do not store your credit card information, bank account numbers, or other financial account data sent directly to those processing services.


The Children’s Tumor Foundation is committed to protecting donor personal information from unauthorized access, alteration, disclosure, or destruction. The Foundation undertakes a range of technology and security practices, including data encryption, password protection, and other strict policy measures to protect sensitive data and safeguard the privacy of identifiable information from unauthorized access or improper use.  Furthermore, our organization values and policies are committed to the protection of user information, and as such we limit employee access only to authorized persons and processes.

Payment Processors and Other Service Providers

Payment processors allow donors to give electronically using a payment services account, a credit card, or other payment method. The Children’s Tumor Foundation works directly with these processors, and employs due diligence to ensure the integrity of these organizations. However, these processors do collect certain information from donors and purchasers. Please consult their respective privacy policies to determine their practices.


Maintenance contractors partnered with the Children’s Tumor Foundation may be granted access to your personal information in the course of maintenance or providing end users with products or services. Access to your personal information by these contractors is limited to the information reasonably necessary for the contracting company to perform its work. These contractors include the organizations that provide the Foundation with technology and with services and/or content related to better operation and maintenance of the website and donation pages. The Children’s Tumor Foundation requires that partnered maintenance contractors protect the privacy of your personal information consistent with this Privacy Policy to not use or disclose your personal information for any purpose other than providing us and/or our end users with products and services.

Other Disclosures

The Children’s Tumor Foundation may disclose information when required by law; when needed to protect our rights, privacy, safety, property, donors, or users; and when necessary to enforce the terms of service.

Data Retention

The Foundation seeks to retain donor-related information only as needed to fulfill the purposes described in this policy unless a longer retention period is required by law or regulations. For example, tax laws in the United States may require the Foundation to keep contact information and contribution level of donors on file.



Telephone Solicitation

The Children’s Tumor Foundation does not perform general phone solicitation of the public.

Email Policy

Email is an efficient means of communicating with our constituents. Foundation programs and chapters regularly communicate with their constituents by email. All mass emails include an unsubscribe button. The Children’s Tumor Foundation respects your desire to opt out of email distribution lists.

Direct Mail Policy

Mail solicitations are a key component of the Foundation’s fundraising portfolio. Direct mail campaigns occur up to several times per year. Foundation mailings include information on programs and accomplishments. If you wish to opt out of these solicitations, please contact the Children’s Tumor Foundation at or 1-800-323-7938.

Third Parties

The Foundation does not engage third parties, i.e. professional fundraising groups, to solicit on our behalf. All of our fundraising is done through our paid staff or volunteers. Most states do not consider United Way (UW), Community Health Charities (CHC) or the Combined Federal Campaign (CFC) third party fundraisers. However, some states have taken this position that organizations like these that process contributions through payroll deduction constitute third parties. The Children’s Tumor Foundation is a member of UW, CHC and CFC and continues to work through them to offer donors convenient opportunities to continue their support.

If you have questions, or would like to remove your information from our records, please contact us at or call 1-800-323-7938.


The Children’s Tumor Foundation Europe and the Children’s Tumor Foundation US (also referred to as “we”, “our”, “us”) maintain the highest level of respect for the privacy and data protection of our donors and website visitors. Further information on specific aspects of our commitment to protecting your personal data is provided below.

Effective date / Last modified: 17.12.2019

1. Objective and scope

1.1. This Privacy Policy sets out how we, the Children’s Tumor Foundation US, with headquarters at 697 Third Avenue, Suite 418, New York, NY 10017, US, and Children’s Tumor Foundation Europe, with its European Headquarters at Avenue Avenue du Port 86C, Box 204, 1000 Brussels, Belgium, process the personal data of our donors and prospecting donners residing in the EEA and visitors to our websites, on which a link to this Privacy Policy is available. The “EEA” stands for the European Economic Area and covers the countries of the European Union (“EU”) as well as Iceland, Lichtenstein and Norway.

1.2. For the collection and processing of personal data of donors residing in the EEA and website visitors, the Children’s Tumor Foundation Europe together with the Children’s Tumor Foundation US are joint controllers under the EU General Data Protection Regulation (GDPR). Donors can be website visitors but not necessarily.

1.3. We use partners to provide online payment processing services. Usually, privacy policies of these service providers will be presented to you on their respective websites and typically as part of your donation process. Our current partner to provide the online payment processing service is Classy. For the purposes of online payment processing only, Classy and we are joint controllers. For this reason, we have entered into a joint controllership arrangement with Classy.

2. Personal data we collect and their sources

2.1. Personal data collected directly from you
We generally collect personal data directly from you (electronically, in writing) by way of, among others, website forms, messages you address to us, and communications with us at our fundraising and promotional events and other activities. We also collect data from you when you make a donation through our Website. This information includes the following:

  • 2.1.1. Donor Data, such as title, name, suffix, contact details including address, telephone number, e-mail address, company, selected Family Fund, if any, selected gift direction, if any, amount donated, donor comments, payment details and any other personal data provided. For donations by check, this information includes also the personal data visible on the check. If you pay by credit card, we do not store your credit card information, bank account numbers, or other financial account data sent directly to our online payment processing services.
  • 2.1.2. Prospective Donor Data, such as the information you have provided to us at an event organized by Children’s Tumor Foundation US and / or Children’s Tumor Foundation Europe or other fundraising activities. Such information may include the information from your business card and / or other information you have provided to us such as your title, name, contact details including address, telephone number, e-mail address.

2.2. Personal data automatically collected from your device
We collect certain personal data directly from your device, when you visit our website or a CTF app downloaded to your mobile device. This information include the following:

  • 2.2.1. Device and Browser Information, such as information about your computer and / or device, including device type, IP address, device identifier, and operating system.
  • 2.2.2. Information and Statistics on Website and Mobile App Usage, such as information about your use of our website or app, webpages visited, including content viewed or downloaded, time spent on webpages, links clicked. To achieve these purposes, we use [cookies, web beacons, pixel tags, or other technologies]. For further details concerning the how to disable cookies, please see our Cookie Policy.

2.3. Personal data we receive from third parties

  • 2.3.1. In some cases, we may receive certain personal data from third parties such as our existing Donors, who have indicated that you may be strongly interested in our organization’s mission and activities, and / or in donating to fund research, expand knowledge, and advance care for the NF community (protective donors).
  • 2.3.2. To the extent you use our online tools provided by our third party providers, such as online payment service providers, they may provide us with certain personal data.
  • 2.3.3 For CTF mobile app users, more information can be found here for Apple, or Android users.
  • 2.3.4 To remove all personal data from the CTF NF Diagnosis App or the CTF NF Care App please use this form.

3. Purposes

3.1. We set below the purposes for which we process personal data of EEA Donors, our website visitors, and, where indicated, Prospective EEA Donors.

In accordance with applicable law, we process Donor Data and, where indicated, Prospective Donor Data, for the following purposes:

  • 3.1.1. To process payments and donations, including to distribute receipts and acknowledge donations;
  • 3.1.2. To enable our service providers to carry out certain functions on our behalf, including payment processing, verification, technical functions, security and / or integrity protection of our activities, including our databases and systems, and for business continuity reasons, as well as other functions, as may be required, in order to process your donation;
  • 3.1.3. To build a Donor and Prospective Donor Registry in order to keep records of Donors’ donations, and a database of Donors and Prospective Donors;
  • 3.1.4. To send you marketing communications, including to inform Donors and Prospective Donors about upcoming fundraising and other activities of the Children’s Tumor Foundation Europe and, where relevant, of the Children’s Tumor Foundation US, which we consider may be of interest to you. We will not send you such marketing materials if you have opted out from this option. You may unsubscribe via the unsubscribe button included in each marketing email we send to you;
  • 3.1.5. To conduct the operations of the Children’s Tumor Foundation US and of the Children’s Tumor Foundation Europe, including to provide fundraising and patient support, and to carry out internal analysis, such as research and analytics of donations in order to determine a fundraising strategy, and surveys, metrics, and other analytical purposes;
  • 3.1.6. To respond to your questions and various communications with you, for example your inquiries sent to the email address indicated on our website, i.e.;
  • 3.1.7. To comply with applicable law, for example, in response to a request from a court or a regulatory body, where such request has been made in accordance with the law. In accordance with applicable law, we process information of website visitors for the following purposes:
  • 3.1.8. To analyze our website traffic;
  • 3.1.9. To ensure security of our website; and
  • 3.1.10. To improve functionality of our website.

3.2. The bases for the processing of personal data for the purposes described above will include:

  • 3.2.1. Fulfilling a contract of donation we have with you, or will have with you at your request;
  • 3.2.2. Our legitimate interests, as outlined in paragraphs
  • 3.1.2 to 3.1.10 above;
  • 3.2.3. Consent that you have granted to us;
  • 3.2.4. Establishment, exercise or defense of legal claims; or
  • 3.2.5. Compliance with a legal obligation to which we are subject.

3.3. In the event that we use your personal data for purposes not specified above, we will inform you about such purposes for processing your personal data and, when required, of our legal basis for doing.

4. Disclosure of your information

We share your personal data internally between Children’s Tumor Foundation US and the Children’s Tumor Foundation Europe for the purposes described in Section 3. Additionally, in some circumstances, when we wish to or are compelled to disclose your personal data to third parties. Such disclosure will only take place in accordance with the relevant applicable laws and for the purposes listed above. These scenarios may include disclosure:

4.1. To our outsourced service providers, such as hosting service providers, IT providers, server security services, IT system administrators and support services, and providers of fundraising strategies.

4.2. To our outsourced online payment service providers; currently such provider is Classy, with whom we act as joint controllers for the purpose of online payments;

4.3. To public authorities where we are required by law to do so and to defend or enforce our rights, protect our property, assets or safety of others.

4.4. Some links in our website will take you to third party websites or our social media pages located on social media sites such as LinkedIn. These are governed by privacy policies of companies operating such websites, which are available thereon.

5. International transfer of personal data

5.1. As Children’s Tumor Foundation US is a joint data controller together with the Children’s Tumor Foundation Europe, personal data of EEA Donors and of website visitors can be transferred to the US where the Children’s Tumor Foundation US is located. To ensure appropriate protection of data transfers outside the EEA, the two entities rely on one of the measures listed in paragraph 5.3 below for the purposes of such transfers. If you want to know more, please contact us.

5.2. In addition, we may transfer your personal data to outsourced service providers in countries outside the EEA for processing in accordance with the purposes set out in Section 3 above.

5.3. In circumstances where your personal data is transferred within the CTF or to our outsourced service providers located outside the EEA, we will, where required by applicable law, ensure that your privacy rights are adequately protected. Among the measures to protect your personal data, we may rely on European Commission adequacy decisions about certain countries, as applicable (see here). We may also rely on standard contractual clauses approved by the European Commission (see here) in our contracts with third parties that receive information outside the EEA or using other acceptable data transfer mechanisms, such as EU-US Privacy Shield for transfers to self-certified US organizations (see here), Binding Corporate Rules (see here), approved Codes of Conduct and Certifications or, in exceptional circumstances, on the basis of permissible statutory derogations.

5.4. Please contact our Data Protection Officer at for a copy of the safeguards which we have put in place to protect your personal data and privacy rights in these circumstances.

6. Retention of personal data

Your personal data will be retained as long as it is reasonably necessary for the purposes listed above or as required by applicable local law. Retention periods can vary based on the type of information and how it is used. We retain personal data in accordance with the criteria that include legally mandated retention periods, e.g. for tax audit purposes, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. Please contact us for further details of applicable retention periods.

7. Data subject rights

7.1. You may exercise the following privacy rights regarding your personal data, if you are a donor residing in the EEA or you are visiting our website from the EEA, or where the GDPR, or other applicable EU data protection laws so provide, whereby these rights are subject to the conditions and exceptions laid down in the GDPR. Should you wish to exercise your rights, please contact us (see Section 9 for contact details).

  • 7.1.1. Access – You have the right to obtain from us confirmation if your personal data is being processed, certain information in this regard and a copy of the personal data undergoing said processing.
  • 7.1.2. Rectification – You have the right to request that inaccurate personal data be corrected and to have incomplete data completed.
  • 7.1.3. Objection – You have the right, when we process your personal data based on our or a third party’s legitimate interests, to object to the processing of your personal data for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that processing. In addition, you have the right to object at any time where your personal data is processed for direct marketing purposes. (Please note that even if you object to the use of your personal data for direct marketing purposes, we will still send you responses to your questions.)
  • 7.1.4. Portability – You have the right to receive a copy of the personal data that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit them to other data controllers. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.
  • 7.1.5. Restriction – You may request that we restrict processing of your personal data if
    • i. you contest the accuracy of it – for a period we need to verify your request;
    • ii. the processing is unlawful and you oppose the erasure of it and request restriction instead;
    • iii. we no longer need it, but you tell us you need it to establish, exercise or defend a legal claim; or
    • iv. you object to processing based on public or legitimate interest – for a period we need to verify your request.
  • 7.1.6. Erasure – You may request that we erase your personal data if it is no longer necessary for the purposes for which we have collected it, if you have withdrawn your consent and no other legal ground for the processing exists; if the processing is unlawful, or if erasure is required to comply with a legal obligation.
  • 7.1.7. Right to lodge a complaint – You also have the right to lodge a complaint with a supervisory authority, in particular in the EEA country of your residence, or the location where the issue that is the subject of the complaint occurred.
  • 7.1.8. Right to refuse or withdraw consent – In case we ask for your consent to certain processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.

7.2. In instances where Children’s Tumor Foundation US and Children’s Tumor Foundation Europe act as joint controllers, you can exercise these rights in respect of and against each of them. Children’s Tumor Foundations US and Children’s Tumor Foundation Europe that act as joint controllers have entered into an arrangement, reflecting their respective roles and relationships. Please contact us if you want to know more about this contractual arrangement.

8. Children

Through our website, we do not knowingly collect any information, including personal data, from children under 16 years of age for the purposes identified in Section 3 above. If you believe that we have inadvertently collected personal data from a child under the age of 16 for such purposes, please contact us at the address below and we will take immediate steps to delete the information.

9. How to contact us

If you have any questions, comments or requests regarding this Privacy Policy, or you wish to exercise your data protection rights, please direct your request to our Data Protection Officer, that is:

Children’s Tumor Foundation US
697 Third Avenue
Suite 418
New York, NY 10017

US Telephone: 1-800-323-7938

E-mail address:

10. Glossary

The following terms are used within this Privacy Policy and mean the following:

10.1. “controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal information;

10.2. “personal data” means any information relating to an identified or identifiable natural person (i.e., “data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity; and

10.3. “processing” means any operation or set of operations performed upon personal information, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.