Effective Date: 2nd Oct, 2025
This Privacy Policy describes how The Koo's Giving Charitable Foundation (the "Foundation," "we," "us," or "our") collects, uses, stores, and protects the personal data of users, donors, and grant applicants through our website,
https://koofoundation.com/ (the "Site").
We pledge to comply with the requirements of the Personal Data (Privacy) Ordinance (PDPO) of the Hong Kong Special Administrative Region, and we proactively adopt the standards set by the European Union's
General Data Protection Regulation (GDPR) for global consistency.
1. Compliance Anchor and Principles
We manage your personal data according to the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality (PDPO Data Protection Principles and GDPR Article 5).
2. Personal Data We Collect
2.1 Categories of Data Collected:
- Contact/Identity Data: We collect information such as name, preferred name, email address, phone number, and mailing address.
○ Purpose: This data is used to respond to inquiries, send newsletters (if consented), process grant applications, and issue correspondence.
- Grant Application Data: This includes institutional affiliation, Credentials (login/user accounts for application portals), proposals, and submitted materials.
○ Purpose: This data is collected for the purpose of reviewing, communicating about, and administering grant selection and funding.
- Usage Data: We collect non-personal information such as IP addresses, browser type, operating system, pages visited, document downloads, session duration, and source traffic location.
○ Purpose: This data is used to compile aggregate reports, analyse website performance, and improve user experience.
2.2 Special Categories of Data
Due to the nature of our philanthropic work, particularly grant funding programs related to specific vulnerable populations (e.g., youth development or health), we may collect certain "Special Categories" of data, such as developmental information, via grant applications or program evaluations.
Processing of this sensitive data mandates your explicit consent and is subject to the strictest security protocols, including protection via data encryption and rigorously restricted access.
3. Lawful Basis and Use of Data
We use your personal data only for the purposes specified at the time of collection (PDPO DPP3).
3.1 Use for Direct Marketing and Consent
We will only use your personal data for direct marketing (e.g., fundraising appeals or event invitations) if we have obtained your specific and voluntary consent.
- Affirmative Consent: Consent for non-essential processing, including marketing, must be obtained via a clear, un-pre-checked, affirmative mechanism.
- Opt-Out: You have the right to withdraw your consent and opt-out of receiving any future direct marketing communications at any time, without charge.
4. Data Security and Retention
4.1 Security Safeguards
We maintain reasonable administrative, technical, and organisational safeguards designed to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction of the personal data that we collect from you. Security measures include restricted access controls, two-factor authentication, and the use of encrypted, secure databases. All online monetary transactions are conducted via a secure server where information is encrypted before transmission.
4.2 Data Retention
We retain personal data only for as long as necessary for the fulfillment of the purposes for which it was collected (PDPO DPP2).
Grant and Audit Records: Please note that records related to grant funds (including applications and supporting documents) must be retained for a minimum of five years after final project close-out to comply with legal, audit, and regulatory requirements. If litigation or an audit is ongoing, records will be retained for five years after the issue is resolved.
5. Disclosure and Sharing of Personal Data
We do not sell, trade, or disclose your personal data to any third party unless we have been authorised by you or are required by law.
5.1 Sharing with Service Providers
We use trusted third-party service providers (e.g., for donation processing, website analytics, and email communication) who require access to your information to perform services on our behalf.
- Donation Processing: When you donate, your data is shared with our trusted partners, such as Classy, Stripe, or PayPal, who act as payment processors. You should review their respective privacy policies.
- Contractual Requirement: Our contracts with all service providers prohibit them from using, disclosing, or retaining your personal data for any purpose other than those permitted by the contract or by applicable privacy laws.
5.2 International Data Transfers
If we transfer your personal data to recipients in countries other than Hong Kong (e.g., for cloud hosting), we will protect that information as described in this Privacy Policy, ensuring comparable safeguards are in place regardless of the recipient country’s laws.
6. Your Data Subject Rights (Access, Correction, Erasure)
You have the following rights regarding the personal data we hold about you:
- Right of Access and Correction: You may request access to and receive information about the personal data we maintain about you and request correction of any inaccuracies.
- Right to Erasure (Right to be Forgotten): You may request that your personal data be blocked or deleted, as appropriate.
- Right to Data Portability: You may request to receive copies of your personal data in a portable, machine-readable format.
- Right to Restriction/Objection: You have the right to object to or request the restriction of processing your personal data.
7. Contact Us
If you have any questions, concerns, or wish to exercise any of your rights under this Privacy Policy, please contact the Foundation at:
Koo Foundation
Email:
enquiry@koo-foundation.com
You may also contact the Hong Kong Privacy Commissioner for Personal Data (PCPD) if you believe we have breached the PDPO.