Privacy Notice

PRIVACY NOTICE

Effective Date: June 12, 2026

The GOG Foundation, Inc. (“GOG Foundation” or “we” or “us” or “our“) is a nonprofit organization dedicated to transforming the standard of care in gynecologic oncology. We conduct clinical and translational research that impacts patients through the prevention and treatment of gynecologic malignancies.

This Privacy Notice describes how GOG Foundation collects and processes the personal data of visitors (“user,” “you” and “your“) to our public website at gog.org, our mobile application, and any other public website or application operated by GOG Foundation where this Privacy Notice is posted (together referred to as our “Public Sites“).

Please note that this Privacy Notice does not apply to our Partners Portal, which is available via a secure login for our industry collaborators, clinicians, researchers, and patients at https://partners.gog.org/, or any other online platform operated by GOG Foundation.

PLEASE READ THIS PRIVACY NOTICE CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR PERSONAL DATA AND YOUR RELATED CHOICES AND RIGHTS. YOUR USE OF OUR PUBLIC SITES IS SUBJECT TO OUR TERMS OF USE, AVAILABLE AT https://www.gog.org/terms-of-use/.

Click on the links below to move directly to specific sections of this Privacy Notice:
 

TABLE OF CONTENTS

SCOPE OF THIS PRIVACY NOTICE
PERSONAL DATA WE COLLECT
HOW WE USE PERSONAL DATA
DISCLOSURE OF PERSONAL DATA
DATA COLLECTED WITH COOKIES AND SIMILAR TECHNOLOGIES
HOW YOU CAN RESTRICT COOKIES
YOUR COMMUNICATIONS CHOICES
RETENTION OF PERSONAL DATA
PROTECTION OF PERSONAL DATA
THIRD-PARTY EMBEDDED CONTENT, LINKS, AND DATA COLLECTION
PROCESSING OF PERSONAL DATA IN THE UNITED STATES
DATA PRIVACY RIGHTS AND REQUESTS: UNITED STATES RESIDENTS
DATA PRIVACY RIGHTS AND REQUESTS: RESIDENTS OUTSIDE THE UNITED STATES
MINORS
NOTIFICATION OF CHANGES TO THIS PRIVACY NOTICE
HOW TO CONTACT GOG FOUNDATION
 

SCOPE OF THIS PRIVACY NOTICE

In this Privacy Notice, the term “personal data” refers to any information that directly or indirectly identifies an individual or that relates or is capable of being linked to an identifiable individual. Personal data includes information that can be used alone or combined with other data to identify, profile, or contact an individual.

We collect personal data that you submit to us directly and that is gathered automatically online by cookies and similar internet technologies on our Public Sites. For example, we collect information, which may include personal data, about:

  • Visitors to our Public Sites;
  • Individuals who sign up to receive our informational emails, event announcements, and updates;
  • Participants in events and grant awards we sponsor;
  • Individuals who donate to GOG Foundation;
  • Others who communicate or interact with us.

This Privacy Notice does not apply to personal data we collect via our Partners Portal or for clinical trial and other research purposes. Also, this Privacy Notice does not apply to publicly available data, aggregated data (from which identifiers linking to identifiable individuals have been removed), or data collected by a third party for its own purposes.

We make changes to this Privacy Notice regularly. You should re-read it from time to time at https://www.gog.org/privacy-policy/. Changes to this Privacy Notice will be posted on our Public Sites and will be effective when posted. Your continued use of the Public Sites after we make changes indicates your acceptance of those changes, so please review this Privacy Notice regularly for updates.

 

PERSONAL DATA WE COLLECT

Information You Provide

Depending on the purpose for your communication or interaction with us, we may ask you to provide the following types of personal data:

  • Name;
  • E-mail address;
  • Phone number;
  • Mailing address;
  • Organization and position;
  • Professional background and experience;
  • Payment information for donations;
  • Communication preferences, including subscription preferences for newsletters and updates, consent to receive marketing communications by text or phone;
  • Information related to grant applications and awards; and
  • Your comments or feedback submitted by responding to contact forms, surveys or questionnaires, and other information you choose to provide to us.
Cookies and Tracking Technologies

When you visit our Public Sites, small data files commonly referred to as “cookies,” are placed on your device and managed by GOG Foundation or our service providers, third-party analytics providers, or advertising networks. For information about the types and purposes of cookies used on our Public Sites, see our Cookie Policy and the sections of this Privacy Notice titled “DATA COLLECTED WITH COOKIES AND SIMILAR TECHNOLOGIES” and “HOW YOU CAN RESTRICT COOKIES.”

Mobile Application Data

If you download and use our application(s), we also may collect the following information:

  • Geolocation Information: We may request access or permission to track location-specific information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions previously granted, you can do so in your device settings.
  • Push Notifications: We may request permission to send you push notifications regarding your account or certain features of the application(s). You can withdraw permission to (opt out of) these types of communications in your device settings.
  • Mobile Device Data: We automatically collect device information such as your mobile device ID, model and manufacturer, operating system, version and system configuration information, device and application identification numbers, browser type and version, hardware model, Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server), and information about the features of our application(s) you accessed.
Sensitive Personal Data

The term “sensitive personal data” refers to personal data about an individual’s private life that is sensitive in nature. Geolocation data (only collected via our mobile application and with your express consent) is considered to be sensitive personal data. Sensitive personal data also includes health information, racial or ethnic origin, national origin, citizenship or immigration status, sexual matters, or religious beliefs. GOG Foundation does not generally collect these types of sensitive personal data on the Public Sites except in limited circumstances such as awards of professional grants, an individual’s donation, or accommodations at an event. In the limited circumstances where we may receive sensitive personal data, we will only use and disclose the information for the specific purpose for which the information was provided.

Third-Party Features and Links

Our Public Sites may display embedded links and provide links that redirect you to features and other services hosted by independent companies (such as YouTube, podcast services, and companies that provide scientific and educational content). When you click on an embedded feature or follow the link to a third-party website, we may receive analytics data from the third-party provider about your interactions with their services. However, the third-party provider—not GOG Foundation—is responsible for its privacy practices, and for informing you about those practices if they collect your personal data for their own purposes when you use their service. For more information see the section of this Privacy Notice titled “THIRD-PARTY EMBEDDED CONTENT, LINKS, AND DATA COLLECTION.”

Social Media

You may be able to connect to our Public Sites using your social media accounts, such as Facebook, LinkedIn, Instagram, and X. The sign-on services will authenticate your identity, provide you with options to share personal data (such as your name and email address) with us, and pre-populate sign-up forms. If you authorize us to connect via social media, we will collect your name, e-mail address, location, profile picture, images you post, URL, and any other personal data made available to us. We may use and disclose that information in accordance with this Privacy Notice.

Event Managers

We receive information from third-party event managers that provide registration, organization, event mobile application and similar services about your participation in our in-person and online events.

Information Exchanges with Other Organizations

For marketing and donor development, we may exchange mailing lists with organizations whose members and visitors may have interests similar to the GOG Foundation community (subject to applicable laws).

Information from Data Providers and Other Sources

If you create an online account, we may ask a commercial data provider to tell us more about you based on its own data collection. They may give us information such as name, e-mail address, phone, address, and demographic information (for example, age, sex, household income, or employment).

 

HOW WE USE PERSONAL DATA

The GOG Foundation endeavors to process and share your personal data only to the extent reasonably necessary to respond to your requests, meet our legitimate business and legal objectives, fulfill our contracts, comply with our legal obligations, or for other purposes with your consent. We do not share your personal data with unaffiliated third parties solely for their own direct marketing purposes.

The purposes for which we process personal data (excluding data collected for clinical trial and research purposes) include:

  • Providing our programs, services, and special events;
  • Operating, maintaining, updating, and protecting our Public Sites;
  • Managing our newsletter e-mailing list and sending communications about our activities, events, and programs;
  • Responding to requests for information;
  • Raising funds for research in support of our mission;
  • Building long-term relationships with the GOG Foundation community of partners, investigators, subscribers, donors, and others interested in our efforts;
  • Preparing and presenting GOG Foundation Symposia and other educational programming;
  • Conducting development and marketing programs;
  • Tracking Public Sites visitor and e-mail interactions;
  • Monitoring inbound calls for training and quality enhancement purposes;
  • Analyzing Public Sites usage for internal analytics and reporting purposes;
  • Enforcing our policies and agreements; and
  • Responding to legal process and government requests.

 

DISCLOSURE OF PERSONAL DATA

Your personal data may be accessible to or shared with the categories of third parties below. We do not sell your personal data to third parties for monetary value. However, in some U.S. states, the use of online tracking technologies for targeted advertising can be considered a “sale” or “sharing” of personal data.

For information about how you can opt out of the use of your personal data to build user profiles for targeted and other behavioral advertising, see our Cookie Policy and the section of this Privacy Notice titled “HOW YOU CAN RESTRICT COOKIES.”

  • Service Providers: We engage third-party service providers to assist with business, Public Sites, and technology operations including: data processing, management and storage; event registration; payment processing; and e-mail and online marketing. These providers may access or collect personal data on our behalf but are not authorized to disclose or use personal data for their own commercial purpose.
  • Hosted Features and Third-Party Links: We use third-party services to make some educational and scientific content and other features available via the Portal. These third parties are responsible for how they handle our Public Sites users’ personal data they collect and process for purposes other than providing services to us and for explaining their privacy practices to you. See the section titled “THIRD-PARTY CONTENT, LINKS, AND DATA COLLECTION.”
  • Online Advertisers: We may use the Google advertising platform and other advertising networks to assist with marketing. These companies use tracking technologies to collect information about your online activities over time and across different websites. They may use this information to target advertisements to you. See our Cookie Policy and the section of this Privacy Notice titled “DATA COLLECTED WITH COOKIES AND SIMILAR TECHNOLOGIES.”
  • Public Sites Usage Analytics: We use Google Analytics and other website analytics services to measure traffic and user activity on the Public Sites. These services may use the data collected on our Public Sites for their own purposes. For more information, see the information provided by Google at Google Analytics Safeguarding Your Data.
  • Information Security: We may share information with law enforcement and security providers for purposes of anti-fraud protection and investigation.
  • Legal Process and Compliance: We may disclose personal data in response to a government request, court order, or to protect and enforce our or others’ rights, property, or safety.
  • Business Transactions: If applicable, we may disclose personal data to prospective transaction parties and their advisors in connection with a sale, financing, reorganization, bankruptcy, or other transaction, subject to confidentiality protection.
  • With Your Consent: We may also share personal data with third parties with your permission.

 

DATA COLLECTED WITH COOKIES AND SIMILAR TECHNOLOGIES

Cookie Policy

See our Cookie Policy and Consent Preferences selection link for details about the cookies, tracking technologies, device identifiers, and similar small code files operating on our Public Sites (together referred to as “cookies“). The cookies on our Public Sites are placed either by us as the operator of the Public Sites (“first-party cookies“) or by a third-party service or platform we authorize (“third-party cookies“).

Tracking Technologies

We use the term “cookies” to include tracking pixels, web beacons, tags and similar small code files. They capture data, for example, when someone visits or returns to our Public Sites, how they navigate the Public Sites, and if they open an email we send. This information helps us track user movement to, from, and within our Public Sites, measure and improve Public Sites performance, and measure the success of our e-mail communications.

Types of Data Collected

The cookies we use on the Public Sites may collect data such as:

  • IP address or mobile device identifier;
  • Randomly generated ID number;
  • Device type, browser type, and operating system;
  • Time and length of visits;
  • Pages viewed and functions used;
  • Browsing and search history;
  • Online navigation—websites the user came from before and went to after visiting our Public Sites;
  • Interactions with our e-mails, including opening an e-mail and taking actions within the e-mail; and
  • Interactions with the content and advertising on third-party websites.
Third-Party Cookies

The analytics, advertising, social media, and embedded video and audio platforms that place third-party cookies on our Public Sites may combine the aggregated data they collect from cookies on our Public Sites with data they collect from other sources. They can use the combined data to create a profile of your habits and interests that is used by these platforms to direct advertisements to you based on what your online browsing activities reveal about you and your interests. The combined data potentially can be linked to identify you.

We want you to know how cookies can be used so you can make informed choices about your privacy. Please note that the third parties who use cookies on our Public Sites are responsible for how they handle your personal data when they are not providing services directly to us. They are also responsible for explaining their privacy practices to you. For more information about the third parties who may place cookies on our Public Sites and links to their privacy policies, please see our Cookie Policy and the section of this Privacy Notice titled “THIRD-PARTY EMBEDDED CONTENT, LINKS, AND DATA COLLECTION.”

 

HOW YOU CAN RESTRICT COOKIES

See our Cookie Policy for information about how you can manage and restrict some of the cookies used to collect data about your visits to our Public Sites. Our Consent Preferences link offers options to allow or restrict certain types of cookies. You may also be able to use your browser and device settings to restrict data collection via cookies when you visit our Public Sites and other websites. Note that essential cookies cannot be rejected as they are strictly necessary to operate the Public Sites. If you restrict the use of cookies, you may not be able to fully utilize all the features of our Public Sites. If you choose to restrict targeted advertising, you will still receive ads but they will not be targeted to you based on data collected by third-party cookies.

 

YOUR COMMUNICATIONS CHOICES

E-mail Communications

You can opt out of receiving e-mail general information and marketing communications from us by following the “unsubscribe” instructions included in our e-mails or by contacting us as provided in the section titled “HOW TO CONTACT GOG FOUNDATION.” It may take up to ten days to process your request. If you opt out of our general messages, we may still e-mail responses to your direct requests and questions.

Text Messages

We will only contact you by text message if you expressly consent and provide your mobile phone number.

 

RETENTION OF PERSONAL DATA

GOG Foundation will retain your personal data for the period necessary to fulfill a purpose described in this Privacy Notice unless a longer retention period is required or permitted by applicable law. Where required by law, we will delete or de-identify personal data in response to a consumer request (except for legally permitted exceptions).

 

PROTECTION OF PERSONAL DATA

We maintain commercially reasonable security practices appropriate to the nature of the categories and specific items of personal data we collect. While we use reasonable efforts to protect our systems and information, we cannot guarantee the security of your personal data.

If you register to receive our newsletters or other communications, you will be prompted to set a password. You are responsible for maintaining the confidentiality of your password; and you are responsible for any access to or use of your account by someone else who has obtained your password, even if you did not authorize that person to use your account. If you have reason to believe that your interaction with us is no longer secure (for example, if you believe your password may have been compromised), please notify us at the contact information provided in the section titled “HOW TO CONTACT GOG FOUNDATION.”

 

THIRD-PARTY EMBEDDED CONTENT, LINKS, AND DATA COLLECTION

We use embedded media players on our Public Sites that are hosted by independent, “third party” organizations. We may also provide links that direct you away from our Public Sites to educational, scientific, and other resources on websites operated by third parties. We are not responsible for the privacy policies or practices of these third parties. This Privacy Notice does not apply to data processing activities by any website or platform not controlled by GOG Foundation unless it is processing the data on our behalf. The cookie and privacy preferences you select for our Public Sites may not cover how data is collected and used by these third parties. You should review the privacy and cookie statements of these third parties before using their services or websites.

Embedded Content

Our Public Sites may display embedded video, audio and other content from third-party platforms such as YouTube and Spotify. When you view or listen to embedded content on our Public Sites, these platforms may collect information about your use of their content. They may share the information they collect with GOG Foundation and may use it for their own purposes.

What Data Is Collected?

  • Device and browser information: data such as your IP address, the type of device, operating system, and web browser you are using, and device screen size.
  • Cookies and tracking technologies: device identifiers stored on your device (such as cookies, tracking pixels and similar technologies) that help the platform recognize your device and track the types of content that interest you.
  • Referrer URL: the address of the web page where you watched or listened to the embedded content.
  • Interaction data: how long you interact with the embedded content including when you start, pause, seek, or finish watching or listening to it.
  • Account information: your viewing or listening activity may be linked to your Google account (for YouTube) or Spotify account profile if you are signed into your account when you access the embedded content on our Public Sites.
  • Other data as described in the third party’s privacy statement.

Why Is This Data Collected?

  • To provide the content: so the videos or audio play correctly on your device.
  • To improve service quality: to analyze how people use the embedded content and fix any problems.
  • For advertising purposes: to deliver targeted advertisements based on your interests and activity (where applicable, depending on your settings and applicable laws).
  • For personalization: to show you recommendations or ads that match your interests, especially if you are logged in to your account.

Privacy Settings. You can control some of the data shared with embedded content providers through your browser or device settings, such as blocking cookies or managing privacy preferences. Please note that if you choose to disable cookies, some embedded content might not function properly. For more details about how these platforms handle your data, please see their respective privacy policies, including:

Links to Third-Party Websites

We may provide links to third-party websites that contain educational, scientific, and other resources we think may be of interest to you. If you click on a third-party link, you will be directed away from our Public Sites to that third-party website. The third-party operator may collect your IP address, device and browser information including identifier, and other internet browsing data and may set cookies and similar technologies to enable their features to function and track your usage. The cookie and privacy preferences you selected for our Public Sites will not cover how data is collected on third-party websites. You should review the privacy and cookie statements of these third parties before using or sharing your information on their websites.

 

PROCESSING OF PERSONAL DATA IN THE UNITED STATES

GOG Foundation operates in the United States under its federal and state laws and regulations. The personal data privacy rights of individuals are based on the laws of the place where the person resides. If you reside or are located in a different country, the data protection laws of that country may differ from the laws of the United States in the ways your personal data is protected. When you provide your personal data to us (directly or through our service providers, data processors, or third-party platforms), you are giving your consent to (1) transferring your personal data outside of your country of residence, and (2) processing your personal data in accordance with the laws of the United States and the guidelines of this Privacy Notice. We will respond to requests about your personal data as described in the sections of this Privacy Notice titled “DATA PRIVACY RIGHTS AND REQUESTS: UNITED STATES RESIDENTS” and “DATA PRIVACY RIGHTS AND REQUESTS: RESIDENTS OUTSIDE THE UNITED STATES.”

 

DATA PRIVACY RIGHTS AND REQUESTS: UNITED STATES RESIDENTS

GOG Foundation will honor requests to exercise specific privacy rights granted by your state of residence to the extent applicable to our operations. Most privacy laws require clear notice of an organization’s personal data collection and use practices, including the categories of personal data collected, how the information is used, and to whom it is disclosed. That is the purpose of this Privacy Notice.

Consideration of Requests Regardless of State

Even where not required by law, we will attempt to accommodate reasonable requests relating to your personal data, including requests to:

  • Confirm if we have collected your personal data and to know what personal data we collected about you in the past twelve months;
  • Correct or update any inaccurate information we may have about you;
  • Opt out of the sale of your personal information and the sharing of your personal information for targeted advertising or “cross-contextual behavioral” advertising;
  • Remove you from receiving e-mail or text messages from us for promotional purposes by using the unsubscribe feature in our e-mails or texting STOP in response to a text message; and
  • Withdraw any consent you previously granted to use or disclose your personal data.

We will not discriminate against you for making a privacy request.

How to Submit a Personal Data Request

To submit a request or exercise a privacy right, please contact us as explained in “HOW TO CONTACT GOG FOUNDATION” below. We may need to request additional information to verify your identity. Where applicable laws set a timeframe for responding to privacy requests, we will respond within that timeframe. Otherwise, we will try to respond to a verifiable request within 45 calendar days of receiving it. We will contact you using the e-mail or other address you provided when you submitted your request or using the address we have on file for you.

 

DATA PRIVACY RIGHTS AND REQUESTS: RESIDENTS OUTSIDE THE UNITED STATES

Legal Basis for Processing Personal Data

The data protection laws in the European Economic Area (“EEA“) and other countries and jurisdictions may require us to identify the legal basis we rely on to process your personal data. To the extent those laws apply to GOG Foundation, our legal basis for processing your personal data is one or more of the following:

  • Consent. You have given consent to the processing of your personal data for one or more specific purposes.
  • Contract with you. Processing is necessary to enter into or perform a contract with you.
  • Legal compliance. Processing is necessary to comply with our legal obligations.
  • Legitimate interests. Processing is necessary for the purposes of our legitimate interests in fulfilling the GOG Foundation mission in ways that we believe are not overridden by the interests or fundamental rights and freedoms of the affected individuals. These purposes are described in the section titled “HOW WE USE PERSONAL DATA.”
Personal Data Rights

Listed below are some of the data privacy rights that may be available to residents of the EEA and other countries outside of the United States. Detailed information about the General Data Protection Regulation (“GDPR“), which covers residents of the EEA, is available at https://commission.europa.eu/law/law-topic/data-protection/information-individuals_en. Please note that the exercise of these rights may be subject to specific conditions and limitations, and we may take steps to confirm your identity before acting on your request.

  • Access, which is confirmation as to whether or not we are processing your personal data and, if so, information about the categories, purposes, disclosure, sources, use of automated processing, and additional rights related to your personal data.
  • Erasure of your personal data under certain circumstances (for example, when the personal data is no longer necessary for the purposes for which the data was collected).
  • Restriction on processing of your personal data under specific circumstances.
  • Objection to processing under specific circumstances (including direct marketing).
  • Data portability, which is the right to receive a portable format copy of personal data we have about you in transferable form.
  • Revocation of your previously granted consent to processing your personal data; however, revocation does not invalidate the consent-based processing that occurred before the revocation.
  • To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
How to Exercise Your Personal Data Rights

If you are a resident outside the United States, you may exercise your personal data rights by submitting a request as explained in “HOW TO CONTACT GOG FOUNDATION” below. Your request is free of charge in most instances. Where applicable law sets a timeframe for responding to these requests, we will respond within that timeframe. For EEA residents covered by the GDPR, we will respond without undue delay and in any event within one month of receipt of the request. We will communicate with you at the e-mail or other address you indicated, if any, when you submitted your request or at the address we have on file for you.

If, after evaluating your request, GOG Foundation does not take action on your request, we will inform you without delay and at the latest within one month of receipt of your request as to the reasons for not taking action and the possibility of lodging a complaint with a local data protection authority and seeking a judicial remedy.

We may extend our response time by two further months when necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receiving your request, together with the reason for the delay.

 

MINORS

We do not knowingly collect any personal data from children under the age of 16 without verifiable consent from a parent or legal guardian. If you have reason to believe that a child under the age of 16 has provided personal data to us through the Public Sites, please contact us as explained in the section below titled “HOW TO CONTACT GOG FOUNDATION.”

 

NOTIFICATION OF CHANGES TO THIS PRIVACY NOTICE

We may update or revise this Privacy Notice at any time and will post the revised Privacy Notice on the Public Sites. If we make material changes in our privacy practices, we will post an alert on the Public Sites.

Any changes will become effective upon the posting of the revised Privacy Notice on the Public Sites. You can determine when the Privacy Notice was last revised by referring to the “Effective Date” legend at the top of the Privacy Notice.

By continuing to use our Public Sites following such changes, you will be deemed to have agreed to such changes. If you do not agree with any or all of the terms of our Privacy Notice as in effect at any time, you should not continue to use our Public Sites.

 

HOW TO CONTACT GOG FOUNDATION

If you have questions or comments about this Privacy Notice or would like to make a privacy request or exercise a privacy right, please contact our Data Protection Officer (DPO) by email at legal@gog.org, or mail to:

The GOG Foundation, Inc.
Attn. General Counsel
1600 John F Kennedy Boulevard, Suite 1020
Philadelphia, PA 19103
United States