NONSUCH FOUNDATION

1. About This Policy

This Privacy Policy describes how the Nonsuch Foundation (“the Foundation,” “we,” “us,” or “our”) handles information in connection with your use of nonsuchfoundation.com. It explains what information we collect, why we collect it, how we use it, and what rights you have in relation to it. For purposes of applicable data protection law, the Nonsuch Foundation is the data controller in respect of any personal information collected through this website. By using this website, you acknowledge that you have read and understood this Privacy Policy. Where your use of this website constitutes consent to any data processing activity described herein, you may withdraw that consent at any time by contacting us through the information provided in Section 14. Withdrawal of consent does not affect the lawfulness of any processing carried out prior to withdrawal.

2. Our Data Minimization Commitment

The Nonsuch Foundation operates under a strict data minimization policy. We do not build user profiles. We do not engage in behavioral tracking. We do not serve third-party advertising on this website. We do not sell, rent, or trade personal information under any circumstances. We collect personal information only when you voluntarily provide it and only to the extent necessary to fulfill the specific purpose for which it was provided. If you browse this website without submitting any information, we do not collect or retain personally identifiable information about you.

3. Information We Collect and How We Collect It

We collect information in two ways: information you provide to us voluntarily, and limited technical information collected automatically by our website infrastructure.

3.1 Information You Provide Voluntarily
When you contact us through our website contact form or by email, we collect the information you include in that communication. This typically consists of your name and email address, and any other details you choose to include in your message. We also collect your email address if you voluntarily subscribe to our newsletter or mailing list. We do not require you to provide a phone number or physical mailing address to use this website. If you voluntarily include such information in a message to us, it is retained only for the purpose of responding to your inquiry and is not added to any database or marketing list.

3.2 Automatically Collected Technical Information
Like most websites, our hosting infrastructure may generate server logs that record standard technical data, including IP addresses, browser type, referring URLs, and the date and time of requests. This information is generated automatically as a function of web server operation and is used solely for security monitoring, diagnosing technical problems, and maintaining the integrity of the website. It is not used to identify individual users, build profiles, or support marketing activities. If this website uses a content management system with built-in analytics or caching functionality, such data is processed solely for website performance and security purposes and is not shared with third-party advertising platforms.

3.3 Information We Do Not Collect
We do not collect sensitive personal information, including but not limited to financial account details, government identification numbers, health or medical information, biometric data, or racial or ethnic origin. We do not knowingly collect any personal information from children under the age of 13. If we become aware that personal information has been submitted by a child under 13 without verifiable parental consent, we will delete that information promptly.

4. Legal Basis for Processing

Where data protection laws require us to identify a legal basis for processing personal information, we rely on the following: (a) Consent: Where you have voluntarily provided your information, such as subscribing to our newsletter or submitting a contact inquiry, we process that information on the basis of your consent. You may withdraw consent at any time without affecting the lawfulness of prior processing. (b) Legitimate Interests: We process limited technical data, such as server log information, on the basis of our legitimate interest in maintaining the security and proper functioning of this website, provided that interest is not overridden by your rights and interests. (c) Legal Obligation: We may process or retain information where required to do so by applicable law, regulation, or court order. We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects on you.

5. How We Use Your Information

We use the personal information we collect strictly for the following purposes: (a) To respond to inquiries, questions, or communications you direct to us; (b) To send newsletters, updates, or event information to subscribers who have explicitly opted in to receive such communications; (c) To maintain and improve the security and technical performance of this website; (d) To comply with applicable legal obligations, respond to lawful requests from authorities, or protect the legal rights and interests of the Foundation; (e) To enforce our Terms & Conditions and address potential violations. We do not use your personal information for any purpose beyond those stated above without first obtaining your explicit consent.

6. Cookies and Tracking Technologies

Cookies are small text files placed on your device by a website to enable certain functionality or to collect information about your visit. The Foundation’s use of cookies is limited and described below.

6.1 Essential Cookies
This website may use cookies that are strictly necessary for the website to function correctly, such as session cookies that maintain your browsing state or security tokens that protect form submissions. These cookies do not collect personal information for marketing purposes and cannot be disabled without impairing basic website functionality.

6.2 Analytics and Performance Cookies
If this website uses analytics tools, any such tool is configured to collect only anonymized, aggregated data about site traffic and usage patterns. We do not use analytics tools that build individual user profiles or share data with advertising networks. If you prefer to prevent even anonymized analytics collection, you may disable cookies in your browser settings or use a browser extension that blocks tracking scripts.

6.3 Third-Party Service Cookies and Data Collection
This website does not serve third-party advertising and does not use advertising cookies. However, certain functionality on this website is delivered through third-party platforms that operate under their own privacy policies and may independently collect technical data from visitors. This website uses Listen2It, a text-to-speech audio service, to deliver audio versions of articles and podcast content. When you interact with a Listen2It audio player on this site, Listen2It may collect technical data including your IP address, browser type, device information, and usage data as part of delivering that service. Listen2It hosts its service on Amazon Web Services. The Foundation does not control Listen2It’s data collection practices. Listen2It’s privacy policy is available at getlisten2it.com/privacy. This website also embeds podcast content hosted on Spotify. When you interact with a Spotify embedded player, Spotify may collect data in accordance with its own privacy practices, including data linked to your Spotify account if you are logged in. The Foundation does not control Spotify’s data collection. Spotify’s privacy policy is available at spotify.com/privacy. We encourage you to review the privacy policies of both platforms before interacting with their embedded content on this site.

6.4 Managing Cookies
You can control and delete cookies through your browser settings. Instructions for managing cookies in the most common browsers are available at the browser developer’s support pages. Please note that disabling certain cookies may affect the functionality of some features of this website.

7. How We Share Your Information

The Nonsuch Foundation does not sell, trade, rent, or otherwise transfer your personal information to third parties for their own commercial purposes under any circumstances. We may share your information in the following limited circumstances only: (a) Service Providers: We may engage trusted third-party service providers to assist with operating this website or delivering services, such as email delivery platforms for our newsletter. These providers are permitted to access your information only to the extent necessary to perform their specific function and are contractually required to maintain the confidentiality and security of your information. They may not use your data for any purpose beyond the scope of the services they provide to us. (b) Legal Compliance and Protection: We may disclose your information where required by applicable law, regulation, legal process, or enforceable government request. We may also disclose information where we reasonably believe disclosure is necessary to protect the rights, property, or safety of the Foundation, our users, or the public, or to detect and prevent fraud or security threats. (c) Business Transfers: In the event of a merger, acquisition, restructuring, or sale of all or substantially all of the Foundation’s assets, personal information held by the Foundation may be among the assets transferred. We will notify affected individuals of any such transfer and any material change in data practices by posting notice on this website. In all cases, we share only the minimum information necessary for the stated purpose.

8. Data Security

We take reasonable and appropriate technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures are proportionate to the nature and volume of personal information we hold, which, consistent with our data minimization policy, is limited. No method of electronic transmission or storage is completely secure. While we work to protect personal information using commercially reasonable means, we cannot guarantee absolute security. In the event of a data breach that creates a risk to your rights and freedoms, we will notify affected individuals and relevant authorities as required by applicable law. We are not responsible for the security of information you transmit to us via third-party email providers or platforms, as those transmissions occur outside our control.

9. Data Retention

We retain personal information only for as long as necessary to fulfill the purpose for which it was collected, including any applicable legal, regulatory, or reporting requirements. Contact inquiry data is retained only for as long as necessary to resolve your inquiry and for a reasonable period thereafter in case of follow-up, typically no longer than two years. Newsletter subscriber information is retained until you unsubscribe or request deletion. Upon unsubscription, your email address is removed from active distribution lists promptly. Suppression records may be retained to honor your opt-out preference. Server log data is retained for the minimum period necessary for security and technical maintenance purposes, after which it is deleted or anonymized. When personal information is no longer required, it is securely deleted or irreversibly anonymized so that it can no longer be associated with you.

10. Your Rights — European Union and EEA Residents

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR) with respect to personal information we hold about you. These rights apply subject to applicable exemptions and limitations under law. (a) Right of Access: You have the right to request confirmation of whether we hold personal information about you and, if so, to receive a copy of that information. (b) Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information we hold about you. (b) Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information we hold about you. (c) Right to Erasure: You have the right to request deletion of your personal information where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent, or where we have no other lawful basis for retaining it. (d) Right to Restriction of Processing: You have the right to request that we restrict processing of your personal information in certain circumstances. (e) Right to Data Portability: Where processing is based on your consent or a contract with you and is carried out by automated means, you have the right to receive your personal information in a structured, commonly used, and machine-readable format. (f) Right to Object: You have the right to object to processing of your personal information where we rely on legitimate interests as our legal basis, unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms. (g) Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing. (h) Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal information in accordance with applicable law. To exercise any of these rights, please contact us using the information in Section 14. We will respond to verified requests within the timeframes required by applicable law, generally within 30 days.

11. Your Rights — California Residents

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights apply regardless of the Foundation’s jurisdiction of registration. (a) Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it. (b) Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions. (c) Right to Correct: You have the right to request correction of inaccurate personal information we hold about you. (d) Right to Opt Out of Sale or Sharing: We do not sell personal information and do not share personal information for cross-context behavioral advertising. No opt-out mechanism is required for this activity because we do not engage in it. (e) Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. We will not deny services, charge different prices, or provide a different level of service based on your exercise of these rights. To submit a verifiable consumer request under the CCPA or CPRA, please contact us using the information in Section 14. We will respond within 45 days of receipt of a verified request. If additional time is required, we will notify you of the extension and the reason within the initial 30-day period. California residents may also designate an authorized agent to submit requests on their behalf. We will require proof of the agent’s authorization and may require you to verify your own identity directly before processing an agent-submitted request.

12. International Data Transfers

If you are located in the European Union, the United Kingdom, or another jurisdiction with data transfer restrictions, please be aware that your personal information may be transferred to and processed in a country whose data protection laws differ from those of your jurisdiction. Where such transfers occur, we take steps to ensure that your personal information receives an adequate level of protection, including where necessary by relying on applicable transfer mechanisms recognized under relevant data protection law. By using this website and voluntarily submitting your personal information, you acknowledge that your information may be transferred and processed outside your country of residence.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or the features and functionality of this website. When we make material changes, we will update the “Last Updated” date at the top of this document and post the revised policy on this page. Material changes will be posted on this website prior to becoming effective. Your continued use of the website after a revised policy has been posted constitutes your acknowledgment of the updated policy. If you disagree with any changes, you should discontinue use of this website and, where applicable, request deletion of your personal information using the contact information below.

14. Contact Information and Data Requests

For questions about this Privacy Policy, to exercise any of your data rights, or to submit a content permission request, please contact the Nonsuch Foundation through the contact channels provided on this website. When submitting a data rights request, please include sufficient information to allow us to verify your identity and locate your personal information. We will not be able to fulfill requests from individuals we cannot reasonably verify. We aim to respond to all legitimate privacy inquiries within 30 days. For requests that require additional time, we will notify you of the extension and the reason within the initial 30-day period.