Privacy Policy

1. Scope

The Common Grant Application® system is a Web-based service that allows grantmakers and grant or scholarship applicants to view each other's profiles, backgrounds and funding interests; and submit, receive, review, track and manage grant or scholarship applications. The Common Grant Application is a data processor for the grantmakers and applicants using its system. The data processor processes data on behalf of the data controller.

The Common Grant Application ("CGA") is a project of Oceanpeak, Inc. ("Oceanpeak"). For purposes of this Privacy Policy, CGA and Oceanpeak are used interchangeably. This Privacy Policy describes the collection, storage, use and disclosure of personal information collected on the Web Site. Read this Privacy Policy carefully before accessing or using the CGA Web Site ("Web Site") located at www.commongrantapplication.org (including any successor sites). Your access to and continued use of this Web Site constitutes Your agreement to the collection, storage, use and disclosure of Your personal information as described in this Privacy Policy. If You do not agree to be bound by this Privacy Policy, You may not access or use this Web Site.

If you have any questions or concerns about our Privacy Policy, please contact us as described below in section 19.

2. Collection

This Web Site has three levels of service: Basic, Select and Complete. You can access and use the Basic services of the Web Site without telling us who you are or revealing any personal information about yourself. You will need to tell us who you are and provide some personal information during a registration process in order to access and use the Select and Complete services of the Web Site. Once you give us Your personal information, you are no longer anonymous to us.

We may collect and store the following personal information:

If certain requested personal or other information that is designated as "required" is not provided, applicant Users applying to grantmaker Users may find that their grant or scholarship applications to grantmaker Users may not be accepted, which may delay or prevent the application from being submitted to and reviewed by the grantmaker User. Personal or other information that is designated as "optional" does not need to be provided. Applicant Users should communicate directly with their designated grantmaker Users if any grant or scholarship application is delayed or declined or otherwise results in an outcome that does not satisfy the applicant Users expectations.

3. Use

We will only collect, use, and share your personal information where we are satisfied that we have an appropriate lawful basis to do so. Our lawful basis for using Your personal information includes:

CGA is a data processor, the applicants and grantmakers using our system are data processors. As such, it is CGA policy not to judge, evaluate, conduct any verification of or perform an investigation on any data provided on or about an applicant or grantmaker regardless of the source of that data.

4. Our Disclosure of Your Information

We may share Your personal information with:

We do not share, rent or sell Your personal or aggregated information with third-party companies for their commercial or marketing use.

Your credit card, debit card or banking information is only shared with our banking service provider and the credit card processor or bank that you have chosen in order to complete on-line payment of applicable fees. It is not shared with other Users or third-parties.

5. Using Information from CGA

The Web Site enables you to view other Users profiles, backgrounds and funding interests; and submit, receive, review, track and manage grant applications.

You agree to use the User submitted personal information only for the "Permitted Uses" as described in the User Agreement.

CGA is not responsible for how any applicant or grantmaker (after accessing or receiving your personal information from us) will use, store or protect the information in their possession. You are encouraged to review the applicants or grantmakers individual privacy policies and information practices as to how they use, store or protect your personal information and CGA neither accepts nor assumes any liability or responsibility for the use, storage or protection of your personal information by said applicant or grantmaker.

6. Cookies, Clear GIFs and Web Beacons

We use "cookies" (small text files containing a string of alphanumeric characters sent to Your computer to that uniquely identifies Your web browser) on certain pages of the Web Site to provide convenient access to the Web Site, help analyze our web page flow, customize our services and measure the Web Site's effectiveness. A cookie created by one website service can only be retrieved by that website service.

A few important things you should know about cookies, clear GIFs and Web beacons are that:

7. Communications

We do not share, rent or sell Your personal or aggregated information with third-party companies for their commercial or marketing use.

We may on occasion use Your email addresse to send CGA marketing updates or newsletters. Users may choose to receive or not receive email of this type by opting-in or opting-out. All marketing updates or newsletters will also include instructions for opting-in or out of those communications. We may, however, use Your email address without Your further consent to send You certain non-marketing or administrative communications from time to time, including:

You will not be able to opt-out of receiving these non-marketing or administrative communications.

8. Spam

We and our users do not tolerate spam. To report CGA related spam or spoof emails to CGA, please contact us as described below in section 19.

You may not use our communication features, services and tools to send spam or otherwise send content that would violate the User Agreement. If you send an email through the Web Site to an email address that is part of our community (via the Inquire or other tools), we do not permanently store that email or use that email address for any marketing purpose.

9. Accessing, Reviewing and Changing Your Personal Information

You can access, review and change Your account personal information (name, email, user name, password, email preferences) at any time by logging into Your account on the Web Site. Generally, we will not manually modify Your personal information because it is very difficult to verify Your identity remotely. You must promptly update Your account personal information if it changes or is inaccurate.

You can access and review your application personal information at any time by logging into Your account on the Web Site. You cannot change your application personal information once an application has been submitted to a grantmaker. After submission, you must contact the grantmaker directly to have them change any personal information in the application.

We may, at our sole discretion and without prior notice, terminate Your access to and use of the Web Site and/or block Your future access to and use of the Web Site, if we have determined that you have violated this Privacy Policy, the User Agreement; upon requests by law enforcement or other government agencies; upon extended periods of inactivity; or upon Your request.

If we close Your account, we will remove Your account personal information as soon as reasonably possible, based on Your account activity and in accordance with applicable laws and regulations.

Instructions for accessing, reviewing and changing your personal information are at: Help -> Managing Personal Information -> Overview

10. Removing Your Personal Information

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this Privacy Policy and the User Agreement.

When your information is no longer needed, we will ensure that it is disposed of in a secure manner.

We may retain personal information from closed accounts in order to comply with laws and regulations, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, enforce our Privacy Policy and User Agreement, and take other actions otherwise permitted by law.

11. Security

Your user name and password are the keys to Your account. Use unique numbers, letters, and special characters for Your password and do not disclose Your password to anyone. If you do share Your password or Your personal information with others, remember that you are responsible for all actions taken in the name of Your account. If you lose control of Your password, you may lose substantial control over Your personal information and may be subject to legally binding actions taken on Your behalf. Therefore, if Your password has been compromised for any reason, you should immediately notify CGA and change Your password.

We treat the information, data and documents on the Web Site as assets that must be protected. We have implemented and use a variety of administrative, technical and physical measures to protect Your personal information against unauthorized access, disclosure, alteration and destruction, including:

We cannot, however, guarantee the security of Your personal information. Unauthorized access, entry, use, interception, hardware or software failure and other factors may compromise the security of personal information at any time. Therefore, although we use commercially reasonable efforts to protect and ensure the security of our systems, we do not promise, and you should not expect, that Your personal information or private communications will always remain private.

If we learn of a security breach and depending on the nature of the breach, we may attempt to notify you via email so that you can take appropriate protective steps. We may also post a notice on the Web Site if a security breach occurs. Depending on where you live, you may have the legal right to receive notice of a security breach in writing.

12. Third Parties

Except as otherwise expressly included in this Privacy Policy, this document addresses only the use and disclosure of information we collect from you. The Web Site may contain links to third-party websites that are not owned or controlled by CGA. If you disclose Your personal information to third-parties, whether to grantmakers, applicants or others on the Web Site or other web sites, different policies and rules may apply to their use or disclosure of the information You disclose to them. CGA has no control over, and does not assume any liability or responsibility for the content, practices or privacy policies of any third-party websites or those organizations that receive the personal information that is collected from the Web Site. We encourage you to ask questions before you disclose Your personal information to others.

13. Marketing

We do not share, rent or sell Your personal or aggregated information with third-party companies for their commercial or marketing use.

CGA does not understake any automated decision making.

14. International Users

CGA operates on a global basis and its Web Site is hosted in the United States. This means that Your personal information will be transferred to and stored in the United States, which may be subject to different standards of data protection than your country of residence.

If you access or use the Web Site from the European Union, Asia, or any other region with laws or regulations governing personal information collection, use, and disclosure, that differ from United States laws or regulations, please be advised that through Your continued use of the Web Site, which is governed by United States laws and regulations, our User Agreement and our Privacy Policy, you consent to the transfer and storage of Your personal information to our servers located in the United States.

15. European Union Users

If you are a User located in a European Union country, Iceland, Liechtenstein, Norway, or Switzerland and you provide us with your personal information, you are now afforded new widespread privacy rights under the General Data Protection Regulation (GDPR) effective May 25, 2018. Under the GDPR, new higher standards on what is considered the lawful processing of EU data are imposed; there are now more explicit privacy rights afforded to you; and there are now new accountability standards imposed on organizations that collect, handle, store and/or process your data.

Under the GDPR, from the moment that we first collect Your data, you are now afforded various new privacy rights, including but not necessarily limited to:

If you wish to access any of the above-mentioned rights, please contact us as described below in section 19. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfil your request. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

16. Children

Our Web Site is for grant and scholarship applicants, and grantmakers to manage their grantmaking and scholarshp process. Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from Users in this age group.

17. Modification

In general, we only use Your personal information in the manner described in the Privacy Policy in effect when we received the personal information you provided.

CGA reserves the right, in its sole discretion, to modify, alter or otherwise revise this Privacy Policy at any time by posting such modified version on the Web Site. You agree to monitor regularly the Privacy Policy as it appears on the Web Site. Your continued use of the Web Site after the posting of any modified versions shall constitute Your agreement to the modified Privacy Policy.

18. Date Last Modified

This Privacy Policy is version 1.4 and was last modified June 1, 2018.

19. Contact

If you have any questions about the Privacy Policy; Your personal information, Your consent for the use of Your personal information, Your opt-in or opt-out choices, the User Agreement, the practices of the Web Site; or Your dealings with the Web Site, please use our: contact us form or by mail at:

Common Grant Application
Privacy Compliance
PO Box 3209
Santa Monica, CA 90408.

You have a right to lodge a complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place or work or place of alleged infringement) at any time. We ask that you please attempt to resolve any issues with us before your local supervisory authority. Your local authority can be found here.

20. Emails Sent to Us

Please note that any emails or other communications that you send to us or which we have been given legal access to, may be copied, forwarded or distributed to other appropriate Users or third-party service providers at our sole discretion.