1. Information Collected
Personally-Identifiable Information (“Personal Information”) is information that identifies you, such as your name, phone number, email address, mailing address, credit card number (if you use a credit card to make a donation), or organizational affiliation. CI and CI’s service providers only collect Personal Information when you submit such information to sign-up for our personalized services, for example when you sign up for the CI newsletter or donate.
- We may collect Personal Information you provide to us over the phone, in email, through a face-to-face conversation, or through online and offline forms such as CI newsletters, surveys, donation forms, event registration, contests, grant applications, grant-related communications and advocacy action alerts that you populate.
- When you engage with CI on social media, we may collect basic information on your profile, including your name and profile bio, the size of your following, your social sharing activity and your content preferences from social media platforms used by you.
- We may also collect information from or about you from other public online and offline sources, such as LinkedIn, or information published in online or print media, in addition to your use of the Sites or when you communicate with us. For example, when you attend one of our events, we may ask you for your contact information to follow up with you about other opportunities to engage on CI’s mission (see also Section 2, Use of Information)
Device and Location Information
When you visit our Sites, some information is automatically collected from devices used to visit our Sites, including your computer’s IP address, the type of browser you use. We also get information about in-bound domain names and pages viewed. This data tells us which pages our users visit and what information they volunteer, such as survey information and/or site registrations.
We also collect information about your usage and activity on our Sites using certain technologies, such as cookies, web beacons and other technologies (see our Cookies Policy for more details).
2. Use of Information
We will only collect and process Personal Information about you where we have lawful bases. Lawful bases include consent (where you have given consent) and our legitimate interest in operating, managing and promoting our organization, maintaining our relationship with you and protecting CI and our Sites provided that such processing shall not outweigh your rights and freedoms. Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact email@example.com
Examples of uses of Personal Information where you have given consent are:
- to periodically alert you to CI news and events when you signed up for the CI newsletter or other news updates
- to contact you about contests or sweepstakes you entered through our Sites and to invite you to participate in new contests and sweepstakes
- to process donations we receive from you (see also Section 4, Security)
- to make grant funding decisions, conduct funding related due diligence and administer CI funding agreements
Examples of use and sharing of Personal Information for legitimate interests are:
- to customize your web experience or content you receive via email
- to respond to your inquiries
- to encourage engagement with content on social media platforms
- for internal data analysis, for example to identify trends, determine effectiveness of past and current campaigns, enhance current online tools, and plan future digital strategies
- to conduct supporter and prospect research
- in response to a subpoena or when we are required to do so by law, for example, in response to a court order or other legal obligation
- in response to a law enforcement agency’s request
- to protect the security or confidentiality of our records
- in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with our rights
- to manage corporate transitions, such as reorganizations
Information Combining, Aggregation and Analysis
We may combine and use data analysis to interpret your information and predict how likely you are to be interested in or responsive to a particular campaign or fundraising communication. If we conclude that you have the potential or interest in supporting CI’s efforts at a higher level, we may collect additional publicly available information about you and combine and analyze that information into a donor profile, which allows us to engage with you in a customized manner that is responsive to your supporter interest. We commonly look at and combine information from public information resources and other data sources that you chose to make available publicly on your social media channels to give insight into your philanthropic interests and ability to support us. In addition, we may use trusted third party companies that analyze and measure available information to assess affluence. This helps us understand more about your interests and level of potential engagement or donation. Examples of companies that assist us in this process are WealthX and Blackbaud. You can opt out of your data being combined and analyzed for prospect research by contacting us as described in Section 3 (Your Choices).
In some instances, we may combine Personal Information with Device Information or Location Information. If we do, we will treat the combined information as Personal Information as long as it is combined.
We may aggregate non-personally identifiable information collected from you and other users as well as Device Information or Location Information to produce general statistics that cannot be linked to your or any specific user and with which we attempt to provide you with a better experience on our Sites, to improve services, and to analyze and understand how our Sites are used.
Some of the ways we use your Personal information require us to share information with third parties, so we can provide an effective user experience and comply with laws that apply to us:
Law enforcement agencies or government agencies. We only share information if we believe that disclosure is reasonably necessary to comply with a law, regulation or legal request; to protect the safety, rights, or property of the public, any person, or CI; or to detect, prevent, or otherwise address fraud, security or technical issues.
Affiliates. If we were to engage in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding that involves the transfer of the information described in this Policy, we would share your information with a party involved in such a process (for example, the successor organization of CI).
We keep your Personal Information only so long as we need it fulfill the purposes described in this policy. When we no longer need to use your Personal Information and there is no need for us to keep it to comply with our legal or regulatory obligations, we will either remove it from our systems or depersonalize it so that you cannot be identified.
3. Your Choices
You can control the type of information collected through our Sites, for example by not accepting cookies from CI, by erasing all CI cookies from your browser, or by not providing Personal Information when prompted.
If you wish to update your Personal Information with us or change your communications preferences or if you no longer wish to receive communications from us, please click on the “unsubscribe” link in the email to unsubscribe or tell us so by email, phone, or written letter. Please include your exact name and contact details so that we can correctly remove you from our mailing list. Our mailing address is: Conservation International Foundation 2011 Crystal Drive, Suite 500 Arlington, VA 22202. We can be reached via email at firstname.lastname@example.org or by telephone at (703) 341-2400.
If you are a resident of the United States and would like to opt-out of receiving text messages, that you previously signed up for, text STOP to 21333.
We use appropriate and reasonable administrative, physical, and technical measures to safeguard Personal Information controlled by CI. Only employees who need the information to perform a specific job are granted access to personally identifiable information.
All online donation transactions are encrypted using the Secure Socket Layers (SSL) protocol. Such transactions are processed through Blackbaud, a VeriSign secured and PCI DSS compliant gateway provider, and are not stored or processed on CI’s servers. Blackbaud acts as the controller of your credit or debit card information. PCI DSS is the payment card industry security requirement for entities that store, process or transmit cardholder data. PCI DSS Compliance gives consumers the confidence they need to know that organizations accepting donations are doing so in a verified, secure, and consistent fashion. Convio received Level 1 PCI compliance - the highest level validation. The use of VeriSign SSL Certificates provide for the highest level of encryption available. These comprehensive standards are intended to help CI proactively protect your account data — a responsibility we take very seriously. For more information, visit https://www.blackbaud.com/security/pci-compliance.
5. Linked Websites
Our Sites contains links to other websites. We are not responsible for the privacy practices or the content of such websites.
6. Children’s Privacy
We recognize the importance of protecting the privacy of children on the web and will never collect or maintain information at our website from those we actually know are under 13 years old. No part of our website is directed at children under the age of 13, and we do not knowingly collect Personal Information from children under age 13. If we discover that a person under the age of 13 has provided us with any Personal Information, we will delete that information from our systems. We do not reply to information requests from children under the age of 13, if so identified. A parent or guardian must initiate any requests for information from children under the age of 13 on their behalf. We encourage parents to supervise children when they browse the internet.
7. Notices to Residents of Certain Jurisdiction
It is our policy not to disclose any Personal Information we collect to third parties for direct marketing purposes under any circumstances. However, California Civil Code Section 1798.83 requires that all California residents be afforded the option to exercise their choice of whether Personal Information may be shared with third parties for direct marketing purposes or not, as well as to receive information specified in the statute if Personal Information is disclosed to third parties for direct marketing purposes. Accordingly, if you are a California resident and you wish to inform us whether you permit or refuse the sharing of your personal information with third parties for direct marketing purposes, or if you wish to request certain information if your personal information were to be disclosed to third parties for direct marketing purposes, please contact us as described in the Section 3, Your Choices.
EU and UK Residents
In accordance with applicable law, you are entitled to know what personal information we hold about you and you may ask us to make any necessary corrections to ensure that it is accurate and kept up to date. Under applicable law, you also have the right to request deletion of your personal information or to object to the processing of your personal information. If you wish to exercise your rights, please contact us as detailed in Section 3 (Your Choices). You may also have a right to complain to your data protection authority. CI is based in the United States. Please be aware that if you submit information to us, it will be stored on servers in the United States.
You can contact us as described in Section 3 (Your Choices) to enforce your privacy rights at any time, including to access your data, ask for your data to be updated, amended or deleted as well as to oppose the way we use your personal data. You may also contact us to request to revoke your previously granted consent to the extent permitted by law. Through the same contact data, we may inform you about:
- the information that you will be asked to provide to identify yourself as well as the documents you may need to enclose with your request;
- timeframes to receive a response regarding your request;
- forms available for submitting your request, including template forms that you may use to apply, if available, and the channel through which our answer will be delivered to you; and
- how we will deliver your information to you (which usually would be copies of documents, data messages).
If you have any questions, comments, or complaints about our collection, use, or disclosure of personal information, or if you believe that we have not complied with this Policy or the Privacy Act 1988 (Cth), please contact us as detailed in Section 3 (Your Choices). When contacting us, please provide as much detail as possible in relation to your question, comment, or complaint. We will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need. If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner. For more information, please refer to www.oaic.gov.au.
8. Cross Border Transfers
Your Personal Information may be stored and processed in any country where we have facilities or service providers, and by using our Sites and providing Personal Information to us, or by providing consent to us (where required by law), you agree to the transfer of information to countries outside of your country of residence, including to the United States, which may provide for different data protection rules than in your country. Where required, we have implemented appropriate cross-border transfer solutions to provide adequate protection for transfers of certain personal information, including, but not limited to, the European Commission’s Standard Contractual Clauses.
We reserve the right to modify or supplement this policy at any time. If a material change to this policy is made, we will post a notice on the home page, and any changes to the policy will be posted on this page.
If you have any questions about our privacy statement or the practices of this site, please contact us at email@example.com.