This Policy was last updated on February 3, 2020.
A “controller” is the legal entity which, alone or jointly with others, determines the purposes and means of the processing of personal data. NIF is the data controller for all data described by this policy.
Information Collection, Use, Access, and Retention.
We collect information in several ways through our Site. When you use our Site, we collect personal information about you that you affirmatively choose to provide to us. For instance, when you donate, you must provide your first name, last name, email address, mailing address, and payment information. You may also provide the name of the person that your donation is in honor of or in memory of as well as the occasion for which your donation relates. We also collect personal information in other ways, such as when you sign up for our email list, contact us by email or traditional mail, and/or contact us by telephone.
In addition to the cookies described above, the Site uses a Facebook Pixel and a Google Adwords tag. If you are located in the European Economic Area (“EEA”), we will provide you with a choice as to whether you accept placement of these cookies when you first visit the Site. You may withdraw this consent at any time by clicking on the cookies banner on the home page (you may have to reload the webpage).
When you interact with our Site, we also collect limited non-personally identifying information that the browser you used makes available automatically. This information includes the internet address of the computer or network you used to access our site, the date, time, and page(s) you visited on our site, the browser and operating system you used, and the referring page (the webpage that contained the link to our site that you clicked on to get there).
When you make a donation, we will collect your payment information. We use EveryAction to collect and process your payment information. Your credit card information is not held by us and we use EveryAction, because the safety of your credit card information is important to us, and EveryAction specializes in the secure online capture and processing of credit and debit card transactions. As with all our third party vendors, we have agreements in place with EveryAction that ensure that the vendor complies with the terms of this policy.
We have a legitimate business interest in ensuring that our Site operates correctly and efficiently. To that end, we use the aggregated nonpersonal data and information from all users of our Site to measure server performance, analyze user traffic patterns, and improve the content of our Site. We sometimes track the keywords that are entered into our search engines to measure interest in specific topics and to improve the consumer experience on the site.
We have a legitimate business interest in communicating with you about your donations and subscriptions, and will use your personal information to send you important non-commercial emails, such as administrative notices related to your donations and/or subscriptions.
With your consent, we may share your information with key partners and affiliates, whose services we believe are of interest to you. We have contractual relationships with all such partners and affiliates that require them to safeguard your information and allow you to opt out of receiving further information from them. Once you have provided your consent for us to share your information, and those third parties reach to you directly, their use of your data is governed by their own privacy policies, and is not controlled by NIF. You can revoke your consent to receive any or all of this information by following the unsubscribe instructions in an email you receive from one of our partners (this will only unsubscribe you from receiving further marketing messages from that partner), or by following any other instructions these partners may provide you. If you would like to revoke your consent to NIF sharing your information with its partners, you can do so by sending an e-mail to [email protected] that contains the email address you wish to revoke consent for third-party sharing.
We also have a legitimate business interest in complying with our legal obligations. To that end, we may release personal information if we believe in good faith that: the law or legal process requires it; we have received a valid administrative request from a law enforcement agency; or such release is necessary to protect our rights, property, or safety, or that of our respective affiliates, business partners, customers, or others. Because the law provides we must retain and maintain records relating to donors, we are also obligated under the law to keep certain of your information and disclose it upon request or subpoena to government entities, such as the Internal Revenue Service.
NIF has a legitimate interest in donor safety. To that end, we will use donor personal information to act in urgent circumstances such as a security or medical emergency during donors’ international travel with NIF—in order to protect the personal safety of the donors and others.
Pursuant to your reasonable request, we will provide you or a third-party you specify with a list of all of your personal information that NIF has collected.
Similarly, upon your request, we will make corrections to our records of your personal data.
As described above, some of the online services available through our Site allow you to provide personal information. All personal information we collect is stored and processed in the United States.
We will retain your personal information while you have an active relationship with NIF, including if you have subscribed to a newsletter, or opted in to receive fundraising content from us, have made a donation, or have affirmatively made requests of us that we, or our data processors, are fulfilling. We will maintain your information and for 30 days after that relationship ends (unless you request that we delete your information prior to the expiration of that period). If NIF determines that it no longer requires your information for the purposes set forth above, it will delete your information consistent with its retention policies.
If you would like us to delete all of your personal information and/or remove your name and address from promotional lists (including any personal information gathered by our service providers) and place your name on our “do not contact” list, contact our Data Privacy Team at [email protected] and request that you be placed on our “do not contact” list. Please note that because names may be similar, you must include in your request all associated email addresses and phone numbers (if any) that you wish to be removed in the body of the email. We reserve the right to contact you for administrative purposes to request more information in order to assist us in deleting your content. We will make commercially reasonable efforts to delete your information within thirty (30) days from our active files, provided, however, that we may retain—for legal compliance purposes only—your request and associated email in a hashed format so that we do not inadvertently restore your information to our database. Please note that requests to update your personal information may take up to five (5) days. You may also request that we stop processing your information without deleting it, and we will comply within ten (10) days of receipt of such a request.
Notwithstanding the above, NIF will retain your information indefinitely if it believes in good faith that it has a legal obligation to do so, including for tax purposes, but will only use that information for the specific necessary purpose for which it was retained.
The Do-Not-Track Signal (“DNT”) is used by some web browsers to automatically request that a web application disable site tracking. Because the DNT often does not reflect the actual preferences of an individual consumer, our website does not respond to the DNT. Instead, and in order to allow you to personalize your experience with our Site, you may elect not to receive marketing messages and/or have certain cookies placed on their browser, as discussed earlier in this Policy.
Consistent with the Children’s Online Privacy Protection Act of 1998 and its revisions in 2013, our website is a general audience website, intended for adult use only. Consistent with the General Data Privacy Directive, the NIF does not market to, and does not knowingly collect any personally identifiable information from, children under sixteen (16) years of age. Children between the ages of sixteen (18) and the age of majority must get permission from their parents before sending any personal information about themselves (such as their names, email addresses, and phone numbers) over the Internet, to us or to anyone else. If you are based in the European Economic Area (“EEA”) you may only use our Site if you are over the age at which you can provide consent to data processing under the laws of your country (the “Age of Consent”) or if verifiable parental consent for your use of our Site has been provided to us. If you’re under age sixteen (16) or the Age of Consent, please do not register for any of our Site or provide us with any personally identifying information (such as your name, email address or phone number). Please contact our customer service department if you are aware of any personal information supplied to the Site by a child under the age of sixteen (16) or under the Age of Consent so that in can be removed.
We take reasonable and appropriate security measures to protect unauthorized access, alteration or destruction of data located on and collected by our Site. We exercise reasonable care to protect your non-public personal information. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. While we strive to protect your non-public personal information, we cannot guarantee the security of any information you transmit to us or receive from us while it is in transit. However, once we receive your personal information, we maintain physical, electronic and procedural safeguards to protect it. Our networks are encrypted end to end to keep your data private. We use technologies to help us detect abuse such as spam, fraud, and malware. We review our storage and processing practices, including physical security measures to prevent unauthorized access to our systems. We restrict access to personal information to those who need that information internally, and they are subject to strict contractual confidentiality obligations. If a data breach occurs, we will notify you and the proper EEA authority (if required) within seventy-two (72) hours (if reasonably feasible).
How to Contact Us