Privacy Policy

Last updated June 2018

Natural Resources Defense Council, Inc. (“NRDC”, “we” or “us”) is committed to protecting your privacy online. This Privacy Policy applies to the following websites: www.NRDC.org, www.NRDCActionFund.org, AllIn.NRDC.org, and certain other websites through which we may collect data from you  (collectively, the “Sites”). You are advised to consult the “Privacy Policy” link on the Sites each time you visit them. Your continued use of the Sites constitutes your agreement to the Policy, as it may be amended from time to time.

1.     Personal Data You Provide to Us.

We may collect your personal data when you submit it to us (including though the Sites). Data that we may collect includes your:

  • Name;
  • Mailing address;
  • Email address;
  • Telephone number(s);
  • Credit card information (if you make a donation);
  • Your donation history;
  • Information contained in your voter file;
  • Data that you provide in connection with any of our surveys to which you respond; and
  • Technical data, including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device identifiers, geolocation information, and other technology on the devices you use to access our Site; and

We may collect personal data from various sources, including:

  • The Sites and other web properties via Google Analytics;
  • ActionKit forms, petitions, signups and donation forms;
  • Social media;
  • White mail processing center; and
  • Through third parties such as Salesforce.com, Inc., TargetSmart Communications and Catalyst Communications.

Upon receiving your personal data, we create a user profile linked to that personal data. If the same personal data is provided in connection with future donations, actions, or activities on the Sites, such actions will be added to that user profile. As described below, you may review and update such information at any time.

The following list includes the most common ways that you may provide your personal data to us and the types of personal data that we may collect in these ways:

Registration. We do not ask that you register or enter any personal data to access or use most areas of the Sites.  However, you may choose to subscribe to certain newsletters or bulletins distributed by NRDC, or to join NRDC’s mailing list. To do so, you may be required to enter certain personal data, including your email address and mailing address.  You also have the option to provide us with your telephone number(s).

Online Activism. To send a message from our online action center to government officials and other decision-makers, you are required to identify yourself by name, address, email address, and optional phone number.  NRDC includes this information when we send your message. This is necessary for your message to be effective, and in the case of many government officials, it is required. NRDC may also use this personal data to contact you via email, phone or postal mail with the latest alerts and progress reports. Please note that comments sent to governmental agencies may be made available publicly, often via the web, and will sometimes include the full name and address of the person(s) submitting the comments.

Mobile Messaging. NRDC may also ask for your mobile number so that you can be kept up to date on breaking news and the latest actions via text message.

Postcards and "Tell Your Friends" Pages. To forward an article, postcard or action alert, you may be required to enter your name, email address and the email address(es) of your intended recipient. NRDC includes your name and email address when we send your message. By submitting personal data about others, you represent and warrant that you have full authority to do so.  NRDC only retains and tracks the data of your recipients if they explicitly opt-in.

Contests. If we run a contest on the Sites, it will be accompanied by a set of rules. The rules for each contest will specify how the information gathered from you for entry will be used and disclosed.

Donations and Gifts. In order to make a donation or a “Green Gift” (i.e., a donation in someone else’s name) through the Sites, you will be required to input your name, address, credit card information, and email address for yourself and, in the case of a Green Gift being sent through an e-card, the name and email address of the individual for whom the gift is made. For Green Gifts, NRDC will use your personal data and the gift recipient’s personal data that you provide for the sole purpose of fulfilling the Green Gift purchase. By submitting personal data about others, you represent and warrant that you have full authority to do so.

When you donate to NRDC via the Sites, your donation information (i.e., your name, address, donation amount, your credit card number, expiration date of your credit card, and the name and email address of the recipient, if applicable) is encrypted and transmitted via a secure connection. NRDC uses your credit card information only for the purpose of processing your donation. We will not disclose credit card information except as necessary to process your donation or as required by law or legal process, and we do not store credit card information once your donation has been processed.

Communications between you and NRDC. As described in this Policy, you may contact NRDC or subscribe to newsletters and other mailings, and NRDC may respond to your inquiries or request for mailings. Additionally, when you provide NRDC with your email address and mailing address, we may contact you to ask you to become a member of NRDC.

Other purposes.  In addition to the above, we may process personal data for other purposes for which either we or our client(s) will provide notice to you at the time of collection.

2.     Cookies, Tracking and Analytics.

When you visit any website (including our Sites), it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the Sites work as you expect them to. The information does not usually directly identify you, but it can give you a more personalized web experience.

The Sites also use third party tracking and ad tools, such as Adwords, Facebook, Adroll, Dstillary, MediaIQ, Quantcast, RocketFull and Twitter.

Using the settings of your Internet or mobile browser, you can choose to have your computer warn you each time a cookie is being sent.  Because we respect your right to privacy, you can choose not to allow some types of cookies. However, if you choose to disable any cookies, some features of the Sites may become disabled, and some aspects of the Sites may not function properly. 

Deleting cookies does not necessarily delete Flash objects. You can learn more about Flash objects – including how to control and disable them – through the Adobe interface.  If you choose to delete Flash objects from the Sites, then you may not be able to access and use all or part of the Sites.  We also may use pixel tags to tell us what parts of the Sites that you have visited, to measure the effectiveness of any searches you may do on the Sites, or to interact with analytical tools or other marketing tools that gather data and usage information.

If you continue to use the Sites without changing your settings, you consent to our use of cookies and other tools on the Sites.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.

You can set your browser to block or alert you about these cookies, but some parts of the Sites may then not work properly. These cookies do not store any personally identifiable information.

Cookies used: OptanonConsent, OptanonAlertBoxClosed

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of the Sites. They help us to know which pages are the most and least popular and see how visitors move around the Sites.

All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited the Sites, and will not be able to monitor its performance.

Cookies used: _gat_UA-532044-56, _ga, _gid

Functional Cookies

These cookies enable the Sites to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages.

If you do not allow these cookies then the Sites may not function properly.

Cookies used: dlx.addthis.com, tableau.com, public.tableau.com, climatecentral.org, knightlab.com, cdn.knightlab.com, issuu.com, vimeo.com, analytics.twitter.com

Targeting Cookies

These cookies may be set through the Sites by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.  These cookies uniquely identify your browser and device. If you do not allow these cookies, you will experience less targeted advertising.

Cookies used: ps.eyeota.net, rqtrk.eu, acxiomapac.com, dafdirect.org, facebook.com, bidswitch.net, youtube.com, adsrvr.org, advertising.com, tapad.com, addthis.com, casalemedia.com, ads.linkedin.com, gssprt.jp, media.net, linkedin.com, twitter.com, rfihub.com, google.com, bluekai.com, adnxs.com, yahoo.com, w55c.net, cdn.syndication.twimg.com, demdex.net, dpm.demdex.net, pubmatic.com, soundcloud.com, bat.bing.com, scorecardresearch.com, rubiconproject.com, syndication.twitter.com, rlcdn.com, ru4.com, krxd.net, serving-sys.com, amazon-adsystem.com, bs.serving-sys.com, bing.com, semasio.net, match.rundsp.com, openx.net, pixel.rubiconproject.com, spotxchange.com, taboola.com, eyeota.net, doubleclick.net, everesttech.net, quantserve.com

3.     How You Can Access and Manage Your Information.

You can review and update certain of your personal data, and can also opt out of any type of communication from NRDC, at any time. This section provides information on how to do this.

You can review and update information we have on record for you by going to NRDC's Subscriber Profile Editor. If it's your first time using the profile editor, you will need to provide your email address on the log-in page so we can send you a password. Through the profile editor you can choose what email lists you are subscribed to.

You can opt out of any type of communication at any time by contacting membership@nrdc.org.

You can opt-out of text messages specifically by emailing membership@nrdc.org or replying to a text message with STOP.

You are also able at any time to unsubscribe from specific publications that you are receiving by e-mail by clicking a link that appears in the email publication itself or by visiting the Subscriber Profile Editor link in this Policy.

You can choose not to receive requests to become a member by contacting our membership department at membership@nrdc.org.

If you do not want us to collect information about your geographic location, you must disable the technology that transmits this information.

4.     Rights of Individuals in the European Union.

This section applies only to individuals in the European Union (the “EU”).

With respect to the personal data we collect directly from you, we are the “data controller,” as defined in the European Union’s General Data Protection Regulation (the “GDPR”).

We will only use your personal data when we have a lawful basis to do so under the GDPR.  Usually, we will use your personal data in the following circumstances:

  • when it is necessary for our legitimate interests, and your interests and fundamental rights do not override those interests;
  • when we need to comply with a legal or regulatory obligation; or
  • when we have obtained your consent.

Under the GDPR, individuals in the European Union (“EU Individuals”) have certain rights in relation to their personal data, which are summarized below.  These rights are subject to your exercising them in good faith and are subject to our legitimate interests or other valid basis to continue processing your personal data, in accordance with our policies and applicable law.

Access

If asked by an EU Individual and if we are obligated to do so under applicable law, we will inform that individual about whether we are processing his/her personal data.  If we are processing such EU Individual’s personal data, we will provide access to the personal data that we have about that individual.  If you request additional copies of your personal data, we may charge you a reasonable fee.

Rectification (i.e., Correction)

If the personal data we hold about an EU Individual is inaccurate or incomplete, that individual may ask us to have it corrected.

Erasure

EU Individuals may request that we erase (i.e., delete or remove) their personal data in certain circumstances.  If you are legally entitled to erasure, and if we have shared such personal data with third parties, we will take reasonable steps (taking into account available technology and the cost of implementation) to inform such third parties of your request, to the extent we are required to do so by applicable law.

Restriction of Processing

EU Individuals have the right to restrict the processing of their personal data in certain circumstances, such as if they contest the accuracy of that personal data, if the processing of the personal data is unlawful, or if we no longer need the personal data for our business purposes.  If you are legally entitled to restriction, and if we have shared your personal data with others, we will use reasonable efforts to inform such third parties of your request, if we are required to do so.

Data Portability

EU Individuals may ask to receive their personal data from us, where the legal basis of our processing is their consent, and where we carry out the processing of their personal data by automated means.  If EU Individuals so request, we may transmit their personal information directly to another organization if it would be technically feasible to do so.

Objection to Processing

EU Individuals may object to the processing of their personal data where we are relying on a legitimate interest (or those of a third party).  As noted above, you also have the right to object (i.e., opt out of) our processing of your personal data for direct marketing purposes.   

Automated Decision-Making and Profiling

EU Individuals have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.  We do not engage in decision-making based solely on automated processing, including profiling, which produces legal effects concerning an individual or similarly significantly affects an individual.

Processing of Special Categories of Personal Data

There are certain types of personal data that require a higher level of protection, known as “special categories” of personal data under the GDPR.  We do not process special categories of personal data unless (a) we have obtained such individuals’ explicit consent or (b) we are otherwise legally permitted to do so.

Withdrawing Consent

In certain circumstances, EU Individuals have the right to withdraw their consent to our processing of their personal data.  However, withdrawal of consent will not affect the lawfulness of any processing that had been carried out before consent is withdrawn.  Moreover, if we rely on another legal basis (e.g., legitimate interest) to process your personal data, we may continue to process your personal data in accordance with such other legal basis even after you withdraw your consent.  If you decide to withdraw your consent, we may not be able to provide certain services to you.

Please note that where we rely on consent to use your personal data, all users worldwide have the right to withdraw that consent at any time. This includes the option to unsubscribe from our email list at any time or to contact us to request to be excluded from our online campaign promotion lists or text messaging.

EU Individuals who wish to exercise any of the rights they have under the GDPR should contact our data privacy team at gdpr@nrdc.org.  We may need to request specific information to help us confirm your identity, so that your personal data is not disclosed to any person who has no right to receive it.  We may also contact you to ask you for further information in relation to your request.

Generally, EU Individuals will not have to pay a fee to exercise the rights described above.  However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive.  Alternatively, we may refuse to comply with the request in such circumstances.

EU Individuals may lodge a complaint with the appropriate regulatory body or supervisory authority in the country where they reside, where they work, or in the place of the alleged infringement of the law.

5.     Sharing of Your Personal Data.

NRDC does not disclose your personal data to any third parties, except (i) to manage the Sites and our database with the help of service providers (who are obligated to maintain its confidentiality), (ii) to send you communications about your interactions with us or about features of the Sites, including any future changes to this Policy, or (iii) as required by law or requested by governmental or law enforcement authorities, subpoena, court order or discovery request, or when we otherwise believe in good faith that such disclosure is appropriate to enforce our Terms of Service or in connection with any activity that may violate the law or the rights of others, threaten the safety or security of any person or property (including the Site) or expose us to liability.  [In addition, if you visit any website that we jointly maintain with a third party (such as another advocacy organization), that third party will have access to any personal data that you provide on such website.]

6.     Employment or Volunteer Positions.

In connection with seeking employment or a volunteer position with NRDC, you may decide to submit, through the Sites or otherwise, personal data (including your name, address, telephone number, e-mail address, Social Security number or Tax ID number and any other personal data requested on our online and offline forms, as well as an electronic or paper copy of your resume/CV). All information entered into any online or offline forms related to employment or volunteering will be kept confidential, and will be viewed by NRDC only to assess your qualifications as an employee or volunteer for NRDC.

7.     Retention of Personal Data.

We may retain your personal data for as long as is necessary to fulfill the purposes for which we have collected it, including for the purposes of satisfying any legal, regulatory, accounting, reporting, insurance, professional indemnity, internal policy or other requirements. 

We may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes.  In such cases, we may use this information indefinitely without further notice to you.

8.     Other Websites.

This Policy applies only to the Sites. If you visit any unaffiliated website linked to the Sites (for example, Twitter, Facebook or other social media sites), you are subject to that entity’s own privacy policies, which we do not control or monitor. You should review the privacy policies of all third-party websites before you visit them.  NRDC has not reviewed all of the sites linked to the Sites and it makes no representations or warranties as to the privacy practices, functioning or content of any sites linked to the Sites.

9.     International Use.

We are based in the United States and our computer servers are located in the United States.  Accordingly, all personal data in our possession and control is collected and processed by us in the United States.  Any party that provides personal data to us is thereby transferring such data to the United States. 

Access to the Sites from countries or territories where such access is illegal or contrary to applicable rules or regulations is prohibited. Those who access the Sites from outside the United States do so on their own initiative and are responsible for compliance with local laws, rules and regulations.

10.     Children’s Privacy.

The Sites are not targeted toward, and we do not seek or desire to collect information from, children under the age of 13 in the United States (or age 16 outside the United States). Therefore, we will not knowingly request information from persons under such ages.  Please do not provide any personal data to us for any reason unless you are at least the age of 13 in the United States (or age 16 outside the United States), and please caution your children not to do so.

If a child under the age of 13 in the United States (or age 16 outside the United States) has provided personal data to us through the Sites without verifiable parental consent, a parent or guardian may inform us at webmaster@nrdc.org, and we will use commercially reasonable efforts to delete such information within a reasonable period of time, subject to applicable law and this Policy.

11.     California Privacy Rights / “Do Not Track” Signals.

NDRC does not track its users over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third-party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, certain web browsers allow you to set the DNT signal on your browser so that third parties (particularly advertisers) know that you do not want to be tracked. You should consult your web browser’s “help” feature for instructions on how to set the DNT signal.

Third parties that have content embedded on NDRC’s websites such as a social feature or a stock ticker may set cookies on a user’s browser and/or obtain information about the fact that a web browser visited the Sites from a certain IP address. NDRC does not control or monitor such practices. You should contact such third parties directly to opt out.

12.     Security Measures.

We have implemented appropriate technical and organizational measures to ensure a level of security of personal data appropriate to the risk.

13.     Revisions to This Privacy Policy.

This version of the Privacy Policy is effective as of the date set forth above, and supersedes all earlier versions.  We may update this Privacy Policy from time to time, and any subsequent versions of this Privacy Policy will be posted on the Sites.  You are responsible for periodically visiting the Sites to check for any updates to this Privacy Policy.

14.     How You Can Reach Us.

Please send all Privacy Policy-related communications to webmaster@nrdc.org or Natural Resources Defense Council, Inc., Attn: Membership Services, 40 W. 20th Street, New York, NY 10011. To the fullest extent permitted by law, you agree to receive all legally required notices regarding this Privacy Policy or any privacy or security breaches relating to the Sites at the email address you have provided to us through Sites.

15.     Jurisdiction.

Any legal suit, action or proceeding arising out of, or related to, this Privacy Policy or the Sites shall be instituted exclusively in the federal courts of the United States or the courts of the State of New York, in each case located in the City of New York and County of New York, provided that we retain the right to bring any suit, action or proceeding against you for breach of this Privacy Policy in your country of residence or any other relevant country. You agree to waive any and all objections to the exercise of jurisdiction over you by such courts and to venue in such courts.