Privacy Policy

Updated May 24 2018.

 This website (the “Website”) is operated by 350.org (the controller and responsible for your Personal Data) (“we”, “us” and/or “our”) and has been created to accomplish our mission of building a global movement to solve the climate crisis with the help of Website visitors (“you”, “your”).  

We respect your privacy and are committed to protecting your Personal Data. Our updated Privacy Policy outlines what information we collect about you and how it is used. We also explain how we look after your Personal Data, who we share it with, how we look after it and tell you about your privacy rights and how the law protects you

 

Table of contents


  1. General Policy
  2. Why do we collect your Personal Data?
  3. What Personal Data do we collect about you?
  4. How we collect your Personal Data
  5. How we use your Personal Data
  6. When we share your Personal Data
  7. How do we keep your Personal Data safe?
  8. What are my legal rights in respect to my Personal Data?
  9. How can I update my Personal Data?
  10. How can I unsubscribe?
  11. Updating the Privacy Policy
  12. Terms and Conditions
  13. Contact Details

 

General Policy:  

350.org has a firm commitment to internet privacy.  You can visit most portions of 350.org without telling us who you are and without revealing any personally identifiable information (“Personal Data”).  The only information we collect from a normal Website visit is information that cannot be used to specifically identify you (“Non-Personal Data”), which usually includes the name of your internet service provider, the browser and type of machine you are using, the Website that referred you to us, the pages you request and the date and time you request them.

 

Why do we collect your Personal Data?

350.org is a global civic movement. The participation of people like you is crucial to achieving our mission to battle climate change. We are stronger when we collaborate, and climate change can only be addressed if we work together. Bringing people together is critical to how we make a difference. Staying in touch with our supporters and Website users at the right time, in the right way and with the right information is vital to our success and to the mobilization of our diverse team and its ability to make an impact.

To this end, we collect information about you, which helps us:

  • communicate with you effectively and to mobilize our members (including showing you campaigns and other content that are most likely to matter to you);
  • keep the 350 network thriving and effective and to extend our reach;
  • promote and fund our campaigns and petitions and maximize their impact;
  • have our voice heard with the media;
  • work together to put pressure on leaders and governments;

All of which serve our mission of bringing people together to combat climate change.

 

What Personal Data do we collect about you?

Wherever we collect Personal Data we make an effort to provide a link to this Privacy Policy.  We do encourage you to voluntarily share Personal Data with us, because we can’t build the global grassroots climate movement that can hold our leaders accountable to science and justice without supporters like you.  By voluntarily providing us with Personal Data, you are consenting to our use of it in accordance with this Privacy Policy.

When we say “Personal Data” we mean any information about you from which you can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier, title, identification number.
  • Contact Data includes email address, telephone numbers, location, country, language preference
  • Donation Data includes details about donations from you, including the amount, currency and method of payment.  We do not store your credit card information or banking details save the expiry date and the last four digits of your card number, so we can refer to it when reminding you expiry is imminent;
  • Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website, together with information about the device(s) used;
  • Profile Data includes your username and password, if you have created an account
  • User Record Data includes information you have voluntarily provided about your interests, preferences, feedback, survey responses, comments, personalized messages from you, public comments submitted, and your response to any polls or surveys.  We also keep records of each time you complete a campaign action, whenever you subscribed or unsubscribed to a mailing list, whether you acted in response to a mailing, social media, or through another source, details of phone calls with you, credit for sharing links (eg by “Tell A Friend” emails or social media postings), and any other information you share when you take any action with 350.org, online or otherwise;
  • Volunteer Data includes information about whether you are interested in volunteering, and, if so, what types of activity you would like to be involved in;
  • Usage Data includes information about how you use our website and also how you engage with our content (below under “Data relating to Updates and Email Tracking” for more information;
  • Mailing Data includes mailings between us (including date/timestamp of mailing, content of mailing, language of mailing, topic categories);
  • Communications Data includes your preferences in receiving communications from us and, where applicable, your opt-in to receive such communications.

 

We may also collect:

  • Your third-party authentication status if you visit the Website (i.e. whether you are presently logged into Facebook or other social media accounts);
  • Data relating to Updates and Email Tracking:  If you sign up to receive updates from 350.org, we will strive to provide you accurate and timely information about our campaign activities.  In order to improve our engagement with our network, we may track whether the emails we send to you are being opened, and other related information such as when and whether the links they contain are being clicked, whether you sign or share petitions, and of the people you shared with who also go on to sign our petitions. Communications will come to you direct from 350.org, except in the United States, where some emails may come from the affiliated organization 350.org Action Fund.
  • Images, photographs, or video you upload to the site;

 

We also collect from all visitors:

  • Technical information about your use of the Website, browser type and version, and operating system

We do not collect any Special Categories of Personal Data about you (save as detailed in the next paragraph). This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, trade union membership, information about your health and genetic and biometric data, nor do we collect any information about criminal convictions and offences, except where the processing is required or permitted by applicable law, or we have obtained your prior explicit consent.

Since achieving our mission involves many aspects — environmental, social justice, economical, political — some of the Personal Data which you share about yourself and your interest in these areas may relate to your political opinions and voting intentions.

We also collect, use and share Aggregated Data (see further below, under “How we use your Personal Data).

 

Children

If you are under the age of 13 (US & some EU countries) or 16 (other EU countries & elsewhere), you must ask your parent/guardian for their consent before submitting your Personal Data to this site. If we have reason to believe that someone is underage and we have collected their Personal Data without proper consent, we will delete that information in a reasonable period of time.

 

How we collect your Personal Data

We mostly collect Personal Data directly from you when you voluntarily provide such information, such as when you:

  • “Join In” via our Website;
  • contact us with inquiries;
  • sign up to a newsletter or mailing list to receive our movement dispatches;
  • take action online (including responding to one of our surveys; registering to participate in certain projects or campaigns; signing or creating a petition; signing an open letter or a pledge; sending a message or “thank you” to others engaged on our mission);
  • volunteer or host an event;
  • Provide your name and email address to one of our partner organizations, on the basis that it can be shared with us;
  • RSVP for an event or
  • make a donation.  

We also collect data from and about you through:

  • Analytics providers (such as Google Analytics) based outside the EU;

 

How we use your Personal Data

Personal Data

As above, we use the Personal Data provided by you to shape our campaigns, reach out and promote your involvement with our initiatives and generally in the advancement of our shared mission. We also use it to refine your experience and  improve the Website.

We only use the Personal Data you provide in a manner that is consistent with this Privacy Policy and where the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:

  • With your consent (e.g. to this Privacy Policy);
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • Where we need to comply with a legal or regulatory obligation.

If you provide Personal Data for a certain reason, we may use the Personal Data in connection with the reason for which it was provided.  For example:

  • to “Join In” via our website/register you as a supporter of 350.org (where you ask us to email you at key moments when you can make a difference);
  • if you sign up for a campaign or to be involved in an event, we will use your Personal Data to send you updates and other information about the campaign or event, for example:
  • if a local leader starts a campaign or petition that you sign, they may access the Personal Data you have shared and follow up with you about local campaign updates;
  • if you sign, share or donate, we use your Personal Data to send you information about our work via any channels you’ve consented to (email, phone/SMS and/or social media messaging).
  • to connect you with 350’s online campaigns, grassroots organizing, and mass public actions to oppose new coal, oil and gas projects, take money out of the companies that are heating up the planet, and build 100% clean energy solutions that work for all.  We will contact you at key moments when we feel you can make a difference and which we feel would be of interest to you, for example, to see if you want to get involved in particular campaigns, fundraisers and projects;
  • to deliver relevant content to you and measure your engagement and involvement with 350;
  • to process any donation made by you;
  • to seek to re-engage you with our network;

Since achieving our mission often seeks to put pressure on governments into limiting emissions and so can relate to who controls the government, we may communicate with you with information related to elections or political campaigns.

 

We may use the personal information of all visitors of the Website to:

  • use data analytics to improve our Website, relationships with Supporters and your experience of the Website;
  • administer the Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
  • manage our relationship with you (for example, to answer your queries, notify you about changes to our Privacy Policy).

 

Internal research and profiling

We carry out research and analysis on visitors to our Website and other supporters to determine the success of our approach and campaigns and other activities in the public interest and to help us provide you with a better experience (for example so that you receive communications about areas of our activities or research you are mostly likely to be interested in). We may evaluate, categorise and profile your Personal Data in order to tailor communications to your needs and your preferences and to help us to understand our network. For example, we may keep track of the amount, frequency and value of your support, and may use automated systems to target email blasts. This information helps us to ensure communications are relevant, timely and in the best interest of 350.org’s mission.

 

Aggregated Personal Data

In an ongoing effort to accomplish our mission and understand Website visitors better and judge the effectiveness and growth potential of campaigns, 350.org may conduct research on its visitor’s demographics and interests based on the Personal Data and other information provided to us.  This research may be compiled and analyzed on an aggregate basis, and 350.org may share this aggregate information with its affiliates and allies. 350.org may also disclose aggregated visitor statistics in order to describe the size, scope, and demographics of its network (for example, to display on campaign websites, announce on social media and provide to media sources).  Aggregated Data may be derived from your Personal Data but is not considered Personal Data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.

 

Non-Personal Data

We use the Non-Personal Data collected to generate statistics and measure Website activity in order to improve the quality of our Website for our visitors.

 

Donor Privacy Policy

350.org does not rent, share, sell or trade any Personal Data from online or offline donations with any 2nd or 3rd party, nor do we rent, share, sell or trade information about what donations supporters have undertaken on our Website with any 2nd or 3rd party, with the sole exception being our affiliate organization, 350 Action. 350 Action is incorporated in the United States as a 501(c)4 social welfare non-profit organization, with the mission of mobilizing voters in the United States to elect progressive climate champions at all levels of government. 350 Action is solely focused on activities within the United States, 350.org may share supporter data with 350 Action only when the supporter has identified themselves as residing in the United States.

 

Legal Basis for processing your Personal Information

Please contact dataprivacy@350.org if you need details about the specific legal ground we are relying on to process your Personal Data.

 

Change of purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact dataprivacy@350.org. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

 

Fundraising and Communications to promote 350.org’s work

We must usually ask you to “opt-in” to receive fundraising and campaign emails from us.  You have the choice as to whether you want to receive or continue to receive these messages.

 

When We Share your Personal Information:

350.org is not interested in selling your Personal Data.  We consider this information to be a vital part of our relationship with you.  There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:

 

350.org volunteers and event hosts

350.org volunteers or event hosts may have access to your contact information, including your name, email address, telephone number, and social media account IDs, to reach out to you about a specific campaign or event. They may contact you directly or through 350.org.

 

Targets of 350.org campaigns

For petitions, letters to the editor, and surveys you’ve signed or completed, we may pass on your name, city, state, and comments to the target. Where the target is a government body or official that requires petition signers to be constituents, we may also provide your postal code and full address. We will not otherwise make your street address publicly available, but we may transmit it to campaign targets specifically noted on the action page.

 

350.org Petition creators

When you sign a petition created on 350.org’s Website we provide your name, city, and country to the petition creator so they can deliver it to the campaign target (see above).

 

Agents, Consultants and Related Third Parties

350.org sometimes hires service providers and other companies to perform certain functions.  Examples of such functions include mailing information, maintaining databases, cloud computing services, and processing payments.  When we employ another company to perform a function of this nature, we take precautions to provide them with the information that they need to perform their specific function. We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

 

Partner organizations

In order to accomplish our mission, 350.org sometimes works closely with other non-profit groups working on climate change issues. To plan our partnership strategies most effectively, we often want to know how many of our supporters are also supporters of the partner organization.

To find this out, we first send an digital “fingerprint” of your email address to our partner — we don’t send your actual email address, but instead an cryptographic piece of data that the partner organizations can use to find matches to email addresses in their database.  If you are not a supporter of our partner organization, or if the email address you use at 350.org is not the same one that you use with the partner organization, then there will be no match, and the partner organization will not receive any information that they could use to identify you or target you in any way.  If your 350.org email address matches the email address that you use with the partner organization, we can then count the total number of matches to know how many supporters are members of both organizations. The fingerprint data is deleted after the count has been made. Digital fingerprints are also known as cryptographic hashes.

 

Payment processors

We work with PayPal to help process donations and credit card transactions and other payment methods when you donate to 350.org. These payment processors will store certain Personal Data about you. Please refer to their privacy policies to learn more about how they use your Personal Data.

 

Legal Requirements

We may disclose your Personal Data if required to do so by law (including without limitation any election law) or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of 350.org, (iii) act in urgent circumstances to protect the personal safety of Website visitors or the public, or (iv) protect against legal liability.

 

How do we keep your Personal Information safe?

350.org makes great efforts to protect the Personal Data provided via the Website from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have an organizational need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

However, no Internet or e-mail transmission is ever fully secure or error free.  In particular, e-mail sent to or from the Website may not be secure. Therefore, you should take special care in deciding what information you send to us via e-mail.

350.org also strives to ensure the secure collection and transmission of sensitive visitor payment information using industry accepted data collection and encryption methodologies.  If you choose to make a donation to 350.org, your credit card information will be used only for transactions through our secure online payment system. If you choose to make that donation recurring, the information will be stored by our third party payment processors, and is not stored or seen by 350.org.  350.org does not sell or otherwise disclose such visitor payment information outside the organization.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

Do we transfer data cross border?

350.org has global network with members and staff around the world, so your Personal Information may be transferred and stored across borders (including, for EU citizens, outside of the EEA). This is in furtherance of our aim of having a connected network and a global reach. We take reasonable steps to ensure that cross-border data transfers comply with existing data protection laws, such the use of standard contractual clauses that bind parties to protect the privacy and security of data.  However, is some cases the transfer of data may be where the country or territory in question does not maintain adequate data protection standards. Please contact dataprivacy@350.org if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.

 

How long will you use my Personal Data?

Both Personal Data and Non-Personal Data collected in accordance with this Privacy Policy may be stored by 350.org itself or it may be included in databases owned and maintained by our affiliates, agents or service providers. We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

A large part of our data activities are focused on understanding our engagement efforts and finding out which supporters are the most active, and have been active for the longest period of time.  This lets us know if we are providing our supporters with timely and engaging opportunities to take meaningful action on the issues they care about. We will take these considerations into account in determining the appropriate retention period, including the use and application of metrics and data tools to consider supporter engagement and to look at the trajectory of engaged supporters over time. Further details of retention periods for different aspects of your Personal Data are available by emailing dataprivacy@350.org.

We continually review what information we hold and will delete personal data which is no longer required.

 

What are my legal rights in respect of my Personal Data?

For EU Citizens, under certain circumstances, the GDPR gives you rights in relation to your Personal Data. These are the right to:

  • Request access to your Personal Data;
  • Request correction of your Personal Data;
  • Request erasure of your Personal Data (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
  • Object to processing of your Personal Data;
  • Request restriction of processing your Personal Data;
  • Request transfer of your Personal Data;
  • Right to withdraw consent (where we are relying on consent to process your Personal Data.

If you wish to exercise any of the rights set out above, please contact us at dataprivacy@350.org.

 

How can I update my Personal Information?

You can review and update your Profile Data via your profile page.

 

How can I Unsubscribe?

You may opt out of any communications from 350 at any time (including unsubscribing from our email list or asking to be excluded from our online campaign promotion lists) via the unsubscribe link at the bottom of each email we send, or here: 350.org/unsubscribe

 

How does 350.org use cookies?

Like most websites, 350.org may place a “cookie,” or small file, in the browser files of a visitor’s computer. Some cookies are used to prepopulate forms for you so that on repeat visits to the Website you don’t need to re-enter certain information. You can set your browser to disable cookies, but then you would not have the advantage of having certain sections of forms being prepopulated for you, and you may not be able to access certain parts of the Website.

We may also use third-party services such as Google Analytics. This helps us understand traffic patterns and know if there are problems with our Website. We may also use embedded images in emails to track open rates for our mailings, so that we can tell which mailings appeal most to 350.org supporters.

Internet browsers normally accept cookies by default. However, most browsers let you turn off either all or third-party cookies. What you are able to do depends on which browser you are using. However, please be aware that this may impair or limit your ability to use our website. The option to do this is usually found in the options, settings or preferences menus of your browser or mobile device.

You may opt-out of Google Analytics cookies by visiting Google’s opt-out page – https://tools.google.com/dlpage/gaoptout


Updating the Privacy Policy

This Privacy Policy is not of contractual effect. 350.org may change its Privacy Policy from time to time. If we make any significant changes to the rules that govern this site, or the way we use your Personal Data, we will add a prominent notice to this Website. Please review this Privacy Policy periodically, and especially before you provide any Personal Data.  This Privacy Policy was last updated on the date indicated above. Your continued use of the Website after any changes are made to this Privacy Policy indicates your agreement with the terms of the changed Privacy Policy.

 

Exclusions

The Privacy Policy does not apply to any unsolicited information provided to 350.org through the Website or through any other means.  This includes, but is not limited to, information posted to any public areas of the Website and any unsolicited submissions. All such information will be treated as public information.

 

Links to Other Websites

This Privacy Policy applies only to the Website.  The Website may contain links to other Websites, plug-ins and applications not operated or controlled by 350.org (the “Third Party Sites”).  Clicking on those links or enabling those connections may allow Third Party Sites to collect or share data about you. The policies and procedures we described here do not apply to the Third Party Sites.  The links from the Website do not imply that 350.org endorses or has reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies.

 

Social Media

Through the Website, you can choose to access certain social media Websites and services that are owned and controlled by third parties (e.g. Facebook and Twitter) (the “Social Media Services”).  When you elect to access and use the Social Media Services, you will be sharing your information (which will include your Personal Information if you elect to share such information) with those Social Media Services.  As with other Third Party Sites, the information that you share with the Social Media Services will be governed by the privacy policies and terms of service of the providers of such Social Media Services and not by the policies and procedures we describe here.

We may use your email address and Facebook ID to participate in Facebook’s Custom Audience and Lookalike Audience programs, which enable us to display campaign promotions to both existing and prospective members when they visit.

To do this, we first send an digital “fingerprint” of your email address to Facebook — we don’t send your actual email address, but instead an cryptographic piece of data that Facebook can use to find matches to email addresses in their database.  If you are not a Facebook user, or if the email address you use at 350.org is not one that you use with your Facebook account, then there will be no match, and Facebook will not receive any information that they could use to identify you or target you in any way.  If you are a Facebook user and your 350.org email address matches your Facebook email address, 350.org campaign promotions may then appear when you access Facebook.

Facebook deletes this information (a) if it does not match with a Facebook account or (b) after they confirm you are a registered account holder. For more detailed information about how Facebook uses digital fingerprints — also known as a cryptographic hash — please see https://www.facebook.com/business/help/112061095610075 and Facebook’s data policy at https://en-gb.facebook.com/policy.php.

 

Terms and Conditions

Your access to and use of the Website is subject to the Terms of Service.

 

Contact Details

If you have any questions about our policies, your Personal Data, or data protection on this Website, you can contact us.

Our full details are:

350.org
Humphreys Munai, Chief Operating Officer
+1 802-448-0839
dataprivacy@350.org

If you are in the EU, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

FacebookTwitter