Updated Jun 18 2021.
This website (the “Website”) is operated by 350.org (the controller and responsible for your Personal Data) (“we”, “us” and/or “our”) and has been created to accomplish our mission of building a global movement to solve the climate crisis with the help of Website visitors (“you”, “your”).
350.org has a firm commitment to internet privacy. You can visit most portions of 350.org without telling us who you are and without revealing any personally identifiable information (“Personal Data”). The only information we collect from a normal Website visit is information that cannot be used to specifically identify you (“Non-Personal Data”), which usually includes the name of your internet service provider, the browser and type of machine you are using, the Website that referred you to us, the pages you request and the date and time you request them.
350.org is a global civic movement. The participation of people like you is crucial to achieving our mission to battle climate change. We are stronger when we collaborate, and climate change can only be addressed if we work together. Bringing people together is critical to how we make a difference. Staying in touch with our supporters and Website users at the right time, in the right way and with the right information is vital to our success and to the mobilization of our diverse team and its ability to make an impact.
To this end, we collect information about you, which helps us:
All of which serve our mission of bringing people together to combat climate change.
When we say “Personal Data” we mean any information about you from which you can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:
We do not collect any Special Categories of Personal Data about you (save as detailed in the next paragraph). This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, trade union membership, information about your health and genetic and biometric data, nor do we collect any information about criminal convictions and offences, except where the processing is required or permitted by applicable law, or we have obtained your prior explicit consent.
Since achieving our mission involves many aspects — environmental, social justice, economical, political — some of the Personal Data which you share about yourself and your interest in these areas may relate to your political opinions and voting intentions.
We also collect, use and share Aggregated Data (see further below, under “How we use your Personal Data).
If you are under the age of 13 (US & some EU countries) or 16 (other EU countries & elsewhere), you must ask your parent/guardian for their consent before submitting your Personal Data to this site. If we have reason to believe that someone is underage and we have collected their Personal Data without proper consent, we will delete that information in a reasonable period of time.
We mostly collect Personal Data directly from you when you voluntarily provide such information, such as when you:
We also collect data from and about you through:
As above, we use the Personal Data provided by you to shape our campaigns, reach out and promote your involvement with our initiatives and generally in the advancement of our shared mission. We also use it to refine your experience and improve the Website.
If you provide Personal Data for a certain reason, we may use the Personal Data in connection with the reason for which it was provided. For example:
Since achieving our mission often seeks to put pressure on governments into limiting emissions and so can relate to who controls the government, we may communicate with you with information related to elections or political campaigns.
We may use the personal information of all visitors of the Website to:
We carry out research and analysis on visitors to our Website and other supporters to determine the success of our approach and campaigns and other activities in the public interest and to help us provide you with a better experience (for example so that you receive communications about areas of our activities or research you are mostly likely to be interested in). We may evaluate, categorise and profile your Personal Data in order to tailor communications to your needs and your preferences and to help us to understand our network. For example, we may keep track of the amount, frequency and value of your support, and may use automated systems to target email blasts. This information helps us to ensure communications are relevant, timely and in the best interest of 350.org’s mission.
We use the Non-Personal Data collected to generate statistics and measure Website activity in order to improve the quality of our Website for our visitors.
350.org does not rent, share, sell or trade any Personal Data from online or offline donations with any 2nd or 3rd party, nor do we rent, share, sell or trade information about what donations supporters have undertaken on our Website with any 2nd or 3rd party, with the sole exception being our affiliate organization, 350 Action. 350 Action is incorporated in the United States as a 501(c)4 social welfare non-profit organization, with the mission of mobilizing voters in the United States to elect progressive climate champions at all levels of government. 350 Action is solely focused on activities within the United States, 350.org may share supporter data with 350 Action only when the supporter has identified themselves as residing in the United States.
Please contact [email protected] if you need details about the specific legal ground we are relying on to process your Personal Data.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact [email protected]. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We must usually ask you to “opt-in” to receive fundraising and campaign emails from us. You have the choice as to whether you want to receive or continue to receive these messages.
350.org is not interested in selling your Personal Data. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:
350.org volunteers or event hosts may have access to your contact information, including your name, email address, telephone number, and social media account IDs, to reach out to you about a specific campaign or event. They may contact you directly or through 350.org.
For petitions, letters to the editor, and surveys you’ve signed or completed, we may pass on your name, city, state, and comments to the target. Where the target is a government body or official that requires petition signers to be constituents, we may also provide your postal code and full address. We will not otherwise make your street address publicly available, but we may transmit it to campaign targets specifically noted on the action page.
When you sign a petition created on 350.org’s Website we provide your name, city, and country to the petition creator so they can deliver it to the campaign target (see above).
350.org sometimes hires service providers and other companies to perform certain functions. Examples of such functions include mailing information, maintaining databases, cloud computing services, and processing payments. When we employ another company to perform a function of this nature, we take precautions to provide them with the information that they need to perform their specific function. We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
In order to accomplish our mission, 350.org sometimes works closely with other non-profit groups working on climate change issues. To plan our partnership strategies most effectively, we often want to know how many of our supporters are also supporters of the partner organization.
To find this out, we first send an digital “fingerprint” of your email address to our partner — we don’t send your actual email address, but instead an cryptographic piece of data that the partner organizations can use to find matches to email addresses in their database. If you are not a supporter of our partner organization, or if the email address you use at 350.org is not the same one that you use with the partner organization, then there will be no match, and the partner organization will not receive any information that they could use to identify you or target you in any way. If your 350.org email address matches the email address that you use with the partner organization, we can then count the total number of matches to know how many supporters are members of both organizations. The fingerprint data is deleted after the count has been made. Digital fingerprints are also known as cryptographic hashes.
We work with PayPal to help process donations and credit card transactions and other payment methods when you donate to 350.org. These payment processors will store certain Personal Data about you. Please refer to their privacy policies to learn more about how they use your Personal Data.
All the above categories exclude text messaging originator opt-in data and consent, which information will not be shared with any third parties, provided that the foregoing does not apply to sharing (1) with vendors, consultants and other service providers who need access to such information to carry out work on our behalf (and who will not use such information for their own purposes); (2) if we believe disclosure is required by any applicable law, rule, or regulation or to comply with law enforcement or legal process; and (3) if the user consents to our sharing of such information.
We may disclose your Personal Data if required to do so by law (including without limitation any election law) or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of 350.org, (iii) act in urgent circumstances to protect the personal safety of Website visitors or the public, or (iv) protect against legal liability.
350.org makes great efforts to protect the Personal Data provided via the Website from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have an organizational need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from the Website may not be secure. Therefore, you should take special care in deciding what information you send to us via e-mail.
350.org also strives to ensure the secure collection and transmission of sensitive visitor payment information using industry accepted data collection and encryption methodologies. If you choose to make a donation to 350.org, your credit card information will be used only for transactions through our secure online payment system. If you choose to make that donation recurring, the information will be stored by our third party payment processors, and is not stored or seen by 350.org. 350.org does not sell or otherwise disclose such visitor payment information outside the organization.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
350.org has global network with members and staff around the world, so your Personal Information may be transferred and stored across borders (including, for EU citizens, outside of the EEA). This is in furtherance of our aim of having a connected network and a global reach. We take reasonable steps to ensure that cross-border data transfers comply with existing data protection laws, such the use of standard contractual clauses that bind parties to protect the privacy and security of data. However, is some cases the transfer of data may be where the country or territory in question does not maintain adequate data protection standards. Please contact [email protected] if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
A large part of our data activities are focused on understanding our engagement efforts and finding out which supporters are the most active, and have been active for the longest period of time. This lets us know if we are providing our supporters with timely and engaging opportunities to take meaningful action on the issues they care about. We will take these considerations into account in determining the appropriate retention period, including the use and application of metrics and data tools to consider supporter engagement and to look at the trajectory of engaged supporters over time. Further details of retention periods for different aspects of your Personal Data are available by emailing [email protected].
We continually review what information we hold and will delete personal data which is no longer required.
For EU Citizens, under certain circumstances, the GDPR gives you rights in relation to your Personal Data. These are the right to:
If you wish to exercise any of the rights set out above, please contact us at [email protected].
You can review and update your Profile Data via your profile page.
You may opt out of any communications from 350 at any time (including unsubscribing from our email list or asking to be excluded from our online campaign promotion lists) via the unsubscribe link at the bottom of each email we send, or here: 350.org/unsubscribe
Like most websites, 350.org may place a “cookie,” or small file, in the browser files of a visitor’s computer. Some cookies are used to prepopulate forms for you so that on repeat visits to the Website you don’t need to re-enter certain information. You can set your browser to disable cookies, but then you would not have the advantage of having certain sections of forms being prepopulated for you, and you may not be able to access certain parts of the Website.
We may also use third-party services such as Google Analytics. This helps us understand traffic patterns and know if there are problems with our Website. We may also use embedded images in emails to track open rates for our mailings, so that we can tell which mailings appeal most to 350.org supporters.
Internet browsers normally accept cookies by default. However, most browsers let you turn off either all or third-party cookies. What you are able to do depends on which browser you are using. However, please be aware that this may impair or limit your ability to use our website. The option to do this is usually found in the options, settings or preferences menus of your browser or mobile device.
You may opt-out of Google Analytics cookies by visiting Google’s opt-out page – https://tools.google.com/dlpage/gaoptout
Through the Website, you can choose to access certain social media Websites and services that are owned and controlled by third parties (e.g. Facebook and Twitter) (the “Social Media Services”). When you elect to access and use the Social Media Services, you will be sharing your information (which will include your Personal Information if you elect to share such information) with those Social Media Services. As with other Third Party Sites, the information that you share with the Social Media Services will be governed by the privacy policies and terms of service of the providers of such Social Media Services and not by the policies and procedures we describe here.
We may use your email address and Facebook ID to participate in Facebook’s Custom Audience and Lookalike Audience programs, which enable us to display campaign promotions to both existing and prospective members when they visit.
To do this, we first send an digital “fingerprint” of your email address to Facebook — we don’t send your actual email address, but instead an cryptographic piece of data that Facebook can use to find matches to email addresses in their database. If you are not a Facebook user, or if the email address you use at 350.org is not one that you use with your Facebook account, then there will be no match, and Facebook will not receive any information that they could use to identify you or target you in any way. If you are a Facebook user and your 350.org email address matches your Facebook email address, 350.org campaign promotions may then appear when you access Facebook.
Facebook deletes this information (a) if it does not match with a Facebook account or (b) after they confirm you are a registered account holder. For more detailed information about how Facebook uses digital fingerprints — also known as a cryptographic hash — please see https://www.facebook.com/business/help/112061095610075 and Facebook’s data policy at https://en-gb.facebook.com/policy.php.
Your access to and use of the Website is subject to the Terms of Service.
If you have any questions about our policies, your Personal Data, or data protection on this Website, you can contact us.
Our full details are:
If you are in the EU, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.