Privacy Policy
​
Last update: Sept 14, 2019
​
The Norfolk Institute understands the importance of your privacy and we take our responsibility to protect it seriously. Our Privacy Policy (the “Policy”) describes the types of information we collect from you, how we share the information, and certain rights and options you have regarding your information. This Policy applies to information we collect from you through our website (www.norfolkinstitute.org), direct communications and inquiries, or otherwise.
Please read this Policy carefully before sharing information with us so you understand our practices regarding your information. By using our website, communicating with us, becoming a member of the Norfolk Institute, or registering to receive information from us, you agree to the terms of this Policy.
​
Personal Information We May Collect About You
Under our Policy, “personal information” is any information that identifies or can be used to contact a particular individual. With exceptions, the personal information that we typically collect from you is limited to the information that can be found on a business card—name, address, email address, and telephone number. The types of personal information we may collect and process about you can be grouped as follows:
​
-
Identity information – first name, last name, member username and password for website member portal.
-
Contact information – physical address, email address, and telephone number.
-
Financial data – payment card details and donation or payment information.
-
Transactional data – details about events you have attended or participated in, inquiries you have made, orders you have placed, and payments or donations received from you.
-
Subscription, marketing, and communications information – details regarding newsletters you have subscribed to, requests for information received from you, and information on your marketing or communication preferences.
-
Contest and survey information – details regarding contests you participated in or survey responses you provided.
We may collect this information when you join the Norfolk Institute as a member, make a donation, sign up to receive emails or other publications, become a the Norfolk Institutey volunteer, participate in a poll or survey, send a letter to the U.S. Congress, make a purchase through our affiliated webstore, communicate with us, create a member profile on our website, or otherwise directly provide the information to us (such as by submitting a query on our website).
How We Use Your Personal Information
We use these types of information to perform our contracts or agreements with you, to comply with our legal obligations, as necessary for our legitimate interests, or pursuant to your consent. Specifically, we use this information to:
​
-
Fulfill your subscriptions to the Norfolk Institute Report or other newsletters;
-
Provide you with information or services that you request from us, including information about our activities and events that you have requested;
-
Administer user profiles and accounts on our website properties;
-
Optimize your experience on our website and ensure that our content is presented to you in the most effective manner;
-
Conduct surveys and polls and to process your responses to such surveys and polls;
-
Invite you to become a member of our organization or support our work with a charitable gift;
-
Notify you about changes to our website or any services we offer;
-
Communicate with you by e-mail, postal mail, or telephone about our mission, activities, opportunities, and other issues that may be of relevance to you; and
-
Perform other functions as otherwise described to you at the time of collection or that you otherwise consent to.
Please note that if you signed up to receive information or mailings from us, we will generally send you several communications per month. If you would like to customize your subscriptions or opt-out of receiving communications from us, please visit our email list system.
Other Information We Collect From You
Like most major websites, we use the following technologies to automatically collect certain additional information about you.
-
IP Address or Device Identifier. When you visit our website, we collect your Internet Protocol (“IP”) address, which identifies the computer or service provider that you use to access our website or, if you connect through a mobile device, your mobile device identifier. We may use these identifiers to collect information about the length of time spent on our website or the specific areas visited.
-
Cookies. Cookies are small text files that can be used by websites to make a user’s experience more efficient. Our website uses different types of cookies to, among other things, automatically recognize you when you return to our website, store information regarding your preferences, personalize content and advertisements for you, provide social media functionality, and analyze our website traffic. The specific types of cookies we use are discussed on our Cookie Declaration Page. Website visitors from the E.U. can also change or withdraw their consent to certain types of cookies by visiting that page. For further information about cookies, including how to refuse cookies, please visit www.allaboutcookies.org. Please note that if cookies are disabled, you may not be able to enjoy certain features of our website. We do not honor “Do Not Track” signals.
-
Web beacons and other technologies. Our website may use other tracking tools, including web beacons, which are small electronic images embedded in web content and email messages that are not ordinarily visible to users. Web beacons allow us to track pages and content accessed and viewed by users, as well as to monitor email readership. We also contract with service providers to place Planetary Society advertisements on Facebook and other social media applications. We use pixels to track visitors and to serve ads for The Planetary Society. You may be able to opt out of pixels by adjusting your browser’s cookie settings but you can adjust cookie consent options on our website to not accept marketing cookies when you visit from the E.U.
The information collected through these technologies may be combined with personal information or aggregated with other information on website visits. We may share information about your use of our website with our social media, advertising, and analytics partners, who may combine it with other information that you have provided to them or that they have collected from your use of their services.
​
Disclosure of Your Information
​
When the information we collect is aggregated, anonymized, or otherwise does not identify you, we may use that information for any purpose or share it with our trusted marketing providers and third parties to the extent permitted by applicable law.
In addition, we may share information that we collect or that you provide in the following circumstances:
-
With trusted service providers, contractors, and suppliers that we use to support our business under a contractual relationship to assist our programs and operations. For example, we frequently use a vendor to mail information to members in the United States and, in the course of doing so, may share personal information with the vendor necessary to complete the mailing. Likewise, from time to time, we utilize a vendor to run contests or sweepstakes and might share certain personal information regarding the participants with the vendor;
-
With our payment card processor in order to process membership donations, purchases, or other payments;
-
With our with our marketing providers in order to assist us with online advertising and the creation of advertising content;
-
With a buyer or other successor prior to or in the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as a part of bankruptcy, liquidation, or similar proceeding, where the information is among the assets being transferred; and
-
For any other purpose disclosed by us when you provide the information.
We reserve the right to disclose your information as necessary to comply with a subpoena or similar investigative demand, court order, request for cooperation from law enforcement or other governmental agency, to exercise our legal rights, to defend against legal claims, or as otherwise required by law.
​
Your Choices About Collection and Use of Your Information
​
We strive to provide you with choices regarding the personal information you provide to us. As mentioned above, you can manage your subscriptions, opt out receiving subscriptions from us, correct your identity and contact information through our Member and User Center. If you wish to delete your member profile please contact us at privacy@norfolkinstitute.org. In addition, you can opt out of receiving informational or promotional emails from us by clicking the “email preferences” link in any such email you receive from us.
​
You can also choose not to provide us with certain information requested through our website, including our web store, but that may result in you being unable to use certain features of our websites or our applications, request information about products or services, purchase applications and other products, ask questions, or initiate other transactions on our websites.
​
Please note you can always contact us if you would like to correct your personal information or have it removed from our records by emailing us at privacy@norfolkinstitute.org and explaining the personal information which you wish to be deleted, modified, or removed. This is normally a free service, unless this process proves to be unduly difficult and takes more time, or is clearly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or decline to respond. Once we have received your request, we will review it and contact you within 30 days of our receipt of your request, unless your request is complex or you have made a large number of requests, in which case we will notify you of any delay and will, in any event, reply within three (3) months. Please note that all requests are reviewed through the lens of the “Data Storage and Retention” policy contained below in this document.
​
Protection of Your Information
​
We take appropriate administrative, technical, and physical measures to protect your personal information from loss, theft, and unauthorized use, disclosure, or modification. For example, we limit access to personal information to ensure that it is only accessible by relevant staff, volunteers, or contractors. Our online forms are encrypted and our network is protected and routinely monitored. If you use a payment card to join us or make a donation, we pass your payment card information securely to our payment processing partners. We do not store your payment card information for future use.
Please be aware that no data transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot ensure or warranty the security of any information you transmit to us and you do so at your own risk.
​
Further, members are responsible for safeguarding the confidentiality of their account information, including the username and password to access the membership portal and individual member profiles. Please do not to share such account information or passwords with anyone and remember to log out when you are not using our website to prevent unauthorized access.
​
Links to Third-Party Websites
​
Our website contains links to several third-party websites. These websites have separate privacy policies that you should review. While we make efforts to choose the links on our website carefully, we cannot take responsibility for the content of linked websites or those companies’ data-handling practices.
​
International Transfers
​
The Planetary Society is headquartered in the United States and, as a result, information you provide to us will reside on servers in the United States. If your information was collected outside the United States, it may be necessary to transfer your information to the United States for processing in order to provide you with requested products and services. You understand and consent that information you provide may be sent to and processed by us in the United States. The data protection laws in the United States may not be the same as the data protection laws in your home country. Further, in appropriate circumstances, we may use specific contracts approved by the European Commission to protect your personal information. Please contact us at privacy@norfolkinstitute.org if you want further information on the mechanisms used when transferring your personal data out of the country where it was collected.
​
GDPR and EEA Residents’ Rights
​
The E.U.’s General Data Protection Regulation (“GDPR”) is a privacy law that affords certain rights relating to the personal information of individuals in the European Economic Area (“EEA”). Specifically, if you are a resident of the EEA, you may request whether we are processing your personal information, our purposes in doing so, how your personal information was obtained (if you did not provide it to us directly), who it may have been shared with, and how long it will be retained. Further, you have the right to request your personal information be corrected if it is inaccurate and, in certain circumstances, may ask that it be erased and withdraw your consent or object to further processing. Finally, subject to certain limitations, and when feasible, you may request a copy of your personal information or that it be transferred to another entity. You will not typically need to pay a fee for access to your personal information (or to exercise any of the other rights). But we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
​
Additional information on your rights under the General Data Protection Regulation is available from the U.K.’s Information Commissioner’s Office. If you are located in the E.U. and have a concern about our processing of your data, you may have the right to make a complaint to the appropriate data protection authority in the E.U.
​
For the personal information that we collect from you, The Planetary Society acts as a “controller” under the GDPR. As discussed above, we use data for a variety of different purposes. Under the GDPR we are required to have a lawful basis for these types of processing activities. Most of the time, that lawful basis will either be to (1) perform a contractual obligation with you, (2) fulfill legitimate business interests, (3) comply with a legal obligation, or (4) conduct processing to which you have specifically consented.
​
For example, we need to process your personal data in order to register you as a member and provide you with the benefits of membership. In that circumstance, our lawful basis for processing your personal information will be to perform contractual obligations for you when you signed up to be a member. Likewise, it may be necessary to our legitimate business interests of growing and continuing our services for us to use your personal information in order to provide you with information regarding our activities and to solicit future donations.
​
Please note, as indicated previously, your personal information may be transferred to our servers in the United States. We only transfer your personal information with your consent, to perform a contract with or an obligation to you, or to fulfill a compelling legitimate interest that does not outweigh your rights and freedoms. Because the United States has not received an “adequacy finding” from the European Commission, and except as set forth above, the Norfolk Institute may rely on derogations in Article 49 of the GDPR to transfer your information to the United States.
​
Children’s Privacy
​
Our website is a general audience site and is not directed at, or intended for use by, children under the age of 16 years (in the EEA) or 13 years (in the United States). Accordingly, we do not knowingly collect personal information from children under age 16 (in the EEA) or under 13 (in the U.S.). Should we learn that a child under the appropriate age provides his or her personal information, we will use that information only to respond to that child and inform him or her that we must have parental consent before receiving such information.
​
California Online Privacy Protection Act
​
Pursuant to the California Online Privacy Protection Act, all users of our website may make changes to their personal information by logging into their account and navigating to the Member and User Center or by sending an email to privacy@norfolkinstitute.org.
​
Data Storage and Retention
​
We keep your personal information for as long as necessary to fulfill your requests or the purposes for which it was obtained. The criteria used to determine our retention periods include (i) for as long as we have an ongoing relationship with you, (ii) as required by a legal obligation to which we are subject, and (iii) as necessary to comply with legal obligations.
​
Changes to this Privacy Policy
​
Please note that we may change this Policy from time to time. If there are changes to our Privacy Policy, we will post them here and update the “Last Updated” date at the top of this document. Continued use of this website after any changes is deemed to be acceptance of those changes. Accordingly, we encourage you to check the Privacy Policy periodically for updates.
​
How to Contact Us
​
If you have any questions about this Privacy Policy or our information-handling practices, please contact us at:
Norfolk Institute
{update address}
E-mail: privacy@norfolkinstitute.org
Our website address is: http://www.norfolkinstitute.org.
​
​