Effective as of July 27, 2018.                               

This Privacy Notice describes the practices of the Citizens Budget Commission (“Company,” “we,” “us,” or “our”) regarding the collection and use of personal and other information concerning individuals (“user” or “you”).

We describe how we obtain, use, and share information about a user who interacts with our website or services, and what choices a user has concerning the information.  This Privacy Notice covers users’ activities on websites and mobile applications and our interaction with users online or offline, or through social media, such as in communications between users and Company (collectively “Platform”). This information helps us build knowledge and technology to interact with users and others.
 

1. Contact Information

The data controller is:

Citizens Budget Commission
2 Pennsylvania Plaza, Fifth Floor, New York, NY 10021
 

2. Consent

Initial Consent

This Privacy Notice describes what information we collect when an individual (“user” or “you”) uses, receives or has access to our Platform, or interacts with us. We also describe how we use, store and protect that information, how long we retain it, with whom we share it, and the privacy choices available to each user.

By using our Platform, or providing information to us, you consent to our collection and use of your information as described in this Privacy Notice. For European Economic Area (EEA) users, you may have other rights in accordance to the laws of the EEA Member State where you reside.

Changes

This Privacy Notice may be modified to reflect changes to our practices or legal requirements. We will indicate the date when it was last changed. We encourage you to visit this page regularly to be aware of our current terms. If we make any material changes to this Privacy Notice, we will post the updated Privacy Notice here, along with its effective date, and notify users as required by applicable law.

Your continued use of the Platform after we have posted changes to this Privacy Notice on this page in accordance with applicable law, and with a new effective date, will indicate that you agree to be bound by such changes. If you do not agree with such changes, you should cease using the service and delete your information as described below in Section “Accessing and Deleting your Information.” For EEA users, you may have other rights in accordance with the laws of the Member State where you reside.
 

3. Scope

This Privacy Notice describes our practices concerning the information that we collect through our Platform, which includes the following

• Our website(s) located at www.cbcny.org (“Site”);
• The software applications that we make available for use on, or through computers and mobile devices (“Apps”);
• Our blogs and online newsletters (“Blogs”);
• Our social media presence on Facebook, Twitter, LinkedIn, and Vimeo (“Social Medial Pages”)
• Our messages sent using Constant Contact. Their privacy policy may be found at: https://www.constantcontact.com/legal/privacy-statement; and
• Our interaction off-line, such as when you attend an event that we organize or in which we participate.

This Privacy Notice does not address the information practices of any third party, unless as specified otherwise. In particular, the inclusion of a link to a third party’s website or service does not imply endorsement of the third party’s data handling practices, and does not imply that its practices are covered by this Privacy Notice.
 

4. Definitions

“Content” means the information, material, alerts, articles, videos, offers (such as offer to sign up to receive newsletters), and the like that are available from or through the Platform.

“Communications” means the alerts, newsletters, invitations to attend an event or conference, or other Content that we send you, or that we make available to you when you click on an advertisement or a “read more” button, and the events, conferences, seminars, webinars, and other programs that we organize online, offline, or through telecommunication means.

“Platform” means any or all of the Company’s Websites, Blogs, Social Media Pages, Content, and Communications.
 

5. What Information we Collect

To run our Platform and show users relevant content we need to know a little about the user and the user’s interests. We outline what information we collect. However, individuals who reside in the EEA are subject to different rules to accommodate the restrictions in their local data protection law as explained in our “Legal Basis” section.

Information We Collect Automatically

When a user uses or interacts with our Platform, or clicks on a link that directs the user to our Platform, the user’s browser automatically provides, and we automatically collect and store, certain information about the user’s device (computer, tablet, smart phone) and the user’s activities. This includes:

Log Data:

• Preferences and settings: time zone, language, and character size;
• Internet Protocol (IP) address;
• Technical information: type of device, operating system name and version, device manufacturer, browser information (type, version), screen resolution; and
• Connection: Internet service provider (ISP) or mobile carrier name, connection speed and connection type.

Traffic Data:

• URL of the last webpage visited before visiting our services; and URL of the first page the user visits after leaving our services;
• Information about use of the Platform: date stamp, pages viewed, time spent on a page, click through, clickstream data, queries made, search results selected, comments made, search history;
• Information collected through cookies, pixel tags, and other technologies; and
• General geographic location.

Information Provided by a User

When a user interacts with our Platform to become a registered user, register for an event, requests a newsletter or other information, or completes a form or a questionnaire, the user submits certain information. We collect and/or receive information about the user that reveals the user’s specific identity, or is directly tied to the user’s specific identity.  This information includes, depending on our interaction with a user:

• Name;
• Postal address;
• Telephone number;
• Email address, or non-email authentication if using a mobile device;
• Business card information;
• Social media account ID and information shared with us through your social media account;
• The nature of the Communication sent to or received from the user;
• The purpose of the interaction, and the action we took in response to the user’s inquiry;
• Whether the user opened our Communication or ignored it; or
• Any action the user takes upon receipt of such Communication (for example, whether the user registers to attend an event or requests to receive documentation).

Information We Obtain from Third Parties

We obtain information--specifically email addresses, phone numbers, and social media user names-- from public databases and partner organizations in connection with events or publications, or from social media partners to which our Platform is linked.
 

6. How We Collect Information

We (and our service providers) collect information in a variety of ways, such as through the methods identified below:

• From the user’s browser;
• From the user’s use of our mobile application, we track and collect usage data;
• When a user fills out a form on our Platform;
• When a user downloads and uses our mobile applications;
• We collect information through a user’s activities offline in connection with the activities of our organization;
• We obtain certain information through a user’s social media account if it is connected to the user’s account on our Platform;
• Certain information is collected by most browsers or automatically through a user’s device;
• Below is a table of third-party analytic services. It lists the name of the service, the purpose of the service, the data collected, and a link to the service’s privacy policy.

• Cookies and other tracking technologies, as explained below.
   

7. Cookies and Tracking Technologies

Cookies, pixel tags, and other tracking technologies are used on our Platform to ensure that it functions properly and to give users a more personalized experience. Cookies are small text files that are sent to a user’s browser by the website visited or when an email is opened. They are used for numerous different purposes, including to remember a user’s actions and preferences (for example, login data, language, font size, other display settings, etc.), so that the user does not have to configure them again when visiting again the website, or when moving from page to page within a website. Some operations within a website may not be able to be performed without the use of cookies which, in certain cases, are technically necessary for operation of the website. They also contain a unique ID code that allows tracking a user’s browsing activities within a website, for statistical or advertising purposes.

Cookies

Cookies can be “first party cookies” (served by us) or “third parties cookies” (served by others). Our cookies are used to enable users to navigate our Platform and to use its features; to identify unique users and for authorization purposes; for re-login purposes; to collect information about users’ choices and preferences; to collect information about social media usage; and to collect information about how users use our Platform so that we can improve the way it works.

Third Party Cookies

Third Party Cookies are used for functionality, performance, and analytics purposes. These cookies collect and store automatically information about a user’s computer or mobile device and the use of our Platform. This information is used in aggregate form only.

Analytics

We use Google Analytics to collect information that permits evaluation of the Site, analysis of user behavior, and improvement of user experience. The data collected by Google Analytics includes cookies and other technologies to collect data and is used primarily to optimize the Site for visitors. Google shares the data collected through Google Analytics with its affiliated entities. For more information on Google’s Privacy Policies, visit www.google.com/policies/privacy/partners. You can opt-out from the collection of your information by downloading the Google Analytics opt-out browser add-on available at https://tools.google.com/dlpage/gaoptout. The practices of Google and other third party analytics services are subject to the third parties’ privacy policies over which we have no control. We encourage you to read their privacy policies.

Users Located in the EEA

Users located in the EEA have the right to prohibit the use of certain cookies. Technical cookies such as cookies used to allow users to login, and functional cookies, such as those used to remember choices made by a user when accessing the website usually do not require prior consent.  However, cookies used to create profiles on users and to send advertising messages that take into account the preferences revealed by users while browsing websites usually require prior consent from users, although this may vary according to the applicable law.
 

8. Legal Basis for the Processing of Personal Data of Visitors and Members Located in the European Economic Area (EEA)

The grounds on which we rely to process Personal Data of individuals located in the EEA, according to the purposes identified include the following:

9. How We Use Collected Information

Other than as described in this document, we use the information collected from users or their devices for the following purposes:

Device Information

We use information about a user’s computer or device to ensure that our site, apps, and Applied Programming Interface (API) function properly and are optimized for that user’s computer or device. If a user uses one of our mobile applications, we use the user’s device ID to recognize the user when the user uses the application and to store the user’s preferences and settings. In the case of IP address, we use the IP address to derive approximate location of each user, to calculate usage levels, diagnose server problems, and in general to administer the Service.

Business

We use information about a user in connection with the operation of our Services, to:

• Send administrative information to the user;
• Remember the user’s preference, such as language or font size, when using our Websites;
• Remember the user’s interests, such as the type of events attended;
• Personalize the user’s online experience;
• Administer our Platform, diagnose technical problems, and otherwise manage our business;
• Facilitate the user’s use of the Platform;
• Allow the user to navigate or browse through our Platform quickly and efficiently;
• Provide the products or services requested by the user;
• Respond to the user’s inquiries and fulfill the user’s requests, comments, or questions;
• Complete and fulfill a transaction with the user;
• Personalize the user’s experience by presenting content that is tailored to that specific user based on what we know about that user; 
• Keep records of contact information and correspondence;
• Provide services, such as registration for events;
• Allow the user to send Content to a friend through the Platform;
• Improve the user’s experience, such as by personalizing Content to the user’s preferences or interests or to expedite the processing and completion of a transaction;
• Communicate with the user about our activities, upcoming events, or actions a user can take;
• Allow the user to participate in events and administer these activities. Some of these activities have additional rules, which could contain additional information about how we use and disclose information about users. We recommend that you read these rules carefully;
• Facilitate social sharing functionality, such as sharing content, through social media Platforms, e.g., Facebook and/or Twitter;
• Send marketing information, market research surveys, invitations to events or conferences, webinars, and other events that may be of interest to the user in accordance with the user’s preferences or apparent interests; and
• To allow the user to send email messages to others, such as to share content. By using this feature, you guarantee that you have the right to use and provide us the names and email addresses you submit.

Statistics and Security

We use user information to perform data analysis, audits, security and fraud monitoring and prevention; to enhance, improve, or modify our Platform; to identify usage trends; to determine the effectiveness of our promotional campaigns; or to operate or expand our business activities. We use IP Addresses for administration and security purposes, such as calculating usage levels of our Platform, diagnosing server problems, and detecting fraud and spam behavior.
 

10. Who Receives User Information

We share - or may be required to share - information with third parties.

Service Providers

We share information with our service providers, suppliers, subcontractors, and similar third parties who provide services to us, or act on our behalf so that they can assist us with the provision, upkeep, and maintenance of the Services, advertising, media, website hosting, data analytics, information technology and infrastructure, order fulfillment (such as for the organization of events and webinars), email delivery, or auditing and other related activities.

Links to Third Party Sites or Services

The Platform contains links (for example, to view an article) or social networking buttons (for example, Facebook or Twitter) to other websites or services that are not owned, operated, or controlled by Company. We have no control over and are not responsible for the data collection and/or handling practices of such other websites or applications. The display on the Platform of a link to a third party’s website or app does not imply our endorsement. You should review their privacy policies before providing personal data to these sites.

Webinars and Events

Some of our webinars or events are organized and hosted through a service provider, or in cooperation with unaffiliated organizations. These entities require attendees to these events to provide information such as name, email address, and/or phone number. We cannot control their collection or use of information. We encourage you to read the privacy statements of these third parties because they control how such entities handle the information that you provide at the time of registration.

Social Media Networks

The Platform includes links to third party websites and social media networks where a user can post comments, reviews, or other information. The use of these third-party websites and social media networks may result in the collection and sharing of information about a user with these third-party websites and social media networks. Examples of uses of social media include: disseminating information, publicizing research reports, and advocating for policy proposals.

Please note that any information that is posted or disclosed through social media services may be available to us or to other users of that service or the public. We recommend caution when using these features. You should review their privacy policies before providing personal data to these sites.

Administrative Purposes

We share information about users with third parties for the following purposes. Following disclosure to any third party, the user information so disclosed may be accessible by others to the extent permitted by law.

• Suppliers, subcontractors, and business partners (“service providers”): We share information with our service providers who process information to provide services to us or on our behalf. We have contracts with them that prohibit them from sharing user information with anyone else or from using such information for other purposes.
• Payment Processing: Credit card information is processed by a payment processing company. If you participate in an event or make any payment to us, our payment processing provider will store on our behalf your full name and credit card details needed to complete the payment.
• Fraud Prevention: We disclose information when we believe disclosure is necessary to investigate, prevent, or respond to suspected illegal or fraudulent activity or to protect the safety, rights, or property of Company, users, or others.
• Protection of Legal Rights: When we believe, in our sole discretion, that (a) we are required to do so by law or in response to a subpoena or court order; (b) a user has abused the Platform to attack or to gain unauthorized access to any system, engage in spamming, denial of service attacks, or similar attack; (c) to exercise or protect legal rights or defend against legal claims; to allow us to pursue available remedies or limit the damages that we sustain.
• Law Enforcement: We disclose user information when we believe it is necessary or appropriate under applicable laws, if law enforcement authorities, courts, or regulators, or other public or government authorities with appropriate jurisdiction–including public and government authorities in a user’s country of residence–requests that we provide that user’s information, and such request is made using the method required by law in the applicable jurisdiction, such as a search warrant, subpoena, or a court order, and we believe that such request is facially valid;
• Corporate Reorganization: We transfer user’s information to a third party in case of the reorganization, sale, merger, joint venture, assignment, transfer or other disposition of all or any portion of our business, asset or stocks, including in the event of bankruptcy or corporate restructuring. Except as otherwise provided by a bankruptcy or other court, the use and disclosure of all transferred user information will be subject to the policies described in this Privacy Notice. Any information that a user submits or that is collected after that transfer may be subject to a new privacy policy adopted by the successor entity.
• Other Analytics: We use automated devices and applications, such as Google Analytics, to evaluate use of our Platform. Analytics service providers use cookies and other tracking technologies to perform their services.
• Aggregate or Statistical Information: We generate and use aggregated or statistical information about the use of our Platform. We provide this information to third parties such as our Affiliates, advisers, or consultants for research, analytical, or strategic purposes.

11. Your Privacy Choices

Users have numerous other choices regarding information pertaining to them.

Cookies

You may choose to block our Platform and other sites from setting certain categories of cookies in the future. If you choose to do so, you should know that some parts of our website may not work.  You may wish to refer to http://www.allaboutcookies.org/browsers/index.html for information on commonly used browsers.

Please note that blocking or disabling certain cookies may interfere with certain functionalities of some parts of our Platform. Further, while disabling a cookie may prevent the collection of information in the future, it does not prevent the use of information collected before the cookie was disabled.

Social Media

You can edit or remove the permissions you have granted us to use information from your social media accounts by using the application privacy settings on your social media account.

Electronic Communications

You can unsubscribe from the receipt of future commercial electronic communications from us by clicking on the “unsubscribe link” provided in such communications.  However, you may not opt out of service related communications (e.g., account verification, technical, and security notices).
 

12. Security; Data Retention

We seek to use reasonable technical, organizational, and administrative measures to protect user information within in our control against unauthorized or unlawful access or processing, and against accidental loss, destruction, or damage. We believe that these measures are reasonably adapted to the nature of the information in our custody.

We limit access to our users’ information to only those employees and third parties who reasonably need access to it to perform the activities attached to their job responsibilities.

We take reasonable steps to ensure that all data we process is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use it. However, no data transmission over the Internet, and no security system or storage system can be guaranteed to be 100% effective or secure. Thus, we cannot guarantee the security of any information we have collected or received from or about users.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), or if you suspect someone else is using your account, please let us know immediately by contacting us as indicated in the “How to Contact Us” section.

We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required by law.

13. Right of Individuals Located in the European Economic Area

The EU General Data Protection Regulation (GDPR) grants individuals who are in the European Union and European Economic Area (EU/EEA) the following rights, with some limitations.  Users may contact us, at the address provided in the “How to Contact Us” section below, to exercise any of those rights, and we will respond with the requested action or information, or will let you know why that right does not apply to you.

Right Not to Provide Consent or to Withdraw Consent

We rely on your consent in order to process certain personal data. Where we do so, you have the right not to provide your consent and the right to withdraw your consent at any time.  If you withdraw your consent, this will not affect the lawfulness of the processing conducted based on consent before its withdrawal.

Right of Access

You have the right to obtain confirmation as to whether or not we collect or process personal data concerning you and, if this is the case, you have the right to request a copy of such personal data in digital format.

Right of Rectification

You have the right to require that we correct any inaccurate personal data concerning you, and that we complete incomplete personal data.

Right of Erasure

In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes for which it was originally collected.

Right to Restrict Processing

In certain circumstances, you have the right to request that we restrict the processing of the personal data that we have collected about you; for example, where you believe that the personal data that we hold about you is not accurate or lawfully held.

Right to Data Portability

In certain circumstances, you have the right to receive the personal data concerning you that you have provided us in a structured, commonly used, machine readable format, and the right to obtain that we transmit the data to another entity where technically feasible.

Right to Object to Processing

In certain circumstances, you have the right to request that we stop processing your personal data.

Right to Object to Processing for Direct Marketing Purposes

You have the right to request that we stop sending you marketing communications.

Right Not to be Subject to Decisions Based Solely on Automated Processing that Produce Legal Effects

In certain circumstances, you have the right not to be subject to a decision based solely on automated processing - including profiling - that produces legal effects or similarly affects you.

Right to Complain to a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of personal data relating to you infringes the GDPR.
 

14. Children and Minors

Our Platform is not directed to children under 13. We do not knowingly collect any personal information from children under 13. If we become aware that an individual submitting information is under 13, we will attempt to delete the information as soon as possible.
 

15. How to Contact Us

If you have any questions, concerns or comments about how your data is collected or used, or about this Notice, please contact us at [email protected].   

Please note that email communications are not always secure; so please do not include credit card information or sensitive information in your emails to us.