Last updated: April 26, 2024
Our Privacy Policy
Welcome to the namati.org website (the “Site”) operated by Namati, Inc., a Delaware corporation (“Namati”, “we”, “us” or “our”). We share your concern about the protection of your personal information online.
This privacy policy (“Policy”) describes how we maintain the privacy of the personal information we collect online in connection with the Site. Our processing of personal data of people who are in the EEA is governed by EU General Data Protection Regulation 2016/679 (EU GDPR) and for those who are in the United Kingdom by the UK version of the EU GDPR (UK GDPR) and by the UK Data Protection Act 2018. Namati is the data controller for this website and for our contact information , see the section in our general Privacy Statement headed “Your Rights under the Policy”.
When the Policy Applies
This Policy describes our privacy practices and sets out your obligations and ours with respect to your use of the Site. This Policy applies only to the Site and does not necessarily apply to our offline collection of information.
By using the Site, you agree to abide by the terms of this Policy and the terms of use (the “Terms”) and you consent to our using any information that you provide to us or that we collect, in accordance with the terms of use and the terms and conditions of this policy. If you do not agree to this policy and the terms, do not use the site.
Information We Collect and Track
Namati may collect and retain two types of information about Site visitors: (i) personal information that individual visitors voluntarily provide when interacting on the Site or on certain other occasions (such as via forms or in emails); and (ii) tracking data, which is data that is automatically collected from every Site visitor as they use and browse the site.
Information that You Submit
We may, from time to time, store and archive the information you submit to or through the Site. The information that we gather may include your name, title and address, telephone number, email address, credit card number or other elements of personal information. In addition, if you contact us, we may keep a record of your correspondence, including any information contained therein.
You may decline to provide any personal information, but please realize that you thereby may be unable to register or to participate in activities or services offered on the Site.
Information that We Collect
In addition to the information you submit to or through the Site, we also may collect and store data from and about you gathered in the course of your use of the Site. We call this “tracking data.”
Such tracking data may include, but is not limited to, information regarding the number and frequency of visits to the Site, the websites that you access before and after you visit the Site, the software and operating system used to access the Site and your IP address and Internet service provider.
How We Use Your Information
The information that you provide to us and that we may collect in the future is used for our legitimate interests and the purpose for which you provided it only, subject to the terms of this Policy and the Terms.
Our use of your Information involves various forms of communication with you, including:
- responding to your requests or correspondence;
- contacting you about the Site;
- requesting your input regarding ways in which we might improve the Site;
- informing you about Namati’s activities, events and fundraising efforts in which we hope you may be interested;
- contacting you about legal requests, such as a request to remove content that infringes on copyright laws.
Third Parties and Your Information
We will not disclose any personal information to third parties, except:
- to parties who perform a service for us, such as sending you mail or email, web hosting, credit card processing and other similar services;
- to donors who enquire about potential grantees;
- when you have requested or authorized the disclosure of such information;
- when we believe that such disclosure is required by law;
- to enforce this Policy or the Terms;
- to protect the rights, property, security or safety of Namati, Site users or the public;
- to respond to an emergency; or
- as otherwise stated in this Policy.
Information provided to third parties is limited to the information needed to perform their functions. We seek to limit third-party use of information and our service providers have entered into contracts with us that restrict what they can do with your personal information. If you would like specific information about our service providers who have received your information, please contact us at privacy@namati.org and we will provide that information to you.
We retain the right to transfer or assign all information pursuant to a merger, purchase or other transaction relating to Namati or our assets.
The current list of third party service providers we use include:
| COOKIE NAME | PROVIDER | CATEGORY | DESCRIPTION |
|---|---|---|---|
| YSC | youtube.com | functionality | Registers a unique ID to keep statistics of what videos from YouTube the user has seen. |
| VISITOR_INFO1_LIVE | youtube.com | advertisement | Tries to estimate the users' bandwidth on pages with integrated YouTube videos. |
| vuid | vimeo.com | analytics | This first party cookie created by Vimeo is used to assign a Vimeo Analytics unique id. |
| __cf_bm | piano.io | necessary | Cloud flare's bot products identify and mitigate automated traffic to protect your site from bad bots. Cloudflare places the __cf_bm cookie on End User devices that access Customer sites that are protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for the proper functioning of these bot solutions. |
| _GRECAPTCHA | google.com | necessary | Google reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis. |
| __cf_bm | grassrootsjusticenetwork.org | necessary | Cloud flare's bot products identify and mitigate automated traffic to protect your site from bad bots. Cloudflare places the __cf_bm cookie on End User devices that access Customer sites that are protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for the proper functioning of these bot solutions. |
| UID | scorecardresearch.com | ||
| ar_debug | google-analytics.com | ||
| visitor-id | media.net | ||
| data-xu | media.net | necessary | |
| data-co | media.net | necessary | |
| data-c-ts | media.net | necessary | |
| tuuid_lu | bidswitch.net | necessary | Contains a unique visitor ID, which allows Bidswitch.com to track the visitor across multiple websites. This allows Bidswitch to optimize advertisement relevance and ensure that the visitor does not see the same ads multiple times. |
| bitoIsSecure | bidr.io | necessary | |
| ASDT | intentiq.com | necessary | |
| data-o | media.net | necessary | |
| g | creativecdn.com | necessary | |
| _ljtrtb_80 | lijit.com | necessary | |
| DotomiTest | dotomi.com | necessary | |
| zuid | zemanta.com | necessary | |
| data-bs | media.net | necessary | |
| tuuid | mfadsrvr.com | necessary | Unique value to identify individual users. |
| csuuid | primis.tech | necessary | |
| TapAd_DID | tapad.com | necessary | Used to determine what type of devices (smartphones, tablets, computers, TVs etc.) is used by a user. |
| e73cb503c667a00a955f7130d123d6bd | cern.ch | necessary | |
| audit | rubiconproject.com | necessary | |
| A3 | yahoo.com | necessary | Ads targeting cookie for Yahoo |
| receive-cookie-deprecation | adnxs.com | necessary | |
| ssh | mfadsrvr.com | necessary | |
| intentIQ | intentiq.com | necessary | |
| IQver | intentiq.com | necessary | |
| m | stripe.com | necessary | |
| ljt_reader | lijit.com | necessary | Collects data related to reader interests, context, demographics and other information on behalf of the Lijit platform with the purpose of finding interested users on websites with related content. |
| data-ze | media.net | necessary | |
| TapAd_3WAY_SYNCS | tapad.com | necessary | Pending |
| bito | bidr.io | necessary | |
| tuuid_lu | mfadsrvr.com | necessary | Contains a unique visitor ID, which allows Bidswitch.com to track the visitor across multiple websites. This allows Bidswitch to optimize advertisement relevance and ensure that the visitor does not see the same ads multiple times. |
| tuuid | bidswitch.net | necessary | Unique value to identify individual users. |
| data-r | media.net | necessary | |
| CSDT | intentiq.com | necessary | |
| data-mf | media.net | necessary | |
| ruds | rfihub.com | necessary | |
| khaos | rubiconproject.com | necessary | |
| rud | rfihub.com | necessary | |
| TDID | adsrvr.org | necessary | Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads. |
| matchmedianet | w55c.net | necessary | |
| receive-cookie-deprecation | rubiconproject.com | necessary | |
| c | bidswitch.net | necessary | |
| ts | creativecdn.com | necessary | |
| data-ttd | media.net | necessary | |
| TDCPM | adsrvr.org | necessary | Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads. |
| data-c | media.net | necessary | |
| ad-id | amazon-adsystem.com | necessary | Used for targeted advertising |
| IQPData | intentiq.com | necessary | |
| c | mfadsrvr.com | necessary | |
| TapAd_TS | tapad.com | necessary | Used to determine what type of devices (smartphones, tablets, computers, TVs etc.) is used by a user. |
| ad-privacy | amazon-adsystem.com | necessary | Used for targeted advertising |
| cu | ipredictive.com | necessary | |
| intentIQCDate | intentiq.com | necessary | |
| wfivefivec | w55c.net | necessary | |
| visitor-id | yahoo.net | necessary | |
| UserMatchHistory | linkedin.com | advertisement | These cookies are set by LinkedIn for advertising purposes, including: tracking visitors so that more relevant ads can be presented, allowing users to use the 'Apply with LinkedIn' or the 'Sign-in with LinkedIn' functions, collecting information about how visitors use the site, etc. |
| NID | google.com | necessary | This cookies is used to collect website statistics and track conversion rates and Google ad personalisation |
| _ga_W3R156NSLL | namati.org | analytics | Used to persist session state |
| __hssrc | namati.org | analytics | Used to determine if a session is a new session |
| __hs_cookie_cat_pref | namati.org | necessary | The HubSpot Cookie Banner's consent preferences cookie. |
| lidc | linkedin.com | advertisement | Used by the social networking service, LinkedIn, for tracking the use of embedded services. |
| bcookie | linkedin.com | advertisement | Used by LinkedIn to track the use of embedded services. |
| data-mag | yahoo.net | necessary | |
| data-rbh | media.net | necessary | |
| am-uid | admixer.net | necessary | This cookie is used to identify the visitor and optimize ad-relevance by collecting visitor data from multiple websites – this exchange of visitor data is normally provided by a third-party data-center or ad-exchange. |
| IDE | doubleclick.net | advertisement | This cookie is used for targeting, analyzing and optimisation of ad campaigns in DoubleClick/Google Marketing Suite |
| __cf_bm | hsforms.com | necessary | Cloud flare's bot products identify and mitigate automated traffic to protect your site from bad bots. Cloudflare places the __cf_bm cookie on End User devices that access Customer sites that are protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for the proper functioning of these bot solutions. |
| __hstc | namati.org | analytics | Analytics tracking cookie |
| XID | scorecardresearch.com | ||
| VISITOR_PRIVACY_METADATA | youtube.com | ||
| __cf_bm | namati.org | necessary | Cloud flare's bot products identify and mitigate automated traffic to protect your site from bad bots. Cloudflare places the __cf_bm cookie on End User devices that access Customer sites that are protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for the proper functioning of these bot solutions. |
| PID | scorecardresearch.com | ||
| test_cookie | doubleclick.net | functionality | This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor's browser supports cookies. |
| _ga | namati.org | analytics | ID used to identify users |
| hubspotutk | namati.org | analytics | Contains visitor's identity |
| _cfuvid | vimeo.com | necessary | This cookie is used to apply rate limits to traffic. It allows the Cloudflare WAF to distinguish individual users who share the same IP address. |
| AnalyticsSyncHistory | linkedin.com | functionality | Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries |
| _gcl_au | namati.org | advertisement | Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. |
| __hssc | namati.org | analytics | Analytics session cookie |
| USER_ID | cpmstar.com | necessary | |
| __cf_bm | vimeo.com | necessary | Cloud flare's bot products identify and mitigate automated traffic to protect your site from bad bots. Cloudflare places the __cf_bm cookie on End User devices that access Customer sites that are protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for the proper functioning of these bot solutions. |
| li_sugr | linkedin.com | analytics | Used to make a probabilistic match of a user's identity outside the Designated Countries |
| __hs_do_not_track | namati.org | necessary | Prevents the tracking code from sending any information to HubSpot |
| bscookie | linkedin.com | advertisement | Used by LinkedIn to track the use of embedded services. |
How Long Your Information is Stored
Personal information you submit via your member account, other than information provided or content posted by you to public areas of the Site as described below, is deleted from Namati’s records following the deletion of your account. However, such information may continue to be retained by third-party service providers to which it has been disclosed for one of the reasons listed above. Any financial records will be kept in accordance with Namati’s data retention policy.
Where Your Information is Stored
Your Information is stored on Digital Ocean servers in New York, USA. When you provide personal information to us, we request your consent to transfer that personal information to the USA. The USA does not have an adequacy decision from the European Commission, which means that the Commission has not determined that the laws of the USA provide adequate protection for personal information. Although the laws of the USA do not provide legal protection that is equivalent to the EU GDPR, we safeguard your personal information by treating it in accordance with this Policy. We take appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. We use secure transmission methods to collect personal data through our website. We also enter into contracts with our data processors that require them to treat personal information in a manner that is consistent with this Policy.
How Your Information is Protected
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Other Communications
From time to time, we may email users of the Site information regarding important developments affecting Namati. We may also email users on occasion regarding the Site. Such emails may be sent to users of the Site if they have given their consent previously or if they have requested information from us or acquired goods or services from us in the past and have not opted out of receiving marketing communications. You can ask us to stop sending you marketing messages at any time by (i) by following the opt-out links on any marketing email sent to you; or (ii) by contacting us at any time.
Referrals
If a user elects to use our referral service to inform a friend about the Site, we request the name and email address of the friend. Namati will automatically send the friend a one-time email inviting the friend to visit the Site. Namati stores this information for the sole purpose of sending this one-time email, and, while a third-party mail service provider may retain the information in its database, no additional emails will be sent by Namati without further action by the friend.
Links to Third-Party Websites
The Site may contain links to websites owned and operated by other parties. We are not responsible for and have no control over the privacy policies of those sites. We encourage you to review the privacy policies and terms of use of those sites prior to providing them with any information.
Cookies
Namati uses cookies. Cookies are small pieces of information that a website transfers to your computer’s hard drive for record-keeping purposes and may have unique identifiers and transmit information about you and how you use the Site. Such information may include your search preferences, your browser type and the date and time of use. If you choose, you can disable some (but not all) Cookies in your device or browser settings, but doing so may affect your ability to use the Site.
Namati does permit several non-advertising third parties to set third-party cookies in order to enhance Site functionality. These third parties may include, but are not limited to: Facebook, Google, and Vimeo. For more information on the cookies that these third parties set, users are encouraged to consult the privacy policies and terms of use of these third parties.
Children
Namati is concerned about the privacy protection of children who access the Internet and this website is not intended for children and we do not knowingly collect data relating to children. Accordingly, the Site are not intended for use by anyone under the age of 16, and we do not knowingly collect information from anyone under 16 years of age without the consent of a parent or guardian.
Compliance with Laws
We reserve the right to disclose any information to comply with any law, regulation, decree, judgment, order, subpoena or any other governmental order (“Order”) without any obligation to contest or verify the accuracy of such Order.
Applicable Laws
This Policy will be governed by and construed in accordance with the laws of the State of New York, without regard to any principles of conflicts of law. You agree that any action at law or in equity that arises out of or relates to any use of the Site may be filed:
- if you reside in the EEA, in the courts of the EEA Member State in which you are a resident
- if you reside in the United Kingdom, in the courts of the United Kingdom
The section titles in this Policy are for convenience only and have no legal or contractual effect. The Siteand any third-party services they use, may be subject to additional terms and conditions regarding privacy and use of information. Your use of the Site is subject to those terms and conditions, which are incorporated into this Policy by reference. In the event of an inconsistency between this Policy and any additional posted conditions, the provisions of the additional conditions shall control.
Changes to the Policy
We may need to change the Policy from time to time in order to address new issues and to reflect changes on the Site or in the law. We reserve the right to revise or make any changes to the Policy, and your continued use of the Site subsequent to any changes to this Policy will mean that you agree to and accept such changes. You can tell if the Policy has been updated by checking the last revised date posted on the top of this page. Historic versions can be obtained by contacting us at privacy@namati.org
Your Rights Under the Policy
You can also access, remove, update or correct your information, and raise any questions or concerns regarding the Site or the Policy, by emailing privacy@namati.org, or mailing:
Namati Data Protection Officer 1616 P Street NW, Suite 101 Washington, DC 20036, USA
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Your Legal Rights
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it has an impact on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you live in an EEA Member State, all of which have adopted the EU GDPR and national , you have a right to lodge a complaint with your relevant supervisory authority about this policy and its application. The European Commission has a list of EU national data protection authorities here:
http://ec.europa.eu/justice/article-29/structure/dataprotectionauthorities/index_en.htm
If you live in the United Kingdom, you have a right to lodge a complaint with your relevant supervisory authority, the ICO, about this policy and its application:
https://ico.org.uk/make-a-complaint/