Effective Date: November 14, 2023.
Some regions provide additional rights by law, as described below:
- European Economic Area, Switzerland, United Kingdom and other Jurisdictions outside the United States
For our contact details, see the Contact Us section below.
2. How We Collect Information.
We collect information about you in a variety of contexts, as described below.
Information You Provide through the Service.
When you use the Service, you may be asked to provide information to us, such as when you contact us or make a donation. The categories of information we collect include:
- Contact identifiers, including your name, email address, phone number, and postal address.
- Donation information, including the amount of your donation to the fund.
- Payment information, including your payment instrument number (such as a credit or debit card number), expiration date, and security code as necessary to process your payments. This information is processed by our third-party payment processors.
- Content, including the content within any messages you send to us.
Please do not provide any information that we do not request.
Information from Your Browser or Device.
When you use the Service, we and third parties we work with, automatically collect information from your browser or device. The categories of information we automatically collect include:
- Device identifiers, including your device’s IP address.
- Device information, including your device’s operating software and browser (e.g., type, version, and configuration), internet service provider, and regional and language settings.
- Internet activity, including information about your browsing history and interactions, such as the features you use, pages you visit, content you view, time of day you browse, and referring and exiting pages.
- Non-precise location data, such as location derived from an IP address or data that indicates a city or postal code level.
This information is automatically collected through cookies and other tracking technologies incorporated into our Service, as described below:
For details on your choices around cookies and other tracking technologies, see the Your Privacy Choices section below.
To the extent any of the categories of information we collect are sensitive categories of information under applicable law, we process such information only for the limited purposes permitted by applicable law. We do not sell or use sensitive categories of information for purposes of targeted advertising or to make inferences.
3. How We Use Information.
- Providing services. We use information to provide services to you, including to operate the Service and provide support.
- Personalizing your experience. We may use information to personalize your experience and show you content we believe you will find interesting.
- Communications. We use information to communicate with you about updates, security alerts, changes to policies, and other transactional messages. Communications may be by email.
- Analytics. We use information to understand trends, usage, and activities, for example through surveys you respond to and tracking technologies that we incorporate into the Service (such as Google Analytics). We also use information for research and development purposes, including to improve our services and make business decisions.
- Security and enforcement. We use information to prevent, detect, investigate, and address fraud, breach of policies or terms, or other actual or potential threats or harm.
- At your direction or with your consent. We use information for additional purposes where you direct us to use it in a certain way or with notice to you and your consent.
Sometimes we aggregate or de-identify information so it is no longer considered personal information. We may use non-personal information for any purpose to the extent permitted by applicable law. For details on your choices around use of your information, see the Your Privacy Choices section below.
4. How We Disclose Information.
- Service providers. Many of the third parties we work with are service providers that collect and process information on our behalf. Service providers perform services for us such as payment processing, data analytics, website hosting, and technical support. To the extent required by law, we contractually prohibit our service providers from processing information they collect on our behalf for purposes other than performing services for us, although we may permit them to use non-personal information for any purpose to the extent permitted by applicable law.
- Recipients in a merger or acquisition. We disclose information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale, or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
- Recipients for security and enforcement. We disclose information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also disclose information to protect the rights, property, life, health, security and safety of us, the Service and other individuals.
- Recipients at your direction or with your consent. We disclose information where you direct us to or with notice to you and your consent.
Sometimes we aggregate or de-identify information so it is no longer considered personal information. We may disclose non-personal information for any purpose to the extent permitted by applicable law. For details on your choices around disclosure of your information, see the Your Privacy Choices section below.
5. Third Parties.
6. Your Privacy Choices.
We provide a variety of ways for you to exercise choice, as described below.
Data subject requests.
To access, correct, delete, or exercise similar rights available to you depending on your region with respect to your information, please submit a request through our form here or contact firstname.lastname@example.org, or call our toll-free number at 1-800-NYTIMES.
In some jurisdictions, you can designate an authorized agent to make a request on your behalf. In order to do that, please provide the agent with written permission, signed by you, authorizing the agent to submit the request on your behalf. The agent must submit that written permission along with the request. We will contact you to verify your identity — and the authorized agent’s permission — before a response to the request is sent.
We’ll respond to your request in a manner consistent with applicable law, including any exceptions that may result in a request being denied in whole or in part. For example, we might need to keep certain information for record keeping purposes, or to complete a transaction you began prior to requesting a change or deletion.
Emails. You can unsubscribe from emails from Communities Fund by following the instructions near the bottom of the email. You can also email us at email@example.com. Please note that you cannot opt out of transactional messages. Your opt-out is limited to the email address used and will not affect subsequent subscriptions.
Browser and Device Controls.
- Cookies and pixels. You may be able to manage cookies through your browser settings. When you manage cookies, pixels associated with such cookies may also be impacted. Please note that cookie management only applies to our website. If you use multiple browsers, you will need to instruct each browser separately. If you delete or reset your cookies, you will need to reconfigure your settings. Your ability to limit cookies is subject to your browser settings and limitations.
- Preference signals. Your browser or extension may allow you to automatically transmit Do Not Track and other preference signals. Except as required by law, we do not respond to preference signals.
- Third party opt-out tools. Some third parties we work with offer their own opt-out tools related to information collected through cookies and pixels. To opt out of your information being used by Google Analytics, please visit https://tools.google.com/dlpage/gaoptout. We are not responsible for the effectiveness of any third party opt-out tools.
The Service is not directed toward children under 16 years old, and we do not knowingly collect personal information from children. If you are a parent or guardian and believe we have collected personal information from children, please contact us as set out in the Contact Us section below. We will delete the personal information in accordance with applicable law.
8. Data Security.
We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you.
We retain information for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
10. International Transfer.
We are based in the U.S. If you are located outside the U.S., please be aware that your information may be transferred to and processed in the U.S. or another country where we operate. Where required by applicable law, we will provide appropriate safeguards for data transfers, such as transferring your personal information to countries that have been recognized by your jurisdiction as providing an adequate level of data protection or through the use ofstandard contractual clauses.
12. Contact Us.
By email: firstname.lastname@example.org
By mail: The New York Times Communities Fund, 620 Eighth Ave., New York, NY 10018, Attn: Privacy Counsel
We can also be reached by phone at 1-800-NYTIMES (see a list of our local telephone numbers outside the United States).
To exercise choice, use the methods described in the Your Privacy Choices section above or your region-specific terms below.
These additional rights and disclosures apply only to residents of Colorado. Terms have the meaning ascribed to them in the Colorado Privacy Act (“CPA”).
Data Subject Requests.
You may have the following rights under applicable law:
• To confirm whether or not we are processing your personal data
• To access your personal data
• To correct inaccuracies in your personal data
• To delete your personal data
• To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format
To exercise any of these rights, please follow the instructions for data subject requests in the Your Privacy Choices section above. Please note these rights are subject to exceptions. We will respond to your request within 45 days. We may require specific information from you to help us confirm your identity and process your request. If we are unable to verify your identity, we may deny your request. We do not process personal data for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.
You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.
If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at email@example.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Colorado AG at https://coag.gov/file-complaint/.
14. European Economic Area, Switzerland, United Kingdom and other Jurisdictions outside the United States
These additional disclosures and rights apply only to individuals located in jurisdictions outside the United States, such as the European Economic Area, Switzerland, and the United Kingdom.Terms have the meaning ascribed to them in applicable data protection laws in relevant jurisdictions.
Lawful Basis for Processing.
Data protection laws in some jurisdictions, like the European Economic Area, Switzerland, and the United Kingdom, require a “lawful basis” for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers or partners; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; (d) processing is necessary for the purposes of the legitimate interests pursued by usor a third party, and your interests and fundamental rights and freedoms do not override thoseinterests (for example, to ensure our networks and information are secure, to detect and prevent fraud, and to administer and generally conduct business); or (c) in certain cases, with your consent. Where applicable, we will transfer your personal data to third countries subject to appropriate or suitable safeguards, such as standard contractual clauses.
Data Subject Requests.
Depending on the data protection laws of your jurisdiction, you have the right to access, rectify, or erase any personal data we have collected about you. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than the purpose for which it was originally collected or subsequently authorized by you. Where data processing is based on consent, you may withdraw your consent at any time for any data processing we do based on consent you have provided to us.
To exercise any of these rights, please follow the instructions for data subject requests in the Your Privacy Choices section above or write us at the email address or postal address above specifying your request. We will respond to your request within 30 days. We may require specific information from you to help us confirm your identity and process your request. For details on our retention practices for personal data, see the Retention section above.
You also have the right to lodge a complaint with the data protection regulator in your jurisdiction. A list of E.U. data protection authorities is available. But we encourage you to first contact us with any questions or concerns.
In some jurisdictions, you may appeal to us if we refuse to take action on your exercise of certain choices described above. In order to appeal such a refusal, please contact us at firstname.lastname@example.org using the subject line “Appeal of Refusal to Take Action on Privacy Request” and provide the relevant information in the email.