Privacy

CDT has worked hard to bring you an informative, user-friendly, and privacy-sensitive website. We have designed this Privacy Policy to explain how your information is collected and used when you visit this website

CDT has a few key guidelines for how we collect, use, and retain data about visitors to the CDT website:

  • All communications between a user and the CDT website will be performed over an encrypted connection (Secure Socket Layer/Transport Layer Security) to greatly reduce the risk of interception.

  • CDT’s web server software, Apache, collects and stores log file data (described below in “What are log files?”) for up to 30 days for site maintenance and to detect and investigate attacks. We also collect device-level analytics data (described below in “What does CDT collect for analytics?”) to help us understand overall trends regarding what content is popular and how visitors navigate and interact with our site. CDT does not use this information for advertising or to otherwise personalize your experience on our site. We do not use log file-based or device-level analytics information in disaggregated form, except for the limited purposes of site maintenance and security.

  • CDT does not use cookies or similar client-stored objects to track you on or off of our site. We also do not allow third-party cookies (cookies from companies and organizations other than CDT) to be placed on your computer unless you take a direct action to engage with a third-party tool on our site. However, if you opt out of our use of analytics, CDT will place a cookie on your computer that instructs our analytics program not to collect data about you.

  • With very limited exceptions (as described below), CDT does not sell, rent, exchange, or otherwise disclose information about site visitors or people on our mailing lists to third parties.

This Privacy Policy covers CDT’s main website at cdt.org, as well as other CDT-created or CDT-maintained sites that link directly to this Policy. Those other sites may also provide supplemental information in a site-specific policy.

How does CDT automatically collect information when you visit our website?

CDT’s web server generates and retains log files that record information about visitors that connect to our site. We also use an analytics program called Piwik to collect similar data.

What are log files?

Apache, our web server software, generates log files — text files that record one line of data each time a browser request is made. For example, a line of data elements (described in detail below) is added to the end of a log file each time a page is viewed or an element on the page is clicked. All log files are automatically deleted after 28 days unless we believe that we need to retain them for longer in order to investigate or report a bug or malicious attack.

CDT logs the following information from users who visit our site:

  • Internet Protocol (IP) address: The address of your computer on the Internet. Your IP address gets transmitted whenever you communicate online or surf the Web so that the content you are looking at and the people you are talking to can find your computer on the network in order to respond to you.

  • The time and date the browser requested the URL of the page.

  • URL of the page that directed (referrer) you to our site: If you arrive at our website through a link on another website (a blog, newspaper article, or search engine, for example) our web server will record the address of the web page that referred you to our site. If you arrive at our website by clicking on a search result returned by a search engine, our server will record the search terms that you used when that information is available. However, for search engines that offer encryption (such as Google.com’s organic search results), we do not receive the search terms that you used.

  • The web pages within our site: The specific web pages you visit within our site, including the first page you visit (the entry page) and the last page you visit (the exit page).

  • Bandwidth used: The total number of bytes downloaded when you browse our site.

  • The browser identification string: This provides the name, version, and the preferred language of your browser.

How does CDT use log files?

CDT uses its log files only to fix errors on the site and to defend against malicious attacks. If we detect an attack on our site, we will use log file data to try to determine the source of the attack. We may also share or report to law enforcement information about malicious attacks.

What does CDT collect for analytics?

CDT uses a program called Piwik, which is a self-hosted, decentralized, and free (GPL-licensed) web analytics platform. Piwik uses JavaScript in your browser to record certain information about your site visit into a MySQL database. CDT operates the database, and the company that creates the Piwik program has no access to the data. The data that the Piwik software collects about your visit on behalf of CDT is similar to the log file data described above:

  • Your device type, brand, and model

  • Your operating system

  • Your browser type, plugins, and version

  • Pages you viewed on our site and time spent on each page

  • Referer type and URL

  • Language of your browser

  • Country (determined by IP address)

We have configured Piwik to operate without using cookies. We have also configured Piwik to only retain the first two octets of your IP address (e.g., 100.124.153.100 is stored as 100.124.0.0). Thus, our analytics data will not include your full, individual IP address.  In addition, all individualized data collected by Piwik will be deleted within 30 days, and only aggregate analytics data will be retained by CDT. CDT will not seek to reidentify individual users from this aggregate analytics data.

To learn more about Piwik, visit http://piwik.org/privacy/.

How does CDT use analytics data?

As described above, CDT uses the software program Piwik to record activity across our website into a MySQL database. Piwik aggregates this data to provide us with web analytics reports about our how people use our site, page views, referrer information, and search engine keywords.

This is the type of information CDT can see via our analytics program.piwik

Can I opt-out of automatic data collection?

To opt out of CDT collecting and using data about your visit for analytics, please un-check the box below:

When you opt out, our servers will place a non-unique cookie on your computer that instructs Piwik not to collect data about you. If you subsequently delete this cookie, we will not know that you wish to opt out of data collection, and your information will be collected and included again in our analytics. Please note, however, that you do not have the option to opt out of the similar Apache log file collection described above.

Do Not Track

Many browsers offer Do Not Track features that let you communicate to the sites you visit that you don’t want to be tracked around the web. Do Not Track was designed to limit tracking across different sites and services — such as by third-party behavioral ad networks who track users across unaffiliated websites. CDT’s logfile and analytics collection is limited to the sites we own and operate. Since first-party data collection and use is outside the scope of a Do Not Track request, we do not limit our logfile or analytics data collection for users who have Do Not Track enabled.

 

What information can you choose to share with CDT? How do we use the information you share with CDT?

Except as noted here, CDT uses information that you share with us only for internal purposes. We do not sell, rent, exchange or otherwise disclose any information that we collect about our site visitors, except to process donation transactions, report malicious attacks or as required by law. Specifics types of information include:

Mailing Lists

If you submit your email address to be added to a mailing list, we will use the email address for the sole purpose of sending you the materials associated with that mailing list.  For example, if you sign up to receive our newsletter, we will use your email to send you that newsletter. Each email we send will contain information on how to unsubscribe from our mailing list. You can also unsubscribe by going to our Contact page (cdt.org/contact) and request removal from a specific mailing list.

Feedback and Emailing Us

We use your feedback to improve our site and our organization. If you choose to provide information about yourself using our contact page (cdt.org/contact), we will not use the information for any purpose other than to respond to your inquiry or to act on your suggestion or comment. We will not share your information with others except with your permission or upon your request.

Search

Our site search function is supported by WordPress (http://www.wordpress.org/), an open source Content Management System. CDT records search terms used in searches of our website for analytics purposes. We do not log or correlate search term data with IP address or any other information about our visitors.

Donations

If you make a donation to CDT, we will record your name and contact information so that we can acknowledge and thank you for your donation, provide tax-exemption receipts to you, contact you for future donation opportunities, and answer any questions you may have about your donation. At the time of your donation, we may also ask whether we should include you on a list of supporters. CDT’s donations are currently processed by PayPal (described below).

What information is collected by third parties on CDT’s website?

Our website contains some third-party tools, including but not necessarily limited to those listed below.  Some of these third-party tools may use their own tracking technology, such as traditional HTTP cookies and Flash cookies, when you engage with them during your visit to our website. A traditional HTTP cookie is a unique piece of text that your browser saves on your computer’s hard drive and then retrieves whenever you visit that site in the future. Cookies are often used to track your behavior on the Internet. You can delete and block HTTP cookies through the settings in your web browser. Flash cookies perform a similar function, but instead of being placed in your browser, they are placed in the Adobe Flash software that interfaces with your browser. This means they have the capacity to store more data and may be more difficult to find on your computer and delete. Adobe provides a tool to examine and manage Flash cookies which you can reach by clicking here.

We have limited the amount of information that these third-party tools can collect about you on our website. However, the following tools may collect data from you when visit pages with these features embedded on our website:

Embedded YouTube Videos

On certain pages on our site, we may embed YouTube videos.  Even if you don’t interact with a YouTube video, Google displays the image of the video on our site, and may collect and store log data associated with rendering that image on your device (including IP address and browser configuration).  Even if you choose to play a YouTube video, we have configured the YouTube videos we embed to use the “-nocookie” option, so Google will not associate your visit with a Google cookie or account.  However, they may collect additional log data associated with rendering the video on your device

Twitter and Facebook

You can share articles and blog posts from our site on Facebook and Twitter. When you click on our site’s sharing buttons for either Twitter or Facebook, your browser will open a new window linking you to Twitter or Facebook. However, because we host the images for the Facebook and Twitter buttons ourselves, Facebook and Twitter are not able to log the fact that you visited one of our pages merely because one of their branded buttons is on that page. They only receive information about your visit to our site if you click on the widget to share through one of those services.

Email a Friend

You can email articles from our site to friends. To use this feature, you must enter your and your friends’ email addresses. This information is processed directly by a form on cdt.org, and will not in any way be logged by CDT or any third party. Emailing articles to your friends will not result in cookies being placed on your computer.

Donate

If you choose to use our website to make a donation by visiting our Donate page (https://www.cdt.org/donate), your credit card information (or other financial information used to execute a donation transaction) will be processed by a third-party provider that handles our donations and they will collect information about your device, including IP address, and they will deposit identifiers, such as session cookies (temporary cookies are stored until you close your web browser) on your computer in order to process your transaction.

Our current payment processor is PayPal; you can read PayPals’ privacy policy here (https://www.paypal.com/privacy).

CDT will not in any way receive or log your credit card information or other sensitive financial information. However, we will record your name and contact information so that we can acknowledge and thank you for your donation, provide tax-exemption receipts to you, contact you for donation opportunities, and answer any questions you may have about your donation. At the time of your donation, we may also ask whether we should include you on a list of supporters.

CDT’s Disclosure Policies

CDT does not sell, rent, exchange or otherwise disclose any information that we collect about our site visitors, except as described in this section or elsewhere in this policy.

We will comply with lawful requests from government agencies that follow appropriate legal standards and procedures. If we receive a request from a governmental entity to disclose information about your activities on our website, we will (unless prohibited by law or court order from doing so) attempt to contact you prior to such disclosure so that you can object. If we comply with a governmental agency’s disclosure request we will subsequently (unless prohibited by law or court order from doing so) attempt to contact you in order to disclose to you the fact that we have disclosed information about you and to tell you what information we have disclosed. We will object to disclosure demands that we believe are improper.

If we receive a request from a non-governmental entity (such as a civil litigant) for disclosure of information about your activities on our website, we will insist that the requesting party obtain at least a subpoena, and we will (unless prohibited by law or court order from doing so) attempt to contact you prior to such disclosure so that you can object. If we comply with a non-governmental entity’s disclosure request we will subsequently (unless prohibited by law or court order from doing so) attempt to contact you in order disclose to you the fact that we have disclosed information about you and to tell you what information we have disclosed. We will object to disclosure demands that we believe are improper.

Finally, we may disclose information to a third party if we reasonably believe that our system has been attacked and the information is necessary to describe the attack.

We also reserve the right to affirmatively share or to provide to law enforcement evidence of malicious attacks or other unlawful activity or content that we detect or collect on our site.

CDT uses Amazon Web Services (AWS) to host our website. AWS may only access our log or system files in limited circumstances – such as in response to a law enforcement request – outlined in AWS’ Acceptable Use Policy, Service Terms, and Privacy Policy available here.  We also use certain third-party cloud processing providers, such as SalesForce, to manage our email and contact databases.  However, those services are contractually prohibited from using that information for their own purposes (e.g., see SalesForce’s Privacy Statement here).

CDT’s Retention Policies

All data that is collected into individualized log files by our web server or by our analytics program is deleted within 30 days, unless we believe that we need to retain it for longer in order to investigate or report a bug or malicious attack. We do not have backup storage of our log files.

Aggregated data about visitors to our website – which we will not link back to individual visitors – is maintained indefinitely.

Email addresses submitted to subscribe to mailings lists are retained until the associated users ask to remove their names from the mailing list, except that copies of the mailing list may be retained for one year in backup storage. In the unlikely event that we have technical problems that cause us to revert to a backup copy of a mailing list, our systems may restore a previously removed address to a mailing list.  Removal from our mailing list might then require the user to request removal a second time.

Any information you provide us via email or our contact page (cdt.org/contact) on our website (as well as responses, if any, to your inquiry or comment) may be retained indefinitely.

Contact information you provide when making a donation online will be retained indefinitely unless you ask us to delete it.

Security

SSL CertCDT uses industry-standard security measures to protect the information we collect. A Secured Socket Layer (SSL) connection is used throughout the cdt.org website and when you submit a donation through our donation processor. This SSL connection encrypts your information as it travels across the Internet.  For information we automatically collect from site visitors, we employ standard computer and network access control mechanisms to limit access to stored data to our technical staff.

 

Changes to the Privacy Policy

If we make substantial changes to our Privacy Policy, we will announce the changes on our blog and give users 30 days’ notice in advance of the policy taking effect. Regardless, any future privacy policy changes will not apply to information we collect pursuant to an older policy; the older policy will still apply to that data.

What if I have concerns or want to know what information you have about me?

Feel free to contact us via our contact page (cdt.org/contact) to ask us to disclose to you any information we have about you, and we will within reason attempt to comply with your request. You have the right to correct, update, or delete information that we may have about you.

If you have any concerns about this policy, please contact CDT via our contact page (cdt.org/contact) or call (202) 637-9800. We can also be reached at 1634 Eye Street NW, Suite 1100, Washington DC 20006.