CDT has a few key guidelines for how we collect, use, and retain data about visitors to the CDT website:
CDT’s web server generates and retains log files that record information about visitors that connect to our site. We also use an analytics program called Piwik to collect similar data.
Nginx, our web server software, generates log files — text files that record one line of data each time a browser request is made. For example, a line of data elements (described in detail below) is added to the end of a log file each time a page is viewed or an element on the page is clicked. All log files are automatically deleted after 28 days unless we believe that we need to retain them for longer in order to investigate or report a bug or malicious attack.
CDT logs the following information from users who visit our site:
CDT uses its log files only to fix errors on the site and to defend against malicious attacks. If we detect an attack on our site, we will use log file data to try to determine the source of the attack. We may also share or report to law enforcement or other service providers (such as denial-of-service mitigation service providers) information about malicious attacks.
CDT uses Google Universal Analytics to learn about how people use our site., The data that the software collects about your visit on behalf of CDT and sends to Google’s servers is similar to the log file data described above:
We use Google Analytics with IP address masking activated; this means that Google only receives the first three octets of your IP address (e.g., 100.124.152.100 is logged as 100.124.152.0). This IP masking takes place as soon as data is received by Google’s Analytics servers. At no time is the full IP address stored on Google’s servers as the IP masking process happens in the volatile memory (a temporary data location) on Google’s servers nearly instantaneously after the request has been received. Because your full IP address is never stored on Google’s Analytics’ servers when the anonymization flag is turned on – as it is with CDT’s Google Analytics account – our analytics data will not include your full, individual IP address. Read more about IP Anonymization in Google Analytics.
Yes, you can opt-out of Google Analytics by using this tool.
Many browsers offer Do Not Track features that let you communicate to the sites you visit that you don’t want to be tracked around the web. Do Not Track was designed to limit tracking across different sites and services — such as by third-party behavioral ad networks who track users across unaffiliated websites. CDT’s logfile and analytics collection is limited to the sites we own and operate. Since first-party data collection and use is outside the scope of a Do Not Track request, we do not limit our logfile or analytics data collection for users who have Do Not Track enabled.
Except as noted here, CDT uses information that you share with us only for internal purposes. We do not sell, rent, exchange or otherwise disclose any information that we collect about our site visitors, except to process donation transactions, report malicious attacks or as required by law. Specifics types of information include:
If you submit your email address to be added to a mailing list, we will use the email address for the sole purpose of sending you the materials associated with that mailing list. For example, if you sign up to receive our newsletter, we will use your email to send you that newsletter. Each email we send will contain information on how to unsubscribe from our mailing list. You can also unsubscribe by going to our Contact page and request removal from a specific mailing list.
We use your feedback to improve our site and our organization. If you choose to provide information about yourself using our Contact page, we will not use the information for any purpose other than to respond to your inquiry or to act on your suggestion or comment. We will not share your information with others except with your permission or upon your request.
Our site search function is supported by WordPress, an open source Content Management System. CDT records search terms used in searches of our website for analytics purposes. We do not log or correlate search term data with IP address or any other information about our visitors.
If you make a donation to CDT, we will record your name and contact information so that we can acknowledge and thank you for your donation, provide tax-exemption receipts to you, contact you with news that may be of interest or for future donation opportunities, and answer any questions you may have about your donation. At the time of your donation, we may also ask whether we should include you on a list of supporters. Should you wish to opt-out of future communications, you may do so by following the information in the message or by requesting removal. CDT’s donations are currently processed by iATS Payments (described below).
Our website contains some third-party tools, including but not necessarily limited to those listed below. Some of these third-party tools may use their own tracking technology, such as traditional HTTP cookies, when you engage with them during your visit to our website. A traditional HTTP cookie is a unique piece of text that your browser saves on your computer’s hard drive and then retrieves whenever you visit that site in the future. Cookies are often used to track your behavior on the Internet. You can delete and block HTTP cookies through the settings in your web browser. Here is a well maintained website on how to remove cookies.
We have limited the amount of information that these third-party tools can collect about you on our website. However, the following tools may collect data from you when visit pages with these features embedded on our website:
On certain pages on our site, we may embed YouTube videos. Even if you don’t interact with a YouTube video, Google displays the image of the video on our site, and may collect and store log data associated with rendering that image on your device (including IP address and browser configuration). Even if you choose to play a YouTube video, we have configured the YouTube videos we embed to use the “-nocookie” option, so Google will not associate your visit with a Google cookie or account. However, they may collect additional log data associated with rendering the video on your device
You can share articles and blog posts from our site on Facebook and Twitter. When you click on our site’s sharing buttons for either Twitter or Facebook, your browser will open a new window linking you to Twitter or Facebook. However, because we host the images for the Facebook and Twitter buttons ourselves, Facebook and Twitter are not able to log the fact that you visited one of our pages merely because one of their branded buttons is on that page. They only receive information about your visit to our site if you click on the widget to share through one of those services.
You can email articles from our site to friends. To use this feature, you must enter your and your friends’ email addresses. This information is processed directly by a form on cdt.org, and will not in any way be logged by CDT or any third party. Emailing articles to your friends will not result in cookies being placed on your computer.
If you choose to use our website to make a donation by visiting our Donate page (https://www.cdt.org/donate), your credit card information (or other financial information used to execute a donation transaction) will be processed by a third-party provider that handles our donations and they will collect information about your device, including IP address, and they will deposit identifiers, such as session cookies (temporary cookies are stored until you close your web browser) on your computer in order to process your transaction.
CDT will not in any way receive or log your credit card information or other sensitive financial information unless you have expressly asked that we do so in order to process regular recurring donations. However, we will record your name and contact information so that we can acknowledge and thank you for your donation, provide tax-exemption receipts to you, contact you for donation opportunities, and answer any questions you may have about your donation. At the time of your donation, we may also ask whether we should include you on a list of supporters.
CDT does not sell, rent, exchange or otherwise disclose any information that we collect about our site visitors, except as described in this section or elsewhere in this policy.
We will comply with lawful requests from government agencies that follow appropriate legal standards and procedures. If we receive a request from a governmental entity to disclose information about your activities on our website, we will (unless prohibited by law or court order from doing so) attempt to contact you prior to such disclosure so that you can object. If we comply with a governmental agency’s disclosure request we will subsequently (unless prohibited by law or court order from doing so) attempt to contact you in order to disclose to you the fact that we have disclosed information about you and to tell you what information we have disclosed. We will object to disclosure demands that we believe are improper.
If we receive a request from a non-governmental entity (such as a civil litigant) for disclosure of information about your activities on our website, we will insist that the requesting party obtain at least a subpoena, and we will (unless prohibited by law or court order from doing so) attempt to contact you prior to such disclosure so that you can object. If we comply with a non-governmental entity’s disclosure request we will subsequently (unless prohibited by law or court order from doing so) attempt to contact you in order disclose to you the fact that we have disclosed information about you and to tell you what information we have disclosed. We will object to disclosure demands that we believe are improper.
Finally, we may disclose information to a third party if we reasonably believe that our system has been attacked and the information is necessary to describe the attack.
We also reserve the right to affirmatively share or to provide to law enforcement evidence of malicious attacks or other unlawful activity or content that we detect or collect on our site.
All data that is collected into individualized log files by our web server is deleted within 30 days, unless we believe that we need to retain it for longer in order to investigate or report a bug or malicious attack. We do not have backup storage of our log files.
Aggregated data about visitors to our website – which we will not link back to individual visitors – is maintained indefinitely.
Email addresses submitted to subscribe to mailings lists are retained until the associated users ask to remove their names from the mailing list, except that copies of the mailing list may be retained for one year in backup storage. In the unlikely event that we have technical problems that cause us to revert to a backup copy of a mailing list, our systems may restore a previously removed address to a mailing list. Removal from our mailing list might then require the user to request removal a second time.
Any information you provide us via email or our Contact page on our website (as well as responses, if any, to your inquiry or comment) may be retained indefinitely.
Contact information you provide when making a donation online will be retained indefinitely unless you ask us to delete it.
CDT uses industry-standard security measures to protect the information we collect. An encrypted (Transport Layer Security (TLS)) connection is used throughout the cdt.org website and when you submit a donation through our donation processor. This encrypted connection encrypts your information as it travels across the Internet. For information we automatically collect from site visitors, we employ standard computer and network access control mechanisms to limit access to stored data to our technical staff.
Feel free to contact us via our Contact page to ask us to disclose to you any information we have about you, and we will within reason attempt to comply with your request. You have the right to correct, update, or delete information that we may have about you.
If you have any concerns about this policy, please contact CDT via our Contact page or call (202) 637-9800. We can also be reached at 1634 Eye Street NW, Suite 1100, Washington DC 20006.