1. Privacy Notice Introduction
The National Geographic Society is an impact-driven global nonprofit organization that uses the power of science, exploration, education, and storytelling to illuminate and protect the wonder of our world.
The National Geographic Society (nationalgeographic.org) understands the importance of your privacy, and we take our responsibility to protect it seriously. Our Privacy Notice tells you:
How we use, share and protect this information.
What choices you have about how this information is used.
How you can access and update this information.
We recognize that information privacy is an ongoing responsibility, so we will update this Privacy Notice as we develop new approaches to personal data protection or adopt new policies.
2. Data Protection Officer
The National Geographic Society (NGS) is headquartered in Washington, DC, in the United States. NGS has appointed an internal data protection officer for you to contact if you have any questions or concerns about NGS’s personal data policies or practices. The NGS data protection officer’s contact information is below:
Data Protection Officer
National Geographic Society
1145 17th St., NW
Washington, DC 20036, USA
3. How we collect and use (process) your personal information
NGS collects personal information about its visitors, members, donors, grant applicants, and grantees. Your level of engagement with NGS determines the amount and type of information we will collect, and the majority of the information we collect is given to us directly from you. Typically this information is limited to contact information like what can be found on a business card: first name, last name, address, email address, and phone number. We use this information to provide constituents with goods, services, and NGS updates. We do not sell personal information to anyone. We do share personal information with third party vendors who are facilitating the delivery of NGS services, and in limited instances, with other organizations who are aligned with NGS’s mission, vision, and values.
3.2 Personal information you give to us
If you give a donation to the National Geographic Society, we ask for your name, postal address, email address, and your credit card number in order to process your gift and send a thank you letter and tax receipt to you.
If you are giving a gift in honor or memory of another person, we will also ask you for that person’s name, and the name and postal address of the person to whom you want an honor or memory gift notification to be sent.
We may also ask you to tell us what programs or issues you are interested in, if and how you would like your gift designated, and if and how you would like to be contacted in order to tailor your experience with us to your interests and preferences.
3.2.3 Grants, Challenges, Project Funding, and Awards
If you apply for or receive grants, funding, or awards, NGS stores additional information related to application details, external and internal review information, details related to the execution of grant agreements and payment, final reporting, media related to the work funded, and feedback on the success of the grant.
3.2.4 Attending our museum or an event
If you purchase a ticket to National Geographic Museum or an event at NGS headquarters, NGS stores data related to that transaction including name, address, phone number, email, and purchase method. If you fill out additional information via a survey or provide subsequent information related to interests, how you learned about the exhibition or event or demographic information, that may be stored as well.
3.2.5 Competitions/Challenges or Contests (See Section 4.2 for specifics on the GeoBee and GeoChallenge below)
If you participate in a competition, we ask for your name, phone number, the name of your school principal (if applicable), name of student(s) competing and also email addresses of students’ parents. For collecting payment, we will ask for credit card name, address, phone number and credit card number. For students that are traveling with a coach, we will collect a health form to insure appropriate care while away from home. For contests, we will collect entry information (name, address, phone number).
3.2.6 Online educational resources
There are many online educational resources that do not require any data collection beyond web analytics. Online courses require a sign-up process that collects email address, state, first name, last name, organization (school where course participant works). Participants write a brief bio of themselves on the course platform, and respond to a post-course survey identifying grade and subject taught.
3.2.7 Surveys, sweepstakes, etc.
If you participate in an activity such as a survey or sweepstakes, we may also ask you to provide other types of information such as gender and personal interests, which we may then use to enhance and customize your experience with our Services.
3.3 Personal information we get from third parties
NGS sometimes uses third parties and publicly available sources to validate, update, and enrich the information you provide. We do this to 1) ensure contact information such as email address, phone number, and mailing address are accurate and up to date, and 2) gather relevant demographic, financial, and biographical information about grant applicants and donor prospects to inform internal business processes.
3.4 Personal Information contained in user content
Some parts of our Services may allow users to post or transmit messages, comments, screen names, computer files and other materials. If you choose to make personal information public through these Services, National Geographic Society will consider that information public.
3.5 Transferring personal data from the EU to the US
Our Site is maintained in the United States of America. The information we collect from you through our services may be transferred to, stored, and processed in the USA and other destinations outside the European Economic Area (“EEA”) or other country in which you are located. This includes processing by us, our affiliates, our third party service companies and other third parties as described in this Policy. You explicitly consent and agree to such transfer, storing and/or processing of your Personal Information outside the EEA or other country in which you are located. You understand that data stored in the USA may be subject to lawful requests by the courts or law enforcement authorities in the USA. The USA may not have data protection laws that are as comprehensive or protective as those in your country of residence; however, our collection, storage and use of your Personal Information will at all times be in accordance with this Policy.
4. Children’s Privacy
4.1 Use of Websites
The Services NGS provides are not intended for visits from children under the age of 13, or under the age of 16 in the case of children in the European Economic Area (EEA), and we do not knowingly permit children under these ages to register for any content, product or Service. Our Services are general audience services, and we do not knowingly collect information about children through them. Should a child make known to us his or her personally identifiable information, we will use that information only to respond directly to that child to inform him or her that we must have parental consent before receiving his or her personally identifiable information, or to respond otherwise in a manner consistent with applicable rules and laws. If we learn that we have collected personally identifiable information from a child other than in a manner authorized by law, we will delete that information from our database.
4.2 GeoBee and GeoChallenge
The GeoBee and GeoChallenge programs are designed to challenge and recognize the achievements of middle school students in the United States. In order to administer these programs, National Geographic Society’s Education Department collects and stores students’ information, along with the information about their schools, teachers, and project sponsors. The information we collect includes: name, school, grade, gender, video submissions, and sometimes payment and travel data.
Many times this information is collected by the school or project sponsor on behalf of the students, though the students may also provide this information themselves. Prior to doing so, the schools and project sponsors are provided with National Geographic Society Children's Online Privacy Protection Act (COPPA) notification which describes the information we collect and the rights parents have over their child’s data. While NGS is exempt from Federal Trade Commission (FTC) oversight, and thereby the COPPA law, we nevertheless believe it is important for us to provide this notification in the interest of protecting the privacy of the children who participate in these programs.
5. Use of National Geographic Society websites
NGS websites collect certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of the NGS websites, including a history of the pages you view. We use this information to help design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor activity, and gather broad demographic information that assists us in identifying visitor preferences.
NGS has a legitimate interest in understanding how constituents, customers, donors, and educators use its websites. This assists NGS with providing more relevant products and services, communicating value to our partners, and providing appropriate staffing to meet our users’ diverse needs.
5.2 California do not track disclosure
Our Site does not honor “do not track signals” (e.g., the Mozilla Firefox Do Not Track feature), though you may be able to disable certain tracking as discussed above (e.g., by disabling cookies). There is still no universally accepted standard regarding tracking, but for more information about do not track signals, please click here.
5.3 IP Addresses, Cookies, and Web Beacons
5.3.1 IP Address or Device Identifier
When you access our Services, we collect your Internet Protocol (“IP”) address, which identifies the computer or service provider that you use to access the Services or your mobile device identifier, if you connect through a mobile device. We may use these identifiers to collect information regarding the frequency with which specific visitors visit various parts of our Services. We may combine this information with personally identifiable information that we have collected to make our Services and our communications to you more targeted to your interests.
For EEA users, we do not track across web sessions in the absence of explicit consent. We anonymize IP addresses and we do not associate IP addresses with individuals in our web analytics tools.
We use essential cookies to help make our website and web applications usable by enabling basic functions like session management and single sign-on. They also help us comply with legal requirements like GDPR. Our site cannot function properly without these cookies. Most of the essential cookies we use are transient. A transient cookie expires when you close your browser. We use analytics cookies that collect information about how visitors interact with and use our website. This information enables us to improve how our website works generally. We use functional cookies to remember the choices you make and provide enhanced features such as support that may be of particular interest to you. These cookies allow us to personalize your return visits and to save you time during certain activities, such as checking out from our online store. We also use marketing cookies to display ads that are relevant and engaging to individual users based on their use of our site.
You have the choice to set your browser to accept or reject these cookies, or notify you when a cookie is set. (Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.) It is up to you whether to allow us to send you cookies. However, if you do not accept cookies from us, your ability to use some areas of our Site will be limited.
If you are an EEA resident, you will see a cookie banner giving you the option to provide your consent to cookies, with the exception of essential cookies, which are necessary for our website to function and expire when you close your browser.
5.3.3 Web beacons and other technologies
The Services use other tracking tools, including web beacons. Web beacons are images on the Services (or in emails that the Services sends to you) that help us determine what parts of the Services you have visited, whether you have opened an email that we have sent to you, or otherwise to measure the effectiveness of the Services. These technical methods may involve the transmission of information directly to us or to a service provider authorized by us to collect information on our behalf. If you are an EEA resident, we will not use web beacons without your consent.
5.4 Links to websites not owned by National Geographic Society
If you click on or interact with a hyperlink that you find on the Services, including but not limited to nationalgeographic.com, you have left our Services and are sending information to a different website or application. Our Privacy Notice does not apply to your interactions with other websites, even if you find a link to them on our Services. You should read the terms and policies of the third-party website provider to see how your personally identifiable information will be treated on its site.
6. When and how we share information with others
The information you provide to NGS can be stored in one or more databases or software services. All databases are located in the United States, and are either owned and maintained by NGS or one of its third party vendors or support services. Contractual data sharing and data privacy agreements are put in place with all third party vendors to ensure proper use, maintenance, and disposal of data based on the nature of the services provided.
6.2 Vendors and support services
6.3 Data brokers and list shares
Your information may be shared with selected third parties so that they may send you promotional materials about goods and services that they offer. You have the opportunity to opt out of our sharing personal information about you as described below in Section 7 “Data subject rights”. We will not share your email address with third parties for promotional purposes unless you specifically agree.
6.4 Internal operations and affiliates
Your information may be shared within the National Geographic Society family, which is defined for this purpose as corporate affiliates of National Geographic Society (“Affiliates”) and entities that are authorized to use the “National Geographic” name and registered trademarks to brand their products or services (such as National Geographic Partners, LLC and its sub-licensees) with your consent.
6.5 Legal Requirements
7. Data subject rights
The European Union’s General Data Protection Regulation (GDPR) and other privacy laws provide certain rights for data subjects. If you are a resident of the European Economic Area (“EEA”) and the Services are targeted to you, please note:
The EU General Data Protection Regulation (GDPR) is a comprehensive data protection law that strengthened the protection of “personal data” (any information relating to an identified or identifiable natural person, so called “data subjects”) in light of rapid technological developments, the increasingly global nature of business and more complex international flows of personal data. The GDPR replaces a patchwork of national data protection laws with a single set of rules, directly enforceable in each EU member state.
We keep your personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) for as long as we have an ongoing relationship with you and provide the Services to you; (ii) as required by a legal obligation to which we are subject; or (iii) as advisable in light of our legal position (such as in regard of applicable statutes of limitations and litigation).
You may request information about: the general purpose of the processing; the categories of personal data concerned; who else outside NGS may have received data from NGS; what the source of the information was (if you didn’t provide it directly to NGS); and how long it will be stored. You have the right to correct (rectify) the record of your personal data maintained by NGS if it is inaccurate. You may request that NGS erase that data or cease processing it, subject to certain exceptions. You may also request that NGS cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how NGS processes your personal data. When technically feasible, NGS will—at your request—provide your personal data to you or transmit it directly to another controller at your request.
Reasonable access to your personal data will be provided at no cost to you upon request made to NGS at firstname.lastname@example.org. If access cannot be provided within a reasonable time frame, NGS will provide you with a date when the information will be provided. If for some reason access is denied, NGS will provide an explanation as to why access has been denied.
8. Security of your information
We take a number of steps to safeguard any personally identifiable information or credit card information that you provide to us. We use data encryption technology to help protect against loss, misuse or alteration of your credit card information. Cryptographic algorithms and protocols protect the credit card information sent between your computer and our database. However, no method of transmitting or storing electronic data is ever completely secure, and therefore we cannot warrant or guarantee that such information will never be accessed, used or released in a manner that is inconsistent with this policy.
9. Data storage and retention
We keep your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include 1) for as long as we have an ongoing relationship with you and provide the Services to you; 2) as required by a legal obligation to which we are subject; or 3) as advisable in light of our legal position (such as in regard of applicable statutes of limitations and litigation).
10. Changes and updates to the Privacy Notice
By using this Site, you agree to the terms and conditions contained in this Privacy Notice and Conditions of Use and/or any other agreement that we might have with you. If you do not agree to any of these terms and conditions, you should not use this Site or any NGS services.
As our organizational practices, policies, and processes change from time to time, this Privacy Notice is expected to change as well. We reserve the right to amend the Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice at this Site. We may email periodic reminders of our notices and terms and conditions and will email notifications to you, but you should check our Site frequently to see the current Privacy Notice that is in effect and any changes that may have been made to it. The provisions contained herein supersede all previous notices or statements regarding our privacy practices and the terms and conditions that govern the use of this Site.
11. Questions, concerns, complaints
Please contact the NGS data protection officer:
Data Protection Officer
National Geographic Society
1145 17th St., NW
Washington, DC 20036, USA