The National Federation of the Blind (NFB) values your privacy and is committed to protecting your personal information. This policy explains how we collect, use, and safeguard your data, whether you interact with us online at nfb.org, offline through our direct mail programs, or in person at our Independence Market. If you have questions or concerns, please contact us at [email protected] or National Federation of the Blind, Attn: Privacy Policy, 200 East Wells Street, Baltimore, Maryland 21230.
Privacy Policy for Users of NFB.org
What Information We Collect
When you use NFB.org, we may collect:
- Basic contact details: Name, address, email, and phone number (e.g., when you make a donation, purchase, or request a service).
- Payment information: Credit card details for transactions, processed securely via PayPal Payflow Pro (see their Privacy Policy for details). When signing up for the NFB’s Pre-Authorized Contribution (PAC) your transaction is processed securely via Authorize.net.
- Technical data: IP address, browser type, or device information via cookies to improve your experience.
How We Use Your Information
We use your data to:
- Process purchases, donations, or service requests you initiate as well as membership building.
- Share limited details (e.g., name, address) with our NFB state organizations or NFB-NEWSLINE® state sponsors to support membership and activities.
No personal information acquired through your use of this website is shared with any third party except as is necessary to fulfill a request for a purchase or donation, or to provide a service you request. Sensitive data, like full credit card number, is never shared. Personally Identifiable Information (PII) may be stored by our NFB state organizations as part of these processes.
Payment Security
We follow Payment Card Industry (PCI) standards to protect your payment information:
- Credit card details are not stored in our databases or on our servers.
- For recurring donations, we use a secure “token” to identify you to our payment gateway (PayPal Payflow Pro or Authorize.net). This token restricts transactions to amounts and frequencies you authorize.
Website Security
- We use Secure Socket Layer (SSL) encryption to protect data sent between your device and our servers.
- Our servers and networks are safeguarded with firewalls and industry-standard security practices.
Cookies
- Our website may use cookies, small files stored on your device, to personalize your experience (e.g., remembering your preferences). We do not use cookies for advertising or tracking you across other sites. You can manage cookie settings in your browser.
Staff Access
- Only staff who need access to perform their duties can view your data. They use personal logins and complex passwords, and access is revoked when their role changes or employment ends.
Your Rights
You can:
- Review, update, or delete your personal data by emailing [email protected] or writing to us at the address above.
- If you are an active member, you may review and update your data by accessing your member profile on nfb.org
Privacy Policy for Offline Users
What Information We Collect
When you respond to our direct mail through the U.S. Postal Service, we may collect:
- Basic contact details: Your name and mailing address.
- Donation information: Details of your contribution (e.g., amount donated), but not credit card numbers or full payment details.
How We Use Your Information
We use your data to:
- Process your donation or response through secure third-party vendors, Engage USA (our lockbox vendor for mailed payments) or Saturn (Saturn uses an Authorize.net account setup and managed by NFB. Saturn enters donor details through a secure web form with a web hook to the Authorize.net account. NFB manages changes and refunds directly in the Authorize.net account.)
- Send you future mailings about our mission, ways to help, and donation opportunities.
We do not share sensitive data beyond what is necessary to process your response, manage our mailing list, or fulfill in-person transactions. PII may be stored in secure third-party environments as part of these processes.
Payment Security
- Mail-In Payments: Credit card details or other payment information from mail responses are processed securely by Engage USA and not stored in our databases or on our servers. Our vendor adheres to strict security standards and provides a SOC1 report (a professional audit of their controls) to ensure your data is protected.
- Mass Mail Payments: Saturn processes these payments via Authorize.net.
- Recurring Payments: Pre-authorized contributions are handled securely through Authorize.net ensuring data protection.
Mailing List Management
- We maintain a list of donors, including name, address, and contribution history, on our secure servers.
- This list helps us send future mailings to previous supporters and identify potential new donors through exchanges of prospect lists with other organizations.
Staff Access
Only staff who need access to perform their duties (e.g., managing mailings) can view your data. They use personal logins and complex passwords, and access is revoked when their role changes or employment ends.
Your Rights
You can:
- Request to stop receiving mail or opt out of name exchanges with other organizations by emailing [email protected] or writing to National Federation of the Blind, Attn: Privacy Notification, 200 East Wells Street, Baltimore, MD 21230.
Additional Information
How Long We Keep Data
We retain your information in our system indefinitely as active or inactive. Inactive contacts are listed as ‘do not mail’ or ‘do not contact’ and kept in the system to compare with and remove from future prospect mail list exchanges.
Data Breach Response
If a breach occurs, we will notify affected users promptly and take steps to mitigate harm, as required by applicable laws.
Legal Compliance
We comply with United States privacy laws and strive to meet international standards (e.g., GDPR for transaction-related data, CCPA) where applicable.
Updates to This Policy
We may update this policy as needed. Changes will be posted on nfb.org, and significant updates will be emailed to users when necessary. Revisions addressing NFB state organizations data sharing, GDPR, or PCI-DSS compliance will be clearly communicated.
Complaints
Please email [email protected] with any complaints about this policy.