Version 3.0 – January 13, 2023

The Consumer Federation of America supports privacy rights.  We also support robust privacy policies and practices.  This CFA policy reflects our commitment to privacy and to Fair Information Practices.  We do what we advocate.

We would like to have a single, short, simple privacy policy, but the world and the Internet are too complicated.  We offer this short overview of our privacy policy with a link to the complete policy below.  Some of our web pages have slightly different privacy policies in part because we work with partners who have other requirements or because the activities on those websites vary.

This CFA privacy policy applies to our interactions with individuals over the Internet, through conferences and events, and by email and postal mail.  CFA members are non-profit organizations and government agencies, and this policy does not cover them or their representatives.  CFA works with reporters and other news media.  This policy does not apply to personally identifiable information collected as part of these professional activities that do not occur on the Website.  Similarly, the policy does not apply to advocacy activities by individual CFA staff members that result in the maintenance of personally identifiable information not obtained through the Website.  We will, however, take appropriate steps to honor requests for privacy protections even when this policy does not apply.

The most important elements of our privacy policy are:

  • We do not sell, rent, share, or disclose our user lists or donor lists.  Like other websites, we use Google Analytics to help us evaluate website usage, and we share limited personal information (e.g., IP addresses and website activities) about users with Google as a result.
  • If you receive any communications from us and do not want more, let us know, and we will do our best to comply with your request.
  • Our privacy policy implements Fair Information Practices.

There are many more details in the full privacy policy below.  However, the “fine print” does not vary our commitment to privacy.


Full CFA Privacy Policy

Version 3.0 – January 13, 2023

Fair Information Practices

Our privacy policy implements Fair Information Practices (FIPs).  FIPs are an internationally recognized set of privacy practices that form the basis for all national privacy laws and some US privacy laws.  CFA advocates that privacy laws and practices should meet the standards established by FIPs.  Accordingly, we organize this policy around the elements of FIPs.  To learn more about FIPs, search for Fair Information Practices with your favorite search engine.

This CFA privacy policy applies to our interactions with individuals over the Internet, through conferences and events, and by email and postal mail.  CFA members are non-profit organizations and government agencies, and this policy does not cover them or their representatives.

This policy applies to all CFA websites except where an individual CFA website has its own additional privacy policy.  For example, some of our websites allow visitors to sign up for programs or activities, and the websites collect and maintain the personal information provided to us.  The details are explained in separate policies that we also reference later in this policy.

Openness

CFA maintains this privacy policy to let everyone know that we are committed to privacy and to privacy principles that respect the rights and interests of individuals who interact with us.

This policy may change from time to time because our activities or organizational structure may change, because new laws may be enacted, because we may work with new partners, or because technology may change.  It’s normal for a privacy policy to reserve the right to change.  However, we will never change our commitment to respect the privacy rights and interests of individuals.  We expect that we will never sell or share an individual’s information without their affirmative consent except as provided in this policy.

Whenever we change this policy, we will change the date and version number.  We will also do our best to provide advance notice of a material change through a notice on our Website, but we may not always be able to provide advance notice.  At the end of this policy, we maintain a policy history that identifies earlier versions and changes.  We did a major revision and update of our privacy policy in 2015.  To see previous privacy policies, click here.

Usage Data

Usage Data is collected automatically when using the Website.

Usage Data may include information such as your Device’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Website by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

We may also collect information that your browser sends whenever You visit our Website or when you access the Website by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on our Website and store certain information.  Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze our Website.  The technologies we use may include:

  • Cookies or Browser Cookies. A cookie is a small file placed on your device.  You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent.  However, if you do not accept Cookies, you may not be able to use some parts of our Website.  Unless you have adjusted your browser setting so that it will refuse Cookies, our Website may use Cookies.
  • Web Beacons. Certain sections of our Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit CFA, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be “persistent” or “session” cookies.  Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.  Your browser may offer the ability to delete persistent cookies.  Deleting persistent cookies protects your privacy, but you will have to sign in again at websites that you visit regularly.

We use both session, and persistent cookies for the purposes set out below:

  • Necessary / Essential Cookies 

    Type: Session CookiesAdministered by: Us

    Purpose: These cookies are essential to provide you with services available through the Website and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts.  Without these cookies, the Website may not be able to provide the services that you asked for.  We only use these cookies to provide you with those services.

  • Cookies Policy / Notice Acceptance Cookies 

    Type: Persistent CookiesAdministered by: Us

    Purpose: These cookies identify if users accepted the use of cookies on the Website.

  • Functionality Cookies 

    Type: Persistent CookiesAdministered by: Us

    Purpose: These cookies allow us to remember choices you make when you use the Website, such as your login details or language preference. These cookies provide you with a more personal experience and avoid the need for you to re-enter your preferences every time you use the Website.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic.  Google uses the data collected to track and monitor the use of our Website.  This data is shared with other Google services.  Google may use the collected data to contextualize and personalize the ads of its own advertising network.  Google Analytics can be blocked by browsers, browser extensions, firewalls, and other means.

You can opt-out of having your activity on the Website made available to Google Analytics by installing the Google Analytics opt-out browser add-on.  The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.  You can find a Google Analytics opt-out add-on for many browsers at https://tools.google.com/dlpage/gaoptout.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.

Data Quality

We seek to maintain all personal information with an appropriate degree of relevance, accuracy, necessity, completeness, and currency.  Since any personal information we have comes from you, we generally rely on you to tell us if we have the wrong email address or other outdated or incorrect information.  See the access and correction section below.

We do not have a fixed schedule for the disposal of personal information.  We keep data as long as we consider it relevant and useful.  We will erase your identifiable data upon your request unless we are required to keep the data for contractual or legal reasons.  For example, we may need to keep records if you use a credit card or make a contribution.

Purpose Specification & Use Limitation 

We use personal information only for the purpose for which we obtained it from you, and we may continue to do so unless you tell us to stop.  You can opt-out of some or all communications from us at any time.

If we ever want to use personal information in a way that is not consistent with this policy, we will seek your affirmative consent.

We process your personal information for a variety of reasons, depending on how you interact with our Website, including:

  • To evaluate and improve our website operations and your experience. We may process personal information to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our website operations and your experience.
  • To identify usage trends. We may process personal information to understand better how our users use the Website and to improve the Website.
  • To determine the effectiveness of our marketing and promotional campaigns. We may process personal information to understand better how to provide the resources that are most relevant to you.

These three functions aggregate user information to draw general conclusions about website activities rather than activities about individual users.

We occasionally post testimonials on our Website that may contain personal information.  We only post a testimonial from you with your express permission.

If you sign up for one of our email issue updates, we will send you that update.  If you sign up for text messages, we will send you text messages.  If you come to one of our conferences, dinners, assemblies, or other events, or if you use any of our services, we may use your information to send you information about that event or about other similar events, activities, and services.  At our conferences, meetings, and other events, we ask your permission to include your name on a list of attendees, their affiliations, and contact information that we share with other attendees.  If you make a contribution, we use your information to thank you, and we may ask for additional contributions.

We do not sell, rent, share, or otherwise voluntarily disclose our lists, donor lists, or other personally identifiable information for any commercial purpose.  In our advocacy work, we may share a registration or meeting list with other groups that are working on the same issues.

We sometimes add an individual to one of our issue updates or other lists because a CFA staff member interacted with that individual and believes that they would be interested.  If you ask us for more information about our activities, we might add you to a CFA list.  We make these decisions on a case-by-case basis. Many of our emails contain opt-out links.  We remove anyone from any or all lists upon request.  We send postal invitations for some of our events, and we honor any opt-out requests that we receive for postal lists.

If you use a credit card to pay CFA or make a contribution, our credit card processor handles the processing of the transaction.  This is how credit card activities occur, and it is normal.  The credit card processor and your credit card company use your information subject to their own privacy policies and legal requirements.  We normally do not see or maintain your credit card number, but we do have your name, card type, expiration, and last four digits of the card number.

If you pay for a CFA event or make a payment or contribution through an electronic funds transfer provider, we normally have no information other than your name, the amount, and a confirmation that you sent us a payment or contribution.  Each electronic funds transfer provider has its own privacy policy and terms of service that you agreed to when you set up your account with the provider.

We may disclose any personal information we collect to contractors who provide administrative services and support for CFA.  This includes our Internet Service Provider, database providers, consultants, lawyers, auditors, and others.  We try to avoid sharing personal information, but vendors support some of our services so sharing is essential.  For example, we maintain some databases with cloud service providers.  We try to select vendors and contractors who have reasonable privacy and security policies.

Whenever practical, CFA makes anyone working for CFA who has access to personal information aware of this privacy policy.  Contractors who manage mailings for us may use web beacons (also known as web bugs) that allow them to determine if you opened an email.  You can block web beacons if you choose.  To learn more about web beacons, search for web beacon on Wikipedia (https://en.wikipedia.org/wiki/Web_beacon) or with your favorite search engine.

As required by law, we disclose personal information in response to a subpoena, search warrant, court order, or similar demand.  We may or may not contest any demand for data.  We think it is highly unlikely that we will receive a demand for individual records, but we feel obliged to let you know about the possibility.  If we find it practicable, we will make reasonable attempts (via telephone, email, or through our Website) to tell you about any of these disclosures, either before or after they occur.  We can’t guarantee that we will have the time or resources to notify you, however.  Our attempts may fail if we do not have current contact information.

We also reserve the right to disclose any information that we believe to be necessary or appropriate to protect the security or integrity of our Website or service; to take precautions against liability; or to the extent permitted under other provisions of law, to provide information to law enforcement agencies or for an investigation on a matter related to public safety.  These disclosures are also unlikely.

We may voluntarily disclose data to law enforcement, to our Internet Service Provider, to security investigators, or to others who can assist us in identifying or preventing illegal or improper activities on our Website.  We may ask our Internet Service Provider to make appropriate disclosures for the same purpose, including disclosures of IP addresses and any other identifiable information that it maintains.

Security Safeguards

We keep some personal information on computers and in file cabinets in our office.  We believe that our building and our office have reasonable and appropriate administrative, technical, and physical safeguards.  Independent service providers maintain some personal information on our behalf elsewhere.  We rely on our Internet Service Providers and others who support our data, Internet, and cloud activities to maintain reasonable and appropriate security.  We cannot guarantee perfect security.  If we suffer a data breach involving your personal information, we will notify you about the breach as required by law and, if appropriate, we may notify you even if not required by law.

Access and Correction

If we have any personal information about you, we provide you with a copy of that information if you ask.  If you think that the information we have about you is not accurate, relevant, timely, or complete, you can ask us to change it.  If we do not make the change you requested, we will tell you why in writing.  If you ask, and we can do so, we will delete your personal information.  We do not charge a fee for any of these requests.

Accountability

The Consumer Federation of America is responsible for this privacy policy.  Our privacy officer responds to any questions or complaints about this policy or our privacy practices.  Write to the CFA privacy officer at privacy@consumerfed.org.  We will respond to all requests about our privacy policy.

We regularly instruct our staff members about our privacy and security policies and practices.  Staff members who access personal information must appropriately use and protect all personal information in the possession of CFA.  This is part of their job responsibilities, and we hold staff members accountable for compliance with our privacy and security policies.

CFA is located at:

1620 I Street, NW – Suite 200
Washington, DC 20006
202-387-6121

privacy@consumerfed.org

Other CFA Websites

This policy applies to most CFA websites.  Some CFA websites have privacy policies with additional elements or other privacy policies.  These are:

  • Military Saves.  Our Website at https://militarysaves.org/ collects some information from those who sign up for a savings program.

Miscellaneous

Other Websites:  We provide links on our websites to websites operated by other entities.  If you follow these links, you should understand that other privacy policies apply, and your personal information may be collected, used, and disclosed under different rules.

Children:  This Website is not directed at children under 13 who have statutory protections under the Children’s Online Privacy Protection Act.  Some young children may use our Website to obtain consumer information, but we do not expect that any will engage in activities that result in our obtaining personal information.

Social Media:  We use social media, including Facebook, Twitter, and other platforms to make consumer information available to individuals.  Social media sites have their own privacy policies.  If you participate in our social media activities and provide us with personal information, we may add that information to our records, and it will become subject to this policy.

International Visitors:  If you use our service from outside the United States, you need to know that we store in the United States any personal information that you provide to us.  Despite CFA’s best efforts to push for better privacy legislation in the US, the protections of US law for personal information are often not as good as the protections under many national or provincial privacy laws elsewhere.  We welcome foreign users, and we do not collect their information unless they affirmatively provide it to us.  All visitors, domestic and foreign, have the same protections under CFA’s privacy policy.  Those who choose to share personal information with us must understand that there are differences in legal privacy protections in different jurisdictions.  If you provide us with personal information, you must accept these circumstances and consent to our processing and storing of your information in the US.

Privacy Policy History

August 2015.  Version 2.0 of this policy was a major revision of the CFA privacy policy.  This version provided more details than earlier policies, and it explicitly used Fair Information Practices as the structure for the policy.  Policies for other CFA websites were more explicitly coordinated with the main privacy policy.

December 2022.  Version 3.0 of this policy reflects new activities on CFA website, including the use of Google Analytics and some cookies-based activities.

End of CFA Privacy Policy