Privacy & Terms

1. Introduction

The Gulf of Maine Research Institute (GMRI) respects the privacy of everyone who visits our website, supports our mission, or engages with us in any capacity. This Privacy Policy describes how we collect, use, disclose, and protect personal information, and explains the rights available to you regarding that information.

This policy applies to information collected through our website at gmri.org (and associated subdomains), through in-person interactions, and through our fundraising and program activities.

By using our website, you acknowledge that you have read and understood this policy. If you have questions, please contact us using the information provided in Section 14.

2. Information We Collect

2a. Information You Provide Directly

When you interact with GMRI through our website, donation forms, event registrations, surveys, program applications, or correspondence, we may collect:

Contact information (name, mailing address, email address, telephone number)
Employer, professional affiliations, and community connections
Financial information necessary to process donations (credit card number, bank information) — processed by PCI-compliant third-party agents; GMRI does not store raw payment credentials
Biographical information you choose to share (birth date, education, family members, interests)
Philanthropic history and volunteer or committee activity
Comments, survey responses, and other written communications

2b. Information Collected Automatically

When you visit gmri.org, certain information is collected automatically through cookies, tracking technologies, and server logs, including:

IP address (used for server diagnostics, analytics, and security)
Browser type, device type, and operating system
Pages visited, time spent, and referral source
Interactions with embedded third-party tools (e.g., donation widgets)

Under the General Data Protection Regulation (GDPR), IP addresses are considered personal data. Under the California Consumer Privacy Act (CCPA), automatically collected information may constitute personal information subject to consumer rights. See Sections 4 and 5 for details on how this data is used and your rights regarding it.

3. Cookies and Tracking Technologies

GMRI uses cookies and similar tracking technologies on gmri.org. Cookies are small text files placed on your device by your browser when you visit a website. We use them to operate the site, measure usage, and support donation processing.

We use a consent management platform (CookieYes) to present cookie preferences at first visit and to honor your choices on an ongoing basis. You may update your preferences at any time by clicking the ‘Cookie Preferences’ link in the site footer.

Cookie Categories

Strictly Necessary

These cookies are required for the website to function and cannot be disabled. They include security and session management cookies, and cookies required by our donation platform (Fundraise Up) for fraud prevention and transaction integrity. No consent is required for these cookies under GDPR; they are also exempt from CCPA opt-out requirements.

Examples: CookieYes consent record, Fundraise Up security (fundraiseup_cid, fundraiseup_consent)

Functional

These cookies enable enhanced features such as remembering your preferences across sessions. They are not required for basic site operation. Under GDPR, these require consent from EEA/UK visitors. Under CCPA, their use must be disclosed.

Examples: Fundraise Up functionality cookie (fundraiseup_func)

Performance / Analytics

These cookies collect anonymized data about how visitors use the site, including pages visited, time on site, and referral sources. This information helps us understand and improve site performance. Under GDPR, these require consent from EEA/UK visitors. Under CCPA, their use must be disclosed and is subject to opt-out.

Examples: Google Analytics 4 (GA4), Fundraise Up analytics (fundraiseup_stat)

Marketing / Targeting

GMRI does not currently use marketing cookies. This section will be updated if that changes.

Managing Your Preferences

EEA, UK, and US visitors will see a cookie consent banner on their first visit, appropriate to their region. EEA/UK visitors must opt in to non-essential cookies. California visitors may opt out of analytics and other non-essential data collection. All other visitors will see an informational notice.

You may also control cookies through your browser settings. Note that disabling cookies may affect site functionality.

4. How We Use Your Information

GMRI uses personal information for the following purposes:

Processing donations and providing receipts and acknowledgment letters
Sharing information about GMRI programs, research, and events
Inviting participation in events and volunteer opportunities
Internal record keeping, analysis, and reporting
Reporting to relevant federal and state agencies where legally required (not for public inspection)
Recognizing donors publicly, unless the donor has requested anonymity
Using comments or survey responses in GMRI publications, unless submitted in confidence
Improving website content and user experience through analytics
Complying with legal obligations

Legal Basis for Processing (GDPR — EEA/UK Visitors)

For visitors from the European Economic Area (EEA) or United Kingdom, GMRI processes personal data on the following legal bases under GDPR Article 6:

Consent: For non-essential cookies and analytics, where you have opted in via our consent banner
Legitimate interests: For internal analysis, security, and site diagnostics, where those interests do not override your rights
Legal obligation: Where processing is required to comply with applicable law
Contractual necessity: To process and fulfill a donation transaction you have initiated

5. Your Privacy Rights

GDPR Rights (EEA and UK Residents)

If you are located in the European Economic Area or United Kingdom, you have the following rights under GDPR:

Right to access: Request a copy of the personal data we hold about you
Right to rectification: Request correction of inaccurate or incomplete data
Right to erasure (right to be forgotten): Request deletion of your personal data, subject to legal retention requirements
Right to restriction of processing: Request that we limit how we use your data in certain circumstances
Right to data portability: Receive your data in a structured, machine-readable format
Right to object: Object to processing based on legitimate interests or for direct marketing
Rights related to automated decision-making: GMRI does not engage in automated decision-making or profiling with legal or significant effects
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and any third parties with whom it has been shared
Right to delete: Request deletion of personal information we have collected, subject to certain exceptions
Right to correct: Request correction of inaccurate personal information
Right to opt out of sale or sharing: See Section 6 below
Right to non-discrimination: GMRI will not discriminate against you for exercising your CCPA rights

How to Submit a Rights Request

To exercise any of the rights above, please contact us at:

Email: info@gmri.org
Mail: Gulf of Maine Research Institute, Attn: Privacy, 350 Commercial Street, Portland, ME 04101

We will respond to verifiable requests within 45 days (CCPA) or one month (GDPR), with a possible extension of up to 45 days (90 days total) for CCPA or two additional months (GDPR) for complex requests. We may need to verify your identity before processing a request.

6. Do Not Sell or Share My Personal Information

GMRI does not sell or share personal information with third parties for monetary consideration or for cross-context behavioral advertising purposes.

However, certain analytical and operational tools we use (such as Google Analytics 4) may, under a broad interpretation of CCPA’s definition of ‘sharing,’ constitute data sharing with third parties for business purposes. California residents have the right to opt out of this type of data sharing.

To exercise your right to opt out, you may:

Use the ‘Cookie Preferences’ link in our website footer to disable Performance/Analytics cookies
Enable Global Privacy Control (GPC) in a compatible browser — GMRI honors GPC signals automatically
Submit a written request to the contact information in Section 5

7. Third-Party Services and Data Processors

GMRI uses the following third-party services that may collect or process personal information on our behalf or through our website. We require that these service providers meet appropriate standards of security and privacy.

Google Analytics 4 (GA4)

Used to measure website traffic and user behavior. GA4 collects anonymized usage data. GMRI has enabled IP anonymization. Data is transmitted to Google LLC. For more information, see Google’s Privacy Policy and, for EEA/UK visitors, Google’s GDPR commitments.

Google Tag Manager

Used to manage and deploy analytics and tracking scripts on gmri.org without direct code changes. GTM itself does not collect personal data but facilitates the deployment of tools that may.

Fundraise Up

Used to process online donations on gmri.org. Fundraise Up places cookies directly on our domain for transaction security, donation functionality, and performance analytics. Fundraise Up is PCI-compliant and processes payment card data on GMRI’s behalf. For more information, see Fundraise Up’s Privacy Policy.

CookieYes

Our consent management platform. CookieYes records and stores visitor consent preferences and presents region-appropriate cookie banners. The consent record itself is a strictly necessary cookie and cannot be disabled.

Mailchimp

GMRI uses Mailchimp to distribute newsletters, event invitations, and donor communications. Contact information shared for this purpose is governed by Mailchimp’s privacy practices.

Credit Card and Payment Processing

Payment processing is handled by PCI-compliant third-party processors. GMRI does not store raw credit card numbers or bank account information.

8. Donor Privacy

GMRI has the utmost respect for the privacy of personal and proprietary information shared by our donors, prospective donors, friends, and partners. To maintain mutually beneficial relationships, we collect and use information:

Obtained through pledge cards, letters, surveys, applications, and other forms — in writing, in person, by telephone, or electronically — including, but not limited to, name, address, employer, birth date, credit card number, bank information, education, family members, community affiliations, and interests.
Independently gathered from various sources regarding philanthropic giving history, volunteer activities, committee service, public documents and reports, and interactions an individual may have had with GMRI.

GMRI will not rent, trade, share, or sell a donor’s personal information — including, but not limited to, names, mailing addresses, email addresses, or telephone numbers — with any outside party, nor will GMRI send donor mailings on behalf of other organizations.

We use third-party processing agents who meet our high standards of safety, security, and privacy (including PCI compliance) to facilitate activities such as credit card processing, stock transactions, and email distribution. We use contact information for the following purposes:

Distributing receipts and thanking donors for their contributions
Sharing information on GMRI activities and issues related to our mission
Inviting participation in events
Internal analysis and record keeping
Reporting to relevant federal and state agencies, where required by law (not for public inspection)
Contacting donors about changes to this policy

We are proud of and grateful for the generous community support we receive. It is our intention to publicly recognize supporters by name unless the donor explicitly requests anonymity on their pledge card, when donating online, or through personal communication with our Development staff.

Comments provided in donor forms and surveys, or via email, fax, or telephone, may be used in GMRI publications unless submitted to us in confidence. General, anonymous information about GMRI fundraising may also be used for promotional and fundraising purposes.

Access to personal and financial information is limited to select GMRI staff members who are appropriately trained. Development staff may share information with board members and volunteers on a need-to-know basis where required to advance GMRI’s mission. GMRI maintains appropriate technology safeguards to protect sensitive information online and appropriate security practices to protect information offline.

The Chief Development Officer reviews this policy annually with all relevant staff, board members, and volunteers to ensure clarity on the reasons for confidentiality, appropriate accessibility, and the integrity of practices for preserving confidentiality of personal and proprietary information.

9. Data Retention

GMRI retains personal information for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. General retention guidelines are as follows:

Donor and constituent records: Retained for the duration of the relationship and for 7 years following the last transaction or interaction, with certain records retained permanently where required by law or organizational need.
Website analytics data: Retained in Google Analytics for 12 months, consistent with GA4 data retention settings.
Consent records (CookieYes): Retained for 12 months to provide proof of consent as required by GDPR.

10. Terms of Use

10a. Acceptance of Terms

By accessing or using the Gulf of Maine Research Institute (GMRI) website at gmri.org (including any subdomains), you agree to be bound by these Terms of Use and all applicable laws and regulations. If you do not agree with any of these terms, you are prohibited from using or accessing this site. GMRI reserves the right to modify these terms at any time. Continued use of the site following any changes constitutes acceptance of the revised terms. The effective date of the most recent revision appears at the top of this document.

10b. Permitted and Prohibited Uses

You may access and use gmri.org for lawful, personal, and non-commercial purposes consistent with GMRI’s mission. You agree not to:

Use the site for any unlawful purpose or in violation of any applicable local, state, national, or international law or regulation
Attempt to gain unauthorized access to any portion of the site, its servers, or any systems or networks connected to the site
Use automated tools (including scrapers, bots, or crawlers) to extract content from the site without GMRI’s prior written consent
Submit false, misleading, or fraudulent information through any form on the site, including donation and registration forms
Transmit any material that is harmful, threatening, abusive, harassing, defamatory, or otherwise objectionable
Impersonate any person or entity, or falsely represent your affiliation with any person or entity
Interfere with or disrupt the integrity or performance of the site or the data contained therein

GMRI reserves the right to terminate or restrict access to the site for any user who violates these terms, without notice.

10c. Content Licensing

The Gulf of Maine Research Institute (GMRI) website operates under the Creative Commons License Policy (CC License) as described below, with a few notable exceptions.

Throughout our site, we may use content and images that are the legal property of other organizations or individuals, protected by copyrights owned by them, and not subject to our CC License. Those items that are copyright-protected by third parties are noted within the site. Any use or reproduction of that content must be coordinated through the legal copyright holder, not GMRI.

Subject to the restrictions noted above, you are free to share — to copy, distribute, display, and perform content available on this site — under the following conditions:

Attribution: You must attribute the work to the Gulf of Maine Research Institute, though not in any way that suggests GMRI endorses you or your use of the work.
Noncommercial: You may not use the work for commercial purposes.
No Derivative Works: You may not alter, transform, or build upon the work.
Any reuse or distribution must make clear to others the license terms of this work. The best way to do this is with a link to this web page.
Any of the above conditions may be waived if you obtain written permission from GMRI.
Nothing in this license impairs or restricts GMRI’s moral rights.

10d. Disclaimer of Warranties

The content published on gmri.org — including research summaries, scientific communications, program descriptions, data, and all other materials — is provided for general informational and educational purposes only. It does not constitute professional scientific, legal, financial, medical, or other expert advice, and should not be relied upon as such.

GMRI makes reasonable efforts to ensure the accuracy and currency of information on this site, but makes no representations or warranties, express or implied, regarding the completeness, accuracy, reliability, suitability, or availability of any content. Any reliance you place on such content is strictly at your own risk.

The site is provided on an ‘as is’ and ‘as available’ basis. GMRI does not warrant that the site will be uninterrupted, error-free, or free of viruses or other harmful components.

10e. Limitation of Liability

To the fullest extent permitted by applicable law, GMRI, its officers, directors, employees, volunteers, and agents shall not be liable for any direct, indirect, incidental, consequential, special, or punitive damages arising out of or related to your use of, or inability to use, this website or its content. This includes, without limitation, damages for loss of data, loss of revenue, or any other losses, even if GMRI has been advised of the possibility of such damages.

Some jurisdictions do not allow the exclusion or limitation of certain damages; in such jurisdictions, GMRI’s liability is limited to the maximum extent permitted by law.

10f. Third-Party Links and Content

gmri.org may contain links to external websites operated by third parties, including research partners, government agencies, funders, and other organizations. These links are provided for convenience and informational purposes only. GMRI does not control, endorse, or assume responsibility for the content, privacy practices, or accuracy of any third-party sites. Visiting linked sites is done at your own risk, and you should review the applicable terms and privacy policies of those sites before interacting with them.

Inclusion of a link on gmri.org does not imply GMRI’s endorsement of that site or its content.

10g. Accessibility

GMRI is committed to ensuring that gmri.org is accessible to all users, including people with disabilities. This site conforms to the Web Content Accessibility Guidelines (WCAG) 2.1 at Level AA, consistent with our obligations under Sections 504 and 508 of the Rehabilitation Act of 1973 as an organization that receives federal funding.

If you experience difficulty accessing any content or functionality on this site, or if you require materials in an alternative format, please contact us using the information in Section 14. We will make reasonable efforts to provide accessible alternatives in a timely manner.

10h. Governing Law and Jurisdiction

These Terms of Use and your use of gmri.org are governed by and construed in accordance with the laws of the State of Maine, without regard to its conflict of law provisions. Any legal action or proceeding arising out of or related to these terms or your use of this site shall be brought exclusively in the state or federal courts located in Cumberland County, Maine, and you consent to the personal jurisdiction of those courts.

10i. Severability

If any provision of these Terms of Use is found to be unlawful, void, or unenforceable, that provision shall be deemed severed from the remaining terms, which shall continue in full force and effect.

10j. Contact for Terms of Use Questions

Questions or concerns related to these Terms of Use may be directed to GMRI using the contact information provided in Section 14.

11. Event Photo and Recording Release

By attending any event hosted or sponsored by Gulf of Maine Research Institute (GMRI), you:

Represent that you are at least 18 years of age and the age of majority in your jurisdiction;
Consent to be photographed, filmed, and otherwise recorded at the event;
Grant to GMRI, its marketing partners, its event partners, and their respective agents, affiliates, licensees, successors, and assigns an irrevocable right to publish, disseminate, and otherwise use your name, image, voice, and likeness in perpetuity for any lawful purpose; and
Release and waive any and all claims arising out of GMRI’s use of your name, image, voice, and likeness, including any claims alleging a violation of a right of publicity, invasion of privacy, or defamation.

If you are accompanied by a minor, the foregoing consent, grant, release, and waiver includes GMRI’s use of the minor’s name, image, voice, and likeness.

12. Data Security

GMRI maintains technical and organizational measures appropriate to the risk associated with processing personal data. These include access controls, encrypted transmission for sensitive transactions, and staff training on data handling practices.

No data transmission over the internet or method of electronic storage is completely secure. While we take reasonable precautions, GMRI cannot guarantee absolute security. In the event of a data breach affecting your rights and freedoms, we will notify affected individuals and applicable regulatory authorities in accordance with applicable law.

13. Policy Updates

GMRI reviews this policy at least annually and updates it whenever our data practices change materially. The effective date at the top of this document reflects the most recent revision.

If we make material changes that affect how we use previously collected personal information, we will notify users who have provided contact information prior to implementing those changes, and will provide an opportunity to opt out of the new uses where required by law.

14. Contact

For questions about this policy, to exercise your privacy rights, or to report a concern:

Gulf of Maine Research Institute
350 Commercial Street
Portland, ME 04101
Email: info@gmri.org
Phone: 207-772-2321

EEA/UK residents who are unsatisfied with our response have the right to lodge a complaint with their local supervisory authority. In the UK, this is the Information Commissioner’s Office (ico.org.uk). In Ireland, the Data Protection Commission (dataprotection.ie).