Northern Border Regional Commission (NBRC) Privacy Statement

Effective date: August 26, 2020

Thanks for entrusting the Northern Border Regional Commission (“NBRC”, “we”) with your personal information. Holding on to your private information is a serious responsibility, and we want you to know how we're handling it. All capitalized terms have their definition in NBRC’s Terms of Service, unless otherwise noted here.

The short version

We use your personal information as this Privacy Statement describes. We provide the same high standard of privacy protection to all our users around the world, regardless of their country of origin or location. Of course, the short version and the Summary below don't tell you everything, so please read on for more details.


Section What can you find there?
What information NBRC collects NBRC collects information directly from you for your user registration, user profile, and grant application. We only collect the minimum amount of personal information necessary from you, unless you choose to provide more. We also collect from all users, who may or may not have a user account, usage information which may include personally identifiable information. We automatically collect from you your usage information, cookies and similar technologies, or device information.
What information NBRC does not collect We don’t knowingly collect information from minors under 18. We don’t collect Sensitive Personal Information. We don’t collect User Personal Information from third parties.
How NBRC uses your information In this section, we describe the ways in which we use your information, including to provide you the Service, to communicate with you, for security and compliance purposes, and to improve our Service. We also describe the legal basis upon which we process your information, where legally required.
How we share the information we collect We may share your information with third parties under one of the following circumstances to comply with our legal obligations or requirements. We do not sell your personal information and we do not host advertising on You can see a list of the service providers that access your information.
Other important information We provide additional information specific to repository contents, public information, and Organizations on NBRC.
How you can access and control the information we collect How you can access and control the information we collect We provide ways for you to access, alter, or delete your personal information.
Our use of cookies and tracking We use cookies only for the overall functionality of our Website. We do not use tracking cookies of any kind.
How NBRC secures your information We take all measures reasonably necessary to protect the confidentiality, integrity, and availability of your personal information on NBRC and to protect the resilience of our servers.
NBRC's global privacy practices We provide the same high standard of privacy protection to all our users around the world.
How we communicate with you We communicate with you by email. You can control the way we contact you by contacting us.
Resolving complaints In the unlikely event that we are unable to resolve a privacy concern quickly and thoroughly, we provide a path of dispute resolution.
Changes to our Privacy Statement We notify you of material changes to this Privacy Statement 30 days before any such changes become effective.
Contacting NBRCg Please feel free to contact us if you have questions about our Privacy Statement.

The Long Version

What information NBRC collects

"User Personal Information" is any information about one of our Users which could, alone or together with other information, personally identify them or otherwise be reasonably linked or connected with them. Information such as a user name and password, an email address, a real name, an Internet protocol (IP) address, and a photograph are examples of &qout;User Personal Information.&qout;

User Personal Information does not include aggregated, non-personally identifying information that does not identify a User or cannot otherwise be reasonably linked or connected with them. We may use such aggregated, non-personally identifying information for research purposes and to operate, analyze, improve, and optimize our Website and Service.

Information users provide directly to NBRC

Registration Information

We require some basic information at the time of account creation. When you create your account, we ask you for a valid email address and a password.

Profile Information

You may choose to give us more information for your Account profile, such as your first and last name, your organization, your title, your telephone number, and your street address. This information may include User Personal Information. Please note that your profile information may be visible to other Users of our Service.

Grant Application Information

Additional information is required by federal law to complete the grant application process. This information is above and beyond what is required Registration Information and Profile Information. Once provided, Grant Application Information is permanent public record and may not be deleted or altered.

Information NBRC automatically collects from your use of the Service

Usage information

If you're accessing our Service or Website, we automatically collect the same basic information that most services collect, subject, where necessary, to your consent. This includes information about how you use the Service, such as the pages you view, the referring site, your IP address and session information, and the date and time of each request. This is information we collect from every visitor to the Website, whether they have an Account or not. This information may include User Personal information.

Cookies and similar technologies information

As further described below, and subject, where applicable, to your consent, we automatically collect information from cookies and similar technologies (such as cookie ID and settings) to keep you logged in, to remember your preferences, and to identify you and your device.

Device information

We may collect certain information about your device, such as its IP address, browser or client application information, language preference, operating system and application version, device type and ID, and device model and manufacturer. This information may include User Personal information.

Information we collect from third parties

NBRC does not collect User Personal Information from third parties.

What information NBRC does not collect

We do not intentionally collect "Sensitive Personal Information", such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. If you choose to store any Sensitive Personal Information on our servers, you are responsible for complying with any regulatory controls regarding that data.

If you are under the age of 18, you may not have an Account on NBRC does not knowingly collect information from or direct any of our content specifically to children under 18. If we learn or have reason to suspect that you are a User who is under the age of 18, we will have to close your Account. Please see our Terms of Service for information about Account termination. Different countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not have an Account on NBRC.

How NBRC uses your information

We may use your information for the following purposes:

  • We use your Registration Information to create your account, and to provide you the Service.
  • We use your User Personal Information, specifically your user name, to identify you on NBRC.
  • We use your Profile Information to fill out your Account profile and to share that profile with other users if you ask us to.
  • We use your email address to communicate with you. Please see our section on email communication for more information.
  • We use User Personal Information to respond to support requests.
  • We may use User Personal Information to invite you to take part in surveys, beta programs, or other research projects, subject, where necessary, to your consent .consent.
  • We use Usage Information and Device Information to better understand how our Users use NBRC and to improve our Website and Service.
  • We may use your User Personal Information if it is necessary for security purposes or to investigate possible fraud or attempts to harm NBRC or our Users.
  • We may use your User Personal Information to comply with our legal obligations, protect our intellectual property, and enforce our Terms of Service.
  • We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first. You can always see what information we have, how we're using it, and what permissions you have given us in your user profile.

Our legal bases for processing information

To the extent that our processing of your User Personal Information is subject to certain international laws (including, but not limited to, the European Union's General Data Protection Regulation (GDPR)) and domestic laws (including, but not limited to the California Consumer Protection Act of 2018 (CCPA)), NBRC is required to notify you about the legal basis on which we process User Personal Information. NBRC processes User Personal Information on the following legal bases:

  • Contract Performance:
    When you create a NBRC Account, you provide your Registration Information. We require this information for you to enter into the Terms of Service agreement with us, and we process that information on the basis of performing that contract. We also process your username and email address on other legal bases, as described below.
  • Consent:
    We rely on your consent to use your User Personal Information under the following circumstances: when you fill out the information in your user profile; when you decide to participate in a NBRC training, research project, beta program, or survey; and for marketing purposes, where applicable. All of this User Personal Information is entirely optional, and you have the ability to access, modify, and delete it at any time. While you are not able to delete your email address entirely, you can make it private. You may withdraw your consent at any time.
  • Legitimate Interests:
    Generally, the remainder of the processing of User Personal Information we perform is necessary for the purposes of our legitimate interest, for example, for legal compliance purposes, security purposes, or to maintain ongoing confidentiality, integrity, availability, and resilience of NBRC’s systems, Website, and Service.
  • If you would like to request deletion of data we process on the basis of consent or if you object to our processing of personal information, please use our Privacy contact form.

How we share the information we collect

We may share your User Personal Information with third parties under one of the following circumstances:

With your consent

We share your User Personal Information, if you consent, after letting you know what information will be shared, with whom, and why.

For purposes of evaluating a grant application or fulfilling the requirements of a funded grant

We may share User Personal Information with a limited number of government agencies who may process it on our behalf to evaluate grant applications and/or to fulfill the requirements of an awarded grant. While NBRC processes all User Personal Information in the United States, agencies with whom User Personal Information is shared may process data outside of the United States or the European Union.

For security purposes

If you are a member of an Organization, NBRC may share your user name, Usage Information, and Device Information associated with that Organization with an owner and/or administrator of the Organization, to the extent that such information is provided only to investigate or respond to a security incident that affects or compromises the security of that particular Organization.

For legal disclosure

NBRC strives for transparency in complying with legal process and legal obligations. Unless prevented from doing so by law or court order, or in rare, exigent circumstances, we make a reasonable effort to notify users of any legally compelled or required disclosure of their information. NBRC may disclose User Personal Information or other information we collect about you to law enforcement if required in response to a valid subpoena, court order, search warrant, a similar government order, or when we believe in good faith that disclosure is necessary to comply with our legal obligations, to protect our property or rights, or those of third parties or the public at large.

For more information about our disclosure in response to legal requests, see our Guidelines for Legal Requests of User Data.

Change in control

We may share User Personal Information if the grant application responsibilities of the NBRC are transferred to another Organization or if NBRC is combined with another Organization. If any such change, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our Website or by email before any transfer of your User Personal Information. The Organization receiving any User Personal Information will have to honor any promises we made in our Privacy Statement or Terms of Service.

Aggregate, non-personally identifying information

We share certain aggregated, non-personally identifying information with others about how our users, collectively, use NBRC, or how our users respond to our other offerings, such as our conferences or events. For example, we may compile statistics on the grant application activity across NBRC.

We do not sell your User Personal Information for monetary or other consideration.

Please note: The California Consumer Privacy Act of 2018 ("CCPA") requires businesses to state in their privacy policy whether or not they disclose personal information in exchange for monetary or other valuable consideration. While CCPA only covers California residents, when it goes into effect, we will voluntarily extend its core rights for people to control their data to all of our users, not just those who live in California. You can learn more about the CCPA and how we comply with it here.

Other important information

Public information on NBRC

Many of NBRC's services and features are public-facing and, as NBRC is a government agency, subject to the Freedom of Information Act. In the event that the NBRC receives a Request for Information request, certain User Personal Information may be redacted from the information provided to fulfill the request, as allowed by the Freedom of Information Act Exemption 6.

Authorized Officials

Grant applications submitted for consideration to and processed by NBRC are approved by an Authorized Official. The Authorized Official may have access to the User Personal Information of the person completing the grant application.

How you can access and control the information we collect

If you're already a NBRC user, you may access, update, alter, or delete your basic user profile information by editing your user profile or contacting NBRC Support. You can control the information we collect about you by limiting what information is in your profile, by keeping your information current, or by contacting NBRC Support.

Data retention and deletion of data

NBRC retains User Personal Information for as long as your account is active or as needed to provide you services.

If you would like us to delete your User Personal Information, you may do so by contacting NBRC Support. We retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your User Personal Information (within reason) within 90 days of your request. You may contact NBRC Support to request the erasure of the data we process on the basis of consent within 30 days.

After User Personal Information has been deleted, certain data, grant applications and funding transactions, will remain. However, we will delete or de-identify your User Personal Information, including your username and email address by associating them with a ghost user.

Our use of cookies and tracking


NBRC uses cookies to make interactions with our service easy and meaningful. Cookies are small text files that websites often store on computer hard drives or mobile devices of visitors. We use cookies (and similar technologies, like HTML5 localStorage) to keep you logged in, remember your preferences, and provide information for future development of NBRC. For security purposes, we use cookies to identify a device. By using our Website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept these cookies, you will not be able to log in or use NBRC’s services.

Tracking and analytics

NBRC does not use third-party analytics or service providers to help us evaluate our Users' use of NBRC. We use our own internal analytics software to provide features and improve our content and performance.

How NBRC secures your information

NBRC takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.

NBRC enforces a written security information program. Our program:

  • aligns with industry recognized frameworks;
  • includes security safeguards reasonably designed to protect the confidentiality, integrity, availability, and resilience of our Users' data;
  • is appropriate to the nature, size, and complexity of NBRC’s business operations;
  • includes incident response and data breach notification processes; and
  • complies with applicable information security-related laws and regulations in the geographic regions where NBRC does business.

In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected Users without undue delay.

Transmission of data on NBRC is encrypted using SSH, and HTTPS (TLS). We manage our own cages and racks at SOC 2 compliant data centers with high level of physical and network security.

No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

NBRC's global privacy practices

NBRC is responsible for the processing of your personal information in connection with the Service.

We store and process the information that we collect in the United States in accordance with this Privacy Statement, though our service providers may store and process data outside the United States. However, we understand that we have Users from different countries and regions with different privacy expectations, and we try to meet those needs even when the United States does not have the same privacy framework as other countries.

In particular:

  • NBRC provides clear methods of unambiguous, informed, specific, and freely given consent at the time of data collection, when we collect your User Personal Information using consent as a basis.
  • We collect only the minimum amount of User Personal Information necessary for our purposes, unless you choose to provide more. We encourage you to only give us the amount of data you are comfortable sharing.
  • We offer you simple methods of accessing, altering, or deleting the User Personal Information we have collected, where legally permitted.
  • We provide our Users notice, choice, accountability, security, and access regarding their User Personal Information, and we limit the purpose for processing it. We also provide our Users a method of recourse and enforcement.

How we communicate with you

We use your email address to communicate with you. For example, if you contact our Support team with a request, we respond to you via email. You have a lot of control over how your email address is used and shared on and through NBRC. You may manage your communication preferences in your user profile.

Depending on your email settings, NBRC may occasionally send notification emails about new features, requests for feedback, important policy changes, or to offer customer support. We also send system alerts, based on your choices and in accordance with applicable laws and regulations. There's an "unsubscribe" link located at the bottom of each of the emails we send you. Please note that you cannot opt out of receiving important communications from us, such as emails from our Support team or system emails, but you can configure your notifications settings in your profile to opt out of other communications.

Our emails may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email.

Resolving complaints

If you have concerns about the way NBRC is handling your User Personal Information, please let us know immediately. We want to help. You may contact us by contacting NBRC Support.

Dispute resolution process

In the unlikely event that a dispute arises between you and NBRC regarding our handling of your User Personal Information, we will do our best to resolve it. Additionally, if you are a resident of an EU member state, you have the right to file a complaint with your local supervisory authority, and you might have more options.

Changes to our Privacy Statement

Although most changes are likely to be minor, NBRC may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending email to the primary email address specified in your NBRC account. We will also update our Site Policy repository, which tracks all changes to this policy. For changes to this Privacy Statement that are not material changes or that do not affect your rights, we encourage Users to check our Site Policy repository frequently.

Contacting NBRC

Questions regarding NBRC's Privacy Statement or information practices should be directed to our Privacy contact form.