Privacy policy - UN Biodiversity Lab

This privacy policy has been compiled to better serve those who are concerned with how their 'Personally Identifiable Information' (PII) and ‘personal data’ is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. It is inclusive of the term “personal data”, as used in EU privacy law and information security, which includes :any information relating to an person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information and personal data in accordance with our website. In this policy, convening partners are defined as: United Nations Environment Programme, United Nations Development Programme, United Nations Environment Programme World Conservation Monitoring Centre, Secretariat of the Convention on Biological Diversity, and the Global Environmental Facility.

What personal information do we collect from the people that visit  the UN Biodiversity Lab (UNBL)?

When visiting or registering on our site, as appropriate, you may be asked to enter your name, email address, phone number or other details to help you with your experience. We ensure that the collection of personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

When do we collect information?

We collect information from you when you register on our site, subscribe to a newsletter or enter information on our site, including information about views (such as metadata, source, and licensing information) that you create on the geospatial platform.

How do we use your information?

With your previous consent, we may use the information we collect from you when you create an account in our website, respond to a survey or marketing communication, surf our website, or use certain other site features in the following ways:

  • To send periodic newsletters or site communications
  • To collect statistics about users in order for us to improve the website

Important: By creating an account in UNBL, you give your consent to be added to our mailing list, normally hosted by a 3rd party platform, such as MailChimp. We may use this information to send you relevant communications about UNBL and other partner projects and initiatives. You will always have the opportunity to unsubscribe from this list at any point, an "Unsubscribe" button will be available at the bottom of every email we send you.

How do we protect your information?

We do not use vulnerability scanning and/or scanning to PCI standards.

We only provide articles and information. We never ask for credit card numbers.

We use regular Malware Scanning.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.

When do we share your information?

We treat personal data with confidentiality and will only disclose it when necessary to provide services or report on business operations. When you sign-up on our website, your contact information is shared with MailChimp, which hosts our newsletter list and page. Aggregate statistics of user interaction with the platform are created from non-personally identifiable information.

What do we do with non personally identifiable information (Non-PII)?

Non-personally identifiable information is data that is anonymous, which cannot be used to distinguish or trace an individual's identity such as name, social security number, place of work, address, etc. As a result, this data does not require encryption before it is transmitted as there is no scope for misuse that would result in harm to any individual. Non-PII data typically includes data collected by browsers and servers using cookies. Device type, browser type, plugin details, language preference, time zone are few examples of non PII data. Non-PII data is usually collected by businesses to track and understand the digital behavior of their consumers.

We use non-PII data to improve online experience and engagement by tracking user interactions with the platform and creating aggregate statistics to report to our implementing partners.

Do we use 'cookies'?

Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

We use cookies to:

  • Collect statistics about users in order for us to improve the website
  • Understand and save user's preferences for future visits.
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies.

If you turn cookies off some of the features that make your site experience more efficient may not function properly.

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice and request previous approval. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it's release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Third-party links

Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.


Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users.

We have implemented the following automated profiling

We collect aggregate statistics on user interactions with the platform. These statistics only include your non-personally identifiable information. The statistics collected include:

  • Number of owners, administrators, editors, and viewers (separately or combined) per UNBL workspace.
  • Total number of data layers and shapes uploaded to each workspace.
  • Number of data layers per type ("rasters", "vectors", "time series", "custom coded" in every combination needed) that are available in each UNBL workspace.

At no time will information such as your email or other personal details be disclosed.

General Data Protection Regulation 2016/679 (GDPR)

The new General Data Protection Regulation came into effect on May 25, 2018. The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas. The law is designed to accomplish two main things:

  1. Unify the current data protection privacy laws throughout the EU, and
  2. Enhance the rights of citizens of the EU to protect their personal information

“Personal data” is defined in the GDPR as any information relating to an person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. In other parts of our privacy policy we use the term “Personally Identifiable Information” and “personal data” interchangeably. This reflects the language of both US and EU privacy and data laws.

We take the collection and processing of data very seriously and will never compromise personal data. The policy that follows applies to all personal data processed by UNBL. This policy will be reviewed at least annually. We have implemented appropriate security controls throughout our systems. Access to personal data is limited to personnel who need access and appropriate security is in place to avoid unauthorised sharing of information. In the unlikely event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, UNBL shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach and honor the GDPR requirements for notification.

How long do we keep your personal data for?

We will only keep your personal data for as long as you choose to hold an account with UNBL. To have your personal data removed from our servers permanently, you can opt-out by emailing us at When personal data is deleted this will be done safely such that the data is irrecoverable. To ensure that personal data is kept for no longer than necessary, UNBL shall put in place an archiving policy for each area in which personal data is processed and review this process annually. The archiving policy shall consider what data should/must be retained, for how long, and why.

What legal basis do we have for processing your data?

Under the relevant processing conditions contained within the GDPR, we only process your data on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests. This includes:

  • You have given us consent, via input of your personal information, to have your data processed for the specific purpose(s). For example, when you sign up on our website the personal information you provide will be stored on MailChimp and be used to send you updates regarding UNBL. If you register for a user account, the email you provide will be stored on our MapX servers and be used to save information regarding your account, so that data associated with your account will be associated with your email. The option for you to revoke consent is available in each newsletter, which is reflected immediately in our systems.
  • Processing is necessary for pursuing a legitimate interest. In this case, only non-personally identifiable information will be processed to create aggregate statistics about user interaction with UNBL. These statistics can be used in reports and presentations regarding the use of UNBL. No personal data will ever be released in the assessment of the platform’s performance. User registration with UNBL implies consent to collect and publish performance data at an aggregate level. Evidence of opt-in consent shall be kept with the personal data.

California Online Privacy Protection Act

CalOPPA is the first state law in the United States of America to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. - See more at:

According to CalOPPA, we agree to the following:

Users can visit our site anonymously.

This privacy policy can be found on our home page or as a minimum, on the first significant page after entering our website.

Our Privacy Policy link includes the word 'Privacy' and can easily be found on the page specified above.

You will be notified of any Privacy Policy changes:

  • On our Privacy Policy Page

You can change your personal information:

  • By emailing us
  • By logging in to your account

How does our site handle Do Not Track signals?

We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third-party behavioral tracking?

It's also important to note that we do not allow third-party behavioral tracking.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

We do not specifically market to children under the age of 13 years old.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

  • We will notify you via email within 7 business days.
  • We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.


The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

  • Send information, respond to inquiries, and/or other requests or questions

To be in accordance with CAN-SPAM, we agree to the following:

  • Not use false or misleading subjects or email addresses.
  • Identify the message as an advertisement in some reasonable way.
  • Include the physical address of our business or site headquarters.
  • Monitor third-party email marketing services for compliance, if one is used.
  • Honor opt-out/unsubscribe requests quickly.
  • Allow users to unsubscribe by using the link at the bottom of each email.
  • Follow the instructions at the bottom of each email and we will promptly remove you from ALL.

If at any time you would like to unsubscribe from receiving future emails, you can email us at

Contacting us

If there are any questions regarding this privacy policy, you may contact us using the information below.

304 East 45th Street
New York, New York 10017
United States

Last Edited on 06/24/2021