Privacy Policy for The State of New Mexico Environment Department (NMED) Website(s)
Effective Date: January 01, 2026
Introduction
The New Mexico Environment Department (NMED) (“we”, “our”, “us”) is committed to protecting the privacy of individuals who visit our website(s) https://env.nm.gov. This Privacy Policy explains how we collect, use, and share information when you access and use our website(s) and service(s).
By using this site, you agree to the collection and use of information in accordance with this policy.
Information We Collect
We collect various types of information to better inform our agency regarding our New Mexico-based constituents, and to improve our website, services, and user experience. The types of information we collect include:
Personal Information
We do not collect personally identifiable information unless you voluntarily provide it to us. Personal information may include:
- Name
- Email address
- Phone number
- Physical or mailing address
- Other personal identifiers (e.g., county of residence, job title, etc.)
We may collect this information when you interact with us through forms, surveys, or inquiries.
Non-Personal Information
We collect non-personal information automatically as you use our site. This includes:
- Browser Type
- Device Type
- IP Address
- Date and time of access
- Pages visited and time spent on those pages
- Referring URL (the page you visited before coming to our site)
- Exiting URL (the page you clicked on to leave our site)
This information helps us understand how our site is being used and allows us to improve site performance, content, and services.
How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the functionality of our website
- Respond to inquiries and provide customer service
- Perform web analytics and monitor site usage
- Enhance user experience and make data-driven decisions
- Comply with legal obligations and security requirements
We do not sell or rent any personal information of any kind to any third parties.
Cookies and Tracking Technologies
As part of improving your experience on our website, we use cookies and other tracking technologies, such as analytics tools, to gather anonymized data about how users interact with our website.
Sharing of Your Information
We may share your information with the following parties:
- Third-Party Service Providers: We may use third-party companies to support our website’s operation and analytics, including but not limited to cloud hosting providers, web analytics platforms, and cybersecurity services. These providers are required to handle your information in accordance with our privacy policies and applicable laws.
- Legal Compliance: We may disclose information if required by law, such as in response to a subpoena, court order, or legal request from a government authority.
We do not sell, lease, or rent your personal data to any third parties.
Data Retention
We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Our data retention practices vary depending on the type of data we collect and how it is used.
Raw User Data (Cookies and Tracking Technologies)
We collect anonymized data through cookies and other tracking technologies to analyze how users interact with our website. This data helps us improve our services and website functionality. This non-personal data is typically retained indefinitely for statistical and analytical purposes.
Voluntarily Submitted Data (Forms, Surveys, etc.)
Personal information voluntarily submitted through forms (e.g., contact forms, registration forms, surveys) is retained for as long as necessary to fulfill the purpose for which it was collected. This may include:
- Communication: If you submit information to us through forms, we retain it to process your request or respond to inquiries.
- Records or Transactions: If you are involved in a process or transaction, we will retain the necessary data for record-keeping, legal, or operational purposes.
- Personal information collected in these contexts is retained until the data is no longer necessary for the specific purpose it was collected.
- If you wish to request the deletion of your personal information submitted through forms or surveys, please refer to your rights below under “Your Rights and Choices.”
Legal and Compliance Considerations
In some cases, we may retain personal data longer than the retention periods described above to comply with legal obligations (e.g., for audit purposes, regulatory requirements, or record-keeping obligations).
Where applicable, we will retain personal data as required by law, which may extend beyond typical retention periods.
Once the data is no longer needed for the purposes for which it was collected or legally required, it will be securely deleted or anonymized.
Deletion requests
For residents of California, Massachusetts, or other jurisdictions with applicable privacy laws, you have the right to request the deletion of your personal information under certain conditions.
Please see the section below on “Your Rights and Choices” for further details on how to submit a deletion request.
Security of Your Information
We at NMED take the security of your personal information seriously and implement a variety of security measures to protect it. These measures include the use of encryption, secure servers, and regular monitoring of data access to safeguard against unauthorized access, alteration, or disclosure of your personal information.
In addition to these internal measures, we ensure that any third-party service providers we use also comply with robust security standards, such as those outlined by FedRAMP (Federal Risk and Authorization Management Program) for cloud-based services.
FedRAMP certification ensures that our cloud service providers meet stringent security requirements set by the U.S. federal government, providing an additional layer of confidence in the security of our data storage and processing systems.
We regularly review and update our security practices to ensure they meet or exceed industry standards and comply with applicable regulations, including those outlined under Massachusetts General Laws Chapter 93H and 93I, which govern data protection and breach notification.
Although we implement strict security measures, please note that no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
Your Rights and Choices
If you are a resident of California or Massachusetts, you may have specific rights under applicable state privacy laws:
- Right to Access: You have the right to request access to the personal information we have collected about you.
- Right to Deletion: You have the right to request the deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out: You may have the right to opt out of certain data collection activities, such as the sale of personal data (not applicable in your case, as you’re not selling data).
For more information on these rights, please refer to the sections on California Privacy Rights and Massachusetts Privacy Rights below.
Your Privacy Rights (California and Massachusetts Residents)
California Residents:
Under the California Consumer Privacy Act (CCPA), California residents have the right to:
- Request to know the categories and specific pieces of personal information we have collected.
- Request deletion of their personal information (with exceptions).
- Opt-out of the sale of personal data (though we do not sell personal data).
- Non-discrimination for exercising these rights.
Massachusetts Residents:
Under Massachusetts General Laws Chapter 93H and 93I, Massachusetts residents have the right to:
- Request access to their personal data.
- Request corrections to their personal data.
- Protection of their data through reasonable security measures.
If you are a California or Massachusetts resident and wish to exercise any of these rights, please contact us by filling out this short form:
We will respond within the applicable timeframes required by law.
- For more information about the California Consumer Privacy Act, visit the California Attorney General’s Website.
- For more information about Massachusetts Privacy Laws, visit the Massachusetts Office of Consumer Affairs and Business Regulation.
Children’s Privacy
This website is not functionally intended for use by children, and we encourage parents and guardians to monitor their children’s online activity.
In compliance with the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506, we do not knowingly collect or solicit personal information from children under the age of 13. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information as quickly as possible.
If you believe that we have inadvertently collected personal information from a child under 13, please contact us immediately so that we can take appropriate action.
For more information about COPPA, please visit the FTC’s COPPA page.
International Data Transfers & GDPR
Our website is intended specifically intended for users located within the United States. We have taken steps to limit access to visitors from outside the U.S., and we do not intentionally collect or process data from users located outside of the U.S.
Please note that if you access our website from outside the U.S., your data may still be processed by third-party services that are based in other jurisdictions.
Updates to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we update the policy, we will post the revised policy on our website with a new effective date. We encourage you to review this policy periodically for any changes.
Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us by filling out this form: