Effective Date: August 3, 2021
AACA Museum Inc.: Privacy Notice
The AACA Museum, Inc. respects the privacy of its visitors, contributors, members, business partners, volunteers, event attendees, employees, job applicants, and website and mobile application users (Users), and we are committed to protecting their respective personal data. To that end, we have put together this Privacy Notice (“Privacy Notice”) to provide a better understanding of who we are and our practices concerning the collection, use, disclosure, and retention of personal data obtained in connection with the use of our Websites and our marketing efforts.
For purposes of this Privacy Notice:
- The term “personal data” means any information related to an identified or identifiable living individual that directly or indirectly references one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity. Personal data excludes anonymous data.
Please take the time to read this Privacy Notice in its entirety to ensure you are fully informed.
If you have questions or concerns about our processing of your personal data, please contact us here.
How We Obtain Personal Data
As further described below, we collect several types of personal data from and about you that broadly falls into the following three (3) categories:
- Personal data you voluntarily provide to us:
- When filling out forms on our Website.
- When you purschase ticket(s).
- When you enter a contest or promotion, we sponsor.
- When you contact us.
- When you complete one of our surveys.
- When you register for or attend an event (in-person or virtual).
- When you become a member or donor.
In each case, the personal data collected may include (but is not limited to):
- First name
- Last name
- Mailing address
- Email address
- Telephone number
- Company or organization name
- Job title, role, or credentials
If we ask you to provide any other personal data not described above, then the personal data we will ask you to provide, and the reasons why we ask you to provide it will be made clear to you at the point we collect it. If we ask you to provide personal data that we consider mandatory for us to administer your relationship with us, we will inform you of such at the time of collection. In addition, we will also inform you of the consequences of not providing us with the mandatory personal data.
- Personal data from third parties.
From time to time, we may collect and use personal data we receive about you from third parties in connection with your use of our Website(s) or attendance at an event. For instance, we may receive personal data about you from our business partners related to your registration information for events. We also use third parties for reporting and analytics to measure the effectiveness of our Website and marketing efforts and to identify areas for improvement.
We may combine personal data we collect from third parties with personal data you provide us to update, expand, or provide you with tailored information regarding our products, services, opportunities, and events.
- Data we collect as you navigate through the Website.
As is true of most websites, we gather certain data automatically. This data may include Internet protocol (“IP”) addresses, browser type, Internet service provider (“ISP”), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
How We Use Your Personal Data
We may use personal data that we collect about you for the following purposes:
- To operate, maintain, and improve our Website(s).
- To communicate with you about events or register you for events you sign up for with us.
- To provide you with information, products, or services that you request from us.
- To notify you about changes to our Website(s) or obtain any required consent.
- To allow you to participate in interactive features of our Website(s) when you choose to do so.
- For industry analysis, benchmarking, analytics, marketing, and other business purposes.
- To track your browsing actions, such as the pages you visited over time, analytics, and advertising purposes.
- To contact you for marketing purposes, in accordance with your marketing preferences (e.g., we may use your personal data to contact you to discuss further your interests in our services and products or other events), including, but not limited to, promotional offers for our own or third parties’ products or services. If you do not wish to receive our email marketing communication for promotional purposes, you may opt-out by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you.
- To comply with applicable laws, judicial requests from courts of competent jurisdiction, or exercising or defending legal rights.
- To prevent and detect fraud or other types of wrongdoing.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us is among the assets transferred.
- To fulfill the purpose for which you provide it.
- For other lawful or legitimate purposes, which may be reasonably required for day-to-day operations.
We may also partner with third parties to either display advertising on our Website or manage our advertising on other sites. Our third parties may use technologies such as cookies to gather data about your activities on the Website(s) and other websites to provide you advertising based upon your browsing activities and interests. If you wish not to have this data used to serve you interest-based ads, you may opt-out from any third parties through the Digital Adverting Alliance’s self-regulatory opt-out by clicking here or the Network Advertising Initiative’s self-regulatory opt-out by clicking here (or if you are located in the Economic European Area (“EEA”), the United Kingdom (“UK”), or Switzerland through the European Interactive Digital Advertising Alliance’s self-regulatory opt-out by clicking here). Please note that you may continue to receive generic ads. If you do not want your data collected with Google Analytics, you can install the Google Analytics opt-out browser add-on. To opt out of Google Analytics, visit the Google Analytics opt-out page (located at https://tools.google.com/dlpage/gaoptout) and install the add-on for your browser. For more details, visit the “Google Analytics opt-out browser add-on” page (located at https://support.google.com/analytics/answer/181881?hl=en). For information about how you can manage cookies related to analytics and targeted advertising, please see our Cookie Notice.
If we need to process your personal data for an incompatible purpose not discussed in this Privacy Notice, we will provide notice to you and, if required by law, seek your consent. We may process your personal data without your knowledge or consent only where required by applicable law. Lastly, the AACA Museum, Inc. does not subject you to automated decision-making.
How We Share Your Personal Data
The AACA Museum, Inc. takes care to allow your personal data to be accessed only by those who need such access to perform their tasks and duties and to third parties who have a legitimate purpose for processing or accessing it. As such, we may share your personal data as described in this Privacy Notice to the following categories of recipients:
- To our partners, affiliates, or their or our successors or assigns.
- To our private investors, affiliates, contractors, service providers, and other third parties will process the personal data based on its legitimate interests in overseeing the administration, research, and business operations of the AACA Museum, Inc.
- To our contractors, business partners, service providers, and other third parties who require the data to assist us in supporting our operations (e.g., third-party hosting facilities) or third parties with products, services, or positions that may be of interest to you, provided such parties provide at least the same level of privacy protection as is required of the AACA Museum Inc. These companies are authorized to use your personal data only as necessary to provide these services to us.
- To a potential buyer (and its agents and advisors) in connection with any proposed merger, acquisition, or any form of sale or transfer of some or all of our assets (including in the event of a reorganization, dissolution, or liquidation), in which case, personal data held by us about you will be among the assets transferred to the buyer or acquirer.
Please note that we do not sell (as defined in applicable data protection and privacy laws) your personal data (and will not sell it without providing any required notices and/or opt-in/opt-out rights).
Legal Basis for Processing Personal Data
If you are a resident of the EEA, the UK, or Switzerland, our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the context in which we collect it. However, we will normally collect and/or process your personal data pursuant to one or more of the following legal bases:
- The processing is in our legitimate interests, which do not override your data protection interests or fundamental rights and freedoms.
- The processing is necessary to perform a contract with you.
- The processing is necessary to comply with our legal obligations.
- We may also seek your consent to process or retain your personal data in certain, limited circumstances that we clearly identify to you.
- In some limited cases, we may need the personal data to protect your vital interests or those of another person; for example, we may need to share your personal data with third parties for security reasons (when we believe in good faith that disclosure is necessary to protect our rights, protect your or other’s safety, to investigate fraud, or respond to a related government request).
If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and let you know whether the provision of your personal data is mandatory or not (as well as the possible consequences if you do not provide it). Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of a third party) that are not listed above, we will make clear to you at the relevant time what those legitimate interests are. If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us.
The AACA Museum Inc. or its appointed service providers may collect, use, process, store and disclose your personal data outside of your home jurisdiction, including in the U.S., and in some cases, other countries, for the purposes described in this Privacy Notice. These countries may have data protection and privacy laws that are different than the laws of your home country. The AACA Museum, Inc. only transfers personal data to another country in accordance with applicable data protection and privacy laws, provided there are legally adequate protections in place for personal data.
If your personal data is processed within the EEA, the UK, or Switzerland, and for onward transfers of personal data to the AACA Museum, Inc.’s appointed service providers, the AACA Museum, Inc. and its appointed services providers will protect your personal data (as defined in the European Union’s (“EU”) General Data Protection Regulation (“GDPR”) when it is transferred outside of the EEA, UK, or Switzerland by:
- Processing it in a territory which the European Commission (or other relevant governmental authority) has determined provides an adequate level of protection for personal data; or
- Otherwise, implementing appropriate safeguards to protect your personal data, including through the use of Standard Contractual Clauses or another lawful transfer mechanism approved by the European Commission (or other relevant governmental authority).
The AACA Museum, Inc. is responsible for the processing of personal data it receives under GDPR and subsequent transfers to a third party acting as an agent on its behalf. The AACA Museum complies with GDPR for all onward transfers of personal data from the EEA, the UK, and Switzerland, including the onward transfer liability provisions.
Concerning personal data received or transferred pursuant to GDPR, the AACA Museum, Inc. is subject to the regulatory enforcement powers of the EU in conjunction with the U.S. Federal Trade Commission. In certain circumstances, the AACA Museum, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with GDPR, the AACA Museum, Inc. commits to resolve complaints about our collection and use of your personal data. EEA, UK, and Swiss individuals with inquiries or complaints regarding our privacy practices should first contact the AACA Museum, Inc. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) https://feedback-form.truste.com/watchdog/request.
Security and Breach Notification
The AACA Museum, Inc. maintains appropriate technical and organizational measures, including, but not limited to, reasonably designed administrative, physical, and technical safeguards designed to protect the personal data obtained as discussed in this Privacy Notice from an accidental or unlawful destruction, loss, alteration, unauthorized disclosure, and access. The AACA Museum, Inc.’s personnel and service providers with access to personal data collected as discussed in this Privacy Notice are required to keep such personal data confidential and secure.
Unless a longer retention period is required by law, we will retain your personal data for as long as is needed to fulfill the purposes outlined in this Privacy Notice or for as long as we have a legitimate business interest that is not outweighed by your data protection interests or fundamental rights and freedoms. When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it. As such, we reserve the right to use such anonymous data for any legitimate business purpose without further notice to you or your consent.
Cookies and Similar Technologies
For information about the cookies and other tracking technologies used by our Website and how to manage your settings for these cookies and technologies, please see our Cookie Notice.
Your Privacy Rights
Certain jurisdictions may provide you with privacy rights under applicable data protection or privacy law regarding your personal data. In particular, you may have the right to:
- be informed about your personal data;
- access your personal data;
- correct any inaccurate personal data;
- have your personal data erased;
- restrict or suppress the processing of your personal data;
- obtain and reuse your personal data;
- object to the processing of your personal data;
- lodge a complaint with a supervisory authority.
These rights may be limited, for example, if fulfilling your request would reveal personal data about another individual, or if you ask us to delete personal data which we are required by law to keep or which we need to defend claims against us.
If you do not wish to receive our email marketing communication for promotional purposes, you may opt-out by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you.
If we process your personal data in reliance upon your consent, you can contact us at any time to withdraw your consent.
To exercise any of these rights, please contact us.
We will respond to such requests in accordance with the requirements of applicable data protection laws. Please note that to fulfill your request, we may need you to provide certain personal data to verify your identity. Depending upon applicable data protection and privacy law, individuals may also designate an authorized agent to exercise these rights on their behalf.
How We Treat Do Not Track Signals
Various browsers (i.e., Internet Explorer, Chrome, Firefox, Edge, etc.) may allow a “do not track” (DNT) setting, which sends a signal to websites visited by an individual about their browser DNT setting. At this time, there is no general agreement on how organizations like the AACA Museum Inc. should interpret DNT signals. Therefore, we do not currently commit to responding to DNT signals. We will continue to monitor developments around DNT browser technology and the implementation of a standard.
Third-Party Websites and Applications
Our Website(s) may link to websites that are not owned or controlled by the AACA Museum, Inc. As such, this Privacy Notice does not apply to personal data collected on any third-party site or by any third-party application that may link to or be accessible from the Website(s). This Privacy Notice does not apply to personal data collected by our business partners, and other third parties or third-party applications or services, even if this personal data is collected using our Website(s) or at events.
The Website(s) is(are) not directed to or intended to be used by anyone under the age of 13. We do not knowingly collect personal data from anyone under the age of 13. If you are under 13, please do not attempt to fill out our forms or send any personal data about yourself to us. If we learn that we have collected personal data from a child under age 13, we will delete that data promptly.
Changes to this Notice
The AACA Museum, Inc. reserves the right to update or change this Privacy Notice from time to time. If we make material changes to this Privacy Notice, we will post it to our Website(s) home page prior to or at the time of the change becoming effective. We ask that you review the Privacy Notice periodically to stay informed about any updates or changes that we may have made.
You can see when this Privacy Notice was last updated by checking the “Effective Date” displayed at the top of this Privacy Notice.
To ask questions or comment about this Privacy Notice and our privacy practices or if you need to update, change, or remove your personal data or exercise any other rights, please contact us.