Information Collection and use
As described in more detail below, the DMFAH may collect personal information relating to an identified or identifiable person (such as name, and postal or email address) through its websites, mobile applications and emails. Individuals may transmit personal information to the Museum as part of a form submission or in connection with other activities, services, or resources made available on the Museum’s websites, mobile applications or through emails. The Museum also works with third-party services to collect information from the Museum’s websites and mobile applications in order to learn more about visitor usage patterns and how to improve Museum communications and user experiences.
We collect personal information from you and other sources. The Museum collects this information in order to meet the legitimate business purposes of the Museum, including furthering the Museum’s not-for-profit mission and meeting the needs of our online and onsite visitors, mobile app users, and email recipients. We use your personal information for the following key purposes:
- for our business purposes: we may use your personal information to inform visitors and users about upcoming programs and events; to count and recognize visitors to the website; to enable certain features on the website, such as helping visitors plan their visit to the Museum and improve their onsite experience, responding to, personalizing and improving users’ online experiences, fulfilling online orders, extending the visitor experience with scientific and educational materials, before and after an onsite visit, marketing and fundraising, allowing individuals to apply for jobs, volunteer positions and academic programs, and to register for educational programs and for other purposes related to managing our business;
- for legal purposes: we may use and share personal information for legal purposes, including financial, regulatory, tax and other legal obligations and to respond to governmental or regulatory requests or subpoenas or for litigation purposes including the transfer of such personal information to third parties in countries outside of your country of residence where data protection laws may be of a lower standard compared to your own country’s data protection laws;
- to contact you: subject to applicable law, we or our third-party service and business providers may send you communications informing you about upcoming programs and events. Such communications are designed to make your experience of our services more efficient and may include, but are not limited to: notifications about our services and other communications (including important information that could affect your relationship with us), communications about promotions and our mobile application features. Where required under applicable data privacy laws, we will not send you marketing communications without your prior consent;
- for our legitimate business interests and those of a third party: we may use your personal information to manage our legal, regulatory, financial and business requirements, including obtaining legal advice, in the course of disputes and litigation, internal and/or regulatory investigations; and
- for other purposes: subject to applicable law, we may use your personal information for additional purposes in connection with the services, where you have provided your prior consent.
The Museum’s collection and use of personal information varies with the type of transaction, as detailed below.
The personal information we collect and store is managed in accordance with applicable data protection laws including the General Data Protection Regulation (“GDPR”) for European resident visitors to our website and other applicable data protection laws (the “Data Protection Laws”).
Online Ticketing, Museum Membership, Museum Shop Purchases, and Donations
If you make an online purchase of a Museum ticket, membership, or item from the Museum Shop, or donate to the Museum, you are asked to provide personal information to process and fulfill your online transaction. This information includes contact information (such as name, email and physical addresses) and credit card information. If the Museum has trouble processing an order or donation, we may use your contact information to reach you. Please see the section called Security, below, regarding credit card processing.
If you are subscribed to any of the Museum’s email newsletters, the Museum will use your email address to send the newsletter to you and may personalize it. The Museum works with third party partners to perform these services, as discussed further below. You may unsubscribe at any time by clicking the “unsubscribe” link at the bottom of every email, or through the Subscriptions tab in your Profile on amnh.org.
From time to time, the Museum may ask you to participate in surveys. Some surveys may request or collect personal information, which you may choose not to provide. Your participation in these surveys is completely voluntary. We use information obtained from survey responses to improve the experience of visitors to the Museum and the Museum's website. We consider the sharing of personal information in this respect to be within our legitimate interests, as required under applicable Data Protection Laws.
The DMFAH has implemented appropriate and reasonable physical, technical, and administrative processes and procedures in an effort to reduce the risk of loss, misuse, and unauthorized access, modification or destruction of the personal information under our control. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. We require that such parties only process your personal information on our instructions and that they agree to keep your information confidential.
When you transmit highly sensitive information (such as a credit card number) through our website or in one of our mobile applications, we encrypt the transmission of that information using the Secure Sockets Layer (SSL) protocol. Credit card information is encrypted in transmission and is not permanently stored on any Museum web server. The Museum has processes in place to maintain conformance with PCI DSS (Payment Card Industry Data Security Standard) and other relevant security standards.
While we have employed security technologies and procedures to assist safeguarding your personal information, no system or network can be guaranteed to be 100% secure.
Cookies and Pixel Tags
A pixel tag is a small graphical image, embedded on a webpage or in an email. When you access a page or email with a pixel tag, the tag generates a generic notice of that action. Pixel tags usually work in conjunction with cookies, registering when a particular device visits a particular page or opens an email.
Mobile Device Information
We may collect personal information from you if you access services through our mobile applications, for example, your unique device identifier, the mobile’s operating system, mobile carrier and location. Depending on which platform you use to access our services (e.g. iOS, Android, or Windows Phone), you may be able to control whether we collect location data by adjusting the privacy settings on your wireless device. Please be advised that some features will not be available if you choose to disable the collection of location data. Personal information obtained from your mobile device in connection with any text notification services you request may include your cell phone number, your carriers name, the date, time and content of your messages and other information you provide to us as part of these services.
The Museum also collects some anonymous, non-personal information on an aggregate basis about its website visitors and app users. This information is used for statistical purposes and to help the Museum monitor how visitors navigate our website. Examples of such information include IP address, browser type, and device type.
Additionally, the Museum may collect location data for WiFi-enabled devices visiting the Museum campus. This includes device ID but is not correlated to any other information on specific users. The data is used to understand the flow of visitors through the Museum to improve the visitor experience.
The DMFAH does not sell or rent your personal information. However, the Museum contracts with third-party vendors in order to provide certain services to its online visitors, including ticketing, membership and online shop purchases, donation processing, and distribution and customization of the Museum’s email newsletters, and may need to share your personal information with these vendors to accomplish these functions where we are lawfully permitted to do so. The Museum requires third-party vendors to protect the privacy of the Museum’s online visitors and to keep all information secure and confidential and prohibits them from using or sharing such information except as specifically described in their agreements with the Museum.
The Museum uses third-party web analytics services to help it analyze how users interact with the website and emails. The information generated by a cookie or pixel, such as a user’s IP address, may be transmitted to and stored by these analytics services on their servers to create aggregate reports on website activity and provide other services relating to internet usage. The web analytics services may also transfer this information to third parties where required to do so by law, or where such third parties process the information on behalf of the web analytics services. By using the Museum’s website and receiving its emails, you consent to the processing of personal information about you by these web analytics services in the manner and for the purposes set out above.
The Museum may contract with a third-party service provider to host and conduct surveys. Our contracts with such service providers prohibit them from using survey participants' personal information for any purpose other than administering and analyzing the survey.
The Museum may share personal information, such as name, email or physical address, or records of transactions you have conducted with the Museum, with third-party partners in order to deliver Museum advertisements and better understand the needs and behavior of its website visitors, app users, donors and members.
The Museum may additionally share the names and postal addresses of Museum members and donors with other organizations for marketing purposes. You can request that your information is not shared for these marketing purposes by emailing email@example.com
Links to Other Sites
Users may find content on the Museum's website that links to the websites and services of our partners, or other third parties. The Museum does not control the content or links that appear on these websites. These websites and services may have their own privacy policies and customer service policies, or no policy at all, and those may change from time to time; you are encouraged to review the privacy policies of any websites you visit.
Children Under 13 Years of Age
The Museum does not knowingly collect personal information from children under 13 years of age. If we learn we have collected or received personal information from a child under 13, we will delete that information. We may refuse to process, or continue to process, the child’s personal information until we receive this evidence of consent or authorization.
Additional Rights for VIRGINIA Residents
Customers who reside in Virginia that have provided their personal information to us will be notified if there is reason to believe that personal information was accessed and if identity theft or fraud to any resident of the Commonwealth is suspected. The Museum will report information disclosed by any breach of the security of the system following discovery or notification of the breach of the security of the system to the Office of the Attorney General and any affected resident of the Commonwealth without unreasonable delay.
Additional Rights for Residents of the European Union
If you reside or are located in the European Economic Area, Switzerland and the UK you may have additional rights under applicable European data privacy laws, including the GDPR (the “European Data Privacy Laws”). The Museum is the data controller. You have the right to ensure your personal information is accurate. You have the right to request that we delete your personal information. (In this case, we may still need to retain your personal information as permitted under the European Data Privacy Laws.) You also have the right to request that we restrict the processing of your personal information, which may compromise our ability to provide you with our services. You also have the right to transfer your personal information to another service provider subject to applicable European Data Privacy Laws. We will, following your written request to us, provide you with your relevant personal information in a machine-readable format to transfer to another service provider.
If you would like to exercise any of these rights, please contact us at firstname.lastname@example.org We will respond to your request consistent with applicable law. When you email us with a request, we may ask that you provide us with information necessary to confirm your identity. We will aim to respond to your request within one calendar month of receipt of the request. Where we were unable to do so within the calendar month, we will notify you of our need to extend this timeline. There are certain exemptions and restrictions of these rights under European Data Privacy Laws that enable personal information to be retained, processed or withheld from access and we will inform you of these if applicable.
To determine the appropriate retention period for your personal information, we consider the amount, nature, sensitivity of personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Information associated with your Museum account will be kept until it is no longer necessary to fulfill the Museum’s legitimate business purposes or until such information is deleted in accordance with this Policy.
The website is operated from the United States. If you are located outside of the United States and choose to use the website or provide information to the Museum, you acknowledge and understand that your personal information will be transferred, processed and stored in the United States, as necessary. We process your personal information in the United States where data protection laws may be of a lower standard compared to your own country’s data protection laws.
Please contact us with any questions about this policy at: email@example.com
Danville Museum of Fine Arts and History, 975 Main Street, Danville, VA 24541
This policy was last updated February 5, 2021.