INFORMATION COLLECTION AND USE
Rochester Museum & Science Center may collect Personally Identifiable Information (PII) such as name, phone numbers, and postal or email address through our services, website, mobile applications and emails. Individuals may transmit PII to RMSC as part of a form submission or in connection with other activities, services, or resources made available on our website, mobile applications or through emails. RMSC also works with third-party services to collect information from the Museum’s websites, social media accounts, and mobile applications in order to learn more about our patrons and how to improve RMSC communications and user experiences.
We collect PII from you and other sources in order to meet the legitimate business purposes of RMSC, including furthering the Museum’s not-for-profit mission and meeting the needs of our patrons, visitors, mobile app users, and email recipients. We use your PII for the following key purposes:
- for our business purposes: we may use your PII to inform visitors and users about upcoming programs and events; to count and recognize visitors to the website; to enable certain features on the website, such as helping visitors plan their visit to the RMSC and improve their onsite experience, responding to, personalizing and improving users’ experiences, fulfilling orders, extending the visitor experience with scientific and educational materials, before and after an onsite visit, marketing, fundraising, allowing individuals to apply for jobs, volunteer positions and academic programs, and to register for educational programs and for other purposes related to managing our business;
- for legal purposes: we may use and share PII for legal purposes, including financial, regulatory, tax and other legal obligations and to respond to governmental or regulatory requests or subpoenas or for litigation purposes including the transfer of such PII to third parties in countries outside of your country of residence where data protection laws may be of a lower standard compared to your own country’s data protection laws;
- for our legitimate business interests and those of a third party: we may use your PII to manage our legal, regulatory, financial and business requirements, including obtaining legal advice, in the course of disputes and litigation, internal and/or regulatory investigations; and
- for other purposes: subject to applicable law, we may use your PII for additional purposes in connection with our services, where you have provided your prior consent.
- to contact you: subject to applicable law, we or our third party service and business providers may send you communications informing you about upcoming programs and events. Such communications are designed to make your experience of our services more efficient and may include, but are not limited to: notifications about our services and other communications (including important information that could affect your relationship with us), communications about promotions and our mobile application features. Where required under applicable data privacy laws, we will not send you marketing communications without your prior consent;
RMSC’s collection and use of PII varies with the type of transaction, as detailed below.
The PII we collect and store is managed in accordance with applicable data protection laws including the General Data Protection Regulation (“GDPR”) for European resident visitors to our website and other applicable data protection laws (the “Data Protection Laws”).
TICKETING, MUSEUM MEMBERSHIP, MUSEUM SHOP PURCHASES, AND DONATIONS
If you make a purchase of an admission ticket, event ticket, membership, item from the Museum Shop, or donate to the Museum, through our website or in person, you are asked to provide PII to process and fulfill your transaction. This information includes contact information (such as name, email, phone number and physical addresses) and credit card information. If the Museum has trouble processing an order or donation, we may use your contact information to reach you. Please see the section called Security, below, regarding credit card processing.
If you are subscribed to any of RMSC’s email newsletters, we will use your email address to send the newsletter and communicate with you. RMSC works with third party partners to perform these services, as discussed further below. You may unsubscribe at any time by clicking the “unsubscribe” link at the bottom of every email.
Occasionally, RMSC may ask you to participate in surveys. Some surveys may request or collect PII, which your participation and information you provide is voluntary. We use information obtained from survey responses to improve the patron experiences and our website. We consider the sharing of PII in this respect to be within our legitimate interests, as required under applicable Data Protection Laws.
CONTESTS, SWEEPSTAKES, OTHER PROMOTIONS
RMSC may offer our patrons the opportunity to participate in activities, such as contests, sweepstakes, or other promotions. If you choose to enter, you may need to provide your name, phone number, physical address and email address so that we may contact you in connection with the activity.
RMSC has implemented appropriate and reasonable physical, technical, and administrative policies and procedures in an effort to reduce the risk of loss, misuse, and unauthorized access, modification or destruction of the PII under our control. In addition, we limit access to your PII to those employees, agents, contractors and other third parties who have a business need to know. We require that such parties only process your PII on our instructions and that they agree to keep your information confidential.
When you transmit highly sensitive information (such as a credit card number) through our website or services, all transactions are encrypted using Secure Sockets Layer (SSL) protocols, Payment Card Industry Data Security Standard (PCI DSS), and other relevant security standards. Credit card information is encrypted in transmission and is not permanently stored on any RMSC server or network.
While we have employed security technologies and procedures to assist safeguarding your PII, no system or network can be guaranteed to be 100% secure.
COOKIES & PIXEL TAGS
A cookie is a piece of information that a web server may place on your computer when you visit a website. A cookie acts as an anonymous tag that identifies your computer or device. Cookies can store information about which webpages you have viewed, or what you’ve put in your cart.
A pixel tag is a small graphic image, embedded on a webpage or in an email. When you access a page or email with a pixel tag, the tag generates a generic notice of that action. Pixel tags usually work in conjunction with cookies, registering when a particular device visits a particular page or opens an email.
MOBILE DEVICE INFORMATION
We may collect PII from you if you access services through our mobile applications; for example, your unique device identifier, the mobile’s operating system, mobile carrier and location. Depending on which platform you use to access our services (e.g. iOS, Android, or Windows Phone), you may be able to control whether we collect location data by adjusting the privacy settings on your wireless device. Please be advised that some features will not be available if you choose to disable the collection of location data. PII obtained from your mobile device in connection with any text notification services you request may include your cell phone number, your carrier’s name, the date, time and content of your messages and other information you provide to us as part of these services.
RMSC also collects some anonymous, non-personal information on an aggregate basis about its website visitors and app users. This information is used for to help the Museum monitor how visitors navigate our website and apps. Examples of such information include IP address, browser type, and device type.
An IP address is a unique identifier that certain electronic devices use to identify and communicate with each other on the Internet. When you visit our website, we may view the IP address of the device you use to connect to the Internet. We use this information to determine the general physical location of the device and understand from what regions of the world our website visitors come. We also may use this information to enhance our website.
Additionally, RMSC may collect location data for WiFi-enabled devices visiting the RMSC’s campuses. This includes device ID but is not correlated to any other information on specific users. The data is used to understand the flow of visitors through RMSC to improve the patron experience.
RMSC does not sell, trade or rent your PII. However, RMSC contracts with third-party vendors in order to provide certain services to its visitors, including ticketing, membership and shop purchases, donation processing, and distribution and customization of the RMSC’s email newsletters, and may need to share your PII with these vendors to accomplish these functions where we are lawfully permitted to do so. RMSC requires third-party vendors to protect the privacy of our patrons and to keep all information secure and confidential and prohibits them from using or sharing such information except as specifically described in their agreements with RMSC.
RMSC uses third-party web analytics services to help analyze how users interact with our services, website and emails. The information generated by a cookie or pixel, such as a user’s IP address, may be transmitted to and stored by these analytics services on their servers to create aggregate reports on website activity and provide other services relating to internet usage. The web analytics services may also transfer this information to third parties where required to do so by law, or where such third parties process the information on behalf of the web analytics services. By using the RMSC’s website and receiving its emails, you consent to the processing of PII about you by these web analytics services in the manner and for the purposes set out above.
RMSC may contract with a third-party service provider to host and conduct surveys. Our contracts with such service providers prohibit them from using survey participants’ PII for any purpose other than administering and analyzing the survey.
RMSC may share PII, such as name, email or physical address, or records of transactions you have conducted with the organization, with third-party partners in order to deliver Museum advertisements and better understand the needs and behavior of its patrons, website visitors, app users, donors and members.
RMSC may additionally share the names and postal addresses of our patrons, members and donors with other organizations for marketing purposes. RMSC will not send mailings to our patrons, members and donors, on behalf of other organizations.
LINKS TO OTHER SITES
Users may find content on the RMSC’s website that links to the websites and services of our partners, or other third parties. RMSC does not control the content or links that appear on these websites. These websites and services may have their own privacy policies and customer service policies, or no policy at all, and those may change from time to time; you are encouraged to review the privacy policies of any websites you visit.
CHILDREN UNDER 13 YEARS OF AGE
RMSC does not knowingly collect PII from children under 13 years of age. If we learn we have collected or received PII from a child under 13, we will delete that information. We may refuse to process, or continue to process, the child’s PII until we receive this evidence of consent or authorization from a legal guardian. We will not market or solicit children.
ADDITIONAL RIGHTS FOR CALIFORNIA RESIDENTS
Customers who reside in California and have provided their PII to us may request, once per calendar year, information about our sharing of certain categories of PII to third parties, for their direct marketing purposes.
JURISDICTION AND ADDITIONAL RIGHTS FOR RESIDENTS OF THE EUROPEAN UNION
RMSC and our services operate within the United States of America. If you are located outside of the United States and choose to use our services, website or provide your information, you acknowledge and understand that your PII will be transferred, processed and stored in the United States, as necessary. We process your PII in the United States where data protection laws may be of a lower standard compared to your own country’s data protection laws. By using this Site, you are consenting to the transfer of your PII to the United States.
If you reside or are located in the European Economic Area, Switzerland and the UK you may have additional rights under applicable European data privacy laws, including the GDPR (the “European Data Privacy Laws”). You have the right to ensure your PII is accurate. You have the right to request that we delete your PII. (In this case, we may still need to retain your PII as permitted under the European Data Privacy Laws.) You also have the right to request that we restrict the processing of your PII, which may compromise our ability to provide you with our services. You also have the right to transfer your PII to another service provider subject to applicable European Data Privacy Laws. We will, following your written request to us, provide you with your relevant PII in a machine-readable format to transfer to another service provider.
If you would like to exercise any of these rights, please contact us. We will respond to your request consistent with applicable law. When you email us with a request, we may ask that you provide us with information necessary to confirm your identity. We will aim to respond to your request within one calendar month of receipt of the request. Where we were unable to do so within the calendar month, we will notify you of our need to extend this timeline. There are certain exemptions and restrictions of these rights under European Data Privacy Laws that enable PII to be retained, processed or withheld from access and we will inform you of these if applicable.
To determine the appropriate retention period for your PII, we consider the amount, nature, sensitivity of PII, the potential risk of harm from unauthorized use or disclosure of your PII, the purposes for which we process your PII and whether we can achieve those purposes through other means, and the applicable legal requirements. Information associated with your RMSC account will be kept until it is no longer necessary to fulfil our legitimate business purposes or until such information is deleted in accordance with this Policy.
CHANGES TO THIS POLICY
RMSC may make changes to this policy at any time. Users of the RMSC’s services, websites, mobile applications, and email should periodically check this page to stay informed of current guidelines. The most recent version of the Policy is reflected by the version date at the bottom of this Policy. If changes are substantial, we may provide notice such as adding a statement on RMSC’s website.
If you have any questions about this Policy or would like to exercise your rights, please contact us at Rochester Museum & Science Center, 657 East Avenue, Rochester, NY 14607, use our Contact Us page on our website, or call 585.271.4320, unless stated otherwise in this Policy. Created on October 11, 2019.