The California Museum is committed to its constituents, and to the protection of their privacy and data. In addition to remaining compliant with relevant requirements, we strive to engage in data protection and privacy best practices.
Our electronic data and communications have adhered to the CAN-SPAM Act since 2010. In addition, we have put in place appropriate changes to ensure compliance with the General Data Protection Regulation (GDPR), the new EU-wide privacy and data protection law effective May 25, 2018. This law protects European Union data subjects’ right to privacy and the protection of personal data.
If you are a resident of the EEA or Switzerland, you are entitled to the following rights:
- The right to be forgotten — Individuals have the right to ask the California Museum to erase all personal data without undue delay in certain circumstances.
- The right to data portability — If an individual has provided personal data to a service provider, they can require the provider to ‘port’ the data to another provider, provided this is technically feasible.
- The right to object to profiling — Individuals can exercise this right to not be subject to a decision based solely on automated processing.
- The right to restrict or object to our processing — Individuals have the right to restrict the processing of their personal data where they have a specific reason for requesting the restriction.
Your Personal Information
The California Museum and its websites offer several opportunities for members of the public to interact and conduct business with us. In providing these opportunities, some data on our customers and constituents is collected and maintained in databases on our internal servers and by third-party service providers.
We define “personal data” as information that personally identifies an individual or allows us to contact you, such as a name, phone number, mailing address and email address. We do not collect Personal Data on visitors to our websites unless they choose to provide it voluntarily.
All data submitted to us is only made available to employees for sole purpose of contacting customers and constituents who have agreed to communicate or do business with us.
Customers and constituents may opt out of receiving mailings and their consent to use their data at any time by contacting us at firstname.lastname@example.org or at the mailing address listed in Inquiries and Complaints section.
We Operate in the United States
Our place of business and servers are located in the United States, and all information is stored and processed in the United States. While the United States’ data protection, privacy and other laws may not be as comprehensive as those in other countries, we are committed to adhering to the CAN-Spam Act of 2009 and the United States / European Union Privacy Shield Arrangement. You can find more information on the CAN-SPAM Act at https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business, and the Privacy Shield program at https://www.privacyshield.gov/.
By using our website, you understand and consent to the collection, storage, processing and transfer of your information to our facilities in the United States and those third parties with whom we share it as described in this policy in the Third-Party Service Providers section below.
Sharing and Usage
The California Museum will not sell, share, rent or disclose your personal information unless ordered by a court of law or required by data management conducted through third-party service providers.
IP Information Tracked
We use your IP address to administer and maintain our websites, help diagnose problems with our servers and to identify anonymous information on visitors’ computer systems and mobile devices for the purposes of providing site visitors with an optimized user experience.
An IP address is a unique identifier used by devices to identify and communicate with each other on the Internet. IP addresses are not linked to personally-identifiable information. We also track browser types and versions to help us understand our visitors’ needs related to our websites’ design and functionality.
The California Museum takes the security of our systems very seriously and all appropriate measures to ensure our systems and data remain safe. While no website can guarantee security, we maintain appropriate technical and procedural safeguards to protect your personal information. We also take care to reinforce the importance of our web site visitors’ security and privacy to our employees.
Purpose of Collection and Use of Personal Data
The California Museum collects personal data such as name, email address, postal address and telephone number of email list subscribers, members, volunteers, donors, facility rental clients and donation requests. We do not collect sensitive personal information of our consumers or constituents, such as information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or other sensitive information as defined by the Privacy Shield framework.
Volunteer applicants are required to submit a background check application to obtain security clearance for engaging with minors. Data collected for volunteer security clearance is managed by a third-party service provider and accessible to our staff for the purpose of completing and responding to applications.
We use personal data of our consumers and constituents (i) to respond to their requests, (ii) to evaluate the quality of our products and services, (iii) to communicate with them about our products, services and related issues, (iv) to notify them of and administer offers and promotions, (v) for internal administrative and analytics purposes, and (vi) to comply with our legal obligations, policies and procedures.
The California Museum shares Personal Data with its third-party service providers. With respect to Personal Data we share, we provide customers and constituents located in the EU with the opportunity to opt-out of such sharing. You can opt-out at any time by sending an email to email@example.com.
We do not use Personal Data for purposes incompatible with the purposes for which the information was originally collected without notifying the relevant consumers, customers, suppliers and others of such uses and offering an opportunity to opt-out.
In addition, we may disclose Personal Data: (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials based on an enforceable governmental request or as may be required under applicable law, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
Onward Transfer of Personal Data
We may share Personal Data with third-party service providers we have retained to perform services on our behalf. Our service providers to whom we disclose Personal Data are based in the United States and may not be subject to laws based on the European Union Data Protection Directive, nor may they subscribe to the Privacy Shield principles or agree to provide the same level of protection for Personal Data as is required by the relevant Privacy Shield principles. More information on our third-party providers and links to their individual policies are provided for your reference below.
Third-Party Service Providers
The California Museum uses the following third-party service providers to collect and manage electronic communications and data.
- Email data is managed by Constant Contact. For more information, visit https://www.constantcontact.com/legal/privacy-statement.
- Event tickets and registration data is managed using Eventbrite. For more information, visit https://www.eventbrite.com/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_US.
- Field trip and group tour data is managed by Xola. For more information, visit https://www.xola.com/privacy-policy.
- Membership and donation data is managed by Donor Perfect. For more information, visit https://www.donorperfect.com/company/privacy-policy/.
- Online membership payments and donor transaction data is managed by PayPal. For more information, visit https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
- Volunteer assignment communications and data is managed by Volunteer Hub. For more information, visit https://www.volunteerhub.com/privacy-policy/.
- Volunteer security clearance application data is managed by SignUp.com For more information, visit https://signup.com/Privacy.
- Websites and webform application data for memberships, volunteering, facility rentals, donation requests and contacting us is managed on servers maintained by Digital Deployment. For more information, visit http://www.digitaldeployment.com/hostingspecs.
Access to Personal Data
The California Museum will provide customers and constituents with reasonable access to their Personal Data maintained about them. We will also provide a reasonable opportunity to correct, amend or delete that information where it is inaccurate.
We may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Privacy Shield principles. To request access to your Personal Data, please see the Inquiries and Complaints section below.
The California Museum takes all reasonable measures to ensure that personal data collected is relevant for the purposes for which it is to be used, and that the information is reliable for its intended use and is accurate, complete and current. We depend on our customers and constituents to update or correct their Personal Data as necessary.
Your Rights to Access, to Limit Use and to Limit Disclosure
EU citizens have rights to access Personal Data about them, and to limit use and disclosure of their Personal Data. Through our commitment to adhering Privacy Shield policies, we are committed to respect the rights of EU citizens.
The California Museum may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Inquiries and Complaints
1020 O Street
Sacramento CA 95814
The California Museum will respond within 45 days. If our response does not address your concern with a third-party service provider, we will contact the service provider’s independent resolution body as disclosed in their policies to arbitrate the complaint. Dispute resolution will be provided at no cost to you.
If neither the California Museum nor the service provider’s outside arbitrator resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel.
As a non-profit organization, the California Museum is not subject to the investigatory and enforcement powers of the United States Federal Trade Commission. For details on our third-party service providers’ policies, their arbitration bodies and their individual eligibility on investigatory and enforcement powers by the United States Federal Trade Commission, please visit links to service providers in the Third-Party Service Providers section above.
Notification of Changes
This policy is effective as of May 25, 2018.