International Spy Museum Online Privacy Notice
Effective Date: October 19, 2022
We at the Museum respect your concerns about privacy. This Online Privacy Notice, which applies to spymuseum.org (the “Site”), describes the types of personal information we collect through the Site, how we use the information, with whom we share it and the choices available to users of the Site regarding our use of the information. We also describe the measures we take to protect the security of the information and how you can contact us about our privacy practices.
Information We Obtain
The types of personal information we may obtain through the Site include:
- personal contact information (such as name, email address, gender and birthday) that you provide in regard to inquiries and possible sales or service of products and services;
- other personal information found in content that you provide, including in communications submitted through our feedback form; and
- contact information for third parties that you provide when purchasing tickets or registering for educational programs
In addition, when you visit our Site, we may collect certain information by automated means, such as cookies and/or other similar technologies. The information we collect in this manner includes IP addresses, unique device identifiers, browser characteristics, device characteristics, operating system, language preferences, referring URLs, information on actions taken, web performance analytics, shopping cart information, and dates and times of activity. A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. Your browser may tell you how to be notified when you receive certain types of cookies or how to restrict or disable certain types of cookies. Please note, however, that without cookies, you may not be able to use all of the features of the Site, and you will not be able to “check out” your purchases from our online store.
We may use third-party web analytics services on our Site, such as Google Analytics. These services help us analyze how visitors use the Site. The information collected for this purpose (including your IP address and other information collected by automated means) will be disclosed to or collected directly by these service providers.
- Google Analytics: tracks IP address information for the purpose of performance monitoring and conversion tracking.
- HotJar: tracks IP address information for the purpose of performance monitoring and conversion tracking.
- BigCommerce: tracks clicks within the shopping site for the purpose of managing the shopping experience.
- Pardot: tracks e-mail address and name for marketing analysis, including conversion tracking. Visit the preferences center to manage your e-mail subscriptions.
The providers of third-party plug-ins on the Site, such as Google Maps, may use automated means to collect information regarding your use of the Site and your interactions with the plug-ins. This information is subject to the privacy policies or notices of the plug-in providers and is not subject to this Online Privacy Notice. We are not responsible for these providers’ information practices. Current plug-ins used on this Site are:
- Google Maps: tracks IP address information for the purpose of enabling location services, including locating nearby parking and lodging.
- Cyberwire: tracks gender, device, and location information to track podcast usage.
- YouTube: tracks IP address information and Google Account information (if the user is signed into their Google Account) for the purpose of serving multimedia content.
- Facebook: tracks IP address and any other account information that the user has provided to Facebook for the purpose of enabling interactive social media features and communicating upcoming events.
- Twitter: tracks IP address and any other account information that the user has provided to Twitter for the purpose of enabling interactive social media features and communicating upcoming events.
- Yelp: tracks IP address and any other account information that the user has provided to Yelp for the purpose of enabling “call out quotes” on the Yelp website.
- Lyft: tracks IP address information for the purpose of performance monitoring and conversion tracking.
We may also use third-party vendors who supply applications, payment processing, web hosting and other technologies for this Site that may have access to your personal information and anonymized information. These vendors include industry-leading payment service providers such as Apple, Paypal, and Elavon. These vendors are prohibited from using use such information for any other purpose except to provide services in connection with this Site. We have security measures in place to protect the loss, misuse, and alteration of the information under our control. Essentially, we encrypt all transmission of sensitive data and secure all of our repositories of data. The data transferred to our third-party payment processors when you use your credit card to make a purchase transaction with us will be transferred using SSL encryption technology to safeguard your personal information and privacy. At the vendor level, we comply with the United States payment card industry federal standards. However, you should understand that, even with the use of leading industry standards, "perfect security" cannot be guaranteed.
How We Use the Information We Obtain
We may use the information described above to:
- respond to your requests for general museum information;
- fulfill sales and return requests;
- gather your feedback;
- process your donations;
- serve you multimedia content related to museum exhibits and programs, including videos and audio podcasts;
- enroll you in contests upon your request;
- allow you to access educational online content and register for educational programs, including workshops, tours, and field trips;
- operate, evaluate and improve our business (including developing new products and services; enhancing and improving our products and services; managing our communications; analyzing our products, services and communications; and performing accounting, auditing and other internal functions);
- personalize ad content to align with your interests;
- protect against, identify and prevent fraud and other criminal activity, claims and other liabilities;
- comply with and enforce applicable legal requirements, relevant industry standards and our policies; and
- for our legitimate business purposes, including marketing our goods and services to you or responding to your request for services or support.
- show you custom International Spy Museum ads via Facebook and Google services such as customer match programs which use anonymized data matching.
In addition, we may use information collected through the automated means previously discussed (cookies and/or similar technologies) for the purposes set forth above, including:
- where specifically necessary – cookies and other technologies are essential in order to enable the Site to provide the features you have requested, such as remembering that you have logged in.
- for functionality – cookies and similar technologies remember choices you make such as search parameters, shopping card contents, and login information, to tailor a better online experience for the user.
- for performance and analytics – cookies and similar technologies collect information on how users interact with the site and enable site optimization.
- for advertising purposes using retargeting cookies (also known as advertising cookies) – these cookies collect information about your browsing habits in order to make advertising relevant to you and your interests. They remember the websites you have visited and that information is shared with other parties such as advertising technology service providers and advertisers. We only use retargeting cookies for users located in the US. This may include EU citizens who access the Site while visiting the US.
- for social media engagement – social media cookies are used when you share information using a social media sharing button or “like” button on our websites or you link your account or engage with our content on or through a social media site. The social network and related service providers will record that you have done this. This information may be used for targeting/advertising activities.
We may use the information we obtain in other ways for which we provide specific notice at the time of collection.
If you reside in the European Union, you may be entitled to certain opt-out rights when we use your information for a purpose other than that for which it was originally collected. Please see “Residents of the European Union: Your Rights and Choices” below for more information.
Neither we nor any third parties on our Site obtain personal information about our visitors’ online activities, over time and across third-party websites. Our Site is not designed to respond to “do not track” signals from browsers.
Information We Share
We do not sell or otherwise disclose the personal information we collect about you on this Site, except as described in this Online Privacy Notice. We may share personal information with service providers who perform services on our behalf based on our instructions. These service providers are not authorized by us to use or disclose the information, except as necessary to perform services on our behalf or comply with legal requirements.
We also may disclose information about you: (i) if we are required to do so by law or legal process; (ii) to law enforcement authorities or other government entities; and (iii) when we believe disclosure is necessary or appropriate to prevent harm or financial loss, to enforce our rights and policies, or in connection with an investigation of suspected or actual fraudulent, malicious, or illegal activity. We also reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, spin-off, divestiture, dissolution or liquidation). Following such a transaction, you may contact the entity to which we transferred your personal data with any inquiries concerning the use of that information.
User Name and Password Information
If you lose or forget your login information, you may contact us and ask us to change your password to a temporary password. You authorize us to, upon request, send your login information to your email address of record. This means that if you give someone else access to your email, they might have access to your account.
We will retain information collected through the Site, including personal data that we process on behalf of a customer, for as long as your account is active or as needed to provide services to you. We may also retain this information as necessary to comply with legal obligations, resolve disputes, or enforce our agreements.
Transfer of Personal Information to Other Countries
For the avoidance of doubt, the owner and operator of the Site is the International Spy Museum, with headquarters located in the United States. Our servers may be located in North America or parts of the world other than the country in which you are located when using the Site or you reside. We do not knowingly transfer information to countries other than the United States except to serve requested Site content to users located outside of the United States.
How We Protect Personal Information
We maintain appropriate administrative, technical and physical safeguards designed to protect the personal information you provide through the Site against accidental, unlawful or unauthorized access, disclosure or use.
While we cannot ensure or guarantee that unlawful or unauthorized access, disclosure or use of your information will never occur, we use all reasonable efforts to prevent it in light of the nature of information supplied.
You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via the Site while it is in transit over the internet and any such submission is at your own risk.
If you use a shared computer or a computer in a public place, it is advisable to close your browser when you have finished your user session to help ensure that others do not access your personal information.
Links To Other Websites
Our Site may provide links to other websites and apps for your convenience and information, including links to the Spy Museum Store (spymuseumstore.org). These websites and apps may operate independently from us. Linked sites and apps may have their own privacy notices or policies, which we strongly suggest you review. To the extent that any linked websites or apps are not owned or controlled by us, we are not responsible for their content, any use of the websites or apps, or the privacy practices of the websites or apps.
Updates To Our Online Privacy Notice
This Online Privacy Notice may be updated periodically and without prior notice to you to reflect changes in our personal information practices. We will post the updated version at this Site and indicate at the top of the notice when it was most recently updated.
How To Contact Us
If you have any questions or comments about this Online Privacy Notice, or if you would like us to update information we have about you or your preferences, please email us at email@example.com. You also may write to:
International Spy Museum
700 L'Enfant Plaza, SW
Washington, DC 20024
Residents of the European Union: Your Rights and Choices
If you are a resident of the European Union or provide Personal Information through this website while located in the European Union, we offer you certain choices in connection with the personal information we collect from you on this Site. To update your preferences and consents, ask us to remove your information from our mailing lists or submit a request, please contact us as indicated in the “How To Contact Us” section of this Online Privacy Notice.
Users in the European Union may have the right under certain circumstances:
- to be provided with a copy of your personal data held by us;
- to request the rectification or erasure of your personal data held by us;
- to request that we cease processing your data;
- to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example); or
- to request that your data be transferred to a third party.
You may authorize us to use your data for marketing purposes, including disclosure of your information to any third party for such purposes, by checking certain boxes on the forms we use to collect your data. You can also object to receiving further marketing at any time without detriment. To exercise the rights listed above, including the right to opt out from our marketing program, contact us at any time by sending an e-mail with “Opt Out” in the subject line to firstname.lastname@example.org. We will inform you prior to collecting or using your Personal Information for any purpose not set forth in this Online Privacy Notice.
If you feel that we have not satisfactorily resolved your request or concern, you may approach your local data protection authority. To locate your data protection authority, see http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
To the extent provided by the law of your jurisdiction, you may request access to the personal information we maintain about you or request that we correct, amend, delete or block the information by contacting us as indicated below. Where provided by law, you may withdraw any consent you previously provided to us or object at any time on legitimate grounds to the processing of your personal information, and we will apply your preferences going forward.
You may refuse to consent to our use of your personal data at any time by sending an e-mail with “Opt Out” in the subject line to email@example.com. If you have previously given us your consent, you may also send us an “Opt Out” e-mail to withdraw that consent at any time. If you refuse or withdraw your consent, you will still have the ability to use our Site without detriment. However, please be aware that we may still use your personal data for limited purposes without your consent. For example, we may use your information to fulfill our contractual obligations to you, pursue a legitimate business purpose, or to comply with our legal obligations.