Privacy Policy for San Jose Museum of Quilts & Textiles

1. Introduction

San Jose Museum of Quilts & Textiles (“we”, “us”, or “our”) is committed to protecting your privacy and ensuring the security of your personal data. We respect your rights and are dedicated to processing personal information transparently, fairly, and lawfully in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. This Privacy Policy describes how we handle your information when you interact with our website, sjquiltmuseum.com.

2. Scope and Data Controller

This Privacy Policy applies to personal information collected through sjquiltmuseum.com and governs how that information is collected, used, stored, shared, and protected. For the purposes of data protection laws, the San Jose Museum of Quilts & Textiles is the data controller responsible for your personal data.

If you have any concerns or questions regarding this policy or your personal data, please contact us at [email protected].

3. Categories of Personal Data We Process

We may collect and process the following categories of personal data, either directly from you or automatically through your use of our services:

a) Usage Data
Includes your IP address, browser type and version, time zone setting, pages visited, clickstream data, referral URLs, and session duration.

b) Account Data
Includes your full name, email address, postal address, phone number, and any other details provided when registering an account or completing a form on sjquiltmuseum.com.

c) Profile Data
Includes preferences, interests, purchase history, activity on our website, and engagement with content or events.

d) Communication Data
Includes information that you provide when you contact our support team or otherwise communicate with us, such as correspondence history or inquiries submitted via forms or email.

e) Technical Data
Includes device information, operating system, IP address, browser settings, and other configuration details relevant to system diagnostics and website navigation.

f) Transaction Data
Includes order and payment information (excluding full payment card numbers, which are processed securely by third-party providers), shipping addresses, and billing history.

g) Preference Data
Includes marketing and communication preferences, expressed consents, language settings, and product or event interests.

4. Legal Bases for Processing

We only process personal data when allowed under applicable law, including under the following lawful bases:

– Consent: When you have given clear permission for us to process your personal data for specific purposes, such as subscribing to newsletters or accepting cookies.
– Contract: When processing is necessary for the performance of a contract with you, such as purchasing museum tickets or merchandise.
– Legal Obligation: When processing is required to comply with legal or regulatory obligations.
– Legitimate Interests: When processing is necessary for our legitimate interests—such as improving services, securing our website, or customizing content—provided these are not overridden by your data protection rights.

5. Your Data Protection Rights

Under GDPR, CCPA, and applicable privacy laws, you have the following rights:

– Right of Access: Request a copy of personal data we hold about you.
– Right to Rectification: Request corrections to any inaccurate or incomplete data.
– Right to Erasure (“Right to Be Forgotten”): Request deletion of your data under certain conditions.
– Right to Restrict Processing: Request suspension of processing your personal data.
– Right to Data Portability: Receive the data in a structured, commonly-used machine-readable format and transfer it to another controller.
– Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
– Right to Withdraw Consent: Revoke your consent at any time when processing is based on consent.
– Right to Non-Discrimination (CCPA): You will not be discriminated against for exercising any of your privacy rights.

To exercise any of these rights, please contact us at [email protected].

6. Security Measures

We implement robust security measures to safeguard your personal data, including:

– Encryption of data at rest and in transit
– Role-based access controls and authentication procedures
– Regular system updates and vulnerability assessments
– Personal data access restricted to trained and authorized staff
– Secure backups and business continuity protocols

7. International Transfers

If your data is transferred outside of your jurisdiction, including to countries not recognized by the European Commission as providing an adequate level of data protection, we ensure appropriate safeguards are in place. These may include Standard Contractual Clauses approved by relevant authorities or mechanisms recognized by the CCPA, GDPR, or other regulatory frameworks.

8. Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in this policy, including:

– Usage & Technical Data: up to 12 months for analytics purposes
– Account & Profile Data: retained during the duration of your account or engagement plus 24 months
– Communication Data: retained for up to 36 months to maintain ticketing and support history
– Transaction Data: retained for up to 7 years for legal and accounting obligations
– Preference Data: retained until you withdraw your consent or update your preferences

After these periods, data is securely deleted or anonymized.

9. Cookie Policy

sjquiltmuseum.com uses cookies and similar technologies to enhance your browsing experience. We use:

– Essential Cookies: Required for the operation of the website, such as logging into secure areas.
– Functional Cookies: Allow us to remember choices you have made (e.g. language or region).
– Analytics Cookies: Help us understand how visitors interact with our website to improve functionality (e.g., Google Analytics).
– Performance Cookies: Measure website performance, page load times, and system errors.

10. Cookie Management and Compliance

In compliance with GDPR and CCPA, you are given the option to accept or refuse non-essential cookies. You can manage your preferences:

– Via the cookie consent banner displayed when you visit our site
– Through your browser settings, where most browsers allow you to control or block cookies

You may also request to opt-out of data sale or tracking for cross-context behavioral advertising pursuant to CCPA.

11. Protection of Children’s Data

sjquiltmuseum.com is not intended for children under the age of 13. We do not knowingly collect or solicit personal data from children. If we become aware that we have inadvertently collected data from a minor, we will take prompt steps to delete such information. Parents or legal guardians who believe their child’s data has been collected may contact us at [email protected].

12. Policy Updates

We reserve the right to amend or update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. Where appropriate, we will provide notice through sjquiltmuseum.com or via email if you have an account with us.

13. Contact

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us via:

Email: [email protected]

By continuing to use sjquiltmuseum.com, you acknowledge and accept the terms outlined in this Privacy Policy.

We are fully committed to the responsible processing of your personal data in compliance with all applicable privacy standards. If you have concerns about your privacy rights or the handling of your data, please do not hesitate to contact us.