Privacy Policy
1. Introduction
The San Jose Museum of Quilts & Textiles, accessible at sjquiltmuseum.com, is committed to protecting the privacy, confidentiality, and security of the personal data it collects and processes. We value the trust you place in us when you interact with our website, services, and communications. As part of our commitment to privacy-first principles, we conduct data processing activities transparently and in strict compliance with applicable data privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of This Policy and Role as Data Controller
This Privacy Policy applies to all users who access the website sjquiltmuseum.com and to any personal data collected through the website or associated services. The San Jose Museum of Quilts & Textiles, as the data controller, is responsible for determining the purposes and means of processing your personal data. Should you have any questions regarding this policy or your data, you may contact us at [email protected].
3. Categories of Personal Data Processed
We collect and process the following categories of personal data, either directly from you or automatically via your interaction with our website:
a. Usage Data:
Includes browser type, IP address, device identifiers, geographic location, referring URLs, pages visited, session duration, and other diagnostic data related to your usage of sjquiltmuseum.com.
b. Account Data:
Information submitted during account creation, membership, or registration, such as name, mailing address, email address, contact number, and password credentials.
c. Profile Data:
Includes demographic details, communication preferences, interests, transaction history, and behavioral indicators based on your interaction with our site and emails.
d. Communication Data:
Any data provided when you contact us through online forms, email correspondence, event sign-ups, or customer support requests. This may include records of communications and responses.
e. Technical Data:
Device type, operating system, screen resolution, language settings, and browser configurations necessary for optimizing your experience and ensuring site compatibility.
f. Transaction Data:
Payment details (limited to what is necessary), order history, billing addresses, and shipping information collected through online purchases or donations.
g. Preference Data:
Marketing communication consents, product and content preferences, and survey responses.
4. Legal Bases for Processing
We process your personal data under the following legal bases:
– Performance of a Contract: Where processing is necessary to fulfill a contract with you or undertake pre-contractual measures at your request.
– Consent: Where you have actively provided consent, such as for marketing communications or optional cookies.
– Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving website performance or maintaining security, and those interests are not overridden by your data protection rights.
– Legal Obligation: Where processing is required to comply with legal or regulatory duties.
5. Your Rights
Subject to applicable laws, you have the following rights with respect to your personal data:
– Right of Access: You may request a copy of the personal data we hold about you.
– Right to Rectification: You may request corrections to inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your data under certain circumstances (“right to be forgotten”).
– Right to Restrict Processing: You can request a temporary or permanent stop to processing all or some of your personal data.
– Right to Data Portability: You can request a copy of your data in a structured, machine-readable format and transmit it to another controller.
– Right to Object: You have the right to object to the use of your data for direct marketing or where processing is based on legitimate interest.
– Right to Withdraw Consent: Where consent is the basis of processing, you have the right to withdraw it at any time without affecting lawfulness before withdrawal.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We use reasonable and appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These include:
– SSL encryption for data transmission via sjquiltmuseum.com
– Access controls and authentication mechanisms within our systems
– Regular system updates and security patching
– Encrypted backups and secure data storage
– Staff training on data protection policies and privacy regulations
7. International Data Transfers
We may transfer your data to third-party service providers located outside your jurisdiction, including outside the European Economic Area (EEA). Any such transfers are conducted in compliance with applicable data protection laws by relying on:
– Standard Contractual Clauses approved by the European Commission
– Adequacy decisions confirming adequate protection standards
– Implemented safeguards and binding corporate rules
8. Data Retention
Your personal data is retained only for as long as necessary for the purpose for which it was collected or to meet legal and regulatory requirements. Retention periods vary:
– Website Usage and Technical Data: 12 months from collection
– Account and Profile Data: For the life of the account and up to 3 years following closure
– Transaction Data: 7 years in accordance with financial recordkeeping obligations
– Communication and Preference Data: 2 years from last contact unless otherwise required
9. Cookie Policy
sjquiltmuseum.com uses cookies to improve user experience and website performance. Cookies may be placed on your browser by us or authorized third parties.
We categorize cookies as follows:
– Essential Cookies: Necessary for site functionality and secure access
– Functional Cookies: Enhance personalization and site usability
– Performance Cookies: Help understand site usage to improve performance
– Analytics Cookies: Provide aggregated insights through services such as Google Analytics
Some cookies collect identifiers linked to your IP address, which may constitute personal data under GDPR.
10. Cookie Management and Compliance
We use a cookie consent management platform to ensure that you can make informed choices about your cookie preferences in compliance with GDPR and CCPA. Upon your first visit to sjquiltmuseum.com, a cookie banner provides options to Accept, Reject, or Customize cookie usage. You may also manage settings at any time using the “Cookie Settings” link in the site footer.
You have the right to:
– Opt-out of analytics and performance tracking cookies
– Withdraw consent at any time
– Use browser settings to block specific cookies
As a California resident, you may also exercise your rights under the CCPA by submitting a request not to sell personal information, where applicable.
11. Children’s Privacy
sjquiltmuseum.com is not directed toward children under the age of 13. We do not knowingly collect or solicit personal data from individuals under 13. If we discover that we have unintentionally collected such data, we will take prompt steps to delete it. If you believe we have collected data from a minor, please contact us at [email protected].
12. Policy Updates and User Notifications
This Privacy Policy may be updated periodically to reflect changes in our practices, technology, or legal requirements. All updates will be reflected on this page, and, where appropriate, you will be notified through email or on-site banners. Continued use of sjquiltmuseum.com constitutes acceptance of the current policy terms.
13. Contact
If you have any questions, concerns, or wish to exercise your data rights pursuant to this Privacy Policy, please contact:
San Jose Museum of Quilts & Textiles
Email: [email protected]
Website: https://sjquiltmuseum.com
Compliance Statement
We are committed to maintaining full compliance with applicable privacy laws, including GDPR and CCPA. We take seriously our responsibility to uphold your privacy, security, and trust. Please contact us anytime with inquiries or concerns relating to your personal data and how we manage it.