Politique de confidentialité
Collecting Personal Information
ROM (“we” or “us”) is committed to safeguarding the personal information entrusted to us by our visitors, customers, donors, sponsors, members and volunteers (collectively, “Supporters”). As such, we comply with the requirements of the Freedom of Information and Protection of Privacy Act (Ontario) and the Personal Information Protection and Electronic Documents Act (Canada) and we uphold the principles of the Donor Bill of Rights developed by the Association of Fundraising Professionals. ROM employs reasonable administrative and technical measures to ensure the security of all the personal information we collect. Our credit card processing system is Payment Card Industry compliant.
What We Collect
Personal information is collected when a Supporter supplies it to us voluntarily; for example, by purchasing product online, purchasing tickets to an exhibition, registering for a program, making a donation, engaging with us on social media, entering a contest or subscribing to our e-newsletter.
The following are examples of the personal information that we collect in respect of our Supporters:
- contact information (including salutation, name, professional title, home and business address, phone number and email address)
- the type of ROM membership purchased and the contact information for the primary and secondary cardholder for the membership
- the product purchased as well as shipping and billing address
- the number and type of tickets purchased, including whether tickets were purchased for any of our special exhibitions
- payment information (such as credit card number, expiry date and 3-digit CVV)
- visiting history and program participation
- images of visitors to the ROM, which are taken by our security cameras
- value of any donation, sponsorship, grant and volunteer dues
- volunteer status (active or inactive)
- age, gender, marital or family status
To better understand our visitors and to improve the visitor experience on our website, ROM’s website collects data using services including Google Analytics); no personal information is collected through these tools that would allow ROM to identify individuals. For more information about Google Analytics, please visit: www.google.com/policies/privacy/partners/. We also collect information about email open rates and click-through rates to determine whether ROM’s electronic communications are effective.
When you visit our site, we may store some data on your computer in the form of a “cookie”. A “cookie” is a small piece of text that a website places in the cookie file of your browser that allows our site to recognize your personal computer the next time you visit. Cookies by themselves do not tell us your email address or otherwise identify you personally. Cookies cannot be used to run programs or deliver viruses to your computer. Your Web browser can be set to accept or reject cookies. Please note that disabling or deactivating cookies may result in a reduced availability of the functionality of our site or parts of our site may no longer function correctly.
ROM may use third parties to collect data from our website anonymously for marketing purposes (for example, advertisements). Users of our website will not be personally identified through this data and ROM does not see any data or contact information on an individual level. These third parties may include, but are not limited to, Facebook and/or Twitter. You may tailor your privacy settings to limit the collection of personal information.
How We Use Your Personal Information
We use personal information to:
- communicate with our Supporters about our exhibitions, programs, events, offers, fundraising projects and other special initiatives
- communicate with visitors about their experience at the ROM
- contact Supporters to determine their interest in becoming members of the ROM and processing memberships and membership renewals
- contact Supporters in connection with fundraising efforts for the ROM and processing donations, sponsorships, or grants
- contact Supporters to determine their interest in purchasing tickets to a fundraising event and completing any ticket purchases and related registrations
- contacting Supporters in connection with opportunities to become a volunteer with the ROM and enrolling any interested individuals as volunteers
- maintain a robust database of current and past members of the ROM
- deliver requested information about our programs and events
A Supporter may opt out of receiving communications from us by contacting our Privacy Officer, whose contact information may be found under the heading “Contact Us”.
How We Share Your Personal Information
In some circumstances, ROM uses third party vendors for services that would not be practical or cost-effective for us to perform ourselves. Some of the services that ROM retains a third vendor to perform include but are not limited to:
- credit card processing
- database analysis
- tele-fundraising programs
- updating our database
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa and MasterCard etc. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
We collect detailed medical information with respect to participants in our camps and children’s programs. We use this information solely to provide each camper with a high-quality experience, address any integration needs and manage any potential health issues. Except (i) as required by law, or (ii) in a medical emergency where disclosure is limited to medical personnel and law enforcement, we do not share this personal information with any third parties.
To provide a safe environment for visitors to the ROM, as well as for the artifacts and objects that we are entrusted to house, ROM has installed security cameras throughout the museum. We use footage from these cameras for security and loss prevention purposes and in connection with incident investigations. In addition, we may share this footage with law enforcement in connection with a criminal investigation.
ROM does not sell or rent its list of Supporters to any organization.
Retention of Personal Information
ROM retains personal information only for as long as necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws. When personal information is no longer (i) necessary or relevant for the identified purposes, (ii) required to be retained by applicable laws, or (iii) required to enable ROM to maintain a robust database of current and past members of the ROM, ROM will take steps to have such personal information deleted, destroyed, erased, aggregated, or made anonymous. ROM uses reasonable business practices to ensure that we have appropriate practices relating to information security and policies with respect to records retention and destruction with respect to all personal information under our control.
Accuracy and Access
ROM takes reasonable steps to ensure that personal information that it maintains about Supporters is accurate, complete, and up to date. If a Supporter becomes aware that any personal information under our control about him or her is not correct, please contact our Privacy Officer, whose contact information may be found under the heading “Contact Us”.
Supporters are entitled to a copy of the personal information that ROM has under our control about them; if you would like a copy of such information, please contact us. We will take reasonable steps to verify your identity before granting access or making corrections. In addition, your right to access or correct your personal information is subject to certain legal restrictions.
Children Under the Age of 13
Children should use ROM’s website only with the approval of a parent or guardian. A child under the age of 13 should not provide ROM with any personal information unless his or her parent or guardian has consented to such disclosure. ROM does not knowingly collect any personal information from children under the age of 13. If a parent or guardian learns that his or her child under the age of 13 has provided ROM with personal information without his or her consent, the parent or guardian should immediately contact our Privacy Officer, whose contact information may be found under the heading “Contact Us”, and we will remove this personal information from our database.
For Customers outside Canada:
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident, note that we process your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or to otherwise to pursue our legitimate business interests listed above. Please also note that your information will be transferred outside of Europe, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.
If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you wish to exercise these rights, please contact us through the contact information below.
If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address below.
The Privacy Officer of the ROM works closely with the Freedom of Information & Protection of Privacy Coordinator of the Foundation in order to comply with the principles and policies of Imagine Canada, the Personal Information Protection and Electronic Documents Act (Canada), and the Freedom of Information and Protection of Privacy Act (Ontario).
If you have any questions about our privacy or security practices, if you would like to request access to or correction of your personal information, or if you would like to opt out of receiving communications from us in the future, please contact our privacy officer by mail, telephone, or email:
The Royal Ontario Museum
Attention: Susan Fruchter, Privacy Officer
100 Queen’s Park
Toronto, ON M6S 2C6
Changes to this Policy
Effective as of June 2, 2021