Privacy Policy for museotamayo.com
Museo Tamayo (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring the confidentiality, security, and integrity of your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website, museotamayo.com, in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
By using museotamayo.com, you acknowledge and agree to the practices described in this Privacy Policy.
1. Commitment to Privacy and Data Protection
We value your trust and are dedicated to protecting your personal data. We handle all information you provide to us responsibly, transparently, and in accordance with legal requirements. We implement robust safeguards to ensure that your privacy is maintained at all times.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all users of museotamayo.com and describes how we collect and process personal data through our website. Museo Tamayo is the data controller for purposes of the GDPR and CCPA and is responsible for determining the purposes and means of processing your personal data.
For any questions or to exercise your rights, you may contact us at: [email protected].
3. Categories of Personal Data We Process
We collect and process various categories of personal information to provide and improve our services, including:
a. Usage Data:
Information automatically collected through your use of the site, including IP address, browser type and version, device identifiers, pages visited, session duration, time zone settings, page response times, and site navigation paths.
b. Account Data:
Information provided during account registration or event participation, such as your full name, postal address, email address, phone number, and other identifying information.
c. Profile Data:
Includes your preferences, purchase history, behavior on the site, interactions with content, and participation in museum programs.
d. Communication Data:
Correspondence sent to or received from you, including customer support inquiries, contact forms, feedback, and history of interactions.
e. Technical Data:
Device and connectivity information such as operating system, device type, system configurations, plug-in types, and browser settings.
f. Transaction Data:
Details relating to purchases or donations, including payment method, billing address, transaction records, and delivery instructions (where applicable).
g. Preference Data:
Marketing and communication preferences, consents given or withdrawn, areas of interest, and content engagement data.
4. Legal Bases for Processing Your Data
We process your personal data based on one or more of the following lawful bases:
– Consent: When you have given explicit permission for specific purposes (e.g., marketing communication).
– Contract: When data processing is necessary to fulfill a contract or undertake pre-contractual steps at your request.
– Legal Obligation: When we are required to comply with legal obligations.
– Legitimate Interests: When processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. These may include site security, fraud prevention, visitor analytics, and improving user experience.
5. Your Rights Under Data Protection Law
Subject to the applicable laws, you have the following rights regarding your personal data:
– Right of Access: You may request copies of your personal data and information about how we process it.
– Right to Rectification: You can request corrections to any inaccurate or incomplete information.
– Right to Erasure: You may request the deletion of your personal data under certain circumstances.
– Right to Restrict Processing: You may request limitations on how your data is processed.
– Right to Data Portability: You can request that your data be transferred in a structured, commonly used format.
– Right to Object: You may object to our processing on legitimate interest or direct marketing grounds.
To exercise any of these rights, please contact us at: [email protected].
6. Security Measures
We implement industry-standard administrative, technical, and organizational safeguards to protect your personal data. These measures include:
– SSL encryption for data in transit
– Access controls and user authentication
– Secure storage and regular data backups
– Employee awareness and data protection training
Despite our efforts, no system can be completely secure. Please use strong passwords and act cautiously when sharing data online.
7. International Data Transfers
Where necessary, we transfer personal data to countries outside the European Economic Area (EEA) or California. In doing so, we ensure appropriate safeguards are in place under GDPR, including standard contractual clauses or data protection adequacy decisions.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or where we are legally required to do so.
– Usage Data: 12 months for analytics purposes
– Account Data: Retained while account remains active
– Communication Data: 3 years after last contact
– Transaction Data: 7 years for financial compliance
– Marketing Data: Until consent is withdrawn or 24 months post-activity
After expiration, your information is deleted or anonymized.
9. Cookie Policy
We use cookies to enhance your browsing experience and provide relevant content. Cookies are small files stored on your device that help us recognize returning visitors and understand user behavior.
We use the following categories of cookies:
– Essential Cookies: Required for basic functionality and website navigation.
– Functional Cookies: Enable enhanced features and personalization.
– Analytics Cookies: Collect data for statistical analysis (e.g., page views, bounce rate).
– Performance Cookies: Monitor site performance to improve usability.
10. Cookie Management and Compliance with GDPR & CCPA
Upon your first visit to museotamayo.com, we provide a cookie banner seeking your consent. You can manage your cookie preferences at any time through your browser settings or by using the cookie settings link provided on our website.
Under GDPR and CCPA, you have the right to:
– Be informed about the data collected via cookies
– Opt-in or opt-out of non-essential cookies
– Request deletion of cookie data
We honor browser “Do Not Track” signals where technically feasible.
11. Special Protections for Children Under 13
The website is not directed to children under the age of 13. We do not knowingly collect personal data from children. If we become aware that such information has been collected without verifiable parental consent, we will take steps to delete the information promptly.
If you believe your child may have submitted personal data to us, please contact us immediately at: [email protected].
12. Policy Updates and Notifications
We may modify this Privacy Policy from time to time to reflect legal, regulatory, or operational changes. In the event of significant changes, we will notify users through museotamayo.com or via email where appropriate.
We encourage you to review this policy periodically to stay informed about how we protect your information.
13. Contact Us
For questions, concerns, or to exercise your data protection rights, please contact us at:
Email: [email protected]
Website: https://museotamayo.com
Compliance Statement
Museo Tamayo is committed to full compliance with applicable data protection regulations, including GDPR and CCPA. We welcome your inquiries or complaints regarding our privacy practices and will respond promptly.
Thank you for trusting museotamayo.com with your personal data.