Information Collection and Use
As described in more detail below, the Heard Natural Science Museum & Wildlife Sanctuary may collect personal information relating to an identified or identifiable person (such as name and postal or email address) through its website and emails. Individuals may transmit personal information to the Heard as part of a form submission or in connection with other activities, services, or resources made available on the Heard’s website or through emails. The Heard Museum also works with third-party services to collect information from the Heard’s websites and mobile applications in order to learn more about visitor usage patterns and how to improve Heard communications and user experiences.
We collect personal information from you and other sources. The Heard Museum collects this information in order to meet the legitimate business purposes of the Heard, including furthering the Heard’s not-for-profit mission and meeting the needs of our online and onsite visitors, and email recipients. We use your personal information for the following key purposes:
The Heard Museum’s collection and use of personal information varies with the type of transaction, as detailed below.
The personal information we collect and store is managed in accordance with applicable data protection laws including the General Data Protection Regulation (“GDPR”) for European resident visitors to our website and other applicable data protection laws (the “Data Protection Laws”).
Online Ticketing, Museum Membership, Museum Shop Purchases, and Donations
If you make an online purchase of Heard admission, membership, registration for a program or event, or donate to the Heard, you are asked to provide personal information to process and fulfill your online transaction. This information includes contact information (such as name, email and physical addresses) and credit card information. If the Heard has trouble processing an order or donation, we may use your contact information to reach you. Please see the section called Security, below, regarding credit card processing.
If you are subscribed to any of the Heard’s email newsletters, the Heard will use your email address to send the newsletter to you and may personalize it. The Heard Museum works with third party partners to perform these services, as discussed further below. You may unsubscribe at any time by clicking the “unsubscribe” link at the bottom of every email.
From time to time, the Heard may ask you to participate in surveys. Some surveys may request or collect personal information, which you may choose not to provide. Your participation in these surveys is completely voluntary. We use information obtained from survey responses to improve the experience of visitors to the Heard and the Heard’s website. We consider the sharing of personal information in this respect to be within our legitimate interests, as required under applicable Data Protection Laws.
The Heard Natural Science Museum & Wildlife Sanctuary has implemented appropriate and reasonable physical, technical, and administrative processes and procedures in an effort to reduce the risk of loss, misuse, and unauthorized access, modification or destruction of the personal information under our control. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. We require that such parties only process your personal information on our instructions and that they agree to keep your information confidential.
When you transmit highly sensitive information (such as a credit card number) through our website or in one of our mobile applications, we encrypt the transmission of that information using the Secure Sockets Layer (SSL) protocol. Credit card information is encrypted in transmission and is not permanently stored on any Heard web server. The Heard Museum has processes in place to maintain conformance with PCI DSS (Payment Card Industry Data Security Standard) and other relevant security standards.
While we have employed security technologies and procedures to assist safeguarding your personal information, no system or network can be guaranteed to be 100% secure.
Cookies and Pixel Tags
A pixel tag is a small graphical image, embedded on a webpage or in an email. When you access a page or email with a pixel tag, the tag generates a generic notice of that action. Pixel tags usually work in conjunction with cookies, registering when a particular device visits a particular page or opens an email.
Mobile Device Information
We may collect personal information from you if you access services through our mobile applications; for example, your unique device identifier, the mobile’s operating system, mobile carrier and location. Depending on which platform you use to access our services (e.g. iOS, Android, or Windows Phone), you may be able to control whether we collect location data by adjusting the privacy settings on your wireless device. Please be advised that some features will not be available if you choose to disable the collection of location data. Personal information obtained from your mobile device in connection with any text notification services you request may include your cell phone number, your carriers name, the date, time and content of your messages and other information you provide to us as part of these services.
The Heard Museum also collects some anonymous, non-personal information on an aggregate basis about its website visitors and app users. This information is used for statistical purposes and to help the Heard monitor how visitors navigate our website. Examples of such information include IP address, browser type, and device type.
Additionally, the Heard may collect location data for WiFi-enabled devices visiting the Heard campus. This includes device ID but is not correlated to any other information on specific users. The data is used to understand the flow of visitors through the Heard to improve the visitor experience.
The Heard Natural Science Museum & Wildlife Sanctuary does not sell or rent your personal information. However, the Heard contracts with third-party vendors in order to provide certain services to its online visitors, including ticketing, membership and online shop purchases, donation processing, and distribution and customization of the Heard’s email newsletters, and may need to share your personal information with these vendors to accomplish these functions where we are lawfully permitted to do so. The Heard Museum requires third-party vendors to protect the privacy of the Heard’s online visitors and to keep all information secure and confidential and prohibits them from using or sharing such information except as specifically described in their agreements with the Heard.
The Heard Museum uses third-party web analytics services to help it analyze how users interact with the website and emails. The information generated by a cookie or pixel, such as a user’s IP address, may be transmitted to and stored by these analytics services on their servers to create aggregate reports on website activity and provide other services relating to internet usage. The web analytics services may also transfer this information to third parties where required to do so by law, or where such third parties process the information on behalf of the web analytics services. By using the Heard’s website and receiving its emails, you consent to the processing of personal information about you by these web analytics services in the manner and for the purposes set out above.
The Heard Museum may contract with a third-party service provider to host and conduct surveys. Our contracts with such service providers prohibit them from using survey participants’ personal information for any purpose other than administering and analyzing the survey.
The Heard Museum may share personal information, such as name, email or physical address, or records of transactions you have conducted with the Heard, with third-party partners in order to deliver Heard advertisements and better understand the needs and behavior of its website visitors, app users, donors and members.
The Heard Museum may additionally share the names and postal addresses of Museum members and donors with other organizations for marketing purposes. You can request that your information is not shared for these marketing purposes by emailing firstname.lastname@example.org.
Links to Other Sites
Users may find content on the Heard’s website that links to the websites and services of our partners, or other third parties. The Heard Museum does not control the content or links that appear on these websites. These websites and services may have their own privacy policies and customer service policies, or no policy at all, and those may change from time to time; you are encouraged to review the privacy policies of any websites you visit.
Children Under 13 Years of Age
The Heard Museum does not knowingly collect personal information from children under 13 years of age other than that which is used in the course of our educational programs. If we learn we have collected or received personal information from a child under 13, we will delete that information. We may refuse to process, or continue to process, the child’s personal information until we receive this evidence of consent or authorization.
Additional Rights for California Residents
Customers who reside in California and have provided their personal information to us may request, once per calendar year, information about our sharing of certain categories of personal information to third parties, for their direct marketing purposes. Such requests should be submitted to us at info@heardmuseum or Heard Natural Science Museum & Wildlife Sanctuary, Attn: Website, 1 Nature Place, McKinney, TX 75069
Additional Rights for Residents of the European Union
If you reside or are located in the European Economic Area, Switzerland and the UK you may have additional rights under applicable European data privacy laws, including the GDPR (the “European Data Privacy Laws”). The Heard Museum is the data controller. You have the right to ensure your personal information is accurate. You have the right to request that we delete your personal information. (In this case, we may still need to retain your personal information as permitted under the European Data Privacy Laws.) You also have the right to request that we restrict the processing of your personal information, which may compromise our ability to provide you with our services. You also have the right to transfer your personal information to another service provider subject to applicable European Data Privacy Laws. We will, following your written request to us, provide you with your relevant personal information in a machine-readable format to transfer to another service provider.
If you would like to exercise any of these rights, please contact us at email@example.com. We will respond to your request consistent with applicable law. When you email us with a request, we may ask that you provide us with information necessary to confirm your identity. We will aim to respond to your request within one calendar month of receipt of the request. Where we were unable to do so within the calendar month, we will notify you of our need to extend this timeline. There are certain exemptions and restrictions of these rights under European Data Privacy Laws that enable personal information to be retained, processed or withheld from access and we will inform you of these if applicable.
To determine the appropriate retention period for your personal information, we consider the amount, nature, sensitivity of personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Information associated with your Heard account will be kept until it is no longer necessary to fulfil the Heard’s legitimate business purposes or until such information is deleted in accordance with this Policy.
The website is operated from the United States. If you are located outside of the United States and choose to use the website or provide information to the Heard, you acknowledge and understand that your personal information will be transferred, processed and stored in the United States, as necessary. We process your personal information in the United States where data protection laws may be of a lower standard compared to your own country’s data protection laws.
Please contact us with any questions about this policy at:
Heard Natural Science Museum & Wildlife Sanctuary
1 Nature Place, McKinney, TX 75069
This policy was last updated January 28, 2021.