Policy last updated October 22, 2019
This Policy describes:
- The types of information we collect from you or that you may provide when you visit our websites available at: https://www.afmuseum.com/ and https://store.airforcemuseum.com/ as well as any websites and blogs directly owned by the Foundation (collectively, our “Websites”).
- The types of information we collect from you or that you may provide when making a donation to or purchase from the Foundation.
- Our practices for collecting, using, maintaining, protecting, and disclosing that information.
What data do we collect?
- Personal Information. Personal Information is any information that can be used to individually identify you from a larger group, such as data including, but not limited to, your name, address, phone number, email, birth date, etc.
- Payment information like your credit card brand, the last 4 digits of your credit card number, your credit card’s expiration data, the CSC code for your credit card, and the date and amount of payments.
- Information relating to your computer like IP address, geographic location, browser type, etc.
How do we collect your data?
You directly provide The Air Force Museum Foundation, Inc. with most of the data we collect. We collect, process, and store data when you:
- Make a donation
- Register for an event
- Complete a survey
- Make an online purchase
- Subscribe to a newsletter
- Use or view our Websites via your browser’s cookies
The information that you provide in each case will vary. In some cases, we may ask you to create a username and password that should only be known to you. Additionally, all credit card transactions are handled by a contracted third-party PCI-DSS compliant data processor, which is responsible for processing and securing your credit card information.
Automated Information Collection
In addition to the information that you provide to us, we may also collect information about you during your visit to our Websites. We collect this information using automated tools that are detailed below. These tools may collect information about your behavior and your computer system, such as your internet address (IP Address), the pages you have viewed, and the actions you have taken while using the Websites. Some of the tools we use to automatically collect information about you may include:
- Cookies. A “cookie” is a small data file transmitted from a website to your device’s hard drive. Cookies are usually defined in one of two ways, and we may use both of them: (1) session cookies, which do not stay on your device after you close your browser, and (2) persistent cookies, which remain on your device until you delete them or they expire.Of course, if you do not wish to have cookies on your devices, you may turn them off at any time by modifying your internet browser’s settings. However, by disabling cookies on your device, you may be prohibited from full use of the Websites’ features or lose access to some functionality.
- Web Beacons. A Web Beacon is an electronic image. Web Beacons can track certain things from your computer and can report activity back to a web server allowing us to understand some of your behavior. If you choose to receive emails from us, we may use Web Beacons to track your reaction to our emails. We may also use them to track if you click on the links and at what time and date you do so. Some of our third-party marketing partners may use Web Beacons to track your interaction with online advertising banners on our Websites. This information is only collected in aggregate form and will not be linked to your Personal Information. Please note that any image file on a webpage can act as a Web Beacon.
- Embedded Web Links. Links provided in our emails and, in some cases, on third-party websites may include tracking technology embedded in the link. The tracking is accomplished through a redirection system. The redirection system allows us to understand how the link is being used by email recipients. Some of these links will enable us to identify that you have personally clicked on the link and this may be attached to the Personal Information that we hold about you. This data is used to improve our service to you and to help us understand the performance of our marketing campaigns.
- Third-party Websites and Services. We work with a number of service providers of marketing communications technology. These service providers may use various data collection methods to improve the performance of the marketing campaigns we are contracting them to provide. The information collected can be gathered on our Websites and also on the websites where our marketing communications are appearing. For example, we may collect data where our banner advertisements are displayed on third-party websites.
Do Not Track Disclosure
Other than as disclosed in this Policy, our Websites do not track users over time and across third-party websites to provide targeted advertising. Therefore, our Websites do not operate any differently when it receives Do Not Track (“DNT”) signals from your internet web browser.
Your Choices and Selecting Your Privacy Preferences
We want to provide you with relevant information that you have requested.
If we provide subscription-based services, such as email newsletters, we will allow you to make choices about what information you provide at the point of information collection or at any time after you have received a communication from us while you are subscribed. Transactional or service-oriented messages are usually excluded from such preferences, as such messages are required to respond to your requests or to provide goods and services, and are not intended for the purposes of marketing.
We will not intentionally send you email newsletters and marketing emails unless you consent to receive such marketing information. After you request to receive these emails, you may opt out of them at any time by selecting the “unsubscribe” link at the bottom of each email. Please note that by opting out or unsubscribing you may affect other services you have requested we provide to you, in which email communication is a requirement of the service provided.
Any such communications you receive from us will be administered in accordance with your preferences and this Policy.
Accuracy and Access to Your Personal Information
We strive to maintain and process your information accurately. We have processes in place to maintain all of our information in accordance with relevant data governance frameworks and legal requirements. We employ technologies designed to help us maintain information accuracy on input and processing.
Where we can provide you access to your Personal Information in our possession, we will always ask you for a username and password to help protect your privacy and security. We recommend that you keep your password safe, that you change it periodically, and that you do not disclose it to any other person or allow any other person to use it.
To view and change the Personal Information that you have provided to us, you can log in to your account and follow the instructions on that webpage, or contact us directly for assistance.
Information of Minors
We do not intentionally seek to gather information from individuals under the age of eighteen (18). We do not target our Websites to minors, and would not expect them to be engaging our Websites or services. We encourage parents and guardians to provide adequate protection measures to prevent minors from providing information unwillingly on the internet. If we are aware of any Personal Information that we have collected about minors, we will take steps to securely remove it from our systems.
How Will We Use Your Data?
The information the Foundation gathers that you provide is collected and stored to provide you information and services you request, in addition to various other purposes, including, but not limited to:
- Processing your order, donation, or event registration.
- Providing service and support for the services you request.
- Emailing you with information regarding additional ways to engage with the Foundation and the National Museum of the U.S. Air Force.
- Preventing malicious activity and providing you with a secure experience.
- Preventing unwanted messages or content.
- Measuring the performance of our marketing programs.
How Do We Share Your Data?
We do not sell, trade, or otherwise transfer your Personal Information to outside parties without notifying you in advance. This does not include our Websites’ hosting partners or other parties who assist us in operating our Websites, conducting our business, or servicing you, so long as those partners agree to keep this information confidential. We may also release your information when it is appropriate to comply with the laws and regulations, enforce policies, or protect our or others’ rights, property or safety.
There are circumstances where the Foundation may decide to buy, sell, or reorganize its business in selected countries. Under these circumstances, it may be necessary to share or receive Personal
Information with prospective or actual partners or affiliates. In such circumstances, the Foundation will ensure your information is used in accordance with this Policy.
In addition, there are occasional circumstances where we will share your Personal Information with the National Museum of the United States Air Force (“NMUSAF”). For example, when you sign up for our e-newsletter, your Personal Information will be shared by both NMUSAF and the Foundation. To learn more about your choices in receiving such newsletters, please visit the “Your Choices and Selecting Your Privacy Preferences” section above.
California Residents. We will not disclose or share your Personal Information with third parties for the purposes of third-party marketing to you without your prior consent.
How Do We Store Your Data?
We securely store your data both in a digital, cloud-based CRM system and at our physical location inside the National Museum of the U.S. Air Force, 1100 Spaatz St, Wright-Patterson Air Force Base, Ohio 45433.
We keep your data in both digital and physical formats for a minimum of five (5) years post engagement with the Foundation. After five (5) years of inactivity, we archive your information; we do not actively delete your data unless you request us to.
Safeguarding the Information We Collect
We use reasonable technical, administrative, and physical safeguards in order to protect your Personal Information against accidental loss and from unauthorized access, use, alteration, and disclosure. However, we can never promise 100% security. You have a responsibility, as well, to safeguard your information through the proper use and security of any online credentials used to access your Personal Information, such as a username and password. If you believe your credentials have been compromised, please change your password. Please also notify us of any unauthorized use.
For Website Visitors in the European Union (“EU”)
Under the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, or “GDPR”), individuals in the EU are afforded
specific rights with respect to their Personal Information, or “personal data” as defined under the GDPR. For the purposes of this Policy, Foundation operates as a data controller. Any personal data we collect from you is processed in the United States and under the terms of this Policy.
Any personal data we collect from you is processed in the legitimate interest of our business and providing our services to you as the lawful means of such processing. You may always withdraw your consent to our use of your personal data as described below. We will only retain your personal data for the time necessary to provide you the information and services to which you have consented, to comply with the law and in accordance with your rights below.
You can exercise any of the following rights by notifying us as described below:
- Access. You may email us at firstname.lastname@example.org to request a copy of the personal data our Websites’ databases currently contain.
- Correction or Rectification. You can correct what personal data our Websites’ database currently contains by accessing your account directly, or by emailing us at email@example.com to request that we correct or rectify any personal data that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause information to be incorrect. Where applicable, we will ensure such changes are shared with trusted third parties.
- Restrict Processing. When applicable, you may restrict the processing of your personal data by submitting a request via email to firstname.lastname@example.org. In your email, please explain how you wish us to restrict processing of your personal data. When such restrictions are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Policy, to include withdrawing your consent to the processing of your personal data. Where applicable, we will ensure such changes are shared with trusted third parties.
- Object to Processing. When applicable, you have the right to object to the processing of your personal data by submitting a request via email to email@example.com. When such objections are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Policy, to include withdrawing your consent to the processing of your personal data. Where applicable, we will ensure such changes are shared with trusted third parties.
- Portability. Upon request and when possible, we can provide you with copies of your personal data. You may submit a request via email to firstname.lastname@example.org. When such a request cannot be honored, we will advise you accordingly. You can then choose to exercise any other rights under this Policy, to include withdrawing your consent. Where applicable, we will ensure such changes are shared with any trusted third parties.
- Withdraw Consent. At any time, you may withdraw your consent to our processing of your personal data through our Websites by notifying us via email at email@example.com. Using the same email address associated with your Website account, simply type the words “WITHDRAW CONSENT” in the subject line of your email. Upon receipt of such a withdrawal of consent, we will confirm receipt and proceed to stop processing your personal data. Where applicable, we will ensure such changes are shared with trusted third parties.
- Erasure. If you should wish to cease use of our Websites and have your personal data deleted from our Websites, then you may submit a request by emailing us at firstname.lastname@example.org. Upon receipt of such a request for erasure, we will confirm receipt and will confirm once your personal data has been deleted. Where applicable, we will ensure such changes are shared with trusted third parties.
- Submit Complaints or Questions. If you wish to raise a complaint on how we have handled your personal data, you can contact us as described below. If you reside in a European Union member state, you may also lodge a complaint with the supervisory authority in your country.
How to contact us
Call us: (937) 258-1225
Attn: Privacy Management
Air Force Museum Foundation Inc.
P.O. Box 33624
Wright-Patterson Air Force Base OH 45433