The Royal Ontario Museum (the “ROM”, “we” or “us”) is committed to safeguarding the personal information entrusted to us by all of our visitors (including business-related), donors, sponsors, members and volunteers (collectively, Supporters). As such, we comply with the requirements of the Freedom of Information and Protection of Privacy Act (Ontario) and the Personal Information Protection and Electronic Documents Act (Canada) and we uphold the principles of the Donor Bill of Rights developed by the Association of Fundraising Professionals. The ROM employs reasonable administrative and technical measures to ensure the security of all of the personal information that we collect and our credit card processing system is Payment Card Industry compliant.
What We Collect
Personal information is collected when a Supporter supplies it to us voluntarily; for example, by purchasing tickets to an exhibition, registering for a program, making a donation, engaging with us on social media, entering a contest or subscribing to our e-newsletter.
The following are examples of the personal information that we collect in respect of our Supporters.
- contact information (including salutation, name, professional title, company name, home and business address, phone number and email address)
- the type of ROM membership purchased and the contact information for the primary and secondary cardholder for the membership
- the number and type of tickets purchased, including whether tickets were purchased for any of our special exhibitions
- payment information (such as credit card number, expiry date and 3-digit CVV)
- visiting history and program participation
- images of visitors to the ROM, which are taken by our security cameras
- detailed medical information about participants in our camps and children’s programs
- value of any donation, sponsorship, grant and volunteer dues
- volunteer status (active or inactive)
- age, gender, marital or family status
To better understand our visitors and to improve the visitor experience on our website, the ROM’s website collects data using services including Google Analytics); no personal information is collected through these tools that would allow the ROM to identify individuals. For more information about Google Analytics, please visit: www.google.com/policies/privacy/partners/. We also collect information about email open rates and click-through rates to determine whether the ROM’s electronic communications are effective.
When you visit our site, we may store some data on your computer in the form of a “cookie”. A “cookie” is a small piece of text that a website places in the cookie file of your browser that allows our site to recognize your personal computer the next time you visit. Cookies by themselves do not tell us your email address or otherwise identify you personally. Cookies cannot be used to run programs or deliver viruses to your computer. Your Web browser can be set to accept or reject cookies. Please note that disabling or deactivating cookies may result in a reduced availability of the functionality of our site or parts of our site may no longer function correctly.
The ROM may use third parties to collect data from our website anonymously for marketing purposes (for example, advertisements). Users of our website will not be personally identified through this data and the ROM does not see any data or contact information on an individual level. These third parties may include, but are not limited to, Facebook and/or Twitter. You may tailor your privacy settings to limit the collection of personal information.
How We Use Your Personal Information
We use personal information to:
- communicate with our Supporters about our exhibitions, programs, events, offers, fundraising projects and other special initiatives
- communicate with visitors about their experience at the ROM
- contact Supporters to determine their interest in becoming members of the ROM and processing memberships and membership renewals
- contact Supporters in connection with fundraising efforts for the ROM and processing donations, sponsorships or grants
- contact Supporters to determine their interest in purchasing tickets to a fundraising event and completing any ticket purchases and related registrations
- contacting Supporters in connection with opportunities to become a volunteer with the ROM and enrolling any interested individuals as volunteers
- maintain a robust database of current and past members of the ROM
- deliver requested information about our programs and events
- contact Supporters if there is a security incident at ROM that may relate to or impact the Supporter
A Supporter may opt out of receiving communications from us by contacting our Privacy Officer, whose contact information may be found under the heading “Contact Us”.
How We Share Your Personal Information
In some circumstances, the ROM uses third party vendors for services that would not be practical or cost-effective for us to perform ourselves. Some of the services that the ROM retains a third vendor to perform include but are not limited to:
- credit card processing
- database analysis
- tele-fundraising programs
- updating our database
We collect detailed medical information with respect to participants in our camps and children’s programs. We use this information solely to provide each camper with a high-quality experience, address any integration needs and manage any potential health issues. Except (i) as required by law, or (ii) in a medical emergency where disclosure is limited to medical personnel and law enforcement, we do not share this personal information with any third parties.
In order to provide a safe environment for visitors to the ROM, as well as for the artifacts and objects that we are entrusted to house, the ROM has installed security cameras throughout the museum. We use the footage from these cameras for security and loss prevention purposes and in connection with incident investigations. In addition, we may share this footage with law enforcement in connection with a criminal investigation.
The ROM does not sell or rent its list of Supporters to any organization.
Retention of Personal Information
The ROM retains personal information only for as long as necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws. When personal information is no longer (i) necessary or relevant for the identified purposes, (ii) required to be retained by applicable laws, or (iii) required to enable the ROM to maintain a robust database of current and past members of the ROM, the ROM will take steps to have such personal information deleted, destroyed, erased, aggregated or made anonymous. The ROM uses reasonable business practices to ensure that we have appropriate practices relating to information security and policies with respect to records retention and destruction with respect to all personal information under our control.
Accuracy and Access
The ROM takes reasonable steps to ensure that personal information that it maintains about Supporters is accurate, complete, and up to date. If a Supporter becomes aware that any personal information under our control about him or her is not correct, please contact our Privacy Officer, whose contact information may be found under the heading “Contact Us”.
Supporters are entitled to a copy of the personal information that the ROM has under our control about them; if you would like a copy of such information, please contact us. We will take reasonable steps to verify your identity before granting access or making corrections. In addition, your right to access or correct your personal information is subject to certain legal restrictions.
Children Under the Age of 13
Children should use the ROM’s website only with the approval of a parent or guardian. In particular, a child under the age of 13 should not provide the ROM with any personal information unless his or her parent or guardian has consented to such disclosure. The ROM does not knowingly collect any personal information from children under the age of 13. If a parent or guardian learns that his or her child under the age of 13 has provided the ROM with personal information without his or her consent, the parent or guardian should immediately contact our Privacy Officer, whose contact information may be found under the heading “Contact Us”, and we will remove this personal information from our database.
The Privacy Officer of the ROM works closely with the Freedom of Information & Protection of Privacy Coordinator of the Foundation in order to comply with the principles and policies of Imagine Canada, the Personal Information Protection and Electronic Documents Act (Canada), and the Freedom of Information and Protection of Privacy Act (Ontario).
If you have any questions about our privacy or security practices, if you would like to request access to or correction of your personal information, or if you would like to opt out of receiving communications from us in the future, please contact our privacy officer by mail, telephone or email:
The Royal Ontario Museum ROM
Attention: Alexis Easton, Privacy Officer
100 Queen’s Park
Toronto, ON M6S 2C6
Changes to this Policy
Effective as of January 5, 2024