Royal Ontario Museum (“ROM”, “we” or “us”) is committed to safeguarding the personal information entrusted to us by all of our visitors (including business-related), donors, sponsors, members and volunteers (collectively, Supporters). As such, we comply with the requirements of the Freedom of Information and Protection of Privacy Act (Ontario) and the Personal Information Protection and Electronic Documents Act (Canada) and we uphold the principles of the Donor Bill of Rights developed by the Association of Fundraising Professionals. ROM employs reasonable administrative and technical measures to ensure the security of all of the personal information that we collect and our credit card processing system is Payment Card Industry compliant.
What Our Privacy Policy Covers
We value the trust of our Supporters and recognize that maintaining this trust requires that we be transparent and accountable in how we treat the information that is provided to us by our Supporters. This privacy policy describes how ROM collects, uses and shares the personal information of its Supporters. When we use the term “personal information” we are referring to information that is about an identifiable individual; however, “personal information” does not include business contact information or certain publicly-available information. This policy applies to ROM and to any other person providing services on our behalf. A copy of this policy will be provided upon request.
What We Collect
Personal information is collected when a Supporter supplies it to us voluntarily; for example, by purchasing tickets to an exhibition, registering for a program, making a donation, engaging with us on social media, entering a contest or subscribing to our e-newsletter.
The following are examples of the personal information that we collect in respect of our Supporters.
- contact information (including salutation, name, professional title, company name, home and business address, phone number and email address)
- the type of ROM membership purchased and the contact information for the primary and secondary cardholder for the membership
- the number and type of tickets purchased, including whether tickets were purchased for any of our special exhibitions
- payment information (such as credit card number, expiry date and 3-digit CVV)
- visiting history and program participation
- images of visitors at ROM, which are taken by our security cameras
- detailed medical information about participants in our camps and children’s programs
- value of any donation, sponsorship, grant and volunteer dues
- volunteer status (active or inactive)
- age, gender, marital or family status
To better understand our visitors and to improve the visitor experience on our website, ROM’s website collects data using services including Google Analytics); no personal information is collected through these tools that would allow ROM to identify individuals. For more information about Google Analytics, please visit: www.google.com/policies/privacy/partners/. We also collect information about email open rates and click-through rates to determine whether ROM’s electronic communications are effective.
When you visit our site, we may store some data on your computer in the form of a “cookie”. A “cookie” is a small piece of text that a website places in the cookie file of your browser that allows our site to recognize your personal computer the next time you visit. Cookies by themselves do not tell us your email address or otherwise identify you personally. Cookies cannot be used to run programs or deliver viruses to your computer. Your Web browser can be set to accept or reject cookies. Please note that disabling or deactivating cookies may result in a reduced availability of the functionality of our site or parts of our site may no longer function correctly. Cookie Policy.
ROM may use third parties to collect data from our website anonymously for marketing purposes (for example, advertisements). Users of our website will not be personally identified through this data and ROM does not see any data or contact information on an individual level. These third parties may include, but are not limited to, Facebook and/or Twitter. You may tailor your privacy settings to limit the collection of personal information.
How We Use Your Personal Information
We use personal information to:
- communicate with our Supporters about our exhibitions, programs, events, offers, fundraising projects and other special initiatives
- communicate with visitors about their experience at ROM
- contact Supporters to determine their interest in becoming members of ROM and processing memberships and membership renewals
- contact Supporters in connection with fundraising efforts for ROM and processing donations, sponsorships or grants
- contact Supporters to determine their interest in purchasing tickets to a fundraising event and completing any ticket purchases and related registrations
- contacting Supporters in connection with opportunities to become a volunteer with ROM and enrolling any interested individuals as volunteers
- maintain a robust database of current and past members of ROM
- deliver requested information about our programs and events
- contact Supporters if there is a security incident at ROM that may relate to or impact the Supporter
A Supporter may opt out of receiving communications from us by contacting our Privacy Officer, whose contact information may be found under the heading “Contact Us”.
How We Share Your Personal Information
As partners with a shared mission, ROM shares certain personal information about its Supporters (salutation, name, address, professional title, address, phone number, email address) with the Royal Ontario Museum Foundation (the “Foundation”) so that the Foundation may contact Supporters about whether they are interested in becoming members of or donors to ROM or the Foundation. ROM and the Foundation have entered into a data sharing and data protection agreement which commits the Foundation to keep Supporters’ personal information confidential and to comply with ROM’s privacy policy and all applicable privacy laws.
In some circumstances, ROM uses third party vendors for services that would not be practical or cost-effective for us to perform ourselves. Some of the services that ROM retains a third vendor to perform include but are not limited to:
- credit card processing
- database analysis
- tele-fundraising programs
- updating our database
In all cases, the third party vendor is contractually bound to comply with ROM’s privacy policy and all applicable privacy laws and to maintain the confidentiality of all personal information that ROM provides to it. The contracts with third party vendors also require them to take reasonable precautions to protect the personal information under its control and to destroy such personal information upon completion of their services to ROM. Personal information sent between ROM and third party vendors is transferred using secured password-protected file transfer protocols.
Where a member has granted his or her consent to do so, we may share his or her contact information with other not for profit entities within Canada. In those circumstances, ROM shares a member’s contact information with a third party mailing house. The third party vendor communicates with the ROM member on behalf of the other not for profit entity. The other not for profit entity only receives the contact information if the ROM member responds to the communication and engages directly with it. In all cases, the third party mailing house is contractually bound to comply with ROM’s privacy policy and all applicable privacy laws and to maintain the confidentiality of all personal information that ROM provides to it.
We collect detailed medical information with respect to participants in our camps and children’s programs. We use this information solely to provide each camper with a high-quality experience, address any integration needs and manage any potential health issues. Except (i) as required by law, or (ii) in a medical emergency where disclosure is limited to medical personnel and law enforcement, we do not share this personal information with any third parties.
In order to provide a safe environment for visitors at ROM, as well as for the artifacts and objects that we are entrusted to house, ROM has installed security cameras throughout the museum. We use the footage from these cameras for security and loss prevention purposes and in connection with incident investigations. In addition, we may share this footage with law enforcement in connection with a criminal investigation.
ROM does not sell or rent its list of Supporters to any organization.
Consent
When a Supporter provides personal information to ROM, he or she is consenting to the ROM’s collection, use and disclosure of his or her personal information in accordance with this privacy policy. A Supporter is able to refuse or withdraw his or her consent to the collection, use or disclosure of his or her personal information at any time by contacting our Privacy Officer, whose contact information may be found under the heading “Contact Us”. We will act on such requests promptly.
Retention of Personal Information
ROM retains personal information only for as long as necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws. When personal information is no longer (i) necessary or relevant for the identified purposes, (ii) required to be retained by applicable laws, or (iii) required to enable ROM to maintain a robust database of current and past members of ROM, ROM will take steps to have such personal information deleted, destroyed, erased, aggregated or made anonymous. ROM uses reasonable business practices to ensure that we have appropriate practices relating to information security and policies with respect to records retention and destruction with respect to all personal information under our control.
Accuracy and Access
ROM takes reasonable steps to ensure that personal information that it maintains about Supporters is accurate, complete, and up to date. If a Supporter becomes aware that any personal information under our control about him or her is not correct, please contact our Privacy Officer, whose contact information may be found under the heading “Contact Us”.
Supporters are entitled to a copy of the personal information that ROM has under our control about them; if you would like a copy of such information, please contact us. We will take reasonable steps to verify your identity before granting access or making corrections. In addition, your right to access or correct your personal information is subject to certain legal restrictions.
Children Under the Age of 13
Children should use the ROM’s website only with the approval of a parent or guardian. In particular, a child under the age of 13 should not provide ROM with any personal information unless his or her parent or guardian has consented to such disclosure. ROM does not knowingly collect any personal information from children under the age of 13. If a parent or guardian learns that his or her child under the age of 13 has provided ROM with personal information without his or her consent, the parent or guardian should immediately contact our Privacy Officer, whose contact information may be found under the heading “Contact Us”, and we will remove this personal information from our database.
Contact Us
The Privacy Officer of ROM works closely with the Freedom of Information & Protection of Privacy Coordinator of the Foundation in order to comply with the principles and policies of Imagine Canada, the Personal Information Protection and Electronic Documents Act (Canada), and the Freedom of Information and Protection of Privacy Act (Ontario).
If you have any questions about our privacy or security practices, if you would like to request access to or correction of your personal information, or if you would like to opt out of receiving communications from us in the future, please contact our privacy officer by mail, telephone or email:
Royal Ontario Museum (ROM)
Attention: Alexis Easton, Privacy Officer
100 Queen’s Park
Toronto, ON M5S 2C6
647.262.9784
privacy@rom.on.ca
Changes to this Policy
We may revise our privacy policy from time to time. You should review our privacy policy periodically so that you keep up-to-date on our most current practices. We will note the effective date at the end of each version of our privacy policy.
Effective as of January 5, 2024