PRIVACY & SECURITY POLICY

Artive Website Privacy and Security Policy

3

 

ARTIVE INC

Privacy and Security Policy

Artive Inc (“AI”, “We” or “Us”) is committed to respecting the privacy and security rights of visitors to its website, and users of Artive’s services. This Privacy and Security Policy explains how we collect, store, use, and secure personal data about you when you visit the web domain address artive.org (the “Website”) or otherwise provide your personal data to us. This Privacy and Security policy provides you with details about the types of personal data that we collect from you, how we use and secure your personal data, and the rights you have to control our use of your personal data. This Privacy and Security policy applies regardless of how the Website is accessed and will cover any technologies or devices by which we make the Website available to you.

You must read this Privacy and Security policy carefully, and we recommend that you print and keep a copy for your future reference. By accessing, browsing, using or registering with the Website, you confirm that you have read, understood and agree to the terms of this Privacy and Security policy. If you do not agree to the terms of this Privacy and Security policy in their entirely, please do not use this Website.  If you have questions regarding this policy, please feel free to contact us via email at [email protected] or by phone at 212-653-8838.

INFORMATION ABOUT US

The web domain artive.org is a site operated by Artive Inc, which is a non-profit organization headquartered in the United States of America.

THE PERSONAL DATA WE COLLECT ABOUT YOU

We collect the following personal data when you first register with us: 

  • your name, age and sex;
  • your billing and delivery postal addresses, phone (including mobile phone) and e-mail details;
  • your user name and password;
  • when you purchase a service, your payment card details;
  • your communication preferences; and
  • your date of birth.

We may also collect your personal data when this is provided to us by a third party, for example a legal representative using our registration and search services on your behalf.

HOW WE MAY STORE AND USE YOUR INFORMATION

AI (and third party data processors acting on our behalf) may collect, store and process your personal data:

  • to make this Website available to you;
  • to maintain any registered account that you hold with us;
  • with your agreement, to contact you (including by SMS, push and e-mail) about services which we think may interest you;
  • for customer satisfaction and market research purposes;
  • to provide our services to you and for associate purposes, including verifying your identity;
  • for research, analysis, testing, monitoring, risk management and administrative purposes; and
  • for any related purposes, or where we have a legal right or duty to use or disclose your information (including for crime and fraud prevention and related purposes).

We also process your payment card details in order to complete any purchase that you make through this Website and, in certain instances, disclose your personal data to third party credit reference agencies to perform credit checks against you. When you purchase a service from us, we may offer to retain your payment card details for your convenience to save you having to re-enter these details on a future occasion.

In addition, we may collect anonymized details about visitors to our Website for the purposes of aggregate statistics or reporting purposes. However, no single individual will be identifiable from the anonymized details that we collect for these purposes.

We will not disclose, sell or rent your personal data to any third party, save for any disclosures of your personal data detailed in this privacy policy.

In the event that a third party acquires all or part of our business and/or assets, we may disclose your personal data to that third party in connection with the acquisition. Furthermore, we reserve the right to disclose your personal data to third parties as part of any business or asset sale carried out because AI has gone into insolvency or any similar situation, but only where lawful and compliant with the Data Protection Act 1998, as amended from time to time. We may also disclose your personal data where necessary to comply with applicable law or an order of a governmental or law enforcement body.

E-MAIL NEWSLETTER PREFERENCES

At such time that we publish e-mail newsletters then we will upon registration provide you with the ability to control whether or not to receive such e-mail newsletters.

PERSONALIZED BANNER ADVERTISING

If you browse this Website you may receive personalized banner advertisements whilst browsing other reputable websites. Any banner advertisements you receive will relate to services which have been viewed whilst browsing this Website on your computer or other device. This service is provided by AI [via a reputable third party specialist provider], through the use of “cookies” placed on your computer or other device. Cookies can be removed or disabled altogether. Please see further information on the use of cookies below.

TARGETED UPDATES AND MARKETING

If you have agreed that we can contact you for marketing purposes, we may send you emails and other communications relating to services which we think will be of interest and relevant to you. 

USE OF PUBLIC INFORMATION FOR FUNDRAISING ACTIVITIES

At Artive, we want to not only meet, but deepen our connection with, individuals and organizations who share our passion for cultural heritage protection. We are committed to nurturing collaborative relationships with donors, influencers, prospective donors and others in furthering our mission to protect and preserve the world’s cultural heritage.  

To enable us to find and connect with people who share our passion, and have the interest and ability to support our mission in new and exciting ways, we may also use the information you provide to us in combination with publicly available information.

INTERNATIONAL TRANSFERS

We may transfer personal data that we collect from you to third party data processors located in countries that are outside of the United States of America and to other AI group companies in connection with the above purposes. Please be aware that countries which are outside the United States of America may not offer the same level of data protection as the US, although our collection, storage and use of your personal data will continue to be governed by this Privacy and Security policy.

COOKIES

This Website uses cookies to collect information. Cookies are small data files which are placed on your computer or other mobile or handheld device (such as smart phones or tablets) as you browse this Website.

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our Website and purchase services.
  • Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These cookies are used to recognise you when you return to our Website. This enables us to personalise our content for you and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests.

You are able to block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Website.

SECURITY

We take the security of your data very seriously at Artive.  We use Internet standard encryption technology (“SSL” or Secure Socket Layer technology) to encode personal data that you send to us through the Website. To check that you are in a secure area of the Website before sending personal data to us, please look at the bottom right of your website browser and check that it displays an image of a closed padlock or an unbroken key.

However, please note that whilst we take appropriate technical and organisational measures to safeguard the personal data that you provide to us, no transmission over the Internet can ever be guaranteed secure. Consequently, please note that we cannot guarantee the security of any personal data that you transfer over the Internet to us.

If you are using a computer or terminal in a public location, we recommend that you always log out and close the website browser when you complete an online session for your security. In addition we recommend that you take the following security measures to enhance your online safety:

  • Keep your account passwords private. Remember, anybody who knows your password may access your account.
  • When creating a password, use at least 8 characters. A combination of letters, numbers and symbols is best. Do not use dictionary words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your password. [You can do this by going to “My Account” and clicking “Change password”].
  • Avoid using the same password for multiple online accounts.

DATA ENCRYPTION IN TRANSIT AND AT REST

Artive’s services support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. We monitor the changing cryptographic landscape closely and work promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, we do this while also balancing the need for compatibility for older clients.

CONFIDENTIALITY

We place strict controls over our employees’ access to the data you and your users make available via Artive’s services, and are committed to ensuring that User Data is not seen by anyone who should not have access to it. The operation of Artive’s services requires that some employees have access to the systems which store and process User Data. These employees are prohibited from using these permissions to view User Data unless it is necessary to do so.

All of our employees are bound to our policies regarding User Data and we treat these issues as matters of the highest importance within our company.

COMPLIANCE

The environment that hosts Artive’s services maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website.

DISASTER RECOVERY

User Data is stored redundantly at multiple locations in our hosting provider’s data centers to ensure availability. We have well-tested backup and restoration procedures, which allow recovery from a major disaster.

NETWORK PROTECTION

In addition to sophisticated system monitoring and logging, we are running Security-Enhanced Linux (SELinux)* in enforcing mode. Firewalls are configured according to industry best practices and unnecessary ports are blocked by configuration with AWS Security Groups.

LOGGING

Artive maintains an extensive, centralized logging environment in its production environment which contains information pertaining to security, monitoring, availability, access, and other metrics about Artive’s services.

INCIDENT MANAGEMENT & RESPONSE

In the event of a security breach, Artive will promptly notify you of any unauthorized access to your User Data. Artive has incident management policies and procedures in place to handle such an event.

EXTERNAL SECURITY AUDITS

We contract with authorized external security firms who perform regular audits of Artive’s services to verify that our security practices are sound and to monitor our services for new vulnerabilities discovered by the security research community.

SPOOF/FALSE EMAILS

We will never ask you to confirm any account or credit card details via email. If you receive an email claiming to be from artive.org asking you to do so, please ignore it and do not respond.

YOUR RIGHTS

You have the following rights:

  • the right to ask what personal data that we hold about you at any time, subject to a fee specified by law;
  • the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge; and
  • the right to opt out of any marketing communications that we may send you.
  • the right to ask that your personal data be erased

To exercise any of your rights listed above, please submit your request via email to [email protected]

THIRD PARTY SITES

This Website may contain links to other websites operated by third parties. Please note that this Privacy and Security policy applies only to the personal data that we collect through this Website and we cannot be responsible for personal data that third parties may collect, store and use through their website (including microsites). You should always read the Privacy and Security policy of each website you visit carefully.

UPDATES TO THIS PRIVACY & SECURITY POLICY

We reserve the right to amend or update this Privacy and Security policy and any of our practices at any time. Please check back regularly to keep informed of updates to this Privacy and Security policy.

For the protection and preservation of the world's cultural heritage through the use of technology.

Copyright © 2018 Artive Inc.  All rights reserved.