Privacy Policy for San Francisco Botanical Garden Website
San Francisco Botanical Garden (accessible at sfbotanicalgarden.com) is committed to protecting the privacy and safeguarding the personal data of visitors, members, donors, and users of our services. We collect and process personal information with the utmost care and in full compliance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”), where applicable.
1. Introduction: Our Commitment to Privacy
We respect your privacy and recognize the importance of protecting your personal information. This Privacy Policy outlines how we collect, use, store, and disclose your data when you use our website (sfbotanicalgarden.com), engage with our digital platforms, or otherwise interact with San Francisco Botanical Garden. We take a privacy-first approach to data processing and implement practices that are transparent, secure, and respectful of your rights.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all users of the website sfbotanicalgarden.com and associated digital services provided by or on behalf of San Francisco Botanical Garden. For the purpose of GDPR and other applicable privacy laws, San Francisco Botanical Garden acts as the “data controller” for data collected via our digital platforms. Should you have any questions or requests regarding this policy, you can contact us at [email protected].
3. Categories of Personal Data We Process
We collect and process various categories of personal data depending on the nature of your interaction with us. The categories include:
a. Usage Data:
Information about how you use our website, including your IP address, browser type, operating system, referring URLs, pages visited, session duration, and geolocation data affiliated with service usage.
b. Account Data:
Information you provide when you sign up for events, subscriptions, or memberships, including your full name, mailing address, email address, date of birth, and phone number.
c. Profile Data:
Preferences, demographic insights (e.g., visitor group type—such as a student or family), event registrations, donation and purchase history, and behavioral activity on our platforms.
d. Communication Data:
Details of communications with us, including email correspondence, contact form submissions, customer service inquiries, event RSVPs, and records of support interactions.
e. Technical Data:
Device identifiers, system configurations, device type/model, OS types and versions, time zone settings, and platform-specific diagnostics.
f. Transaction Data:
Payment information (processed through PCI-DSS-compliant third-party processors), donation amounts, transaction timestamps, purchase items, delivery addresses, and billing information.
g. Preference Data:
Marketing preferences, opt-in consent records, areas of interest (e.g., specific exhibits or newsletters), and event participation indicators.
4. Legal Bases for Processing
We process your personal data lawfully under one or more of the following legal bases:
– Consent: Where you have given clear consent to the processing of your data for specific purposes (e.g., receiving newsletters or promotional offers).
– Performance of a Contract: Where processing is necessary to fulfill a contract you are party to, such as purchasing tickets or registering for events.
– Legal Obligation: Where processing is necessary to comply with legal or regulatory obligations.
– Legitimate Interest: Where processing is necessary for our legitimate interests (e.g., improving our services, fraud prevention), provided these interests are not overridden by your rights.
5. Your Data Rights
Under the GDPR and CCPA (where applicable), you have the following rights:
– Right of Access – You may request access to the personal data we hold about you.
– Right to Rectification – You may request that we correct any incorrect or incomplete data.
– Right to Erasure – You may request deletion of your data, subject to lawful retention obligations.
– Right to Restrict Processing – You may request that we limit the usage of your data in certain circumstances.
– Right to Data Portability – You may request a copy of your personal data in a commonly used machine-readable format.
– Right to Opt-Out of Sale – For California residents, you have the right to opt-out of the sale or sharing of your personal information.
– Right to Non-Discrimination – You will not be discriminated against for exercising your privacy rights.
To exercise any of these rights or submit a privacy-related request, please contact: [email protected].
6. Security Measures
We implement commercially reasonable technical and organizational security measures to protect your personal data, including:
– Data encryption in transit and at rest
– Access controls based on least privilege principles
– Regular system backups and disaster recovery plans
– Staff training in data protection best practices
– Secure authentication protocols for user access
7. International Data Transfers
Where necessary, personal data may be transferred, stored, or processed outside the country of your residence, including the United States. For residents of the EU/EEA, we implement appropriate safeguards for data transfers, including Standard Contractual Clauses approved by the European Commission. We ensure that any third-party service provider handling such transfers maintains adequate data protection levels in accordance with applicable regulations.
8. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations. Specific data retention periods are as follows:
– Usage Data: 12 months
– Account Data: Retained as long as an account is active and for up to 3 years thereafter
– Profile Data: 3 years from last user activity
– Communication Data: 3 years unless required for the legitimate defense of legal claims
– Technical Data: 12 months
– Transaction Data: 7 years to satisfy financial reporting and audit compliance
– Preference Data: Retained until consent is withdrawn or data is updated
9. Cookie Policy
We use cookies and similar tracking technologies on sfbotanicalgarden.com to enhance user experience and ensure site functionality. Cookies fall within the following categories:
– Essential Cookies: Necessary for the core operation of the website (e.g., session authentication, user login).
– Functional Cookies: Remember your settings and preferences (e.g., language selection, font size).
– Analytics Cookies: Collect aggregate data on user interactions to improve site functionality (e.g., Google Analytics).
– Performance Cookies: Monitor performance metrics such as load times and error reports.
10. Cookie Management and Compliance
We provide a cookie banner at initial access to gather consent where required under GDPR. You may manage or withdraw your consent by adjusting your cookie preferences via our Cookie Settings link found in the website footer or by configuring your browser settings.
Residents of California have additional rights under CCPA and can opt out of “sale” of data through our Do Not Sell My Personal Information interface, if applicable.
11. Children’s Data
Our website and services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 without verified parental consent. If we become aware that we have inadvertently collected such data, we will take immediate steps to delete it. Parents or guardians who believe their child has submitted personal data may contact us at [email protected].
12. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in data practices or applicable regulations. Any material changes will be communicated via our website or other direct means where applicable. Continued use of our services following such changes indicates your acceptance of the revised policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact:
Data Protection Officer
San Francisco Botanical Garden
Email: [email protected]
We take your privacy seriously and are committed to achieving and maintaining full compliance with the GDPR, CCPA, and all applicable data privacy regulations. If you have any concerns or wish to exercise your rights, do not hesitate to get in touch with us at the above contact email.