Last Updated: June 8, 2017

The Museum of Fine Arts, Boston (“MFA”, “we”, “us”, “our”, etc.), is committed to protecting your privacy. This Privacy Policy applies to the information we collect about you in connection with your use of the website www.mfa.org and all corresponding subdomains and web pages associated with the foregoing URL (collectively, the “MFA Web Site”). The MFA does not collect personally identifiable information about individuals, such as names, addresses, e-mail addresses, telephone numbers, and credit/debit card numbers (“Personal Information”), unless the individual visiting the MFA Web Site voluntarily provides it. By visiting the MFA Web Site, you agree to be bound by the terms and conditions of this Privacy Policy. By providing Personal Information via the MFA Web Site, you consent to our collection and use of it, as described in this Privacy Policy, as it may be revised from time to time. This Privacy Policy governs our use and disclosure of Personal Information.

1. The MFA’s Policy on Collecting Information

Purchases

When you purchase a ticket or product on the MFA Web Site, we need to know your name, billing and shipping addresses, telephone number, e-mail address, and credit card information to process your order. Your credit card information will be used only as needed to process your transaction. You may decide whether or not to provide such information. If you purchase a ticket via the MFA Web Site to, or otherwise participate in, an event or promotion that we conduct jointly with another organization or company, we may share certain Personal Information collected from you, such as your name, address and e-mail address, with the relevant organization or company.

Memberships and Donations

When you purchase an MFA membership via the MFA Web Site or make a donation to the MFA via the MFA Web Site, we will ask you to provide us with the Personal Information we need to process your membership and/or to acknowledge your contribution. This information includes your name, billing and shipping addresses, telephone number, e-mail address, and credit card information. Your credit card information will be used only as needed to process your transaction.

Surveys

From time to time, the MFA may invite you to participate in surveys conducted via the MFA Web Site. You may decide whether or not you wish to complete such surveys, which may ask about your background, occupation, or similar questions. We use this information to help us better understand our visitors’ needs and interests, which in turn allows us to better meet your expectations. Our online surveys may be powered by SurveyGizmo or other third-party service provider.

Contests

The MFA will occasionally offer visitors of the MFA Web Site the opportunity to participate in contests or sweepstakes. If you choose to enter, you will need to provide your name and e-mail address so that we may contact you in connection with the contest. We may also request that you provide us with certain other information, such as your zip code and/or state of residence.

MFA E-mail (MFA Mail)

As a service, the MFA offers the opportunity to subscribe to our e-mails. If you choose to subscribe, you will receive MFA Mail on the topics you choose. You may subscribe or unsubscribe at any time by following the simple instructions at the bottom of each e-mail. On occasion, the MFA may send e-mails to individuals who have provided us with their e-mail address, informing them of Museum events or promotions we think may be of interest.

MFA E-Cards

The MFA offers the opportunity to send e-cards featuring works in the MFA collection. If you choose to use our e-card service, you will need to provide your name and e-mail address, as well as the recipient’s name and e-mail address.

Information Collected Through Automatic Data Collection Technologies

The MFA Web Site may use cookies (which are small data files containing information about you that is stored on your device), pixels, web beacons, and other similar tracking technologies (collectively, “Tracking Technologies”) to automatically collect information about your equipment, browsing actions, and patterns as you interact with the MFA Web Site, including: details of your visits to the MFA Web Site, including traffic data, logs, and other communication data and the resources that you access and use on the MFA Web Site and information about your computer and internet connection, including your IP address, operating system, device ID and browser type. Some content or applications, including advertisements, on the MFA Web Site are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use Tracking Technologies to collect information about you when you use the MFA Web Site and unaffiliated, third-party websites. They may use this information to provide you with interest-based advertising (also known as behavioral advertising) or other targeted content. We do not control these third parties’ Tracking Technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For further information regarding interest-based advertising and how you can opt out of receiving targeted advertising from many providers, see Section 3 below.

2. How the MFA Uses Information Collected From Visitors

The MFA uses the Personal Information you provide to us for internal purposes, such as filling and tracking your purchases, analyzing trends and collecting statistics. The MFA may also compile and provide aggregate statistics about our visitors, customers, sales, traffic patterns and related site information to third parties, but these statistics will not include any Personal Information.

The MFA may contact you by mail, phone or e-mail to inform you of an event or promotion that we believe would interest you. We may combine Personal Information you give to us online, in our stores or at the Museum. We may also combine this information with publicly available information and information we received from or cross-reference with our third-party vendors and others. We may use this combined information to enhance and personalize your shopping experience with us, to communicate with you about products or events that may be of interest to you, or for other promotional purposes.

The MFA may disclose Personal Information when such disclosure is reasonably necessary to comply with the law; enforce the terms of any of our user agreements; or protect the rights, property, and safety of MFA, the users of its site, or others.

The MFA may from time to time retain qualified third-party vendors in order to help us manage the MFA Web Site and allow us to better serve our visitors and customers. These may include third-party vendors we engage to analyze the information we collect on the MFA Web Site, provide credit card processing, data management, promotional services and other services. We provide these service providers with the information they need to perform these services. The MFA requires its vendors to maintain the security of the Personal Information to which they are provided access and restricts third-party vendors from using Personal Information in any way not expressly authorized by MFA.

Personal Information collected from you may be transferred to a third party as a result of a sale, acquisition, merger or bankruptcy involving MFA.

In addition to the foregoing, your information may also be used for the following purposes:

  • To provide any services or products that you request or purchase in connection with the MFA Web Site;
  • To contact you regarding the administration of any features or functions of the MFA Web Site;
  • To respond to your questions, comments, complaints, requests and other communications;
  • To track your return visits and use of the MFA Web Site and to save your user account, registration and profile data or other information in order to tailor your experience with the MFA Web Site and otherwise customize what you see when you use the MFA Web Site (and so that you are not required to have to re-enter such data each time you use the MFA Web Site);
  • For other purposes described in this Privacy Policy or disclosed at the time you provide us with the information.

3. Opting Out of Certain Uses and Disclosures of Your Information

Marketing and Promotional Communications

You can unsubscribe or opt out of receiving marketing and promotional communications by either following the specific instructions included in such communications or by sending an e-mail to us at info@mfa.org detailing your privacy request. Please note that opt-out and unsubscribe requests may not take effect immediately and may take a reasonable amount of time to receive, process and apply, during which time your information shall remain subject to the prior privacy settings. Additionally, you should be aware that any information provided to third parties prior to your election to opt out or unsubscribe cannot be retrieved or rescinded by us unless required by applicable law, and you cannot retroactively opt out or unsubscribe with respect to such third parties. Also, please note that we may still send you e-mails regarding changes to our policies and/or the features and functionality of the MFA Web Site or in connection with a purchase via MFA Web Site or other purposes specifically relating to your account and/or use of the MFA Web Site. We may also have features that allow you to submit information, questions or feedback to us. In those instances, we may retain your e-mails and other information you submit to us for purposes of responding to you, for our internal purposes, and to help us to serve you better.

Interest-Based Advertising and Opting Out of Certain Tracking Technologies

We may collect and share with third-party service providers, and third parties (such as advertisers, ad networks and servers, content providers, and application providers) may directly collect, certain information about you and your interaction with the MFA Web Site and your interaction with third-party websites, services and platforms. Such information may be collected using Tracking Technologies and may include your e-mail address, browser type and version, operating system type and version, IP address, location-based information, device type and other device identifiers, web browsing activity, web pages visited, interaction with advertisements and your other online activities over time and across different websites, applications and devices. This information may be used by us and third parties for analytics, attribution and reporting purposes and to show you targeted advertisements for products and services that you might be interested in on the MFA Web Site and on unaffiliated websites, applications and platforms. In order to customize these advertisements or content, we and/or third parties may connect de-identified demographic, behavioral, inferred-interest or other data about you (which may be received from third parties) either to data you have voluntarily submitted to us (e.g., your e-mail address), or to data passively collected from you, such as your device identifier or IP address. If you would like to learn more about interest-based advertising, please visit the website of the Digital Advertising Alliance (DAA) at http://www.aboutads.info/consumers/.

You may limit or opt out from the collection of certain information for interest-based advertising uses and the use of certain Tracking Technologies as follows:

  • Collection of Information by Third-party Advertising Providers: To limit or opt out from the collection of your web viewing data for interest-based advertising uses, go to the DAA’s Consumer Choice Page, located at http://aboutads.info/choices/.
  • Tracking Technologies: Most browsers are initially set to accept cookies (other than Flash cookies) and allow local storage, but you should be able to change your settings to notify you when a cookie is being set or updated, local storage is being used, and/or to block cookies and/or the use of local storage altogether. Please consult the “Help” section of your browser for more information.
  • Flash Cookies: Users can manage the use of Flash technologies, with the Flash management tools available at Adobe’s website, see http://www.adobe.com/products/flashplayer/security/privacy_policy/faq
  • Do Not Track Signals: Certain browsers transmit “do not track” signals to the websites that such browsers communicate with; however, this feature, and how it is used and activated, varies from browser to browser. Therefore, it is not clear whether the signals are intentionally transmitted by a user, or whether a user is even aware of this. Despite current efforts, there is still disagreement among leading Internet standards organizations, industry groups, technology companies, and regulators, concerning what, if anything, websites should do when they receive such signals, and no standard has been adopted to date. We take privacy and security very seriously. With respect to “do not track signals,” we currently do not take action in response to these signals, but, if a standard is established and accepted, we may reassess how to respond to these signals.

Please note that by blocking any or all cookies you may not have access to certain features, content and/or other personalization available through the MFA Web Site.

4. Linked Sites

Linking

The MFA Web Site may include links to web sites operated by third parties over which we have no control. MFA is not responsible for the privacy practices of such other sites and encourages you to be aware when you leave the MFA Web Site and to read the privacy policies of each and every web site that collects Personal Information. Once you leave the MFA Web Site, the MFA Privacy Policy will not apply, and you access such sites at your own risk.

5. Children and Parents

Children Twelve and Under

MFA does not solicit Personal Information from children. Visitors twelve years of age and under should remember that they are required to obtain an adult’s permission before submitting any Personal Information to this or any other Web site. If your child has submitted Personal Information and you would like to request that such information be removed, you may contact us via one of the contact methods described on the MFA Web Site and we will promptly remove such information and shall not use such information or include it in our database. Users twelve and under and their parents or guardians are advised that any Personal Information voluntarily entered by children may be available for use until MFA becomes aware that a user is under the age of thirteen and has had a reasonable opportunity to remove the information from the MFA Web Site.

6. Security Measures

Security

MFA uses commercially reasonable security standards to protect your Personal Information. MFA secure server software uses industry-standard Secure Socket Layer (SSL) encryption technology. SSL encodes your Personal Information as it travels over the Internet so that all transactions are secure. If you prefer, you may also place a MFA Store order by phone at 617-369-3575 or by fax at 617-859-9903. For membership gifts, please call 617-369-3395; for donations, please call 617-369-3004.

Disclaimer

The MFA takes commercially reasonable precautions to protect your Personal Information both online and off-line, but absolute security cannot be guaranteed. It is important for you to protect against unauthorized access to your password and to your computer. The MFA shall not be liable for the transfer or use of any Personal Information resulting from loss or distribution of data, the corruption of storage media, power failures, natural phenomena, riots, acts of vandalism, sabotage, terrorism or any other event beyond the MFA’s reasonable control.

7. Revisions to the MFA Privacy Policy

Revisions to our Privacy Policy

Please note that MFA may revise this Privacy Policy at any time, without notice. Any such change is effective immediately upon posting it on the MFA Web Site. Such revisions may arise in response to changes in the law, policy, or other factors. When we change this Privacy Policy in a material way, a notice will be posted on the MFA Web Site along with the updated Privacy Policy. Your continued use of the MFA Web Site after we post a revised Privacy Policy (and, where appropriate, notify you of same) signifies your acceptance of the revised Privacy Policy. We encourage you to periodically visit this page to review our most current Privacy Policy. Certain provisions of this Privacy Policy may be superseded by expressly designated legal notices or terms located on particular pages on the MFA Web Site.

8. MFA’s Contact Information for Privacy Questions

Contact the MFA

E-mail us your questions, comments, or concerns about our privacy policy or any other aspect of our Web site.

9. Your California Privacy Rights

We provide you with information on how to exercise your disclosure choice options such as your right to opt-out (which we may sometimes refer to as “unsubscribe”) with respect to use of your Personal Information by third parties for marketing purposes. Therefore, pursuant to the California Civil Code, we are not required to maintain or disclose a list of the third parties that received your Personal Information for marketing purposes during the preceding year. If you are a California resident and wish to request information about how to exercise your third-party disclosure choices, please send a request by e-mail to our Privacy Administrator at info@mfa.org detailing your privacy request. All requests must be labeled “Your California Privacy Rights” on the e-mail subject line. For all requests, please clearly state that the request is related to “Your California Privacy Rights”, include your name, street address, city, state, zip code and e-mail address (your street address is optional if you wish to receive a response to your request via e-mail) and indicate your preference on how our response to your request should be sent (e-mail or postal mail). We will not accept requests via the telephone, postal mail or by fax. We are not responsible for notices that are not labeled or sent properly, or do not have complete or legible information.