Denver Art Museum Privacy Policy

Last Updated: June 30, 2023

1. Acceptance of Privacy Policy

Welcome to The Denver Art Museum (the “Denver Art Museum” “we” or “us”) and our Privacy Policy (“Privacy Policy”). This Privacy Policy is important and affects your legal rights, so please read carefully.

By accessing or using denverartmuseum.org and various related websites and services (collectively, the “Services”), you agree to be bound by this Privacy Policy. By using the Services and/or submitting or collecting any personal data via the Services, you accept and expressly consent and agree to our practices surrounding the collection, use, and sharing of your personal information in accordance with this Privacy Policy. If you do not consent and agree with the terms of this Privacy Policy, you cannot, and we do not authorize you to, access, browse, or use the Services.

Our processing of personal information, such as your name, address, e-mail address, or telephone number, will be undertaken consistent with the requirements of applicable privacy laws, including, but not limited to, the Colorado Privacy Act of 2021 (the “CPA”).

2. Information We Collect

2.1 Information We Collect Directly from You

We receive personal information as described to you at the point of collection, pursuant to your consent, and/or when you voluntarily provide us with personal information, including but not limited to:

(1) individual information (such as your e-mail address and phone number);

(2) company information (such as your company’s address); and

(3) other identifying information that you voluntarily choose to provide to us, including without limitation unique identifiers such as passwords, and personal information in messages you send to us.

2.2 Information We Automatically Collect When You Use Our Services

In order to access and use certain areas or features of the Services, you consent to our collection and use of certain information about your use of the Services through the use of tracking technologies or by other passive means. Your consent to our access and use of this “passively collected” information includes, but is not limited to, the domain name of the website that allowed you to navigate to the Services, search engines used, the internet protocol (IP) address used, the length of time spent on the Services, the pages you looked at on the Services, other webpages you visited before and after visiting the Services, the type of device and/or internet browser you have, the frequency of your visits to the Services, and other relevant statistics (collectively “Traffic Data”):

3. How We Collect Information

We collect your information when you use and interact with the Services, and in some cases from third party sources. Such means of collection include:

  • When you access, use, or contact us through the Services.
  • When you voluntarily provide information through the Services.
  • If you use a location-enabled browser, we may receive information about your location and device.
  • Through Cookies, Web Beacons, analytics services, and other tracking technologies (collectively, “Tracking Tools”).

4. Tracking Tools, Behavioral Advertising, and Opt Out Options

4.1. Tracking Tools

We may use tools outlined below in order to provide the Services, advertise to, and better understand users.

  • Cookies: “Cookies” are small computer files transferred to your device that contain information such as user ID, user preferences, lists of pages visited and activities conducted while using the Services. We use Cookies to: (i) improve and tailor the Services, (ii) customize advertisements, (iii) measure performance, (iv) store authentication so re-entering credentials is not required, (v) customize user experiences, and for (vi) analytics and fraud prevention. For more information on Cookies, including how to control your Cookie settings and preferences, visit http://www.allaboutCookies.org. You can also manage Cookies in your web browser (for example, Edge, Explorer, Chrome, Safari). If you choose to change your settings, you may find that certain functions or features of the Services will not work as intended.
  • Web Beacons: “Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files embedded in a web page or email that may be used to collect information about the use of the Services. The information collected by Web Beacons allows us to analyze how many people are using the Services, using selected publishers’ websites, or opening emails.
  • Web Service Analytics: We may use third-party analytics services in connection with the Services, including, for example, to register mouse clicks, mouse movements, scrolling activity and text typed into the Services. We use the information collected from these services to help make the Services easier to use and as otherwise set forth in Section 5 (How We Use Your Information). These analytics services generally do not collect personal information unless you voluntarily provide it.
  • Mobile Device Identifiers: As with other Tracking Tools, mobile device identifiers help us learn more about our users’ demographics and Internet behaviors in order to personalize and improve the Services. Mobile device identifiers are data stored on mobile devices that may track activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of personal information (such as media access control, address, and location) and Traffic Data.

4.2. Behavioral Advertising

We may use a type of advertising commonly known as interest-based or online behavioral advertising. This means that some of our partners use Tracking Tools to collect information about a user’s online activities to display our ads to the user based on the user’s interests (“Behavioral Advertising”). Our partners may include third-party advertisers and other third-party service providers, and such partners may collect information when you use the Services, such as IP address, mobile device ID, operating system, and demographic information. These Tracking Tools help us learn more about our users’ demographics and Internet behaviors.

4.3. Options for Opting out of Cookies and Mobile Device Identifiers

If we process Cookies based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any point in time by contacting us at privacy@denverartmuseum.org. Please note, if you exercise this right, you may have to provide your consent on a case-by-case basis to enable you to utilize some or all of the Services.

You may be able to reject Cookies and/or mobile device identifiers by activating the appropriate setting on your browser or device. Although you are not required to accept Denver Art Museum Cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through the Services.

  • You may opt out of receiving certain Cookies by visiting the Network Advertising Initiative (NAI) opt out page or the Digital Advertising Alliance (DAA) opt out page, or by installing the DAA’s AppChoice app (for iOS; for Android) on your mobile device. When you use these opt-out features, an “opt-out” Cookie will be placed on your device indicating that you do not want to receive interest-based advertising from NAI or DAA member companies. If you delete Cookies on your device, you may need to opt out again. For information about how to opt out of interest-based advertising on mobile devices, please visit http://www.applicationprivacy.org/expressing-your-behavioral-advertising-choices-on-a-mobile-device. You will need to opt out of each browser and device for which you desire to apply these opt-out features.
  • Even after opting out of Behavioral Advertising, you may still see Denver Art Museum advertisements that are not interest-based (i.e., not targeted toward you). Also, opting out does not mean that we are no longer using Tracking Tools. We still may collect information about your use of the Services even after you have opted out of Behavioral Advertising and may still serve advertisements to you via the Services based on information it collects through the Services.

This Privacy Policy does not cover the use of Cookies and other Tracking Tools by any third parties, and we are not responsible for the privacy practices of any third party. Please be aware that some third-party Cookies can continue to track your activities online even after you have left the Services.

4.4. “Do Not Track” (DNT) and Universal Opt-Out Preference Signals

Some web browsers (including Safari, Internet Explorer, Firefox, and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to web services that a visitor does not want to have their online activity and behavior tracked. If a web service operator elects to respond to a particular DNT signal, the web service operator may refrain from collecting certain personal information about the browser’s user. Not all browsers offer a DNT option and there is currently no industry consensus as to what constitutes a DNT signal. For these reasons, many web service operators, including the Denver Art Museum, do not proactively respond to DNT signals. For more information about DNT signals, visit http://allaboutdnt.com.

New standards are being developed for a Universal Opt-Out Mechanism, such as the Global Privacy Control (GPC), which allow users with GPC-enabled browsers and devices to send a signal that will communicate the user’s request to opt-out of sales of their personal information and to opt-out of certain sharing of their personal information. The CPRA and other laws allow for the acceptance of Opt-Out Preference Signals such as the GPC, as an option for users to transmit an Opt-Out of selling/sharing personal information. If we detect and recognize such a signal from your device or browser, we will honor it.

5. How We Use Your Information

We do not engage in automated decision making. We use information, including personal information, to provide the Services and to help improve the Services, to develop new services, and to advertise our services. Specifically, such use may include:

  • Providing you with the products, services, and information you request.
  • Corresponding with you.
  • Providing, maintaining, administering, or expanding the Services, performing business analyses, and for other internal purposes.
  • Combining information received from third parties with information that we have from or about you and using the combined information for any of the purposes described in this Privacy Policy.
  • Showing you advertisements, including interest-based or online behavioral advertising.
  • Fulfilling our legal obligations, such as preventing, detecting, and investigating security incidents, fraud, and potentially illegal or prohibited activities.
  • Enforcing our Privacy Policy and other agreements.

By providing your e-mail and/or phone number and checking a box, clicking the “complete” button, or some other affirmative act, you are consenting to receive e-mails and/or calls and text messages, including live, prerecorded, and/or automated calls and messages, to that email or phone number. After signing up, you will receive a confirmation e-mail or text message on your mobile number. This agreement is not entered into as a term or requirement of any purchase or promotion. Normal message and data rates may apply. Message frequency may vary. Neither we nor the participating carriers guarantee that messages will be delivered. We may discontinue these programs at any time without notice.

6. How We Share Your Information

In certain circumstances, and in order to perform the Services, we may share certain information about you as described in this section:

  • We do not sell your personal information to third parties.
  • We may share your personal information with our partners to customize or display our advertising.
  • We may share your personal information and/or Traffic Data with our partners who perform operational services for us (such as hosting, billing, fulfillment, data storage, security, insurance verification, web service analytics, or ad serving).
  • We may share your personal information and/or Traffic Data with our partners to analyze device activities and generate targeted advertisements.
  • We may transfer your personal information to another company in connection with a proposed merger, sale, acquisition or other change of ownership or control by or of the Denver Art Museum (whether in whole or in part). We will make reasonable efforts to notify you before your information becomes subject to different privacy practices.
  • We may share your personal information with similar nonprofit organizations to attract new visitors and members.
  • We also may need to disclose your personal information or any other information we collect about you if we determine in good faith that such disclosure is needed to: (1) comply with or fulfill our obligations under applicable law; (2) protect the rights, property or safety of you, us or another party; (3) enforce this Privacy Policy or other agreements with you; or (4) respond to claims that any posting or other content violates third-party rights.

7. Storage and Security of Information

Any information you send to us electronically, while using the Services or otherwise interacting with us, may not be secure when it is transmitted to us. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us. Please be aware, despite our best efforts, no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” Any information you send us through any means is transmitted at your own risk.

8. Your Rights

8.1 Colorado Privacy Rights

If you are a Colorado resident, you may have the following rights with respect to certain personal information we process about you, to the extent required by the CPA and subject to verification:

Right to Opt Out: The right to opt out of our targeted advertisements.

Right to Access: The right to confirm whether we are processing personal information about you and to access certain of such personal information in a useable format.

Right to Delete: The right to delete certain personal information we process about you.

Right to Correct: The right to correct certain inaccurate personal information about you.

You can exercise your rights by contacting use using the information in Section 12 below. We will not discriminate against you for exercising any of your rights relating to your personal information and will not (i) deny you goods or services, (ii) provide you with a different level or quality of services, or (iii) charge you different prices for services for doing so.

8.2 Canada, European Union and United Kingdom Privacy Rights

If our processing of your personal information is subject to the EU General Data Protection Regulation (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”), and/or the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”), and unless subject to an exemption, you may have the following rights with respect to your personal information:

  • To request a copy of the personal information we hold about you and where possible, to transmit that data directly to another data controller.
  • To request we correct any personal information about you.
  • To request your personal information be erased when no longer necessary for us to retain such data;
  • To withdraw your consent to the processing of your personal information.
  • To request a copy of the personal information we hold about you.
  • Where there is a dispute in relation to the accuracy or processing of your personal information, to request a restriction be placed on further processing.
  • To object to the processing of personal information (where applicable).
  • To lodge a complaint with a data supervisory authority.

We will need to verify your identity to process any requests described in this Section and may deny your request if we are unable to verify your identity. Government or other identification may be required.

If you are a resident of the European Economic Area (“EEA”), when we process your personal information, we will only do so in the following situations:

  • We need to use your information to perform our responsibilities under our agreement with you.
  • We have a legitimate interest in processing your personal information. For example, we may process your personal information to send you marketing communications, to communicate with you about the Services, and to provide and improve the Services.
  • We have your consent to do so.

If your personal data is subject to GDPR or UK GDPR, we will transfer personal data from the EEA to a location outside the EEA only when there has been a documented adequacy determination, or where we have confirmed adequate privacy protections. If your personal data is subject to PIPEDA, we will transfer personal data from Canada to locations outside Canada only where we have confirmed adequate privacy protections. If we transfer personal data to a third party acting as our agent, we will also obligate the third party to have adequate privacy protections in place.

9. How Long We Retain Your Information

We retain personal information about you for as long as necessary to provide you the Services. In some cases, we retain personal information for longer, if doing so is necessary to comply with our legal obligations, or as otherwise permitted by applicable law. Afterwards, we retain some information in a de-identified and/or aggregated form but not in a way that would identify you personally.

10. Third Party Web Services

The Services may contain links or content from third party websites. A link or content from a third-party website does not mean we endorse that website, the accuracy of information presented, or the persons or entities associated with that website. If you visit a third-party website, you are subject to the privacy policy of the applicable third party and we are not responsible for the policies and/or practices of any third party. We encourage you to ask questions before you disclose your information to others.

11. Updates and Changes to Privacy Policy

The effective date of this Privacy Policy is set forth at the top of this webpage. We will notify you of any material change by posting notice on this webpage. Your continued use of the Services after the effective date of any amendment to this Privacy Policy constitutes your acceptance of the amended Privacy Policy. We encourage you to periodically review this page for the latest information on our privacy practices. Any amended Privacy Policy supersedes all previous versions. IF YOU DO NOT AGREE TO FUTURE CHANGES TO THIS PRIVACY POLICY, YOU MUST STOP USING THE CLIENT SERVICES AFTER THE EFFECTIVE DATE OF SUCH CHANGES.

12. Contact Us

The data controller for the purposes of CPA, GDPR, UK GDPR, PIPEDA or other data protection laws is the Denver Art Museum. If you have any questions about this Privacy Policy, please contact us at privacy@denverartmuseum.org or at:

Denver Art Museum
Attn: Privacy Management
100 W 14th Avenue Pkwy
Denver, CO 80204