Privacy Policy
The Metropolitan Museum of Art - Data Protection and Privacy Rights
Last Updated: December 15, 2024
The Metropolitan Museum of Art ("we," "us," or "our") is committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information. This Privacy Policy explains our practices regarding data collection and processing in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.
1. Information We Collect
Personal Information
- Name and contact details
- Email address
- Phone number
- Mailing address
- Payment information
Usage Information
- Website browsing data
- Device information
- IP address and location
- Museum visit preferences
- Exhibition interests
2. How We Use Your Information
Museum Services
Processing ticket purchases, membership applications, and providing information about exhibitions, educational programs, and arts events at the Metropolitan Museum.
Communications
Sending newsletters, exhibition announcements, and updates about museum activities, arts programs, and special events.
Website Improvement
Analyzing website usage to enhance user experience and improve our digital services related to arts and cultural content.
Legal Compliance
Meeting legal obligations and protecting the rights and safety of our visitors and the Metropolitan Museum's collections.
3. Cookies and Tracking Technologies
Cookie Usage
We use cookies and similar technologies to enhance your browsing experience on our website. These technologies help us understand how visitors interact with our arts content and museum information.
Essential Cookies
Required for website functionality and security
Analytics Cookies
Help us understand visitor behavior and improve our services
Marketing Cookies
Used to deliver relevant content about exhibitions and programs
4. Analytics and Third-Party Services
We use Google Analytics and other analytics services to understand how visitors engage with our website and arts content. These services may collect information about your visits to help us improve the Metropolitan Museum's digital experience.
Data Collected:
- Page views and session duration
- Geographic location (general)
- Device and browser information
- Referral sources
Your Control:
You can opt-out of analytics tracking through your browser settings or by using Google's opt-out tools. This will not affect your ability to access museum information and arts content.
5. Your Rights Under GDPR
Access & Portability
Request access to your personal data and receive a copy in a portable format.
Rectification
Request correction of inaccurate or incomplete personal information.
Erasure
Request deletion of your personal data under certain circumstances.
Restriction
Request limitation of processing your personal data in specific situations.
6. Data Security and Retention
Security Measures
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security protocols are regularly reviewed and updated.
Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law. Visitor information and membership data are typically retained for 7 years after the last interaction.
7. Contact Information for Privacy Concerns
Privacy Officer
For any questions about this Privacy Policy or to exercise your rights under GDPR, please contact our Privacy Officer:
Address:
The Metropolitan Museum of Art
Privacy Officer
725 Madison Ave
New York, NY 10065, USA
Response Time
We will respond to your privacy requests within 30 days as required by GDPR.
Supervisory Authority
You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.
8. International Data Transfers
As the Metropolitan Museum operates primarily in the United States, your personal data may be transferred to and processed in the US. We ensure appropriate safeguards are in place for international transfers, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions where applicable
- Other appropriate safeguards as required by GDPR
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:
- Post the updated policy on our website
- Update the "Last Updated" date
- Notify you via email if you have subscribed to our communications
- Provide prominent notice on our website for material changes
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information and your rights regarding your personal data.