Privacy policy
This policy covers how we use your personal information.
We are committed to maintaining the accuracy, confidentiality, and security of your personally identifiable information (“Personal Information”). As part of this commitment, our privacy policy governs our actions as they relate to the collection, use, and disclosure of Personal Information. Our privacy policy is based upon the values set by the Personal Information Protection Act (Alberta) and Freedom of Information and Protection of Privacy Act (Alberta).
Introduction
We are responsible for maintaining and protecting the Personal Information under our control. We have designated an individual or individuals who is/are responsible for compliance with our privacy policy.
We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful request for information we receive, or to otherwise protect our rights.
Identifying Purposes
We collect, use, and disclose Personal Information to provide the product or service you have requested and to offer you additional products and services we believe you might be interested in. The purposes for which we collect Personal Information will be identified before, or at the time we collect the information. In certain circumstances, the purposes for which information is collected may be clear, and consent may be implied, such as where your name, address and payment information is provided as part of the order process.
Lawful basis
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:
- Your consent;
- The performance of the contract between you and the Site;
- Compliance with our legal obligations;
- For our legitimate interests, which do not override your fundamental rights and freedoms.
Knowledge and consent are required for the collection, use, or disclosure of Personal Information except where required or permitted by law. Providing us with your Personal Information is always your choice. However, your decision not to provide certain information may limit our ability to provide you with our products or services. We will not require you to consent to the collection, use, or disclosure of information as a condition to the supply of a product or service, except as required to be able to supply the product or service.
The Personal Information collected will be limited to those details necessary for the purposes identified by us. With your consent, we may collect Personal Information from you in person, over the telephone, or by corresponding with you via mail, facsimile, or the Internet.
We only collect information that we need related to your order. This includes your:
- Name
- Shipping and billing address
- Email address
- We do not collect your Credit Card information; it is collected through Shopify. See the "Credit Card Information" section below for more information.
Limiting Use, Disclosure, and Retention
Personal Information may only be used or disclosed for the purpose for which it was collected unless you have otherwise consented, or when it is required, or permitted by law. By keeping an active account though our online Shop, you give consent for us to retain your Personal Information. Personal Information will be retained for the period required to fulfill the purpose for which we collected it, or as may be required by law.
Your information is only used to fill your order. We do not sell or redistribute your information to anyone.
You may email us at shop@tyrrellmuseumshop.com any time to ask that we remove your information from our online database. Please note that by deleting your account, all order history will also be removed and will no longer accessible.
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
- Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.
Accuracy
Personal Information will be maintained in as accurate, complete, and up-to-date form as is necessary to fulfill the purposes for which it is to be used.
Personal Information will be protected by security safeguards that are appropriate to the sensitivity level of the information. We take all reasonable precautions to protect your Personal Information from any loss or unauthorized use, access, or disclosure.
We will make information available to you about our policies and practices with respect to the management of your Personal Information.
Upon request, you will be informed of the existence, use, and disclosure of your Personal Information, and will be given access to it. You may verify the accuracy and completeness of your Personal Information, and may request that it be amended, if appropriate. However, in certain circumstances permitted by law, we will not disclose certain information to you. For example, we may not disclose information relating to you if other individuals are referenced, or if there are legal, security, or commercial proprietary restrictions.
If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.
Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.
Our website may contain links to other third party sites that are not governed by this privacy policy. Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service. Additionally, we are not responsible for the privacy practices employed by third party websites. Therefore, we suggest that you examine the privacy statements of those sites to learn how your information may be collected, used, shared, and disclosed.
In general, the third-party providers we use will only collect, use, and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide them for your purchase-related transactions.
A cookie is a small computer file or piece of information that may be stored in your computer’s hard drive when you visit our website. We use cookies to improve our website’s functionality and, in some cases, to provide visitors with a customized online experience.
We use the following cookies to optimize your experience on our Site and to provide our services.
Cookies Necessary for the Functioning of the Shop
|
Name |
Function |
|
_ab |
Used in connection with access to admin. |
|
_secure_session_id |
Used in connection with navigation through a storefront. |
|
cart |
Used in connection with shopping cart. |
|
cart_sig |
Used in connection with checkout. |
|
cart_ts |
Used in connection with checkout. |
|
checkout_token |
Used in connection with checkout. |
|
secret |
Used in connection with checkout. |
|
secure_customer_sig |
Used in connection with customer login. |
|
storefront_digest |
Used in connection with customer login. |
|
_shopify_u |
Used to facilitate updating customer account information. |
Reporting and Analytics
|
Name |
Function |
|
_tracking_consent |
Tracking preferences. |
|
_landing_page |
Track landing pages |
|
_orig_referrer |
Track landing pages |
|
_s |
Shopify analytics. |
|
_shopify_fs |
Shopify analytics. |
|
_shopify_s |
Shopify analytics. |
|
_shopify_sa_p |
Shopify analytics relating to marketing & referrals. |
|
_shopify_sa_t |
Shopify analytics relating to marketing & referrals. |
|
_shopify_y |
Shopify analytics. |
|
_y |
Shopify analytics. |
You can control and manage cookies in various ways. Keep in mind that removing or blocking cookies can negatively affect your user experience and parts of our website may no longer be fully accessible.
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
If you provide us with your credit card information, the information is collected by Shopify. Although no method of transmission over the Internet or electronic storage is 100% secure, Shopify follow all Payment Card Industry Data Security Standard (PCI-DSS) requirements and implements additional generally accepted industry standards.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa and MasterCard.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal or regulatory reasons.
Direct any questions or inquiries about our privacy policy or our practices by contacting:
Royal Tyrrell Museum Cooperating Society
Attention: Business Manager
Box 7500
Drumheller, AB T0J 0Y0
E: bookkeeping@tyrrellmuseum.ca
Last updated: December 1, 2020