The Colonial Williamsburg Foundation ("Company," “we,” “us,” “our,”), owner of history.org, knows that you care about how your Personal Data is used and shared. Please read this Privacy Policy to learn how we treat your Personal Data.
In order to continue to our website or any other linked pages, features, content, or applications offered from time to time by Company in connection therewith (collectively, the "Services"), you must acknowledge that you accept the practices and policies outlined below and you hereby consent and authorize us to collect, use and share your data as described in this Privacy Policy by clicking the “I agree” button.
Remember that your use of our Services is at all times subject to our Terms of Use, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Use.
This Privacy Policy covers how we treat Personal Data. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules or regulations.
In this document "Personal Data" shall apply to Personal Data of individual Service users who are not child registrants. General references to "data" or "information" shall apply to all users.
Company gathers Personal Data when you access or use the Services. This policy does not apply to the practices of companies that Company does not own or control, or to individuals that Company does not employ or manage.
If you have any questions about this privacy policy or how your Personal Data is handled, please email us at [email protected].
The Personal Data you provide is used for such purposes as providing you the Services, answering questions, sending product updates, and communicating with you about Company's products and services. You may review and modify your Personal Data at any time by logging into your account and accessing features to edit your profile and/or account information. To stop collection of or remove your Personal Data, please contact us via the contact form on history.org/contact.
We may collect your email address, account password, zip code, and any other information necessary for us to provide the Services. If you are a teacher or a school administrator, we may also collect the following if you choose to provide it: your subject(s), grade(s), and number of students taught; role; type of school where employed and whether it is funded by Title I; and general interests.
We also offer parents and teachers the ability to sign up for the services using their existing Google account. If you choose to sign up for the Services using one of this account, we will receive your full name from the service provider managing that account.
We receive and store certain types of information whenever you interact with our Services or use our Services. Google Analytics collects Anonymized Data from your browser, which may include your IP address, cookie information, and the page you requested. For a full explanation of the data that Google Analytics collects, please visit https://policies.google.com/technologies/partner-sites
The Services also use cookies and similar technologies (collectively, “Cookies”). Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our Services.
We use information collected through cookies and usage of the Services for purposes such as to learn more about our user base; analyze trends; authenticate and secure the Services; enhance and personalize your experience; and in general to improve and operate our Services.
When you receive emails from us, you can opt out of receiving further emails by following the included instructions to unsubscribe.
We may run advertising campaigns to market our Services and use technology such as cookies to analyze the performance of advertising and improve them. We do not currently display third party advertisements on our Services.
We collect Personal Data about you from the following categories of sources:
When you provide such information directly to us
Vendors
Social Networks
Our Commercial or Business Purposes for Collecting Personal Data
We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated or incompatible purposes without providing you notice.
Your Personal Data is an integral part of our business. We neither rent nor sell your Personal Data to anyone. We share your Personal Data only as described below.
Service Providers: These parties help us provide the Services or perform business functions on our behalf. They include:
Analytics Partners: These parties provide analytics on web traffic or usage of the Services. They include:
Parties You Authorize, Access or Authenticate
Over time, we may grow and reorganize. We may share your information, including Personal Data with affiliates such as other companies that we control or that are under common control with us, in which case we will require those companies to agree to use your Personal Data in a way that is consistent with this Privacy Policy.
We may share any Personal Data that we collect with third parties in conjunction with any of the activities set forth under “Meeting Legal Requirements and Enforcing Legal Terms” in the “Our Commercial or Business Purposes for Collecting Personal Data” section above.
We may release Personal Data to protect the rights, property, or safety of the Company, our employees, our users, or others. This includes, in the case of Personal Data, exchanging information with other companies and organizations for fraud protection and credit risk reduction.
We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user (“Anonymized Data”). We may use such Anonymized Data and share it with third parties for our lawful business purposes, which may include publishing such Anonymized Data, including to analyze, build and improve the Services and promote our business, provided that we will not share such data in a manner that could identify the user.
We may use your Personal Data for any legal purpose for which you give us permission.
The security of your Personal Data is important to us. To prevent unauthorized access, disclosure, or improper use of your information, and to maintain data accuracy, we've established administrative safeguards to protect the Personal Data we collect. In particular:
Additionally, the site is based in the Google Cloud. You can find Google’s Data Processing Addendum here. Google Cloud’s security measures include physical safeguards such as geographically distributed data centers and technological safeguards such as encryption.
Company endeavors to protect user information to ensure that user account information is kept private, however, Company cannot guarantee the security of user account information. Your Personal Data is protected by a password for your privacy and security. You need to ensure that there is no unauthorized access to your account and Personal Data by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your account.
Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. The website contains links to other sites. Company is not responsible for the privacy policies and/or practices on other sites. When linking to another site you should read the privacy policy stated on that site. This Privacy Policy only governs information collected on the Services. Please be aware that whenever you voluntarily post information to public areas on the Services or any other public forums, such information can be accessed by the public.
We store your Personal Data for as long as it is necessary to provide products and Services, including those described above. Personal Data associated with your account will be kept until your account is deleted unless we no longer need the data to provide products and services.
Please note that we may have to retain some information after your account is deleted, to comply with legal obligations, to protect the safety and security of our community or our Service, or to prevent abuse of our Terms.
You have the right to ask us to delete your account at any time. You can do so by contacting us at [email protected].
What happens when an account is deleted: We de-identify or delete any Personal Data tied to the accounts, including emails, usernames, device tokens, device identifiers, IP addresses. Some information may persist in backups that we maintain, for a reasonable amount of time. We retain de-identified usage information about the accounts unless we are contractually obligated to delete such information.
Please note that after an account is deleted from our systems, it is not possible for us to restore the account, or any Personal Data associated with it.
During the time that you use the Services, you may receive emails from us, which includes emails around new features and content collections and site updates, reminders, promotional offers and account related emails.
You may opt-out from receiving emails by using the unsubscribe link in the email or via the contact form on history.org/contact. Opting out from certain types of emails may prevent us from providing you key portions of the Services.
Please note even if you unsubscribe, we will still need to send certain essential emails while you have an account with us. These may include important legal or security related updates.
State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information.
California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:
The exact scope of these rights may vary by state. To exercise any of these rights please contact us at [email protected].
Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated address: [email protected]. However, please know we do not currently sell data triggering that statute's opt-out requirements.
EU Residents
If you are a resident of the EU, United Kingdom, Lichtenstein, Norway or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.
For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure.
We will be the controller of your Personal Data processed in connection with the Services. Note that we may also process Personal Data of our customers’ end users or employees in connection with our provision of certain services to customers (e.g. educational institutions) , in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.
If there are any conflicts between this section and any other provision of this Privacy Policy, the policy or portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at [email protected].
The “What Personal Data Does Company Collect” section above details the Personal Data that we collect from you.
The “How does the Company Use the Information it Collects” section above explains how we use your Personal Data.
The “Will Company Share any of the Information it Receives” section above details how we share your Personal Data with third parties.
You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email us at [email protected].
In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
We will respond to all requests within a reasonable timeframe. If our full response will ever take more than a month due to complexity or scope, we will notify you of this and keep you updated.
Review and update your data: You have the right to access and update any personal data that we have collected. Some personal data, such as the account holder's name and email address can be found and updated by logging into your account. For any personal data beyond this, please submit a request using the contact information at the end of this section.
Delete your data: You also have the right to have your Personal Data deleted. This is sometimes known as the ‘right to be forgotten’. To request that we delete all Personal Data about you, please submit a request using the contact information at the end of this section.
For more information on our data deletion and retention practice from the section on "Data Deletion and Retention."
Restrict Processing: You have the right to restrict how we process your Personal Data in certain circumstances. This is an alternative to requesting the deletion of your data. Rather than requesting we delete all of your personal data, you may request that we limit our uses of your Personal Data to specific purposes. You may wish to request we restrict our processing if you contest the accuracy of your Personal Data and we are working to verify this information, or if you want us to retain your personal data in connection to a legal claim but cease processing it.
Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
Data Portability: You have the right to obtain copies of your information in a structured, commonly used format so that you can move your data between our service and the services of others. We may request more information to confirm your identity before providing any Personal Data.
Right to Object: You have the right to object to the processing of your Personal Data for direct marketing purposes or when our processing of your data is based on legitimate interests. You may request that we stop processing your Personal Data for direct marketing purposes. This is an absolute right and we cannot refuse this request. Beyond direct marketing, if you wish to exercise this right, you must give specific reasons as to why you object to our processing of your data, based on your particular situation. Even after receiving such a request, we may continue processing if it is necessary for the exercise/defense of a legal claim or if we can demonstrate a compelling legitimate ground for the processing.
Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here:
https://edpb.europa.eu/about-edpb/board/members_en
If you are an individual in the European Union (EU) or an EU citizen, we collect and process data about you only where we have legal bases for doing so under applicable EU laws. This means we collect and process your data only when:
Some examples of our legitimate interests and the data being processed include:
Where we rely on your consent to process your Personal Data, you have the right to withdraw or decline consent at any time. If you wish to withdraw your consent, please contact us using the information in the Contact for Individual Rights Requests section.
Where we rely on our legitimate interests to process your Personal Data, you have the right to object. More information on exercising this right can be found in the EU Data Subject Rights section.
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us at [email protected].
Please use the below information when submitting a request to exercise any of the above rights. Please do not submit requests across multiple communication channels. We will make all efforts to respond to your request within a reasonable timeframe.
Email: [email protected]
Physical Mail: history.org, ℅ Colonial Williamsburg Foundation, P.O. Box 1776, Williamsburg, VA 23187
The Services are hosted and operated in the United States (“U.S.”) through us and our service providers, including Google Analytics, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to us in the U.S. and will be hosted on U.S. servers, and you authorize us to transfer, store and process your information to and in the U.S., and possibly other countries. Additionally, ClickView, which we use for its video repository, is based in Australia. Some of your Personal Data may therefore be transferred, stored, and processed in Australia; you authorize these actions. In some circumstances, your Personal Data may be transferred to the U.S. pursuant to a data processing agreement incorporating standard data protection clauses or in reliance on the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) the UK Extension to the EU-U.S. DPF (“UK-U.S. DPF”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”).
The Federal Trade Commission has jurisdiction over our compliance with the DPF. This Privacy Policy describes the types of Personal Data we collect, the purposes for which we collect and use your Personal Data, and the purposes for which we disclose your Personal Data to certain types of third parties in the sections above. Pursuant to the DPF, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain Personal Data relating to you in the U.S. Upon request, we will provide you with access to the Personal Data that we hold about you. You may also correct, amend, or delete the Personal Data we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the U.S. under DPF, should direct their query to [email protected]. If requested to remove data, we will respond within a reasonable timeframe. For more information about rights afforded to you, please see the European Union Data Subject Rights Section of the Privacy Policy.
In addition, we will provide you with the choice to opt-out from the sharing of your Personal Data with any third parties (other than our agents or those that act on our behalf or under our instruction), or before we use it for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized.
We will provide you with the choice to opt-in to sharing your sensitive Personal Data with any third parties or if we plan to process your Personal Data for a purpose other than those for which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your Personal Data, please submit a written request to [email protected].
In addition to any other disclosures described in our Privacy Policy, in certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We are responsible for the processing of personal data we receive, under the DPF Programs , and subsequently transfer to third-parties acting as an agent on its behalf. We comply with the DPF Principles for all onward transfers of personal information from the EU, UK and Switzerland, including the onward transfer liability provisions. In particular, we remain liable under the DPF Principles if our agents process Personal Data in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.
With respect to personal data received or transferred pursuant to the DPF Programs, we are subject to the jurisdiction and regulatory enforcement powers of the U.S. Federal Trade Commission and other authorized statutory bodies. In certain situations, we commit to resolve DPF Principles-related complaints about the collection and use of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the DPF Programs should contact us at [email protected].
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Annex 1 of the DPF Principles, located at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
Company may revise this Privacy Policy from time to time. Use of information we collect is subject to the Privacy Policy in effect at the time such information is used.
If we make material changes in the way we use Personal Data, we will notify you by posting an announcement on our Services, or by email.
We encourage you to review this Privacy Policy from time to time, to stay informed about our collection, use, and disclosure of personal information through the Service. If you don’t agree with any changes to the Privacy Policy, you may terminate your account. By continuing to use the Service after the revised Privacy Policy has become effective, you acknowledge that you accept and agree to the current version of the Privacy Policy.
If you have any questions or concerns regarding privacy on our Services, please send us a detailed email at [email protected]. We will make every effort to resolve your concerns.
The Colonial Williamsburg Foundation
P.O. Box 1776
Williamsburg, VA 23187