Privacy Policy

Privacy Policy

This Privacy Policy (“Privacy Policy”) is effective as of, and was last updated on,10-10-2022

The Hip Hop Museum. (“THHM”, “we,” “us,” “our”, or “Company”) offers a website located at https://THHM.org/ (the “Site”), as well as the blogs, social media pages, ticket sales and other services provided through email correspondence, events, newsletters, or other interactions with THHM’s representatives (collectively “Platform”). This Privacy Policy is intended to inform visitors, users, members, registrants or attendees at events (“user”, “you” or “your”) about the collection and use of information or personal data about them that is collected directly or in connection with their attendance at events, or interactions with the Platform. It also explains the conditions under which we use and disclose that information, and your rights in relation to that information.

This Privacy Policy is part of, and is governed by, the terms and conditions set forth in our Terms of Service. This Privacy Policy provides information so that users are able to understand and consent to the processing of their personal data, where appropriate. THHM is the data controller regarding all personal data processing conducted through the Platform.

 

1. Contact Information.

The data controller and operator of the Platform is THHM with a postal address at: [P.O. Box 6001, Bronx, NY 10451].

2. Definitions.

Applicable Laws” means for individuals located in the European Economic Area (EEA), the EU General Data Protection Regulation (Regulation (EU) 2016/679), together with protection law of the EEA Member State of where the employee resides; and for individuals located outside the EEA, the Federal and state laws of the United States unless the data protection laws of the country where the individual resides specify otherwise, in which case, such country’s data protection law will apply in accordance to its terms.

“Personal Data” means any information relating to an identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data does not include information that has been irreversibly anonymized or aggregated so that it can no longer enable us, whether in combination with other information or otherwise, to identify you.

3. Data Protection Principles.

We are committed to complying with the principles for the processing of Personal Data under Applicable Laws. In processing your Personal Data in accordance with these principles, we take steps to ensure the Personal Data we hold about you is:

4. Collected Data.

We collect the data that a user chooses to provide, for example, by completing a form to request a document. We also collect information by analyzing a user’s behavior on the Platform over time, to the extent permitted by applicable law; this information is collected through cookies and similar technologies. For information about cookies, see our Cookie Policy at Section 10.

Applicable Laws that govern the processing of Personal Data of users located in the European Economic Area and other countries may limit our ability to collect Personal Data as described below, or may grant users the right to limit or prohibit the use of their Personal Data.  These rights and restrictions are explained below in this Privacy Policy.
4.1. Log Data.

When a user uses, or interacts with, our Platform, or clicks on a link that directs the user to our Platform, the user’s browser automatically provides, and we automatically collect and store, certain information about the user’s device (computer, tablet, smartphone) and the user’s activities. This includes:

We collect this data for the proper operation of our Platform. Until the user registers with us, this data cannot be linked to a specific individual.

4.2. Traffic Data.
Data generated by the use of the Platform also include:

The data described above is collected through the use of cookies and helps us understand how an individual reacts to our content.

4.3. Name, Contact Details.

In various sections of the Platform users are asked to provide information about themselves, such as their name, e-mail address, phone number, billing address and organization, as applicable. This happens, for example, when a user requests to sign up for a newsletter, to become a member, or if the user participates in a survey that we conduct through our Platform.

Only the minimum amount of information necessary to operate or manage the account is mandatory. The user may elect to provide additional information, which we use to enhance the Platform, for example by offering access to social media accounts.

4.4. Payment Information

If a user requests services for which payment is required, the user is asked to provide payment information. This information is collected and processed by an external payment processor; it is not accessed or stored by THHM.

4.5 Restricted Member Area; Newsletters.
Restricted Member Area.
Certain areas of the Site are accessible only by members of THHM in good standing (“Members”). To access those areas, a Member must first register on the Platform and select a password. As part of such registration, we may request: first and last name; company or business name; email address; street address, including country and telephone number.

Only the minimum amount of information necessary to operate or manage the Members’ restricted area is mandatory. The Member may elect to provide additional information (at the time of registration or later), which we use to enhance the Platform.

Newsletters.

Users can sign-up to receive newsletters and other communications from THHM via our newsletter provider Mailchimp. To sign-up, a user is required to provide an email address. Each user can, at any time, request that we cease sending these newsletters. To do so, you can follow the directions provided at the bottom of each mailing, or you can contact us as indicated in the “Contact Us” section.

4.6. Communication from Users.

When a user completes an online form, visits our Platform (for example on social media), or otherwise contacts us, by email, phone or text, we automatically collect and store certain information about that user and the user’s activities, as we receive from such user, for example: the user’s name and contact information; information that the user provides to us; the user’s company or business information, if any; the nature of the communication; the purpose of the interaction, and the action we took in response to the user’s inquiry or request; and, any action the user takes upon receipt of such communication (for example, whether the user registers to attend an event that we offer, or requests to receive documentation).

The information collected in connection with each type of interaction is retained in accordance with our record retention policy, so that we can continue interaction with the requestor with respect to our Platform.

4.7. Membership and Donations.

If you click on the “Membership” and “Become A Member” or “Donations” tabs on our Site, you will be directed to a separate site at which THHM memberships are sold and donations can be made (the “Membership and Donation Site”). The Membership and Donation Site is operated by Blackbaud, Altru. All information submitted through the Membership and Donation Site is transmitted directly to Blackbaud Altru. All aspects of your purchase transaction, including without limitation credit card transactions, is provided by Blackbaud Altru. and not by us. However, certain information transmitted to the Membership and Donation Site will be shared with us as applicable. Additionally, we use the third-party service Donorbox to take and track donations.

4.8. THHM Store.

If you click on the “Store” tab on our Site you will be directed to a separate site at which THHM merchandise is sold located at https://THHMstore.com (the “Store Site”). The Store Site is operated by Shopify Inc. All information submitted through the Store Site is transmitted directly to Shopify Inc. and will be managed and used in accordance with the Privacy Policy for the Store Site rather than this Privacy Policy. All aspects of your purchase transaction, including without limitation credit card transactions, shipment of orders, and support related thereto, are provided by Shopify Inc. and not by us. However, certain information transmitted to the Store Site will be shared with us and as applicable.

4.9. Other sources of Personal Information or data.

If we receive Personal Data from you through our digital services other than as described in this Privacy Policy, it will still be used and managed in accordance with this Privacy Policy, unless otherwise stated at the time you provide the information. As described above, our digital services include features, functionality, or offers (such as ticket purchases, promotions, surveys, etc.) provided by third parties, and may also contain links to third party advertisers and others. When you make purchases through third parties, we do not receive your payment account information, as the purchase and payment transaction is processed by the third party. However we may sometimes receive your email or other information provided during a purchase from the company through which your transaction was processed. We may also receive information from other third parties collecting information on our digital services, such as a third party promotion in which you choose to register. Any third party websites or services to which our digital services link may use cookies, independently collect data or solicit Personal Data, and you should carefully review the privacy policies of these third parties before providing them any Personal Data. This Privacy Policy does not apply to any information you submit to third-party websites or services, including, without limitation, any sites to which our digital services may redirect you for purchasing tickets, or other sites that may be connected to our digital services by hypertext link or otherwise.

4.10. Correspondence Sent to Users.

Unless we are prohibited by applicable law from using cookies and a user has not otherwise indicated his/her preference regarding our use of cookies, we insert in some of our correspondence images or links that when viewed or clicked, allow us to know whether the user has accessed or declined to open correspondence. This action may also generate a cookie that allows us to count unique clicks or visits, and potentially track the recipient.

This information helps us understand how the individual reacts to our communications and limit the amount and nature of information provided.

4.11. Surveys and Contests

From time-to-time, we invite users to participate in surveys or contests. Participation is voluntary. These surveys are organized for the purposes of our marketing efforts. When a user participates, we request certain personal data such as name and email address.

This is necessary to ensure that responses are categorized properly and are not duplicated. Depending on the nature of the survey or contents, we use this information to send the survey results to the participants, or, if applicable, to notify contest winners and award prizes.

We also use the information in aggregate form, for analytics purposes, to understand our market, to monitor site traffic or app usage, or to modify our Platform to meet the needs or interests of users.

If we use a third-party service provider to conduct these surveys, the information collected by the service provider may be subject to both the service provider’s privacy policy and ours. We will provide information about the applicable privacy policies with the survey rules and will seek your explicit consent to these rules when required by law. You should read the terms of the survey or contest to understand the extent to which the service provider is allowed to use or reuse the information collected.

4.12. Comments on our Platform.

Some portions of the Platform (for example our presence on Social Media) allow users to submit comments, reviews, ratings and other information that may be displayed on the Platform and viewed by others. We recommend that you do not post on or through the Platform any information that you do not want to make available to other users or the public generally. You assume all responsibility for any loss of privacy or other harm resulting from information you post on the Platform.

4.13. Social Media.

Our Platform offers integration with third-party social media platforms. These services collect the user’s IP address and which page of our Platform the user is visiting. They may set a cookie to enable their features to function properly. Social media features and widgets are hosted by a third party or directly on our website. Your interactions with these features are at your sole discretion, and are governed by the privacy policy of the company providing the feature.

If you post any comments, reviews, photos or other information on our Facebook, Twitter, Instagram or Pinterest pages, we may display those comments, reviews, photos or information on the Site. In addition, your use of these social media services may result in the collection or sharing of information about you by these social media services. We have no control over, and decline all responsibility for, the use of your personal data by these third parties. We encourage you to review the privacy policies and settings on the social media services with which you interact to make sure you understand the information that may be collected, used, and shared by those social media services.

4.14. Children.

Our Platform is not directed to individuals under the age of 16. We do not solicit or knowingly collect Personal Data from such individuals. If you become aware that a child under the age of 16 has provided us with Personal Data, please contact us as indicated in the “How to Contact Us” section below. If we obtain actual knowledge that we have collected Personal Data from a child under the age of 16, we will take steps to delete such information from our database.

4.15. Other Information.

Certain areas of the Platform include free text fields, where you post content that may contain Personal Data. Some countries, including by way of example, the EEA, significantly restrict the use of certain information deemed “sensitive”.  Other countries, such as the United States try to limit the use and sharing of certain information such as social security number or financial account information, to limit identity theft.

We request that you do not disclose (unless specifically requested in the form that you are completing):

5. Information Collected by Third Parties.

Applicable Laws that govern the processing of Personal Data of users located in the European Economic Area and other countries may limit third parties’ ability to collect and use Personal Data as described below, or may grant users the right to limit or prohibit the use of their Personal Data.  These rights and restrictions are explained below in this Privacy Policy.

5.1. Google Analytics

Users of the Platform who have JavaScript enabled are tracked using Google Analytics. Unless the Google Analytics feature is blocked, as explained below, it collects the following types of information from the user:

The data collected by Google Analytics is primarily used to optimize the Site for our visitors.

However, we also use this data for marketing purposes, for example, to tell potential partners how many users visit the Site, where visitors come from, and how they arrive at the Site. See also Section 10.9.

5.2. Other Third Party Services.

In addition to Google Analytics and other third party services outlined in this Agreement, we use other third party services to automatically collect information from users, including, but not limited to, WordPress (and associated plugins), WP Engine, Amazon S3, Cloudflare, Cuseum, Google Search Console, MS Azure Cloud, and JetPack.

Parts of the Platform include third-party advertising, links to other websites, and other content from third party businesses. These third-party sites, businesses, and advertisers, or advertising companies working on their behalf, sometimes use cookies and similar technologies to measure the effectiveness of their ads, personalize or optimize advertising content, to track users who link from their respective website to the Site, and track the actions of users online over time and across different websites or platforms to deliver targeted electronic advertisements to an individual user.

Before visiting a third-party website, whether by means of a link on the Platform or otherwise, and before providing any information to any third party, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for the applicable third-party website.

6. Purposes of processing.

We use the information we gather through the Platform to help us better understand how the Platform is being used. By identifying patterns and trends in usage, we are able to better design the Site to improve your experiences, both in terms of content and ease of use.  We also use this information for direct marketing purposes, to contact and communicate with users, including to send them information about products or services we think might be of interest to you and to respond to your communications and requests.

Applicable Laws that govern the processing of Personal Data of users located in the European Economic Area and other countries may limit our ability to process Personal Data as described below, or may grant users the right to limit or prohibit the use of their Personal Data.  These rights and restrictions are explained below in this Privacy Policy.

Specifically, we use Personal Data for the following purposes:

6.1. Service.
6.2. Marketing.
6.3. Profiling.

To create a profile of a Platform user, through the use of profiling cookies and by collecting and analyzing information on the user’s interest in order to serve to each information and advertisements that may be relevant to that user. All algorithms involved in this processing are regularly tested, to ensure the processing’s fairness and control for bias.

6.4. Analytics.

For development and administration of the Platform, in order to improve THHM’s offerings and troubleshoot any technical issues that may arise in connection with the use of the Platform (“Analytics”).

6.5. Misuse or Fraud.

To prevent and detect any misuse of the Platform, or any fraudulent activities carried out through the Platform (“Misuse/Fraud”).

7. Legal Grounds for Processing.

For users located in certain countries, we are required to explain on which legal grounds we are permitted to collect and/or use the Personal Data as described above.

The table below includes the legal grounds on which we rely to process Personal Data as explained above, according to the purposes identified. We also explain whether the provision of information is mandatory or not, and the consequences for not providing the mandatory information:

Purpose
Legal Ground
Mandatory/Not
Membership
The information requested (i.e. identified as mandatory) in the membership profile is necessary in order to keep track of memberships The same amount of information is required from each submission.
Yes
Service
The information necessary to provide the services, fulfil the request that you make, take steps before entering into a contract with you, or perform a contract entered into with you.
No
If you do not provide the information we need, we will not be able to provide certain services to you over the Platform
Marketing
The collection of information for marketing is needed for the legitimate interest of THHM so that it can understand its market and have opportunities to communicate with potential or current customers so long that the use of the data is no overridden by the interest of the individual. Some forms of marketing to certain users may require opt-in consent, and we will request such consent as applicable.
No Users located in certain countries have the right to object to the use of their Personal Data for marketing purposes. There is no consequence for not providing the information. A user who has previously consented to the use of personal data for marketing, can withdraw this consent at any time.
Marketing to Existing Customer
Marketing to existing customers is based on THHM’s legitimate interest in expanding its relationship with individuals who have previously purchased or shown interest in goods or services provided by THHM that are identical or similar to those the individual has previously purchased or requested through the Platform.
No
Users can opt-out of these communications at any time.
Profiling
For some users, processing is based on the user’s consent, collected by means of the cookie pop-up banner and/or a specific tick box.
No
Users can elect to not consent to the collection of information about them through cookies. There is no consequence for such refusal other than not being able to benefit from greater personalization when using the Platform.
Analytics
THHM has a legitimate interest in understanding how users use its Platform, so that it can improve them accordingly both to enhance the user’s user experience, and to troubleshoot technical issues. However, if the use of the analytics includes marketing, then for users located in certain countries, we will request prior affirmative consent of the user
No
Misuse; Fraud
THHM has a legitimate interest in preventing and detecting fraudulent activities or misuse of the Platform for potentially criminal purposes.
No
8. Sharing with Third Parties.

We share Personal Data as indicated below.

Applicable Laws that govern the processing of Personal Data of users located in certain countries may limit our ability to share Personal Data as described below, or may grant users the right to limit or prohibit such sharing.  These rights and restrictions are explained below in this Privacy Policy.

8.1. Service providers.

We provide some of the Personal Data that we have collected to our service providers, which includes affiliated entities, hosting providers, e-mail platform providers; technical maintenance providers, contractors, affiliates, distributors, dealers, vendors and suppliers who provide certain services to us or on our behalf, such as operating and supporting the Platform, analyzing data, or performing marketing or consulting services, identifying and serving targeted advertisements, providing mailing or email services, tax and accounting services, payment processing, data enhancement services, analytics services, fraud prevention services, and similar services.

These Service Providers only have access to the information needed to perform these limited functions on our behalf and are prohibited from using your information for any purpose other than the purpose for which the Service Provider was engaged by us and/or as stated in this Privacy Policy.

8.2. Our Affiliates.

We share some or all of your information with our subsidiaries and corporate affiliates, joint venturers, or other companies under common control with us, such as [-]. We require these entities to comply with the terms of this Privacy Policy with regard to their use of our users’ information. This sharing is necessary for our legitimate interest and business purposes because we conduct joint activities with these entities, which require the sharing of contact and other information.

8.3. The Public.

When a user provides feedback or posts questions, comments, or other content on our Platform, these comments and any other information that the user may provide (such as the user’s name) may be displaced on our Platform, for example, on our social media pages.

8.4. DMCA Infringement Notifications, Counter Notices, Notices of Violations of Site Terms of Use.

We may share Personal Data with third parties if a person submits a Digital Millennium Copyright Act (“DMCA”) infringement notification or counter notification [as described in our Copyright Notice]. In addition, we may share Personal Data with third parties if we receive other notices regarding violations of our Terms of Service or other user’s rights (including communications about content stored on or transmitted through the Platform). For notices other than DMCA infringement notifications and counter notices, upon request, we will edit out the user’s name and contact information. However, DMCA infringement notifications and counter notifications will be forwarded as submitted to us without any deletions.

8.5 Persons under Confidentiality Obligation.

We also share Personal Data with employees or contractors working for THHM, volunteers, and other persons or legal entities that provide accounting, administrative, legal, tax, financial and debt collection matters, who are bound by a confidentiality obligation.

8.6 By Law or in Response to Subpoenas or Court Orders or to Protect Rights and to Comply with Our Policies.

To the extent permitted by law, we will disclose user Personal Data to government authorities or third parties if: (a) required to do so by law, or in response to a subpoena or court order; (b) we believe in our sole discretion that disclosure is reasonably necessary to protect against fraud, to protect the property or other rights of us or other users, third parties or the public at large; or (c) we believe that the user has abused the Platform by using it to attack other systems or to gain unauthorized access to another system, to engage in spamming or otherwise to violate applicable laws.

8.7 Business Transfers; Bankruptcy.

In the event of a merger, acquisition, bankruptcy or other sale of all or a portion of our assets, any user Personal Data owned or controlled by us may be one of the assets transferred to third parties. We reserve the right, as part of this type of transaction, to transfer or assign the Personal Data and other information we have collected from users of the Platform to third parties. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred user information will be subject to this Privacy Policy, or to a new privacy policy if you are given notice of that new privacy policy and you affirmatively opt-in to accept it. Any information you submit or that is collected after a transfer, however, may be subject to a new privacy policy adopted by the successor entity.

8.8 Aggregate Information.

We may share information relating to users of the Platform with third parties on an anonymous, or aggregated basis. While this information will not identify you personally, in some instances these third parties may be able to combine this anonymous information with other data they have about an individual, or that they receive from third parties, in a manner that allows them to identify that individual personally.

9. Retention of Personal Data.
Data uses
Retention period
Providing the Service
Retained as necessary to fulfil such purposes. We may retain the data as necessary to protect THHM’s interests related to potential liability.
Marketing and Profiling
Retained from the moment the user gives consent until consent is withdrawn.
Where it is not withdrawn, consent will be renewed periodically.
If consent is withdrawn or not renewed, Personal Data will no longer be used for these purposes.
We may retain the data as may be necessary to protect THHM’s interests related to potential liability
Marketing to Customers
Retained from the time when we receive it in the context of purchases or requests made via the Platform until the user objects to this processing.
If a user objects to the processing, the Personal Data will no longer be used for these purposes.
We may retain the data as may be necessary to protect THHM’s interests related to potential liability.
Compliance
Retained for the period required by the specific legal obligation or by the applicable law.
Analytics
Retained as long as necessary to fulfil the purposes for which it was collected, unless the user objects to the processing and there are no other legal grounds justifying the retention of the information.
Misuse, Fraud
Retained as long as necessary to fulfil the purposes for which it was collected, unless the user objects to the processing and there are no other legal grounds justifying the retention of the information.
10. Cookies and Other Technologies.
10.1 Overview.

Cookies are small text files that are sent to a user’s browser by the website visited or when an email is opened. They are used for numerous different purposes. Some operations within a website may not be performed without the use of certain cookies that are technically necessary for operation of the website. Other cookies may contain a unique ID code that allows tracking a user’s browsing activities within a website, for statistical or advertising purposes.

The use of cookies to create profiles on users and to send advertising messages that take into account the preferences revealed by the user while browsing websites may require prior consent from the user, according to the Applicable Law that applies to that user.

The Platform uses the following types of cookies:

10.2 First Party Cookies.

We use the following cookies:

Technical name
Cookie type, function and purpose
Duration
has_js
The has_js cookie is used by the Drupals Batch API and it is not related to user data.
Session
mem_storage
The cookie is used while a member is completing a form, to fetch member related information in our member database and assist in the completion of the form
Session
SSESSd52c5d14dabfab1e18a22add3109f3bb
Used to maintain the session of a logged in user
20 days
ah_app_server
The cookie is associated with Acquia cloud. This cookie gets created when a new user logs in. For any user with this permission, the site sets a cookie named ah_app_server. The cookie is deleted when the user logs out.
One year
_ga
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Two years
_gat
Used by Google Analytics to throttle request rate
Session
_gid
Registers a unique ID that is used to generate statistical data on how the visitor uses the website
Session
10.3 Analytics Cookies.

We use Google Analytics to collect information that permits evaluation of the use of the Website, analysis of user’s behavior and improvement of user experience. See Section 5.1.

10.4 Third Party Cookies.

We also use the following cookies owned by third parties:

Technical name
Cookie type, function and purpose
Duration
NID
Registers a unique ID that identifies a returning user’s device. The ID is used for targeted ads.
6 Months
rc::a
Used to distinguish between humans and bots.
Session
rc::b
Used to distinguish between humans and bots.
Session
rc::c
Used to distinguish between humans and bots.
Session

For further information on how these third parties use information, please refer to their privacy policies:

You can use Ads Settings to manage the Google ads you see and opt out of Ads Personalization. Alternatively, you can always adjust the corresponding settings in your browser software to prevent the use of advertising cookies.

10.5 Web Beacons.

A “Web Beacon” is an object that is embedded in a web page. It is usually invisible to you but allows us to check whether you have viewed a particular web page or email communication. We place Web Beacons on pages of the Platform, such as on our website and in emails we send to you. You may not decline Web Beacons.

10.6 How to Block or Disable Cookies.

You may choose to block our Platform and other sites from setting cookies by changing the settings of your browser. Please note that blocking or disabling certain cookies may interfere with certain functionalities of some parts of our Platform.

(a.) To learn more about cookies:
(b.) To obtain information specific to a particular browser:
10.7 Interest-based Advertising.

We use information collected about a user’s use of our Platform to arrange for advertisements about our service to be served to a user on third party’s websites in accordance with our e-Marketing Policy. To do so, our advertising service provider places or recognizes a unique cookie on the user’s browser and uses other techniques, such as pixel tags.

10.8 Opt-out of Interest-based Advertising.

Users may opt-out of receiving interest-based advertising as explained below. The opt-out may be provided through specific opt-out cookies.

(a.) To Control Advertising on Websites
(b.) Please note the following:

Using a new computer or a different browser, upgrading certain browsers, or modifying or erasing a browser’s cookie file, may clear an opt-out cookie.

Opting out of receiving interest-based advertising does not result in blocking all advertisements served to your equipment. You will continue receiving advertisements; these advertisements will be generic or based on the content of a webpage that you are visiting, instead of being targeted to your specific interests.

There are many more companies listed on these sites than those that place cookies on your device when you access our Platform.

10.9 Google Analytics, Demographics and Interest Reporting.

We use demographic information we collect through our use of Google Analytics Demographics and Interest Reporting solely for purposes of performing internal statistical analytics relating to the Site.

10.10 Social Media.

You can edit or remove the permissions you have granted to use information from your connected social media accounts by adjusting the privacy settings on your social media account. See the following for instructions on how to change or remove third party access on each platform:

11. Transfers of Personal Data.

Personal Data is collected and processed in several different countries. To ensure the lawfulness of the transfers of personal data across borders, we rely on decisions from the European Commission and standard data protection clauses adopted by the European Commission.

12. Security of Personal data.

We use commercially reasonable technical, organizational, and administrative safeguards to protect information within our control against unauthorized or unlawful access, use, modification, destruction, processing or disclosure, and against accidental loss, destruction, or damage. We believe that these measures are reasonably adapted to the nature of the information in our custody.

We limit access to our users’ personal data to only those employees and third parties who reasonably need access to it to perform the activities attached to their job responsibilities.

However, due to the realities of data security, no security system or storage system can be guaranteed to be 100% effective or secure. Thus, we cannot guarantee that any information provided to us, collected by us or transmitted by us will not be accessed, hacked, disclosed, altered, or destroyed by unauthorized parties.

12.1 Breach of Security.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us might have been compromised), or if you suspect someone else is using your account, please let us know immediately by contacting us as indicated in the “How to Contact Us” section.

12.2 Lost or Stolen Information.

You must promptly notify us if your credit, bank, other financial institution information, username, or password is lost, stolen, or used without permission. In such an event, we will assist you in updating your account details.

13. Rights of Individuals.

The EU General Data Protection Regulation (GDPR) grants individuals who are in the European Union and European Economic Area (EU/EEA) the following rights, with some limitations. THHM extends these rights to all users and members, subject to the limitations set forth in Articles 15 to 23 of the GDPR. Individuals may contact us, at the address provided in the “How to Contact us” section below, to exercise any of those rights and we will respond as defined in the applicable provision(s) of the GDPR.

13.1 Right Not to Provide Consent or to Withdraw Consent.

We may seek to rely on your consent in order to process certain personal data. Where we do so, you have the right not to provide your consent, and the right to withdraw your consent at any time. If you withdraw your consent, this will not affect the lawfulness of the processing conducted based on consent before its withdrawal.

13.2 Right of Access.

You have the right to obtain confirmation as to whether or not we collect or process personal data concerning you and, if this is the case, you have the right to request a copy of such personal data in digital format.

13.3 Right of Rectification.

You have the right to require that we correct any inaccurate personal data concerning you, and that we complete incomplete personal data.

13.4 Right of Erasure.

In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes for which it was originally collected.

13.5 Right to Restrict Processing.

In certain circumstances, you have the right to request that we restrict the processing of the personal data that we have collected about you; for example, where you believe that the personal data that hold about you is not accurate or lawfully held.

13.6 Right to Data Portability.

In certain circumstances, you have the right to receive the personal data concerning you that you have provided us in a structured, commonly used, machine readable format, and the right to obtain that we transmit the data to another entity where technically feasible.

13.7 Right to Object to the Processing.

In certain circumstances, you have the right to request that we stop processing your personal data.

13.8 Right to Object to the Processing for Direct Marketing Purposes.

You have the right to request that we stop sending you marketing communications.

13.9 Right Not to be Subject to Decisions Based Solely on Automated Processing that Produce Legal Effects.

In certain circumstances, you have the right no to be subject to a decision based solely on automated processing – including profiling – that produces legal effects or similarly affects you.

13.10 Right to Complain to a Supervisory Authority.

You have the right to lodge complaint with a supervisory authority or other dispute resolution mechanism if you believe that our processing of personal data relating to you infringes your rights under Applicable Law.

14. Rights of Users Located in California.

California requires operators of websites or similar services to make certain disclosures to users who reside in California regarding their rights, specifically:

14.1 Shine the Light.

Under California law, a business that has an established business relationship with an individual, and has, within the immediately preceding calendar year, disclosed personal data that is primarily used for personal, family or household purposes to third party for the third party’s direct marketing purposes, must disclose to its California users, upon request, the identity of any such third party, along with the type of personal data disclosed.

You can contact us to as provided in the “How to Contact Us” section. Please note that under California law, businesses are only required to respond to a user’s request once during any calendar year.

14.2 Do-Not-Track.

Some browsers give individuals the ability to communicate that they wish not to be tracked while browsing on the Internet. California law requires that we disclose to users how we treat do-not-track requests. The Internet industry has not yet agreed on a definition of what “Do Not Track” means, how compliance with “Do Not Track” would be measured or evaluated, or a common approach to responding to a “Do Not Track” signal. Due to the lack of guidance, we have not yet developed features that would recognize or respond to browser-initiated Do Not Track signals in response to California law.

In the meantime, there are technical means to prevent some of the tracking, if any.

15. Privacy Changes.

Because of changes in technology and the growth and development of our business, or for other business reasons, we may need to modify this Privacy Policy from time to time. We will notify you of changes to this Privacy Policy by posting the amended terms on the Site at least thirty (30) days before the effective date of the changes. If you do not agree to the new terms, you should stop using the Site, and you will not be bound by the new terms. Otherwise, the new terms will take effect after thirty (30) days.

We reserve the right to amend or update this Privacy Policy at any time. We will inform you of such changes as soon as they are introduced, and they will be binding as soon as they are published on the Platform or later, as provided by applicable law. Please regularly visit this page to acquaint yourself with the latest, updated version of the Privacy Policy.

16. How to Contact Us.

The data controller is THHM with a principal address at: [P.O. Box 6001, Bronx, NY 10451].

If you have any questions about this Privacy Policy, you may:
Send an email to: tony@THHM.org
or
Send postal mail to:
The Hip Hop Museum
P.O. Box 6001
Bronx, NY 10451