If you are within or are a resident of the European Economic Area (the “EEA,” which includes the 27 European Union Member States, Iceland, Lichtenstein and Norway), Switzerland or the United Kingdom (“UK”) (collectively, the “EU”), NEFA is the responsible party with respect to Personal Data (defined below) collected through the Services. If you have any questions or concerns at any time, please do not hesitate to contact us at 1000 Washington St, 2nd Floor, Boston, MA 02118; or via e-mail at: firstname.lastname@example.org.
This Policy covers how NEFA uses and treats information collected and received from you when you visit and interact with the Sites, use the Portal or otherwise utilize our Services. This Policy provides details on NEFA’s privacy practices in relation to the Services, including:
This Policy is effective as of October 28, 2021.
1. General Privacy Considerations
As detailed herein, certain information you provide to NEFA in connection with certain Services, including personal data (as defined below), may be provided to international, national, state, local and municipal arts agencies and other intermediary cultural organizations that assist NEFA in connection with their public responsibilities to promote and foster citizens’ interest in the arts, humanities, interpretive sciences, and other cultural and creative fields through advocacy, funding, and other operations and activities which support and serve the interests of the artistic, cultural, and creative community (collectively, our “Creative Community Partners”). These Creative Community Partners include, but are not limited to, the National Endowment of the Arts (“NEA”) and arts agencies and cultural organizations in Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island, and Vermont.
Personal data (“Personal Data”) is generally defined as any type of information that, by itself or in combination with other information, could be used to identify you, could be reasonably associated with you, or information that may be used to gain access to your personal accounts. Examples of Personal Data include, but are not limited to, your name, address, telephone number, e-mail address, username and password, Internet protocol (“IP”) addresses or other online identifiers, credit/debit card number or other financial information, professional or employment-related information, office address and other business information, demographic information, state and/or federal identification numbers (e.g., social security number), etc., or any combination thereof.
Based upon this Policy, you can, in some instances, make an informed choice as to the information you wish to share with us. As a general matter, we take reasonable precautions to protect your privacy, when appropriate, depending on the information to be protected. We cannot and do not, however, guarantee absolute privacy. As detailed in this Policy, certain information that you provide to NEFA, including Personal Data, may be disclosed and displayed publicly in certain areas of the Services for users and other third parties to use as they see fit. For example, one of the principal functions of our Services is to create an online directory whereby artists, presenters, performers, and venues will be able to collaborate professionally with each other and with other resources. Collaboration would be difficult, if not impossible, unless users openly disclosed enough information about themselves to allow other interested parties to contact them in order to facilitate productive interactions. This disclosure, however, only relates to your information as an artist, cultural organization, or member of the creative community. We do not make your user account information public. You may be able to refuse to supply certain Personal Data, with the caveat that refusing to do so may prevent you from engaging in certain Services-related activities.
This Policy only applies to information that we collect from the Services identified above, and does not apply to information that we may collect in any other forums or by other methods. Also, to the extent that our Services contain any content which conflicts with the terms of this Policy, this Policy shall control. This Policy does not apply to the privacy practices of any Creative Community Partner or other organization with which NEFA may be affiliated or from which we may receive funding, data, or other resources. We make no representations and are not responsible for the privacy, information collection, disclosure, and data aggregation practices of any other entity or organization. This Policy also does not apply to any other websites or databases for which NEFA or other users may provide links. NEFA is not responsible for the privacy practices and data collection policies for such external sites. Please consult the appropriate policy of each such external site or database if you have any questions about its privacy practices.
2. Policy Revisions
We may update this Policy from time to time in response to changing legal, technical or business developments. When we update our Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. Your continued use of the Services after any changes are made to this Policy constitutes your acceptance of the changes. If any of the changes are unacceptable to you, you should cease using the Services.
We will obtain your consent to any material Policy changes if and when this is required by applicable data protection laws. If you do not opt-in to such material changes, your information will continue to be used in a manner that is consistent with the version of this Policy under which it was collected, or the information will be deleted.
3. What Information We Collect and How We Do It
Information can generally be collected on the Sites or through the Services in two ways: (1) Information that is knowingly and voluntarily input and sent by you; and (2) information that is collected automatically. If you decide to use the functions and features of the Services, you may be required to input certain Personal Data at various times. In addition, as described below, the Services automatically collect some information from you when you use and interact with them.
For example, depending upon what you want to use the Services for and how you use them, you may be required to disclose your e-mail address and other information about yourself and/or your organization. This would be a voluntary disclosure by you of Personal Data. Such information may be available to others from your e-mail service provider in certain circumstances (which you likely provided when you first opened your e-mail account). Thus, Personal Data could be disclosed to other users or third parties who use the Services. The transmission of an e-mail or other communication voluntarily initiated by you to NEFA or to another user can also transmit Personal Data about you. You should not send Personal Data via unencrypted e-mail, particularly information which you deem to be sensitive or confidential. Furthermore, any information that you provide about yourself in any posting intended to be viewed by others will result in the voluntary disclosure by you of your Personal Data. Any such information voluntarily provided by you could also be disclosed and disseminated to others outside of your intended recipient or audience.
a. Information Provided Voluntarily
There are areas of the Services where we may ask you to provide NEFA with Personal Data. For example, we collect Personal Data (and other related information) such as name, mailing and/or shipping address(es), e-mail address, telephone number, credit/debit card number or other payment information, company/organization name, occupation or job title, and areas of interest from you when you:
We also may ask you to provide information about your artistic practice as well as your educational and professional background, such as any affiliations you may have with other artistic, cultural and creative organizations. This information may not be able to identify you on its own, but to the extent it is reasonably capable of being associated with you after it is combined with other information available through the Services, we will treat such information as Personal Data.
If you upload or post any media on or through the Services, and such media includes your Personal Data, then such Personal Data may be available for other users of the Services to copy or download, and we cannot guarantee that those other users will not use, display or republish your media and Personal Data.
b. Information Collected Automatically
The automatic collection of information refers to information collected from you that does not require you to intentionally provide information in response to particular prompts or fields. For example, a site may use "cookies." A cookie is a small text file placed automatically on your computer's web browser that is used to recognize users who have previously visited the site. In general, these cookies are persistent, and may reside and be stored on your computer after you last accessed the site (or until you delete or otherwise disable the cookies). A site may also use temporary cookies called "session cookies," which are stored for a single user session with the site and are deleted as soon as the user's browser is shut down.
We automatically collect your IP address. An IP address is a unique series of numbers that identifies each computer connected to the Internet. An IP address can be used to provide information such as the date and time of a user's visit, the availability of requested files, the popularity of various site functions, and the amount of information transmitted to each user from a site. Presently, NEFA uses your IP address to address the frequency of your use of the Sites and to determine the frequency with which certain pages and functions of the Sites are accessed. This will allow us to improve the Sites' functionality and to determine which features generate the most interest. If you access or use the Services and are not a registered user, only a particular computer may be identified through its IP address, so your usage of the Services is not generally matched with your other Personal Data in such circumstances.
We will not routinely attempt to match your particular IP address to any Personal Data that you may provide to NEFA on your own, except in certain exceptional situations. For example, in instances where NEFA reasonably suspects or determines that the Services are being used for any unacceptable, inappropriate, or illegal purposes, information relating to your use of the Services may be disclosed to other parties as is necessary to investigate the matter. Such information may also be disclosed pursuant to any authorized law enforcement investigation, or in order to avoid imminent physical harm to any person or harm to any NEFA property.
4. How We Use and/or Disseminate Your Personal Data
Once Personal Data is collected through your use of the Services, regardless of how often you use it, NEFA will make certain uses of such Personal Data for our own internal and administrative purposes. More specifically, NEFA may use your Personal Data and other information to:
Our Creative Community Partners may have access to certain Personal Data and other information based where you reside. For example, the Massachusetts Cultural Council could have access to certain information about artists who reside in Massachusetts, but not those who reside in other areas of New England. A Creative Community Partner may need this information about you in order to fulfill its responsibility to its legislature for funding or public reporting purposes. Your information may then be disseminated publicly pursuant to your state's particular information collection and disclosure laws, regulations and procedures.
Your Personal Data and other information also may be combined, aggregated, or correlated with other information that one or more of our Creative Community Partners may have in its possession about you. If you have any questions about how a Creative Community Partner is going to use your Personal Data and other information, you must contact the appropriate party acting as the applicable Creative Community Partner where you reside for more information. In addition, as stated above, we may use and process your Personal Data and other information for our own purposes independent from the purposes of our Creative Community Partners. For example, we may combine your Personal Data and other information with data we maintain that would not otherwise be available to a Creative Community Partner.
Each Creative Community Partner also will have access to certain aggregate data about the users of our Services. "Aggregate data" is statistical data comprised of many pieces of information from other users with all personally identifiable characteristics removed. For example, each Creative Community Partner may want to know the total number of people in a given state, city, or other jurisdiction who use the Services over a certain period of time. As another example, a Creative Community Partner may want to know the total number of venues or performers that are listed on or through the Services. There are any number of ways in which aggregate data may be compiled and disseminated to a particular Creative Community Partner. While this aggregate data may become publicly available, it generally will not be personally identifiable to any particular user. Aggregate data will help us and each Creative Community Partner better understand how the Services are being used, your needs while using the Services, and how to increase and improve the Services’ features and functionality for all users.
Except as noted in this Policy, NEFA does not sell or share your Personal Data with any person or entity outside of NEFA.
a. Third Party Service Providers
NEFA contracts with certain third-party service providers to provide the Services. We provide third party service providers with information in our control so that services can be performed on NEFA’s behalf according to the terms of our agreement with the respective service provider. We do not purposely or knowingly disclose your Personal Data to third party service providers unless we are required to do so or we have your consent.
NEFA uses hosting and data storage service providers, such as SalesForce, to process and store data related to your use of the Services. More information on how SalesForce collects, processes and stores data can be found at https://www.salesforce.com/company/privacy/.
NEFA uses donation/payment processors, such as SoapBox, to process online donations you make on or through the Service. More information on how SoapBox collects, processes and stores data can be found at http://www.picnet.net/privacy.
NEFA uses event registration vendors, such as EventBrite, to process any online registrations you make on or through the Services for events operated or sponsored by NEFA. More information on how EventBrite collects, processes and stores data can be found at https://www.eventbrite.com/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_US.
NEFA uses survey providers, such as SurveyMonkey, to process responses you provide to surveys and other questionnaires provided on or through the Services. More information on how SurveyMonkey collects, processes and stores data can be found at https://www.surveymonkey.com/mp/legal/privacy-policy/.
NEFA may share certain portions of Personal Data and other information with its vendors in order to make the Services function properly. This may include sharing Personal Data and other information with:
You may be able to opt-out of NEFA sharing your Personal Data with the entities identified above by sending NEFA a detailed email using the contact details provided under the “Contact Information” heading below, unless the sharing of your Personal Data is necessary to perform one of the following business purposes:
b. Investigations Regarding Violations of NEFA’s Terms and Conditions of Use
As stated in more detail in the Terms and Conditions of Use (“TCU”), it is your responsibility to ensure that you use the Services responsibly and in accordance with our Unacceptable Use and Content Policy ("Use and Content Policy"). If NEFA receives a complaint from another user or other third party, or otherwise learns that you are using the Services inappropriately or posting content in violation of the Use and Content Policy, whether intentionally or not, we may access your Personal Data and other information to determine, in our sole discretion, the validity and substance of such a complaint. If NEFA reasonably deems the complaint to have merit or if it requires further investigation, Personal Data relating to your use of the Services may be disclosed to other parties as we deem appropriate to determine if a violation of the TCU has occurred. Such information may also be disclosed pursuant to any authorized law enforcement investigation or other legal process, regardless of whether it was initiated by NEFA or another party. For example, if NEFA receives a subpoena or court order, we may be required to disclose the information to the appropriate authorities.
We may also take other remedial actions with respect to your use of the Services or content that you post or upload to the Services, as described in the TCU. We may also access your information if you contact us and give us permission to do so. In addition, if you provide NEFA with Personal Data, NEFA may match and/or aggregate this with other information and data about you that we already have in our possession. Furthermore, NEFA may have certain disclosure obligations to the federal government due to our involvement with the National Endowment for the Arts (NEA) or to the state governments with whom we partner or affiliate, as described above.
c. Other Disclosures
If you contact NEFA via e-mail or letter regarding the Services and we are not the appropriate party regarding the subject of your inquiry, we may forward and disclose your communication to the appropriate party for the matters referred to therein. This could include our service provider, a vendor, a Creative Community Partner or other funding organization or state arts agency, for example. For instance, if you contact NEFA and have specific questions about our funding or the grant process, we may forward your communication to another party for consideration.
NEFA may also share your Personal Data with a third party if NEFA’s ownership status changes, such as if it is acquired by another entity.
Other than what is referenced above, the Personal Data and other information collected from you is not shared with nor sold to any person or entity outside of NEFA. By providing to NEFA the Personal Data and other information referenced above, you agree that NEFA may use, sell and share such Personal Data and other information in accordance with the terms of this Policy
5. Security and Retention
We use appropriate technical and organizational measures to protect the Personal Data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data.
While NEFA takes the issue of protecting your Personal Data seriously, you should exercise discretion in what information you disclose and/or transmit to the Sites or through the Services. NEFA cannot guarantee that information sent over the Internet is fully secure, and therefore the transmitted information may be intercepted by others before it reaches NEFA. If you are concerned about sending information to NEFA over the Internet, please send the information by mail or call us to make other arrangements. NEFA is not responsible for the security of information sent over the Internet.
Certain areas of the Services, however, are only accessible by password and are not available to the general public. You are responsible for selecting and maintaining the confidentiality of your password and account information. Any sharing of your password and account information is done at your own risk. In addition, Pantheon, our service provider, will be making back-up copies of the Sites at regular intervals.
NEFA retains Personal Data only for as long as necessary to fulfill the stated purpose for which the Personal Data was collected or otherwise processed, and thereafter for a variety of legitimate legal or business purposes. These may include retention periods that are: (i) mandated by law, contract or similar obligations applicable to NEFA’s operations; (ii) for preserving, resolving, defending or enforcing our legal/contractual rights; or (iii) needed to maintain adequate and accurate organizational and financial records. We will delete your Personal Data as soon as the respective purpose for its use is not applicable anymore and no legal obligation to retain such data exists.
If you have any questions about the security or retention of your Personal Data, you can contact us using the contact details provided under the “Contact Information” heading at the bottom of this Policy.
6. Legal Basis for Processing Personal Data
Our legal basis for collecting and using the Personal Data described above will depend on the type of Personal Data at issue and the specific context in which we collect it.
However, we will normally collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is necessary to fulfill legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
Similarly, if we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under the “Contact Information” heading, below.
7. Review of Collected Personal Data/Your Rights and Choices
You have certain rights regarding your Personal Data, namely the rights to:
If you would like to review, edit, delete or obtain a copy of any of the Personal Data NEFA holds about you, if you wish NEFA to stop using your Personal Data in the manners specified in this Policy, or if you would like to exercise the rights listed above in any other way (subject to any applicable legal exceptions), please submit your request to us using the contact details provided under the “Contact Information” heading, below.
NEFA may refuse any request made regarding collected Personal Data if it is unable to verify the identity of the person making the request or if it cannot authenticate the legitimacy of the request using commercially reasonable efforts. Under such circumstances, NEFA may follow up with you for additional information as reasonably necessary to authenticate your request. Subject to applicable legal requirements, if NEFA refuses to act on a request you make based on the rights listed at the beginning of this section, you may have a right to submit an appeal by contacting us using the same method as when you made the initial request. In the event NEFA must deny your appeal, we will provide a way for you to forward your complaint to the appropriate legal authorities, depending on where you reside.
Even if you correct, update, or replace Personal Data that NEFA has collected about you, your outdated information may still exist indefinitely with the applicable Creative Community Partner(s) where you reside, in other forums or on other sites as they may archive your information for an indeterminate period of time. This may also occur even if you no longer use the Services and/or if you delete your Personal Data from the Services in its entirety. Therefore, please be as specific as possible in your request. If the request relates to information that NEFA needs to make the Services function properly for you, you may not be able to use the Services properly moving forward.
Under the General Data Protection Regulation (“GDPR”), if you are within or are a resident of the EU, then you also have the right to lodge a complaint about NEFA’s processing of your Personal Data with a supervisory authority. In particular, you may lodge a complaint in the Member State where you live or work or where the alleged violation took place.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Requests can also be made using the contact information supplied below.
We collect only the information that is reasonably required in connection with the Services. NEFA reserves the right to maintain proper organizational records as required by law, or for otherwise legitimate interests to the extent permitted by law, even if such records contain your Personal Data.
NEFA does not knowingly collect any information from minors, nor are the Services directed at or intended for minors. If a minor somehow uploads/posts information to the Services that is publically available, and the minor subsequently wants that same information deleted, the minor has a right to request that said information be removed from public viewing. A minor may email email@example.com and request that any such information be removed. Any removal of content by NEFA does not ensure or guarantee complete or comprehensive removal of the content in all places. The content may have been shared or reposted by other parties, or certain laws may require maintenance of the content or information.
NEFA does not respond to nor recognize “do not track” or similar technical requests you may activate through your computer or browser settings. As referenced above, NEFA does not sell any Personal Information collected through the Services, which are not currently configured to respond to “do not track” or similar automated privacy controls. To learn more about ways to possibly opt-out of certain kinds of tracking that occur when you browse the Internet generally and may lead to targeted advertising, visit the Network Advertising Initiative website (at http://www.networkadvertising.org/choices) and the Digital Advertising Alliance website (at http://www.aboutads.info/choices).
8. Children's Information
The Services are intended for individuals 18 years of age and older.
The Services are not directed at, marketed to, nor intended for, children under 13 years of age. NEFA does not actively market, target, or direct our efforts to, or knowingly collect Personal Data from, children under 13 years of age. The content and use of the Services are intended for adults only. If NEFA learns that any information was provided through the Services by a person younger than 13 years of age, NEFA will delete the information immediately.
9. California Residents
10. Links to Other Websites and Online Services
NEFA may also allow interaction between the Services and other sites, mobile apps or other online locations which provide social media sharing services. This may include the “Like” button or other plugins available through the Services that allow you to share information with persons outside of the Services. Please consult the privacy policies of those third-party providers before using them to make sure you are comfortable with the level of sharing.
11. International Concerns
If you are outside of the United States, you are responsible for complying with any local laws regarding your use of the Services, and any related data collection. You also agree and acknowledge that by providing any information, including Personal Data, through the Services, that such information will be transmitted to, and stored in, the United States.
If you are a resident of the EU, the Personal Data that we collect from you may be disclosed to and processed by staff operating outside the EU. Disclosure will be to individuals who work for NEFA, our related organizations, and companies with which we have contracted to process or store this data on NEFA’s behalf. By providing us Personal Data on or through the Services, you are indicating your consent for your Personal Data to be sent and stored outside the EU.
The individuals and organizations that receive Personal Data as a result of international transfers out of the EU must follow our express instructions with respect to the use of Personal Data and they must comply with appropriate security measures to protect your information.
12. Contact Information
For any questions about this Policy or NEFA’s information collection, processing and dissemination practices, please contact NEFA via mail at: New England Foundation for the Arts, 145 Tremont Street, 7th Floor, Boston, MA 02111; or via e-mail at: firstname.lastname@example.org.
It is the policy of NEFA to strictly enforce this Policy. If you believe there has been some violation of this Policy, please contact us.
This Policy was last updated on October 28, 2021.