Privacy Policy

MSM Privacy Policy and Notice

Effective Date: July 22, 2020

The Minnesota Streetcar Museum is committed to protecting your privacy. There are various ways that you might interact with MSM, and the information you provide when doing so allows us to improve our museum and serve members and volunteers. We may collect, use and store your personal data, as described in this Policy and as described when we collect data from you.

We reserve the right to amend this Privacy Policy from time-to-time without prior notice. You are advised to check our website https://trolleyride.org for the latest version.

This Privacy Policy applies to the Minnesota Streetcar Museum Inc., “MSM”, “trolleyride.org”, “msmuseum.org”, “MN Streetcar Museum”, “Como-Harriet Streetcar Line”, “CHSL”, “Excelsior Streetcar Line”, and “ESL”, divisions of Minnesota Streetcar Museum Incorporated (collectively, “The Minnesota Streetcar Museum”, “MSM”, “we”, “us”, “our”) and covers our processing activities as a data controller.

This website, our related websites and any mobile site or mobile application that link to this Privacy Policy (collectively, the “Site”, “Sites”) are owned and operated by Minnesota Streetcar Museum Inc. with its principal places of business at 2330 West 42nd St., Minneapolis, MN 55410, USA, 4291 Queen Ave. S., Minneapolis, MN 55410, USA, and 501 Highway 7, Excelsior, MN, 55331, USA. The postal mailing address for MSM is PO Box 16509, Minneapolis, MN, 55416-0509, USA.

1. Key Definitions

On this page, and the pages which it links to, we have used some words and phrases, and these are explained below.

The EU General Data Protection Regulation 2016/679 (GDPR) and the Data Protection Act 2018 (which supplements the GDPR) came into force on 25 May 2018. We refer to these as “data protection law”.

“Personal data” means any information which relates to a living, identifiable person. It can include names, addresses, telephone numbers, email addresses etc. but it is wider than that and includes any other information relating to that person or a combination of information which, if put together, means that the person can be identified.

“Special category data” means personal data about a person’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.

“Processing” covers all activities relating to the use of personal data by an organization, from its collection through to its storage and disposal and everything in between.

“Data subject” means the person whose personal data is being processed.

“Data controller” means the organization which is responsible for processing data and ensuring that personal data is processed in accordance with data protection law.

2. Our Policy

MSM complies with the principles of data protection law, the six overall guiding principles are:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality

3. How We Collect Your Personal Information

Different personal data is collected in different ways.

a) Personal data you provide to us

You will provide MSM with personal data when you correspond with MSM, either on your own behalf or on behalf of an organisation. You will also provide us with personal data when you subscribe to receive our communications. If you choose to join MSM as a member you will also voluntarily provide personal data.

b) Personal data we collect automatically

As you use the Website, we will collect technical data including your browser type, the Internet Protocol (IP) address used to connect your computer to the internet, and site page usage and visit statistics. MSM collects this data using cookies and log files. Except as noted in this privacy policy we do not link personal data we collect automatically with personal data provided to us voluntarily.

Cookie Declaration

We use cookies to remember certain user information such as your login or shopping cart, provide and make improvements to the Website, ensure that the Website is secure, analyze how users interact with the Website, and address any issues you may experience with the Website. We may also use cookies to ensure you get relevant communications from us should we advertise on social media or other websites. You consent to our cookies if you continue to use our website. You may, at any time, disable or refuse to accept cookies by changing the preferences or settings on your web browser. If you choose to disable cookies, you will still be able to use our website. However, you will not be able to fully take advantage of certain automation and other functionality features available.

Cookies are small text files that are stored automatically on your computer by websites which allow things such as avoiding the need to log in as frequently, which saves time, and create a customized website that fits your needs.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

4. How We Use Your Personal Information

As a data controller, we will only use your personal information if we have a legal basis for doing so. The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is explained below.

  • To provide you with information and materials that you request from us.
    • It is in our legitimate interests to respond to your queries and provide any information and materials requested in order to provide customer service.
  • To personalize our services and products and the Sites to you.
    • It is in our legitimate interests to improve the Site in order to enhance your experience on our Site, to facilitate system administration and better our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
  • To update you on services and products and benefits we offer.
    • It is in our legitimate interests to market our services and products. We consider this use to be proportionate and will not be prejudicial or detrimental to you. For direct marketing sent by email to new contacts (i.e. individuals who we have not previously engaged with), we need your consent to send you unsolicited direct marketing.
  • To send you information regarding changes to our policies, other terms and conditions and other administrative information.
    • It is in our legitimate interests to ensure that any changes to our policies and other terms are communicated to you. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.
  • To administer our Sites including troubleshooting, data analysis, testing, research, statistical and survey purposes; To improve our Sites to ensure that consent is presented in the most effective manner for you and your computer, mobile device or other item of hardware through which you access the Sites; and to keep our Sites safe and secure.
    • For all these categories, it is in our legitimate interests to continually monitor and improve our services and your experience of the Sites and to ensure network security. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.
  • To measure or understand the effectiveness of any marketing we provide to you and others, and to deliver relevant marketing to you.
    • It is in our legitimate interests to continually improve our offering and to develop our museum. We consider this use to be necessary in order to effectively generate interest and will not be prejudicial or detrimental to you.
  • To enforce the terms and conditions and any contracts entered into with you.
    • It is in our legitimate interests to enforce our terms and conditions of service. We consider this use to be necessary for our legitimate interests and proportionate.
  • To enable us to contact others in the event of an emergency (we will assume that you have checked with individuals before you supply their contact details to us).
    • This is required for protecting the vital interests of you, your dependents, and of others involved in an emergency situation.
  • To deliver membership benefits to you.
    • This is required for performing our contract with you as a member. This includes postal and electronic communications for members including newsletters and history publications.

We usually process your special category data with your explicit consent.  In other cases, we do so because we consider it necessary:

  • Very occasionally, for the establishment, exercise or defense of legal claims.
  • In emergency situations
  • For statistical purposes (but not to take decisions about you).

If you do not wish to provide us with your personal data and processing such data is necessary for the performance of a contract with you and to fulfill our contractual obligations to you, we may not be able to perform our obligations under the contract between us. Where you provide consent, you can withdraw your consent at any time and free of charge, but without affecting the lawfulness of processing based on consent before its withdrawal. You can update your details or change your privacy preferences by contacting us by postal mail.

5. Data Retention: How Long We Keep Your Personal Data

a) Information about customers

We will retain personal information which we process on behalf of our customers for as long as needed to provide services and products to our customers and in accordance with any agreement in place with our customers. When you contact us, we may keep a record of your communication to help solve any issues that you might be facing. Your information may be retained for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirement.

b) Information about members

We will retain personal data about a member for as long as they are a member of MSM and for as long afterwards as is necessary for our permanent museum archives, to answer questions about your membership, and to allow future re-instatement of a lapsed membership.

6. Sharing of Your Data

We do not sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where we are required to do so by law or as detailed in section four above or as explained in the remainder of this section.

We may pass your personal data to third parties who are service providers, agents and subcontractors to us for the purposes of completing tasks and providing services to you on our behalf, e.g. to print historic publications and send you mailings on our behalf. However, we disclose only the personal data that is necessary for the third party to deliver the service and we require them to keep your information secure and not to use it for their own purposes.

The types of third parties we may share elements of your personal data with include:

  • Payment processors engaged by us to securely store or handle payments information, such as credit or debit card details.
  • Providers of email management and distribution tools – for example, if you sign up to receive newsletters or other marketing messages we will manage the delivery of these to you using a third party email distribution tool.
  • Providers of data aggregation and analytics software services that enable us to effectively monitor and optimize the delivery of our site and services. One such provider we use is Google Analytics. See the site “How Google uses data when you use our partners’ sites or apps” for specific details on Google’s data policies.
  • Providers of online cloud storage services and other essential IT support services
  • Museum members may be provided with a membership directory or roster of other members including names, email addresses, postal addresses, and telephone numbers.
  • Museum members may be provided with a directory or roster of museum volunteers including names, email addresses, telephone numbers, certified operator status, and museum position or title.

We may also share personal data with third parties where you expressly authorize us to, such as where we run a promotion in conjunction with a partner and you instruct us to share your email address with that third party for the purpose of receiving promotional emails.

Certain information may also be collected from you by third parties such as advertisers, marketing networks and affiliates using cookies and similar technologies. For example your IP address and events relating to your activity like searches you have carried out or pages you have viewed on our site may be collected and transmitted to these third parties to allow them to serve relevant advertising to you across the web and/or provide us with site statistics and analysis allowing us to improve our site. The information that is collected in this way will never include your name, contact details or other information that would enable you to be identified in the offline world.

7. International Transfers of Your Data

MSM is located in the United States. When information is provided to MSM it will typically be stored in the United States. We may transfer to, and store the data we collect about you in, countries other than the country in which the data was originally collected, including the United States, Canada or other destinations outside the European Economic Area (“EEA”). Those countries may not have the same data protection laws as the country in which you provided the data. When we transfer your data to other countries, we will protect the data as described in this Privacy Policy and comply with applicable legal requirements providing adequate protection for the transfer of data to countries outside the EEA.

8. Data Breach and Incident Management

A personal data breach is defined as the unauthorized or accidental disclosure of, access to, loss, theft or alteration, destruction or damage of personal data.  Examples of personal data security breaches include, but not limited to the following:

  • loss or theft of hard copy personal data;
  • disclosing personal data (via letter, fax, email, text message, etc.) to the wrong recipient; or
  • insecure disposal of hard copy records containing personal data in non-confidential waste bins, resulting in loss or theft of that data.

A personal data breach also includes circumstances where personal data appears to have been lost, stolen or otherwise potentially exposed, even if it is later determined that personal data was not actually exposed.

All MSM staff and volunteers must immediately report all personal data breaches of which they become aware to the MSM Corporate Secretary irrespective of the perceived severity of the breach.

9. Your Rights

Under certain circumstances, you have rights under the data privacy law including:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure (known as “the right to be forgotten”)
  • The right to restrict processing
  • The right to data portability
  • The to object or restrict how your personal data is processed
  • Rights in relation to automated decision-making

For more details or to exercise any of your rights please address any questions, comments and requests regarding our data processing practices to our Data Protection Officer by postal mail at the postal address for the Minnesota Streetcar Museum.