ARTIVE INC

Privacy and Security Policy

Artive Inc ("AI", "We" or "Us") is committed to respecting the privacy and security rights of visitors to its website, and users of Artive's services. This Privacy and Security Policy explains how we collect, store, use, and secure personal data about you when you visit the web domain address artive.org (the "Website") or otherwise provide your personal data to us. This Privacy and Security policy provides you with details about the types of personal data that we collect from you, how we use and secure your personal data, and the rights you have to control our use of your personal data. This Privacy and Security policy applies regardless of how the Website is accessed and will cover any technologies or devices by which we make the Website available to you.

You must read this Privacy and Security policy carefully, and we recommend that you print and keep a copy for your future reference. By accessing, browsing, using or registering with the Website, you confirm that you have read, understood and agree to the terms of this Privacy and Security policy. If you do not agree to the terms of this Privacy and Security policy in their entirely, please do not use this Website.

INFORMATION ABOUT US

The web domain artive.org is a site operated by Artive Inc, which is a non-profit organization headquartered in the United States of America.

THE PERSONAL DATA WE COLLECT ABOUT YOU

We collect the following personal data when you first register with us: 

We may also collect your personal data when this is provided to us by a third party, for example a legal representative using our registration and search services on your behalf.

HOW WE MAY STORE AND USE YOUR INFORMATION

AI (and third party data processors acting on our behalf) may collect, store and process your personal data:

We also process your payment card details in order to complete any purchase that you make through this Website and, in certain instances, disclose your personal data to third party credit reference agencies to perform credit checks against you. When you purchase a service from us, we may offer to retain your payment card details for your convenience to save you having to re-enter these details on a future occasion.

In addition, we may collect anonymized details about visitors to our Website for the purposes of aggregate statistics or reporting purposes. However, no single individual will be identifiable from the anonymized details that we collect for these purposes.

We will not disclose, sell or rent your personal data to any third party, save for any disclosures of your personal data detailed in this privacy policy.

In the event that a third party acquires all or part of our business and/or assets, we may disclose your personal data to that third party in connection with the acquisition. Furthermore, we reserve the right to disclose your personal data to third parties as part of any business or asset sale carried out because AI has gone into insolvency or any similar situation, but only where lawful and compliant with the Data Protection Act 1998, as amended from time to time. We may also disclose your personal data where necessary to comply with applicable law or an order of a governmental or law enforcement body.

E-MAIL NEWSLETTER PREFERENCES

At such time that we publish e-mail newsletters then we will upon registration provide you with the ability to control whether or not to receive such e-mail newsletters.

PERSONALIZED BANNER ADVERTISING

If you browse this Website you may receive personalized banner advertisements whilst browsing other reputable websites. Any banner advertisements you receive will relate to services which have been viewed whilst browsing this Website on your computer or other device. This service is provided by AI [via a reputable third party specialist provider], through the use of "cookies" placed on your computer or other device. Cookies can be removed or disabled altogether. Please see further information on the use of cookies below.

TARGETED UPDATES AND MARKETING

If you have agreed that we can contact you for marketing purposes, we may send you emails and other communications relating to services which we think will be of interest and relevant to you. 

USE OF PUBLIC INFORMATION FOR FUNDRAISING ACTIVITIES

At Artive, we want to not only meet, but deepen our connection with, individuals and organizations who share our passion for cultural heritage protection. We are committed to nurturing collaborative relationships with donors, influencers, prospective donors and others in furthering our mission to protect and preserve the world's cultural heritage.  

To enable us to find and connect with people who share our passion, and have the interest and ability to support our mission in new and exciting ways, we may also use the information you provide to us in combination with publicly available information.

INTERNATIONAL TRANSFERS

We may transfer personal data that we collect from you to third party data processors located in countries that are outside of the United States of America and to other AI group companies in connection with the above purposes. Please be aware that countries which are outside the United States of America may not offer the same level of data protection as the US, although our collection, storage and use of your personal data will continue to be governed by this Privacy and Security policy.

COOKIES

This Website uses cookies to collect information. Cookies are small data files which are placed on your computer or other mobile or handheld device (such as smart phones or tablets) as you browse this Website.

We use the following cookies:

You are able to block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Website.

SECURITY

We take the security of your data very seriously at Artive.  We use Internet standard encryption technology ("SSL" or Secure Socket Layer technology) to encode personal data that you send to us through the Website. To check that you are in a secure area of the Website before sending personal data to us, please look at the bottom right of your website browser and check that it displays an image of a closed padlock or an unbroken key.

However, please note that whilst we take appropriate technical and organisational measures to safeguard the personal data that you provide to us, no transmission over the Internet can ever be guaranteed secure. Consequently, please note that we cannot guarantee the security of any personal data that you transfer over the Internet to us.

If you are using a computer or terminal in a public location, we recommend that you always log out and close the website browser when you complete an online session for your security. In addition we recommend that you take the following security measures to enhance your online safety:

DATA ENCRYPTION IN TRANSIT AND AT REST

Artive's services support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. We monitor the changing cryptographic landscape closely and work promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, we do this while also balancing the need for compatibility for older clients.

CONFIDENTIALITY

We place strict controls over our employees' access to the data you and your users make available via Artive's services, and are committed to ensuring that User Data is not seen by anyone who should not have access to it. The operation of Artive's services requires that some employees have access to the systems which store and process User Data. These employees are prohibited from using these permissions to view User Data unless it is necessary to do so.

All of our employees are bound to our policies regarding User Data and we treat these issues as matters of the highest importance within our company.

COMPLIANCE

The environment that hosts Artive's services maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website.

DISASTER RECOVERY

User Data is stored redundantly at multiple locations in our hosting provider's data centers to ensure availability. We have well-tested backup and restoration procedures, which allow recovery from a major disaster.

NETWORK PROTECTION

In addition to sophisticated system monitoring and logging, we are running Security-Enhanced Linux (SELinux)* in enforcing mode. Firewalls are configured according to industry best practices and unnecessary ports are blocked by configuration with AWS Security Groups.

LOGGING

Artive maintains an extensive, centralized logging environment in its production environment which contains information pertaining to security, monitoring, availability, access, and other metrics about Artive's services.

INCIDENT MANAGEMENT & RESPONSE

In the event of a security breach, Artive will promptly notify you of any unauthorized access to your User Data. Artive has incident management policies and procedures in place to handle such an event.

EXTERNAL SECURITY AUDITS

We contract with authorized external security firms who perform regular audits of Artive's services to verify that our security practices are sound and to monitor our services for new vulnerabilities discovered by the security research community.

SPOOF/FALSE EMAILS

We will never ask you to confirm any account or credit card details via email. If you receive an email claiming to be from artive.org asking you to do so, please ignore it and do not respond.

YOUR RIGHTS

You have the following rights:

THIRD PARTY SITES

This Website may contain links to other websites operated by third parties. Please note that this Privacy and Security policy applies only to the personal data that we collect through this Website and we cannot be responsible for personal data that third parties may collect, store and use through their website (including microsites). You should always read the Privacy and Security policy of each website you visit carefully.

UPDATES TO THIS PRIVACY & SECURITY POLICY

We reserve the right to amend or update this Privacy and Security policy and any of our practices at any time. Please check back regularly to keep informed of updates to this Privacy and Security policy.