ERPENTARIUM MUNDI IS ALWAYS LOOKING TO IMPROVE the user experience. We need to understand the different needs, preferences, and expectations of our users in order to improve and create new experiences and services for you. We do this through several activities that make use of personal information you provide and anonymous data we collect about your experience on the Website before, during, and after your visit.
The personal data you provide to us will be handled in accordance with the Serpentarium Mundi Visitor Data Policy
, Data Protection Code of Practice
, and Social Media Code of Conduct
Visitor Data Policy
This Visitor Data Policy explains what data we collect, what we do with the information you provide, and your rights concerning it. We are committed to protecting the privacy and confidentiality of your personal information, and we undertake to ensure that all personal information in our possession is processed in accordance with the principles of the Personal Information Protection and Electronic Documents Act (PIPEDA).
Information we collect about you
We collect anonymous information when you use our services such as our Website. We will hold different kinds of information from or about you depending on which experiences or services you use.
Ways in which we collect these data
We collect information from or about the devices you use, such as the hardware model, operating system version and network information. Some of our services store certain kinds of information in server logs. Examples include:
● Details of how you used our service;
● Internet protocol address (IP address), to indicate where you are and measure our global reach;
● Device event information, such as system activity, hardware settings, browser type, browser language, date and time of your request, and referral URL.
Information that you give us
We may collect such information as your name, age, contact details and payment card details that you give when you:
● Visit our Website;
● Ask us for information;
● Send us an email;
● Register or sign in to our digital services, including our Website and email;
● Use any service in any format or media we or our selected third-party providers may supply;
● Donate to us;
● Join or subscribe to our social media channels.
The payment card information you supply to us for any online transaction is used solely to process that transaction.
Information we receive from other sources
We may collect information you have provided to third-party companies with which we work to help us better understand our visitors and to provide additional information that you may not have given to us, such as your postal address.
Using your information
We use your information, both personal and anonymous, in several ways:
● To provide a service you have requested.
administer donations and legacies made by you or on your behalf.
● To communicate with you in several ways:
1. Communicating with you by social media, text, email, and/or post about the Website’s activities, promotions, and events in accordance with any preferences you have set;
2. Delivering service emails such as for donation confirmation;
3. Contacting you and asking you to respond to surveys;
4. Informing you of Website services that may interest you, if you have opted to receive such notifications.
● To improve experiences and services, or create new ones:
We undertake research and analyses on the experiences and services we offer in order to measure our performance and improve it.
● To report to our stakeholders and funders.
We provide anonymised data to our stakeholders and funders on key statistics such as visitor numbers. We also analyze service performance and provide information to our stakeholders and funders as part of our on-going relationships with them.
Storing your information
The Website’s preference is that data we collect from you are stored in the North American Free Trade Agreement (NAFTA) region. Where your data are transferred and stored outside the NAFTA area, we will take all reasonable steps to ensure that any data processor we use provides an adequate level of protection for your data.
Disclosing your information
Any personal information you provide to us or which we collect will be shared with our wholly-owned affiliates and with other organisations that provide services to us. We will disclose your information only to those companies acting as "data processors" on our behalf, some of which may be located outside the North American Free Trade Agreement (NAFTA) region. We will never sell your personal information to any third-party organisation.
Changing our policy
We review this policy regularly and reserve the right to change it from time to time. We will post any policy updates on our Website.
This policy is effective from January 2018.
Data Protection Code of Practice
1.1 PIPEDA is aimed at ensuring a balance between individuals’ rights to privacy and the lawful processing of personal data undertaken by organisations in the course of their activities.
1.2 Serpentarium Mundi collects and uses personal data for a range of purposes in support of its core objectives. This document will ensure that the processing of personal data by Serpentarium Mundi is undertaken in accordance with the principles of PIPEDA and with due regard to other relevant legislation and current Website policies.
2. Processing of Personal Data
2.1 Personal Data can be defined as information relating to a living individual which is stored, either electronically or as part of a structured manual filing system, in such a way that it can be retrieved automatically by reference to the individual or to criteria relating to the individual.
2.2 Processing can be defined as any operation, including obtaining, recording, or holding the data and carrying out any operation on them, including organising, adapting, altering, retrieving, consulting, disclosing, disseminating, erasing or destroying.
2.3 Personal data will be processed only where one of the following conditions has been met:
● The individual has consented to the processing;
● Processing is necessary for the performance of a contract with the individual;
● Processing is required under a legal obligation;
● Processing is necessary to protect the vital interests of the individual;
● Processing is necessary to carry out public functions;
● Processing is necessary in order to pursue the legitimate interests of the data controller or third parties (unless it could preju-dice the interests of the individual).
2.4 Furthermore, in accordance with the eight enforceable principles of good practice, all personal data will be:
1. Processed fairly and lawfully.
This requires that the person from whom the data are obtained must not have been deceived or misled as to the purpose for which the data were obtained. The data subject, if the data have been obtained from him, must be advised as to the Website’s intention to retain the data and the purpose of the processing and any further information necessary to enable processing to be fair.
2. Obtained for specified and lawful purposes and processed only in accordance with those purposes.
This requires data to be obtained for one or more specified and lawful purposes, and not to be further processed in any manner incompatible with that purpose. For research purposes, further processing is not incompatible with the purpose for which the data were specified as having been obtained.
3. Adequate, relevant, and not excessive.
This requires data to be adequate and not excessive for their purpose. Data should not have been collected or retained unless they were necessary for the purpose for which they were to be used.
4. Accurate and up-to-date.
This requires the data to be accurate and kept up-to-date. In the event they are not, the data should be disposed of.
5. Not kept longer than necessary.
This requires data to be kept, in line with the second principle, for no longer than is necessary, after which time the data should be disposed of, thus ensuring compliance with the fourth principle.
6. Kept secure.
Data must be protected against unauthorized processing or damage. The level of security must be appropriate to the nature of the data and the harm that could result from misuse.
7. Transferred outside the North American Free Trade Agreement (NAFTA) region only when the receiving country/territory ensures adequate data protection for data subjects.
Data may not be exported outside the North American Free Trade Agreement (NAFTA) region unless it is to a country or area where the rights of data subjects can be adequately protected.
3. Processing sensitive data
3.1 Sensitive data include information on: racial or ethnic origin; political opinions; religious or other beliefs; trade union membership; physical or mental health; sex life; and criminal proceedings or convictions.
3.2 Sensitive data may be processed only where at least one of the following conditions applies:
● The explicit consent of the individual has been obtained before the data are processed. "Explicit" is taken to mean "written" and should refer to specific data or purposes as appropriate;
● The law requires that the data be processed for employment purposes;
● The processing is necessary to protect the vital interests of the data subject, or other subject;
● The processing deals with the administration of justice or legal proceedings;
● The data subject has already taken steps to make the data public.
4. Personal Data Processed
4.1 The purposes for which data can be lawfully processed by the Website defined as follows:
● The administration, monitoring, planning and processing of prospective, current, or past employees, including agency, contract and temporary staff, the self-employed, trainees, voluntary workers, interns, and secondees.
● Advertising or marketing the data controller’s own business, activity, goods, or services and promoting public relations in connection with that business activity, or goods or services.
● Keeping accounts relating to any business or other activity carried on by the data controller or deciding whether to accept any person as a customer or supplier, or keeping records of purchases, sales or other transactions to ensure that the requisite payments and deliveries are made or services provided by him in respect of those transactions, or for the purpose of making financial or management forecasts to assist him in the conduct of any such business or activity.
● Development of lifelong learning programs, or the production and distribution of learning resources to various socio-economic and cultural groups.
● Internal and external communications and development of professional museum standards to meet national curriculum and international needs.
● The administration and management of the collections in connection with donations and purchases and research in support of the data controller’s core objectives.
● Maintenance of information or databases as a reference tool or general resource. This includes catalogues, mailing lists, directories, and bibliographic databases.
● Fundraising in support of the objectives of the data controller.
● Research in any field, including scientific and technical, in the interest of the data controller to advance understanding and knowledge of the collections.
● The provision of legal services, including advising and acting on behalf of the data controller’s own activities.
● Security, detection, and crime prevention, and the apprehension and prosecution of offenders.
● The administration and management of the estate, land, and commercial and residential property of the data controller.
4.2 It is a disciplinary offence for any Website employee to process personal data other than in accordance with the Website’s mandate and the principles of good practice outlined in this document.
Social Media Code of Conduct
As an international educational initiative, Serpentarium Mundi wants to engage with a global public. Our social media presence is focused on helping people learn from, discuss, and engage with our Website’s iconography database and academic research. It is intended to encourage cross-cultural understanding, storytelling, and inclusive, lively debate. The views expressed by our fans and followers are their own and may not represent the views of Serpentarium Mundi, its owner, employees, or affiliates.
We love hearing from you! To ensure that everyone has a positive experience, our online community is governed by the following house rules:
Avoid posting any personal information. Any posts that include an email address, phone number, home/business address or other personal information will be removed.
Stay on topic.
We welcome debate and discussion, but please keep comments relevant to the original post, and don’t repeat the same message across multiple unrelated posts. Off-topic posts or comments are likely to be removed.
Please avoid posting any hateful, defamatory, obscene, discriminatory, or harassing comments, images or videos, or anything that could be deemed offensive to others. Such comments and posts will be removed, and will most likely result in you being banned or blocked.
Don't advertise or self-promote.
Avoid making posts or comments that serve as advertisements for yourself or others. We will remove any links, images, messages, etc. that advertise or promote the goods or services of individuals, businesses, or causes, and such postings will most likely result in you being banned or blocked.
Don’t infringe intellectual property rights.
Avoid posting anything that is not your original creative content or that you do not have a lawful right to post. Infringed branded logos, graphics, copyrighted text, images, or videos that come to our attention will be removed, and you risk being banned or blocked.
Know what to expect.
We aim to monitor our main social media platforms 365 days a year. Our core office hours are between 09:00 and 17:00 EST Monday to Friday, excluding Canadian national holidays. We aim to respond to all enquiries as quickly as possible, but please note that some enquiries can take longer to resolve. Our Website offers much helpful information relating to the iconography database as well as general information. If you can’t find what you are looking for and haven’t heard back from us, send an email with the subject line "Asked Question" to: firstname.lastname@example.org
. Unfortunately, we are able to respond only to enquiries in English.
Where to find us.
Serpentarium Mundi has an active profile on the following platforms: Facebook
, and YouTube