Privacy Policy

---

Last Updated: August 1, 2024

---

The Frick Collection, which includes the Frick Art Research Library (collectively, “The Frick Collection,” “we,” “us,” or “our”), wants you to be familiar with how we collect, use, disclose, retain, and protect Personal Information. This Privacy Policy describes our processing practices in connection with Personal Information that we collect through:

• Our websites (“Websites”)
• Your visits to our venues (“Venues”)
• Your membership, ticket purchases, donations, and purchases from our online or physical gift shop (“Transactions”)
• Your inquiries to our research library (“Library”) and/or registration for use of the Library
• Our mailing lists (“Mailings”)
• Our social media properties (“Our Social Media”)
• HTML-formatted email messages or other communications that we send to you (“Emails”)
• Any other offline business interactions you may have with us (“Offline Interactions”)
• Your enrollment or other participation in our online or in-person education programs (“Education Programs”)
• Group and private tour bookings (“Tour Bookings”)
• Your ticket purchases and/or attendance at our events (“Events”)
• Your participation in our travel offerings (“Travel”)
• Our online contests or sweepstakes (“Contests”)
• Other non-profit organizations that share information with the non-profit community (“Non-Profit Coops”)

Collectively, we refer to the Websites, Venues, Transactions, Library, Mailings, Our Social Media, Emails, Offline Interactions, Education Programs, Tour Bookings, Events, Travel, Contests, and Non-Profit Coops as our “Offerings.”

PERSONAL INFORMATION COLLECTED

“Personal Information” is information that identifies an individual or relates to an identifiable individual. We collect the following categories of Personal Information:

Personal Information we receive from you:
Name and contact details	Such as first and last name, title, prefix, email address, telephone number, and postal address.
Identity information	Such as driver’s licenses, identity cards, government-issued IDs, passports, professional or trade-related information, and proof of residential address.
Business contact details	Such as company name, name of employer, job title, business email address, business telephone number, business postal address, and country of business.
Payment information	Such as payment card information used when making purchases or donations.
User content	Such as reviews about our Offerings, and other content you may create or share with us, including posts on Our Social Media or social media posts elsewhere where you tag us, and comment sections.
Preferences	Such as language, interests, and other feedback/preferences that you might express during your use of our Offerings.
Marketing data	Such as your choices regarding our newsletters, surveys, and other marketing/advertising displayed or provided to you, and preferred methods of such promotional communication.
Relationship history	Such as details of your visits to our Venues, purchases, donations, memberships, and communications with us.
Visitor and event information	Such as dietary restrictions, travel, and accommodation details, and other details specific to a particular event or visit that you share with us.
User photographs and videos	Such as photos and videos submitted by you.
Recordings	Such as audio and/or video recordings of events.

Personal Information we collect through your use of our Offerings or from other sources, such as publicly available databases, joint marketing partners, event sponsors, service providers, and public and/or government and/or regulatory authorities, including courts, tribunals, regulators, and government authorities:
IP address	Your IP address is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses our Offerings, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications, and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems, and administering our Offerings. We may also derive your approximate location from your IP address.
Social media information	Such as profile pictures, social media account ID, and other public social media profile information.
Event photographs and videos	Such as photos and videos taken at one of our events.
CCTV and site security information	Such as images or video footage captured or recorded by CCTV and other security measures on our premises.
Device information	Such as information about your devices and your use of our Offerings. This includes data obtained through cookies and similar technologies, as described below.

We need to collect Personal Information to provide the requested Offerings to you. If you do not provide the information requested, we may not be able to provide our Offerings. If you disclose any Personal Information relating to other people to us or to our service providers in connection with our Offerings, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

PERSONAL INFORMATION PROCESSING PURPOSES

We use Personal Information for legitimate business purposes, including:

Purpose	Examples of Processing Activities
Providing our Offerings	Enabling you to purchase tickets, memberships, Tour Bookings, Travel, and gift shop items, and to make donations, online and in-person; hosting you at our Venues; registering you for Events; and responding to your requests to our library.
Administering our Offerings	Verifying your information; responding to your inquiries and fulfilling your requests, such as when you contact us via one of our online contact forms or otherwise (e.g., when you send us questions or comments, or when you request other information about our Offerings); and sending you administrative information, such as information regarding our Offerings and changes to our terms, conditions, and policies.
Operations and general business	Administering online Offerings (including troubleshooting and diagnostic testing, conducting performance analyses of our systems and Offerings, testing new system features to evaluate their impact, system and log maintenance, technical support, system debugging, and hosting data); and facilitating reorganizations and restructurings of our business (including prospective transactions).
Visits and events	Welcoming guests and visitors to our premises and facilitating and participating in Events.
Marketing	Sending you our newsletters, publications, updates, event invitations, and mailings that we think may be of interest to you; fulfilling your Event registration requests and providing services.
Relationship building and engagement	Facilitating and responding to any social sharing and posts on our Offerings.
Personalizing our Offerings and advertising	Personalizing our interactions with you and providing you with information and/or offers tailored to your interests, such as delivering content via our Offerings that we believe will be relevant and interesting to you.
Improving and developing our Offerings	Conducting data analysis, for example, monitoring and analyzing Offerings use and using data analytics to improve the efficiency of our Offerings; developing new Offerings; considering ways to enhance, improve, repair, maintain, or modify our Offerings; identifying usage trends, for example, understanding which parts of our Offerings are most interesting to users; determining the effectiveness of our promotional campaigns, so we can adapt our campaigns to the needs and interests of our users; and operating and expanding our business activities.
Aggregation and/or anonymization	Aggregating and/or anonymizing Personal Information so that it will no longer be considered Personal Information.
Security and fraud prevention	Conducting audits, verifying that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements; monitoring for and preventing fraud; and for security purposes, including maintaining system security and onsite security of our premises.
Legal and compliance	Fulfill our legal and compliance-related obligations, including complying with applicable laws; complying with legal processes; responding to requests from public and government authorities; and meeting national security or law enforcement requirements. Enforcing our terms and conditions and standards; protecting our operations; protecting our rights, privacy, or property; responding to auditors; and allowing us to pursue available legal remedies and make insurance claims, defend claims, and limit the damages that we may sustain.
Emergency and incident response	Ensuring the safety of onsite personnel and visitors; responding to, handling, and documenting onsite accidents and medical and other emergencies; actively monitoring properties to ensure adequate incident prevention, response, and documentation (including CCTV); requesting assistance from emergency services; and sending notifications and alerts in the event of incidents or emergencies (such as via SMS, email, call, audio-visual device prompts, etc.).

DISCLOSURE OF PERSONAL INFORMATION

We disclose Personal Information to third parties and for the purposes described below, depending on each specific jurisdiction and applicable law:

Recipients	Purpose
Frick affiliates	For all of the purposes listed above
Service providers	Improving our Offerings Operations and general business Providing the functionality of our Offerings Processing card payments
Advertising and social networks	Improving our Offerings Marketing Interest-based advertising Look-alike advertising Personalizing our Offerings Relationship building and engagement
Unaffiliated third parties	To enable other non-profit organizations, for example, to send you communications that are tailored to you.
Analytics providers for our Offerings	Aggregating and/or anonymizing Personal Information User-care service Fraud prevention and security Improving our Offerings Marketing Operations and general business Personalizing our Offerings and advertising Relationship building and engagement
Law enforcement, public, regulatory and government authorities, courts, or tribunals	Emergency and Incident Response Fraud prevention and security Legal and compliance Responding to a request or providing information to public and government authorities (including authorities outside your country of residence); Responding to law enforcement requests and orders or provide information to law enforcement; For dispute resolution purposes; To enforce our terms and conditions; and To protect our rights, privacy, safety, property, and/or that of our affiliates, you, or others.
Emergency services	Emergency and Incident Response Legal and compliance
Professional advisors, such as accountants, actuaries, auditors, experts, consultants, lawyers, banks, and financial institutions	Due Diligence and Anti-Fraud Fraud prevention and security Legal and compliance Improving and developing new products and Offerings
Other services, including, without limitation, Our Social Media	Individual user/customer public interactions and communications, such as message boards, chat, profile pages, blogs, and other services to which you choose to post information and content Social sharing activities
To comply with applicable law and regulations	This may include laws outside your country of residence that could legally require us to process your Personal Information.
To a third party, such as an acquiring entity and its advisors, in connection with a sale or business transaction	We may disclose or transfer your Personal Information in the event of any reorganization, joint venture, assignment, transfer, or other disposition of all or any portion of our business operations (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and of possible changes to the processing of your Personal Information in accordance with applicable law and the “Updates to This Privacy Policy” section.

We may share Personal Information and transaction history of our customers, donors, and members with third-party data analytics firms that combine it with information received from other organizations and businesses and derive and report to us, and to other organizations and businesses, recommendations regarding marketing initiatives, such as information about individuals’ contact information and likelihood to purchase products or to support non-profit causes by making donations and purchasing or upgrading memberships. We and other participating organizations use this shared information to contact individuals. If you do not want to have your information shared in this way, you may complete an opt-out form to opt out of this sharing, along with your name and email or postal address in your account with us, so that we can locate your account in our records and honor your request to opt out. If, however, your information has already been shared by us in this manner, we may direct you to the relevant third-party data analytics firm to submit your opt-out request.

By using our Offerings, you may elect to disclose Personal Information on message boards, chat, profile pages, blogs, and other services to which you are able to post information and content (including, without limitation, Our Social Media), or through which you are able to send messages through our Offerings. Please note that any information you post or disclose in this context will become public and may be available to other users and the general public.

OTHER INFORMATION

“Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual:

• Browser and device information
• Information collected through cookies, pixel tags, and other technologies
• Demographic information and other information provided by you that does not reveal your specific identity
• Information that has been aggregated in a manner such that it no longer reveals your specific identity

We may use and disclose such information for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat such information as Personal Information under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Policy. In some instances, we may combine such information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.

Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version, and the name and version of the online property you are using. We use this information to ensure that our Offerings function properly.

COOKIES AND SIMILAR TECHNOLOGIES

Cookies

We may use “cookies” to keep, and sometimes track, information about you. Cookies are small data files that are sent to your browser or related software from a web server and stored on your computer's hard drive. Cookies track where you travel on our websites and what you look at. In doing so, a cookie may enable us to relate your use of our websites to your Personal Information.

Most web browsers can be set to inform you when a cookie has been sent to you and provide you with the opportunity to manage your cookie preferences. Additionally, your Flash player can be set to reject or delete Flash cookies. Refusing a cookie will generally not interfere with your use of our websites. However, refusal of a cookie may, in some cases, preclude you from using or negatively impact the display or function of our websites or certain areas or features of our websites.

Pixel Tags and Other Similar Technologies

• Pixel tags. We may use pixel tags (also known as web beacons and clear GIFs) or similar technologies on our websites and/or in our communications with you to enable us to know whether you have visited a web page or received a message. A pixel tag is typically a one-pixel, transparent image (although it can be a visible image as well), located on a web page or in an email or other type of message, which is retrieved from a remote site on the Internet enabling the verification of an individual’s viewing or receipt of a web page or message.
• Analytics. We use third-party analytics and marketing partners who use technologies such as cookies and pixel tags on our behalf. We also use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of our Offerings and report on activities and trends. This service may also collect information regarding the use of other websites, apps, and online services. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/ and exercise the opt-out provided by Google by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. We use third-party analytics and marketing partners, such as Yottaa and Dexibit, who use technologies such as cookies and pixel tags on our behalf. You can learn more about Yottaa's practices by going to https://www.yottaa.com/privacy-policy/, and you can learn more about Dexibit's practices by going to https://dexibit.com/privacy.
• Invisible reCAPTCHA. We use Google’s invisible reCAPTCHA application on our Services in order to protect against spam and other automated abuse. The reCAPTCHA tool may make use of cookies, as well as such other information as IP address, date, time, language, screen size and resolution, and mouse movements. The use of the reCAPTCHA tool and information collected through it are subject to Google’s privacy policy, available at https://policies.google.com/privacy and Google’s terms of service, available at https://policies.google.com/terms?hl=en.

IP Address and Clickstream Data

Our servers automatically collect data about your server’s domain address when you visit us. This information, known as an Internet Protocol Address, or IP Address, is a number that’s automatically assigned to your computer by your Internet service provider whenever you’re on the Internet. When you request pages from our online properties, our servers may log your IP Address. Our servers may also record the referring page that linked you to us (e.g., a search engine), the pages you visit on our websites, the web site you visit after visiting our websites, other information about the type of web browser, computer, platform, related software and settings you are using, and any search terms you have entered on our websites or a referral site. We use such information for internal system administration, to help diagnose problems with our servers, and to administer our websites. Such information may also be used to gather broad demographic information, such as country of origin and internet service provider.

SECURITY

We seek to use reasonable organizational, technical, and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.

EMAIL MARKETING CHOICES

You have choices regarding marketing-related communications. Where required by applicable law, we will ask for your prior opt-in consent. If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by following the unsubscribe instructions in any such message or by completing an opt-out form.

We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing from us, we may still send you important administrative messages, from which you cannot opt out.

SHINE THE LIGHT

If you would prefer that we discontinue sharing your Personal Information on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt out of this sharing by completing an opt-out form.

RETENTION PERIOD

We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained as outlined in this Privacy Policy unless a longer retention period is required or permitted by applicable law. The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide our Offerings to you (for example, for as long as you have an account with us or keep using our Offerings);
• Whether there is a legal obligation to which we are subject; or
• Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

Where we are subject to a legal obligation or retention is recommend in light of our legal position, we will retain certain Personal Information even after we no longer provide our Offerings to you, for example:

• To cooperate with law enforcement or public, regulatory, and government authorities: If we receive a preservation order or search warrant, related to your account, we will preserve Personal Information subject to such order or warrant after you delete your account.
• To comply with legal requirements: We may retain your Personal Information, such as Relationship History, and/or Transaction Information after you delete your account, as required by tax law and to comply with bookkeeping requirements.
• To pursue or defend a legal action: We may retain relevant Personal Information in the event of a legal claim or complaint, including regulatory investigations or legal proceedings about a claim related to your Personal Information, or if we reasonably believe there is a prospect of litigation.

THIRD-PARTY SERVICES

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties. This includes any third party operating any website or service to which our Offerings link. The inclusion of a link on our Offerings does not imply endorsement of the linked site or service by us or by our affiliates.

For example, you may use a third-party app, Bloomberg Connects, to experience app-based tours of our museum. We do not receive personal information from your use of Bloomberg Connects. See Bloomberg Connects’ Privacy Policy for information about their data collection and handling.

In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or Our Social Media.

USE OF SERVICES BY MINORS

The Offerings are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Information from individuals under 18.

CROSS-BORDER TRANSFER

Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers. By using our Offerings, you understand that your Personal Information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Information.

SENSITIVE INFORMATION

Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through our Offerings or otherwise to us.

THIRD-PARTY PAYMENT SERVICE

The Services may provide functionality allowing you to make payments using a third-party payment service. When you use such a service to make a payment to us, your Personal Information will be collected by such third party and will be subject to the third party’s privacy policy, rather than this Privacy Policy. We have no control over, and are not responsible for, any such third party’s collection, use, or disclosure of your Personal Information.

FRICK ART RESEARCH LIBRARY PRIVACY GUIDELINES

Notice

The Frick Art Research Library (the “Library”) of The Frick Collection collects information about current library users only for the purpose of providing library services. This information is shared with our New York Art Resources Consortium (NYARC) partners, the libraries of the Brooklyn Museum and The Museum of Modern Art, only for the purpose of providing library services. The Library does not engage in practices that might place personal information on public view.

Consent

The Library keeps all personal information confidential. The Library does not disclose personal information to third parties without consent unless we are compelled to do so under the law or to comply with a court order.

Personal information provided to the Library by email or online form is only used in the course of Library business such as updating contact information or answering a research question.

When using certain Library electronic resources, such as e-books, or services, such as placing document delivery requests, you/we may need to provide personal information to third parties that they may or may not retain on file.

For more information, see the section Frick Art Research Library Records Retention Guidelines for Personally Identifiable Information.

Access to Your Own Personal Information

With proper identification, users can access their personal information that has been collected by the Library.

Data Integrity and Security

Users of Library public computers have the right to privacy to the extent possible in a public setting. They should be aware that the locations of the computers might enable the monitor to be visible to others.

Responsibility for the resolution of problems related to the invasion of users’ privacy or loss of data rests with the users. The Library and The Frick Collection assume no liability for loss or damage to the users’ data or for any damage or injury arising from the invasion of the users’ privacy.

Internal institutional Library procedures limit access to Library data and require that Library staff with access do not use the data for unauthorized purposes. To prevent unauthorized access, the Library uses encryption in the transmission and storage of data, limits on access through use of passwords, and storage of data on computers or servers with security measures in place.

Enforcement

Users who have questions, concerns, or complaints about our handling of their privacy rights should file written comments with the Andrew W. Mellon Chief Librarian. We will respond in a timely manner and may conduct a privacy investigation.

Library staff and volunteers refer law enforcement inquiries to the Andrew W. Mellon Chief Librarian. The Chief Librarian may confer with the Collection’s general counsel before determining the proper response to a request for library records. We will not make records available except in response to a subpoena, warrant, court order, or where otherwise required by statute.

Right to Change

The Library reserves the right to change or update these privacy guidelines and will notify users by posting the changed or updated privacy guidelines here. Any changes or updates will be effective immediately upon posting here.

FRICK ART RESEARCH LIBRARY RECORDS RETENTION GUIDELINES FOR PERSONALLY IDENTIFIABLE INFORMATION

Notice

The Library collects information about current library users only for the purpose of providing library services. This information is shared with our New York Art Resources Consortium (NYARC) partners, the libraries of the Brooklyn Museum and The Museum of Modern Art, only for the purpose of providing library services. The Library does not engage in practices that might place personal information on public view.

Researchers

Library researcher records expire every three years. Expired records are deleted from all systems after a one-year grace period.

Checked-Out Items

Records related to items checked out to researchers are retained until the items are returned. After a grace period of seven days, they are deleted from all systems.

Material Requests

Material requests are retained until requests are completed. After a grace period of seven days, they are deleted from all systems.

Interlibrary Loan and Document Delivery Requests

Interlibrary loan and document delivery requests are retained for three months. After three months, they are deleted from all systems.

Research Questions

Letter and email research requests are retained for one year. After one year, they are deleted from all systems.

Right to Change

The Library reserves the right to change or update these record retention guidelines and will notify users by posting the changed or updated guidelines here. Any changes or updates will be effective immediately upon posting here.

UPDATES TO THIS PRIVACY POLICY

The “Last Updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on our Offerings.

CONTACTING US

The Frick Collection, located at 1 East 70th Street, New York, NY, 10021-4907, is the entity responsible for the collection, use, and disclosure of your Personal Information under this Privacy Policy. If you have any questions about this Privacy Policy, please submit them through our opt-out form or write to:

The Frick Collection
Attention: Office of General Counsel
1 East 70th Street
New York, NY 10021-4907

Please do not include credit card or other sensitive information in your communications to us.