Chicago Architecture Center Privacy notice for website browsing visitors

Last Updated: June 2024

Who are we?

Chicago Architecture Center is a Controller of personal data. We are a registered nonprofit organization and our address is:

111 E. Wacker Drive, Suite 1321, Chicago, IL 60601

The person responsible for how we look after your personal data can be contacted by email: info@architecture.org and by telephone: 312.922.3432.

This privacy notice tells you what personal information will be collected and processed by the Chicago Architecture Center (also referred to as “us” “we” “our” “CAC” Organization” when browsing our webpages which can be found at www.architecture.org, this notice and the rights included is applicable to those visitors from the European Union and United Kingdom, although the information applies to all web visitors.

Chicago Architecture Center collects different information about people depending on the services or relationship we have with them, for example if you apply for a role with us, we will collect different information and we will provide additional notices when relevant.

Key points

• We use cookies on our website and these collect personal data.
• If you sign up to marketing from us we will ask for your consent and you can change this at any time.
• Information is shared with third parties providing services to us.

Why do we use your information?

We use your information to provide our services to you (for example: for you to book tickets on a tour) or to contact you and respond to your queries.

We use your details to keep in touch with you, let you know about changes, make sure the services we are offering are fit for purpose.

We typically only use your personal information for the purposes for which we collect it. In limited circumstances we may use your information for a purpose other than those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.

We may use your personal information without your knowledge or consent where such use is required or permitted by law or when it is compatible with the purpose for which we had originally stated.

What happens if you do not provide your personal information?

If you do not provide certain information when requested, we may not be able to perform the contract we have entered with you (such as making payments without your banking information).

Legal framework and your rights

We use your information in line with the UK GDPR, GDPR as well as other relevant regulations including the Data Protection Act 2018 and guidance we refer to these throughout the rest of the document as “the Data Protection Laws”.

The Data Protection Laws require us to have a lawful basis for using your information. Below, we go into detail about the lawful basis we have identified. We also set out if and when we need to share your information with other organizations.

Types of personal information we collect, the source and our lawful bases for processing:

Contact Data: name, contact information.

Source: Provided by you directly to us when you obtain products or services provided by us.

Purpose for Collection and Legal Bases for Processing:

• To contact you: and send you communications relating to your use of our services, or purchase of our products in order to service the contract we have or may enter into with you or the organization you work for;
• For marketing purposes: we rely on legitimate interests for marketing purposes (this is the interests of the Organization or, in limited circumstances and only where applicable, the interests of the individual data subject).

Categories of Recipients: freight forwarders and shipping carriers; service providers, as necessary; and government bodies that require us to report processing activities.

Communications: communications we have with you. Please note that we may record calls to our customer service team for training and quality control purposes.

Source: From you.

Purpose for Collection and Legal Bases for Processing:

• To handle your requests, to contact you when necessary or requested, including responding to your questions and comments, and providing customer support, and to obtain customer feedback, and improve our customer service and the customer shopping experience. Our lawful ground for this processing is our legitimate interests.

Categories of Recipients: Service providers as necessary.

Purchase and order information: contact information, together with purchase details online and in store through e-receipts, delivery details, payment details, and any communications we have received about your order or purchase.

Source: From you.

Purpose for Collection and Legal Bases for Processing:

• For contractual purposes: we will use your Personal Data to perform our contractual requirements and obligations, and to take any required pre-contractual steps. 

Categories of Recipients: freight forwarders and shipping carriers; service providers, as necessary; and government bodies that require us to report processing activities.

User/Account Data: includes your account login and profile information, as well as data about how you use our websites and any online services, together with any data that you post for publication on our websites or through other online services.

Source: When you sign up for an account, log-in, and interact with and use our websites and other online services.

Purpose for Collection and Legal Bases for Processing:

• We process this data to operate our websites and ensure relevant content is provided to you, to ensure the security of our websites, to maintain back-ups of our websites and/or databases, and to enable publication and administration of our websites, other online services, and business.

Categories of Recipients: service providers, as necessary; and government bodies that require us to report processing activities.

Technical Usage Data: includes data about your use of our websites and online services, such as your IP address, your login data, details about your browser, length of visit to pages on our websites, page views and navigation paths, details about the number of times you use our websites, geographical location, time zone settings, and other technology on the devices you use to access our websites.

Source: The source of this data is from our analytics tracking system (via cookies).

Purpose for Collection and Legal Bases for Processing:

• We process this data to analyze your use of our websites and other online services, to administer and protect our business and websites, to deliver relevant website content and advertisements to you, and to understand the effectiveness of our advertising.

Categories of Recipients: Our service providers who help us with fraud protection and website analytics.

Payment information: name, card issuer and card type, credit or debit card number, expiration date, CVV code, and billing address.

Source: From our clients and their payment card issuers.

Purpose for Collection and Legal Bases for Processing:

• Authorizing of credit card and other financial transactions for our customers. The processing is necessary for the performance of the sales contract to which you are a party.

Categories of Recipients: Our service providers who process payments for us—they are prohibited from using Personal Data for any other purposes, and are contractually required to comply with all applicable laws and requirements, which includes the Payment Card Industry Data Security standards.

On premises privacy: CCTV images of you in and around entrances and exits to our facilities and offices.

Source: From you and our CCTV.

Purpose for Collection and Legal Bases for Processing:

• To keep you, other customers, our staff, buildings, systems, and data safe and secure, to investigate potential theft, fraud, or misconduct.
• To detect, investigate and prevent illegal activities as well as protect the rights and property of us and others.
• To defend our legal rights, as needed.

Categories of Recipients: Our service providers who help us with fraud protection, law enforcement, and other governmental authorities in accordance with applicable law.

The Data Protection Laws give you rights which you can use to manage your information:

• Request access (commonly known as a “data subject access request”). You can receive a copy of the personal information we hold about you.
• Request correction of your information if you believe it is incomplete or inaccurate.
• Request erasure of your information where there is no good reason for us continuing to process it.
• Object to processing your information where we are relying on a legitimate interest (or those of a third party) and you want to object to processing on this ground.
• Request the restriction of your information. You can ask us to suspend our use of your information for example if you want us to check its accuracy.
• Request the transfer of your personal information to another party in a useful format.
• Withdraw consent if we are processing your personal data based on your consent, then you can withdraw that consent at any time.

If you want to exercise any of your rights or talk to us about how your data is processed please contact us on the information above. Some of the above rights only apply in specific circumstances or to a limited extent. If you have any queries relating to your rights in this area, please do get in touch.

If you are not happy with the way we have handled your information you can complain to the Information Commissioner’s Office (ICO). They are the regulator in England and Wales and you can contact them through their website: www.ico.org.uk.

International Transfers

The Chicago Architecture Center is based in the United States and by sharing information with us you understand it will be processed in the United States. If we need to process your information further in the United States and/or in any additional countries that are not considered to have adequate privacy protections in place (as determined by the EU and UK regulators) we will put additional safeguards in place in line with the Data Protection Laws.

Do we use automated decision making?

We do not currently and do not anticipate using any automated decision making (computer only decisions with no human interaction) on your personal information. We will update this notice if this changes.

We update our privacy statements from time to time and these will be reflected on the website.

Security of your information

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a need to know.

Third party processors will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

How long do we keep your information?

We retain your personal information for the duration of your relationship with us and then for a period defined by legal, accounting, or reporting requirements.

Occasionally we anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

We may change this Privacy Notice from time to time in order to reflect changes in the law and/or its privacy practices. We encourage you to check this notice on a regular basis.