The Massachusetts Historical Society (MHS) collects information from visitors to its websites. What follows is an explanation of the types of information we gather and what we do with it.
Researchers who are interested only in obtaining photocopies ("Xerox" copies) should review the photocopy policies on the Visiting the Library page.
Server Log Data
Our web server collects log data that may include an IP address, your company name and/or internet provider, the type of browser and operating system used, the time of day visited, the pages viewed, and search requests. We aggregate this data and use it for statistical purposes such as determining the number of visitors to specific portions of our website or identifying ways we might improve the navigation and content of our website.
We will not collect personally identifiable information from you other than what you supply to us on a voluntary basis.
Web Forms or E-mail
When we ask for personal information, we will explain how we intend to use it. MHS may also use your contact information to extend invitations to events or to provide information that you requested.
When you disclose personal information on this website, we may use your contact information to inform you of events and opportunities at MHS. MHS fully complies with the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM). Should you no longer wish to receive these communications, please follow the "unsubscribe" instructions that are included at the bottom of all e-mail announcements sent from MHS.
The MHS will not sell, trade, or share a donor's personal information with anyone else unless the donor has given the MHS specific permission to do so. The MHS does not send donor mailings on behalf of other organizations.
Online Credit Card Transactions
Online credit card transactions (which include, but are not limited to: memberships dues, renewals, donations and event ticket and merchandise purchases) are processed on a secure server at Blackbaud, a leading provider of accounting and fundraising software to nonprofit organizations. The Blackbaud system uses Secure Sockets Layer (SSL) 128-bit technology to protect donors' personal information. This security protocol encrypts credit card numbers so they cannot be copied. The secure environment is indicated in the browser by displaying a lock or key on the browser status bar. The icon's presence indicates encryption has been activated. Blackbaud has partnered with VeriSign to provide a safe environment for credit card transactions. VeriSign uses the latest SSL encryption technology to securely pass transaction data to the VeriSign gateway. To prevent data compromise in the storage server, VeriSign stores sensitive transaction information on secure systems that cannot be accessed through the Internet. Blackbaud and VeriSign use hardware and software firewalls and additional encryption technology to eliminate unauthorized access.
From time to time our site may request information from users via surveys. Participation in surveys is completely voluntary, and the user may choose not to disclose this information.
Information requested may include contact information (such as name and address), demographic information (such as zip code and vocation), and age level (in compliance with the Children's Online Privacy Protection Act). Survey information will be used for purposes of monitoring and improving MHS websites.
Links to Other Sites
Our website has links to many other websites. When you go to another site, you are subject to the privacy and security policies of that site. MHS cannot attest to the accuracy of information provided there.
Children and Privacy
The Massachusetts Historical Society is concerned about protecting children's privacy. All MHS websites and online programs are in compliance with the Children's Online Privacy Protection Act of 1998 (COPPA, now defunct). We will not knowingly collect personally identifiable information from children under the age of 13 without first gaining consent from a parent or guardian. We will not use this information to contact the child for other purposes, distribute this information to third parties, or give the child the ability to post publicly or otherwise distribute personally identifiable information without a parent's or guardian's consent.