Privacy Policy for St John’s May Ball
At St John’s May Ball (accessible via stjohnsmayball.com), we are firmly committed to safeguarding the privacy and personal data of our users, guests, and partners. We recognize the importance of privacy and are dedicated to ensuring that all personal information is collected, handled, and protected in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”).
This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you interact with our website, use our services, or communicate with us.
1. Commitment to Privacy and Data Protection
We prioritize the confidentiality, integrity, and security of your personal information. Whether you are browsing our website, registering for an event, or contacting us with enquiries, we aim to be transparent regarding our data practices and provide you with control over your personal data. We do not sell your personal information, and we process data only as necessary to fulfill specific, explicit purposes consistent with your expectations and our legal obligations.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of our website, stjohnsmayball.com, including ticket holders, suppliers, partners, and casual visitors. For the purposes of the GDPR and other applicable data protection laws, the data controller is:
St John’s May Ball Committee
Email: [email protected]
As the data controller, we determine the purposes and means of processing your personal data.
3. Categories of Personal Data Processed
We collect and process the following categories of personal data:
a. Usage Data
Includes information about how you interact with our website and digital services, such as IP address, browser type and version, pages viewed, referring URLs, and time spent on site. This may be collected automatically via cookies and similar technologies.
b. Account Data
Personal information provided when you create an account or purchase a ticket, including your full name, postal address, email address, and telephone number.
c. Profile Data
Preferences, interests, and event participation history, such as ticket selections, dietary needs, accessibility requirements, and activity behavior on the website.
d. Communication Data
Records of correspondence and support interactions including enquiries submitted via contact forms and emails exchanged with our team. This data helps us respond effectively to your requests.
e. Technical Data
Device information such as hardware model, operating system, browser configuration, network identifiers, and system diagnostics, typically gathered via automated means to ensure proper website functionality.
f. Transaction Data
Details related to ticket purchases and financial transactions, including payment method (processed via secure third-party providers), billing address, transaction amounts, and delivery instructions, where applicable.
g. Preference Data
Marketing communication preferences, language settings, and indicated interests related to events, content, and services. This informs how we tailor communications and engagement with you.
4. Legal Bases for Processing
We process your personal data under the following legal bases:
– Consent: Where you have explicitly agreed to processing (e.g., signing up for newsletters).
– Performance of a Contract: Where processing is necessary for fulfilling a transaction or agreement (e.g., purchase of event tickets).
– Legitimate Interests: For purposes such as analytics, fraud prevention, operational efficiency, and website security, provided your rights do not override such interests.
– Legal Obligations: Where laws require us to maintain or disclose certain records.
5. Your Data Protection Rights
Under the GDPR, CCPA, and related frameworks, you have the following rights with respect to your personal data:
– Right of Access: You may request access to your personal data and obtain a copy.
– Right to Rectification: You may correct or update inaccurate or incomplete personal data.
– Right to Erasure: Also known as the “right to be forgotten”, you may request deletion of personal information under certain conditions.
– Right to Restriction: You may request that we restrict the processing of your data under specific circumstances.
– Right to Data Portability: You may request to receive your data in a structured, commonly used, machine-readable format, and to have it transmitted to another controller.
To exercise these rights, contact us at [email protected]. We will respond within applicable legal timeframes and may require proof of identity to fulfill your request.
6. Security Measures
We implement rigorous technical and organizational security measures to protect your personal data, including but not limited to:
– Encryption of data in transit and at rest.
– Role-based access controls and authentication practices.
– Secure storage infrastructure and regular security assessments.
– Data backup procedures and incident response planning.
– Staff training on data handling and privacy protocols.
7. International Data Transfers
Where personal data is transferred outside the United Kingdom or European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
– Standard Contractual Clauses (SCCs) approved by the European Commission;
– Transfers to jurisdictions recognized by the European Commission as having adequate data protection;
– Supplementary technical and legal measures to ensure privacy compliance.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Example retention periods include:
– Account and transaction data: up to 7 years for compliance and audit purposes.
– Marketing preferences and consent: until you withdraw your consent or opt out.
– Usage and technical data: 12 to 24 months for service optimization and analytics.
– Correspondence and support data: up to 3 years from last contact.
Where data is no longer needed, we securely delete or anonymize it.
9. Cookie Policy
Our website uses cookies and similar tracking technologies to enhance your experience and analyze traffic. These include:
– Essential Cookies: Required for basic website functionality, such as login sessions and secure payments.
– Functional Cookies: Enhance personalization (e.g., remembering preferences).
– Analytics Cookies: Collect aggregated usage statistics to improve website content and services.
– Performance Cookies: Monitor performance and diagnostic data to improve responsiveness.
10. Cookie Management and Compliance
Users are presented with the option to manage cookie preferences in accordance with GDPR and CCPA requirements. You may:
– Choose to accept or reject optional cookies via our cookie banner or preferences panel.
– Withdraw previously given consent at any time.
– Use browser settings to block or delete cookies.
Please note that disabling essential cookies may impair the functionality of our services.
11. Special Protections for Children Under 13
Our services are not intended for children under the age of 13. We do not knowingly collect personal data from minors without verifiable parental consent. If we discover that a child under 13 has provided us with personal information without proper authorization, we will promptly delete such data. Parents or guardians may contact us at [email protected] to request the removal of such information.
12. Policy Updates and User Notifications
We reserve the right to amend this Privacy Policy from time to time to reflect changes in legal obligations, service features, or our data handling practices. Any changes will be posted prominently on stjohnsmayball.com. We encourage users to review this policy periodically to remain informed about how we are protecting their information.
Significant updates affecting your rights or our data practices may be communicated directly by email or pop-up notifications where appropriate.
13. Contacting Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
St John’s May Ball Committee
Email: [email protected]
We are committed to honoring your privacy rights and ensuring full compliance with applicable data protection laws.
This Privacy Policy affirms our dedication to upholding the highest standards of privacy, security, and transparency. For any privacy-related inquiries, you are welcome to contact us directly at [email protected].