Privacy Policy
1. Introduction
At St John’s May Ball, accessible at stjohnsmayball.com, we are committed to safeguarding the personal data and privacy of our visitors, users, and customers. We respect your privacy and recognise the importance of protecting your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy describes how we collect, use, disclose, and protect your personal data and outlines your rights in relation to that data.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to the use of stjohnsmayball.com and all associated services, applications, and communication platforms provided through it. For the purposes of applicable data protection laws, the data controller responsible for your personal data is the St John’s May Ball Committee (“we”, “us”, or “our”), which determines the purposes and means of the processing of personal data. If you have any questions or concerns regarding this policy or our data practices, you may contact us at [email protected].
3. Categories of Data Processed
We collect and process the following categories of personal data:
A. Usage Data
Information automatically collected about your interactions with our website, including IP address, browser type, device information, pages viewed, access times, and referring websites. This data is collected to help us understand how users interact with our services and to improve our offerings.
B. Account Data
Personal data provided when you create an account or otherwise engage with our services, such as your full name, email address, postal address, and phone number.
C. Profile Data
Information including your preferences, ticket selections, product interests, purchase history, dietary restrictions (if applicable), and participation behavior on the site.
D. Communication Data
Records of your interactions with us, including emails, support queries, feedback submissions, and any other correspondence.
E. Technical Data
Details about the devices and systems you use to access our services, such as device type, operating system, browser configurations, language settings, mobile carrier, and screen resolution.
F. Transaction Data
Payment and purchase-related information, such as the products or services bought, delivery details, and transaction timestamps. Payment card information is handled securely via third-party payment processors and is not stored by us.
G. Preference Data
Information you provide relating to your preferences in receiving marketing communications, ticketing notifications, promotional offers, and product interests.
4. Legal Bases for Processing
We rely on one or more of the following legal bases under GDPR to process your personal data:
– Consent: Where you have given us explicit permission to process your data for a specific purpose, such as receiving marketing communications.
– Contractual Necessity: When processing is required to fulfil a contract with you, such as processing ticket purchases or responding to service requests.
– Legitimate Interests: To pursue our legitimate business interests, such as analytics, fraud prevention, and service enhancement, provided your rights do not override these interests.
– Legal Obligation: Where processing is necessary for compliance with legal obligations to which we are subject.
5. Your Rights
You have various rights under data protection laws. These include:
– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You may request correction of any incomplete or inaccurate information.
– Right to Erasure: You may request deletion of your personal data, subject to legal and contractual limitations.
– Right to Restrict Processing: You may request that we restrict the processing of your personal data in certain circumstances.
– Right to Data Portability: You may request your information in a structured, machine-readable format to transfer to another service provider.
– Right to Object: You may object to processing based on legitimate interests or direct marketing.
To exercise any of these rights, please send your request to [email protected].
6. Security Measures
We maintain robust technical and organizational security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include data encryption, secure servers, restricted access protocols, regular security audits, staff training in data protection, and continuous monitoring for vulnerabilities.
7. International Data Transfers
We may store and process your data in jurisdictions outside the European Economic Area (EEA) or California. In such cases, appropriate safeguards are implemented to ensure an adequate level of data protection, such as the use of Standard Contractual Clauses approved by the European Commission or reliance on service providers certified under recognized data protection frameworks.
8. Data Retention
Your personal data will be retained only for as long as necessary to fulfil the purposes for which it was collected, including:
– Usage Data: 12 months to support analytics and improvements.
– Account Data: Duration of account activity plus up to 6 years for legal accountability.
– Profile and Preference Data: Retained for customer analytics for up to 3 years post-event.
– Communication Data: Retained for 3 years for service history and performance auditing.
– Transaction Data: Retained for 7 years for financial and tax compliance.
When data is no longer required, it is securely deleted or anonymised.
9. Cookie Policy
We use cookies and similar technologies on stjohnsmayball.com to enhance user experience, analyse website traffic, and deliver relevant content. Cookies may store information such as browser type, pages visited, session duration, and user preferences.
Types of cookies used include:
– Essential Cookies: Necessary for core site functionality (e.g., security, login).
– Functional Cookies: Enable enhanced features (e.g., language preferences).
– Analytics Cookies: Help us understand user behavior and website performance.
– Performance Cookies: Allow us to improve loading speed and technical efficiency.
10. Cookie Management and GDPR/CCPA Compliance
Users are provided with clear choices regarding the use of cookies upon visiting stjohnsmayball.com. Consent is obtained for non-essential cookies in line with GDPR and CCPA requirements. Cookie preferences can be managed at any time through the cookie settings link available on our site or via browser-based controls.
Under the CCPA, California residents have the right to opt out of the “sale” of personal information. We do not sell your personal data. However, third-party analytics or advertising technologies may, with your consent, involve data sharing. These can be disabled via cookie settings or by contacting us.
11. Special Protections for Children
We do not knowingly collect, process, or store personal data from individuals under the age of 13. If we become aware that we have inadvertently received data from a child under 13, we will take steps to delete such information promptly. Parents or guardians who believe their child has submitted personal data should contact us at [email protected].
12. Policy Updates and Notifications
We reserve the right to amend this Privacy Policy to reflect changes in legal obligations or our data practices. When significant changes are made, we will provide notice through appropriate mechanisms, such as a notice on stjohnsmayball.com or direct communication, where appropriate. Continued use of the website signifies your acceptance of such revisions.
13. Contact Us
For any questions, concerns, or requests regarding your personal data or this Privacy Policy, you may contact us via email at:
We are committed to protecting your privacy and will respond to your request in accordance with all applicable data protection laws.
Compliance Assurance
St John’s May Ball is committed to maintaining the highest standards of privacy and data protection. If you have privacy concerns or rights requests, please contact us at [email protected], and we will address them promptly and responsibly.