The EU General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a new EU regulation aimed at helping to strengthen data protection for EU citizens and residents both within the EU and the wider world and will be effective from 25th May 2018.
This new legislation will replace current data privacy law, giving more rights to you as an individual and more obligations to organizations holding your personal data. It replaces the existing Data Protection Directive (1995).
- Our Privacy Principles
- Who We Are
- What information do we collect about you & where is your information stored?
- How will we use the information about you?
- Third Party Links
- Children’s Online Privacy
- Your Rights
- Data Breaches
- Policy Updates
- We will never spam you with irrelevant emails
- As a subscriber to Paintclub you will receive regular emails advising you of our upcoming events and new schedules.
- You may opt out or in of our email communications at any time
- You have the right to remove any information we may hold on you
- We will never sell, rent, make public or distribute your personal information
- Data is a liability and therefore should only be collected and processed when absolutely necessary
2. Who We Are
The Site is operated by Aisling Kearney Burke as a sole trader.
Registered office: Beechmount Art Studio, Lackagh, Turloughmore, Co. Galway. Contact: firstname.lastname@example.org
3. What information do we collect about you & where do we store it?
3.1 Online Forms
We collect the personal information you voluntarily provide to us, which includes your name and e-mail address, in order to subscribe to our newsletter, receive our Paintclub emails regarding new events, comment on our blog, and/or purchase services or online products.
3.2 Customer data
Our events and tickets are are hosted & sold though a 3rd party entity of Eventbrite. They provide us with the online event creation platform that allow us to sell our services/events to you.
If you purchase tickets to any event, Eventbrite will collect and securely store data which includes your name, address and email address. Your data is stored through Eventbrite’s data storage, databases and the general Eventbrite application. They store your data on a secure server behind a firewall.
Email marketing: we may send you emails about our site and related event(s). We may also use your email to inform you about changes to our events, survey you about your usage, or collect your opinion.
If you make a purchase on our site for e.g. gift vouchers, we use a third party payment processor which is Paypal. Payments are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our site and related events and its service providers.
3.3 Website Visitor Tracking
Like most websites, our website uses Google Analytics. This tool collects information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. We use this information to better understand how visitors find us and how they interact with our website. We can use this to make adjustments to our website, to deliver a better user experience.
We also use tracking from Facebook, Pinterest and Instagram so that we can better understand how visitors are interacting with our site via social media and to track the effectiveness of any adverts we place on social media.
This data is all anonymized but you can opt out of this tracking at any time via your own browser settings.
3.4 Email updates
If you choose to receive email updates your email address will be stored in Mailchimp which is the app we use. Mailchimp are third-party data processors. At any time you can unsubscribe from our emails either from within the email or by emailing us.
Should you choose to add a comment to any posts on our website that we have published on the Site, the name and email address you enter and your comment will be saved to our website’s database, along with your computer’s IP address and the time and date that you submitted the comment.
This information is only used to identify you as a contributor to the comment section and is not passed on to any of the third party data processors. Only your name will be shown on the public-facing website although if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed.
Your comment and its associated personal data will remain on this site until we see fit to either:
- Remove the comment or
- Remove the blog post.
Should you wish to have the comment and its associated personal data deleted, please email me using the email address that you commented with.
If you are under 18 years of age you MUST obtain parental consent before posting a comment on our blog.
This Site is built on WordPress a website content management system (CMS). This service may collect anonymous information about users’ activity on the Site, for example, the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it.
WordPress requires visitors that want to post a comment, to enter a name and email address. If you submit a comment to a blog post published on this website or if you submit a contact form, some personal information will be stored in this website’s database.
These are currently the only occasions where personal data will be stored on this Site. For more information about how WordPress processes data, please see Automattic’s privacy notice.
4. How will we use the information about you?
We collect information about you to understand your needs and provide you with a better service. Specifically, we use your information for:
4.1 Internal record keeping
4.2 Improving our services
The legal basis for this type of processing is either consent or our legitimate interests in growing our business.
4.3 Providing you with offers relating to our products or services.
The legal basis for this type of processing is either consent or our legitimate interests in growing our business. We may send you such communications if you requested it and/or if you agreed to receive such communications. You can opt-out of these emails at any time through the ‘unsubscribe’ button in each email or contacting us via email.
We will only share your information with trusted 3rd parties if necessary to provide support in running this Site. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
A cookie is a piece of code that allows the web server to identify and track activity of the web browser. They are widely used in order to make websites work more efficiently, as well as to provide information to the owners of the website.
You can enable or disable your Cookie settings via your own web browser.
6. Third Party Links
When you click on links on the Site, they may direct you away from the Site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Though we have these procedures in place we can’t be held responsible for any intercepted information shared through the Site without our knowledge or permission.
8. Age of Consent
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence.
9. Your Rights
Your rights under data protection laws include the right to access, erase, correct, restrict, and/or object to our use and processing of your personal data, as well as the right to portability of the data. You have the right to confirmation as to how and where we process your data. To the extent that the legal basis for our processing consent, you have the right to withdraw at any time. If you consider our processing to infringe data protection laws, you have the right to lodge a complaint with a supervisory authority. If you have any requests regarding your personal information, please contact Aisling at email@example.com
10. Data Breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
11. Policy Updates
Paintclub/Beechmount Art Studio may update this policy and you should check this page from time to time to ensure that you are happy with any changes.
Updated: 25th May 2018