Prepare yourself, we’re covering everything in the GDPR (General Data Protection Regulation) that came into effect on 25th May 2018, as it relates to us:
Table of Contents
- Definitions used in this Policy
- Data protection principles we follow
- Your Rights in connection with the Personal Data we collect
- Exercising your Rights / Who to contact
- The Personal Data we collect
- How we use your Personal Data
- Who has access to your Personal Data?
- How we store & secure your data
- Information about cookies
Personal Data – any information relating to an identified or identifiable natural person (that’s a human being).
Processing – any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
Data subject – a natural person whose Personal Data is being Processed.
We/us – Richie Rivers and the team at Dorset Volksfest.
Data Protection Principles
- Our data processing activities have lawful grounds. We always consider your rights before processing Personal Data. We will provide you information regarding processing upon request.
- Our processing activities fit the purpose for which Personal Data was gathered.
- We only collect and process the minimal amount of Personal Data required for any purpose.
- We will not store your Personal Data for longer than necessary.
- We will do our best to ensure the accuracy of Personal Data we hold on you.
- We will do our best to ensure the integrity and confidentiality of the Personal Data we hold on you.
|1. Right to be informed||meaning you have the right to know about the collection and use of your Personal Data; what data is collected, for what purpose, by whom it is Processed and how long it will be retained. If the Personal Data has not been supplied by you then you have the right to know where it was obtained from.|
|2. Right of access||meaning you have the right to request and obtain a copy of the Personal Data and supplementary information collected about you.|
|3. Right to rectification||meaning you have the right to request rectification of your Personal Data should it be inaccurate or incomplete.|
|4. Right to erasure||meaning in certain circumstances you can request for your Personal Data to be erased from our records, also known as ‘the right to be forgotten’.|
|5. Right to restrict processing||meaning you have the right to request the restriction or suppression of your Personal Data processing; this is not an absolute right and only applies in certain circumstances.|
|6. Right to data portability||meaning you can request your Personal Data in a machine-readable format or, if it is feasible, as a direct transfer from one data processor to another.|
|7. Right to object||meaning you can object to the processing of your Personal Data for uses such as direct marketing, and we must immediately stop unless we can demonstrate legitimate or legal grounds not to|
|8. Right to withdraw consent||meaning you have the right to withdraw any given consent for the processing of your Personal Data|
|9. Right to lodge a complaint||meaning that in the event that we refuse any request under your Right of access and you are dissatisfied with the way your request has been handled, or if you consider that the processing of your Personal Data infringes the GDPR, you have the right to lodge a complaint with a data protection supervisory authority. In the UK that is the Information Commissioners Office (ICO)|
Exercising Your Rights / Who to Contact
If you are dissatisfied with our response to a request to exercise your Rights under the GDPR, you can lodge a complaint with the Supervisory Authority, in the UK this is:
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Personal Data we collect
Information you voluntarily provide us with
- Should you choose to contact us by email or via a contact form on this website we will collect Personal Data that will include but may not be limited to your name, email address and telephone number – all personally identifiable information that is necessary for responding to you in connection with your enquiry and/or to providing you a product/service.
- Should you order event tickets, trade stand space or other goods or services from us we will collect that same Personal Data plus your business name/VW Club name (where appropriate), billing and shipping address.
- We use PayPal and Stripe to process eCommerce payments; at no time do we have access to (so do not collect or process) any personal financial information such as a credit or debit card number.
Information automatically collected about you
For further details please see our Information about cookies
How we use your Personal Data
We use your Personal Data on legitimate grounds and/or with your consent in order to identify and to interact with you, and to fulfil an obligation under contract
On the grounds of entering into a contract or fulfilling contractual obligations, we process your Personal Data for the following purposes:
- to fulfil an order for event tickets, trading stall space or other goods or services, placed through our website
- to communicate with you in relation to your purchase
On the grounds of legitimate interest we may process your Personal Data for the following purposes:
- to administer and analyse our client base in order to improve the quality, variety or availability of products we offer
- to notify you of any such improvements
We consider offering you tickets, space, goods or services that are similar or the same to those we have supplied you before to be our legitimate interest.
How we won’t use your Personal Data
We hate spam too. We will never bother you with emails, calls, SMS messaging or communicate with you in any other way unless we think it is necessary or in your interests to do so.
We will never sell, share or rent any part of your Personal Data with any third party unless required to do so by law or where in good faith we believe such action is necessary to comply with a legal process.
Who has access to your Personal Data?
Richie Richards who organises Dorset Volksfest has access to your Personal Data.
Our website, email and eCommerce hosting provider, of necessity, processes Personal Data on our behalf and will have access to it. That person is a trusted third party processor based here in Dorset, and we are more than confident in the high level of privacy and security afforded to your Personal Data.
How we store & secure your data
We employ safe protocols for website browsing, encrypted communication and transfer of Personal Data (such as HTTPS and SSL/TLS). In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
- The Personal Data entered into contact or enquiry forms on this website is stored with our trusted third party Processor, on a dedicated, secure server within a secure compound at a private state-of-the-art data centre in the UK for a period of up to 3 years.
- Personal Data (your name, billing address and email address) connected with a successful order for event tickets or other goods & services is securely stored in electronic format for a period of seven years, to meet standard business and tax requirements.
- Personal Data entered for any order that subsequently fails, is cancelled or is held pending will be kept for 6 months, after which it is automatically deleted.
- Personal Data stored in ‘My Account’ area, should you open one, is stored until you close your account. Inactive accounts and all their data are automatically deleted after 2 years.
- For data protection off-site back-up and disaster recovery copies of all data are stored with the R1Soft Server Backup Manager network in Texas, USA. Those back-up copies are regularly deleted & replaced on a rolling basis.
- All routes and devices used to access server-based Personal Data are password-protected.
- If you make a purchase with us through this website Personal Data (your name and email address only) will be stored on a password-protected database in our email marketing account with MailChimp. It is only used to email you via a newsletter about matters related to your purchase and will be erased when you choose to ‘unsubscribe’ to our newsletters (there is that option at the bottom of every newsletter). Please note, if you choose to unsubscribe to our newsletter prior to the date of the event you are attending you may miss out on important news updates about that event.
Despite our best efforts we cannot absolutely guarantee the security of our systems, our server or our online 3rd Party accounts & databases. We do however promise to notify yourself as the Data subject and the necessary authorities of any data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.
We reserve the right to make changes to this Privacy Notice from time to time.
It was first published 25th May 2018, and last modified 27th May 2018.