Privacy Policy for Halfpenny Folk Club
1. Introduction
Halfpenny Folk Club (“we,” “our,” or “us”), accessible via halfpennyfolkclub.com, is committed to protecting the privacy and personal data of all our website visitors, members, and users. We uphold the highest standards of data protection in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. This Privacy Policy explains how we collect, use, disclose, and retain your personal data, and outlines your rights in relation to that data.
We believe privacy is a fundamental right and are dedicated to transparency, accountability, and security in our data practices.
2. Scope of Policy & Data Controller
This Privacy Policy applies to all personal data collected through our website, halfpennyfolkclub.com, as well as through communications with us via email, telephone, or any other direct interactions.
For the purposes of applicable data protection laws, Halfpenny Folk Club is the “data controller” of your personal data. This means we determine the purposes and means of processing your data. You can contact us at [email protected] should you have any questions or concerns about how your data is handled.
3. Categories of Data We Process
We may collect, use, and process the following categories of personal data:
– Usage Data: Details about how you use our website, such as pages viewed, time spent, IP addresses, browser types, referring URLs, and interaction behaviors.
– Account Data: Information provided during registration or membership sign-up, including your name, email address, mailing address, and telephone number.
– Profile Data: Preferences, interests, attendance history, and engagement with our events, products, and services.
– Communication Data: Records of communications between you and us, including support requests, inquiries, and correspondence history.
– Technical Data: Device identifiers, operating system type and version, screen resolution, network information, and language settings.
– Transaction Data: Details regarding purchases, bookings, donations, or other financial transactions, including payment method, billing addresses, and delivery details.
– Preference Data: Information you provide regarding your marketing preferences, event interests, and subscription settings.
4. Legal Bases for Processing Personal Data
We only process your personal data where there is a lawful basis under GDPR and other applicable laws, including:
– Consent: When you grant us explicit permission to process your data for specific purposes, such as subscribing to newsletters.
– Contractual Necessity: When processing is necessary to fulfill our obligations under a contract with you, such as managing your membership or event registration.
– Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, improving our website performance or marketing similar services to existing users.
– Legal Obligation: When processing is necessary to comply with a legal or regulatory requirement.
5. Your Data Protection Rights
Under GDPR, CCPA, and other privacy frameworks, you have the following rights with respect to your personal data:
– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete personal data.
– Right to Erasure: You have the right to request deletion of your data where there is no lawful reason for us to continue processing it.
– Right to Restriction: You may request that we suspend processing of your personal data in specific circumstances.
– Right to Data Portability: You may request your personal data in a structured, commonly used, and machine-readable format or have it transferred to another controller.
– Right to Object: You may object to processing based on legitimate interests or to direct marketing.
To exercise your rights, please contact us at [email protected]. We may require you to verify your identity before fulfilling your request.
6. Security Measures
We implement appropriate technical and organizational security measures to safeguard your personal data against unauthorized access, disclosure, alteration, or destruction. These include, but are not limited to:
– SSL/TLS encryption for data in transit;
– Role-based access controls and authentication;
– Secure data backups and disaster recovery procedures;
– Physical and digital safeguards for data storage;
– Regular staff training and awareness on data privacy practices.
7. International Data Transfers
Where personal data is transferred outside of the United Kingdom or European Economic Area, such transfers are carried out in compliance with applicable data protection legislation. We use European Commission Standard Contractual Clauses (SCCs), UK Transfer Mechanisms, or other approved safeguards to protect your data in such circumstances.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Retention periods differ depending on the category of data:
– Usage and technical data: retained for up to 12 months for analytics and performance review;
– Account and profile data: retained as long as your account remains active or as required by legal obligations;
– Transaction data: retained for a minimum of 6 years in accordance with tax and audit laws;
– Communication and preference data: retained until no longer necessary for the purposes collected, unless you request deletion sooner.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance user experience and analyze website traffic. The types of cookies we use include:
– Essential Cookies: Necessary for the core functionality of the site, such as user authentication and session management.
– Functional Cookies: Enable enhanced features like saved preferences and accessibility settings.
– Performance Cookies: Collect anonymized data about website usage to help us optimize our services.
– Analytics Cookies: Help us analyze user behavior using tools like Google Analytics, but only after proper user consent is obtained.
10. Cookie Management and Compliance
At the time of your first visit to halfpennyfolkclub.com, you will be offered a choice to accept or decline the use of non-essential cookies. You can manage or revoke your consent at any time by adjusting your browser settings or using the cookie management tool on our website.
Under GDPR and CCPA, you have the right to:
– Be informed of cookie usage and tracking activities;
– Access the categories of data collected via cookies;
– Opt out of the “sale” of personal data (as defined under the CCPA);
– Restrict analytics and tracking tools through cookie settings.
11. Children’s Privacy
We do not knowingly collect or solicit personal information from children under the age of 13. If we become aware that personal data from a child under 13 has been collected without verifiable parental consent, we will delete it promptly. If you believe that a child has provided us with personal data, please contact us at [email protected] so we can investigate and take appropriate action.
12. Policy Updates
We may revise this Privacy Policy from time to time in order to reflect changes in our practices, legal obligations, or services. We encourage users to review this page periodically for the latest information on our privacy practices. Where material changes are made, we will take reasonable steps to notify you through the website or directly via email, where appropriate.
13. Contact Information
If you have any questions, requests, or concerns regarding this Privacy Policy, or if you would like to exercise your rights or lodge a privacy-related complaint, please contact us at:
Email: [email protected]
Website: https://halfpennyfolkclub.com
We are firmly committed to maintaining a privacy-first environment and ensuring your data rights are respected. For any concerns, complaints, or requests related to your personal data, please do not hesitate to get in touch.