PRIVACY POLICY
1. Introduction
At Gŵyl Macs Fest (“we,” “us,” or “our”), accessible via gwylmacsfest.com (the “Website”), we are deeply committed to safeguarding your privacy and protecting your personal data. We value your trust and strive to ensure that your information is handled responsibly, transparently, and in full compliance with applicable data protection laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
2. Scope of This Policy & Data Controller Role
This Privacy Policy applies to all individuals who access or use gwylmacsfest.com and outlines how we collect, use, disclose, and protect your personal information. Gŵyl Macs Fest acts as the data controller in relation to the personal data collected through this Website. This means we are responsible for deciding how we hold and use your personal data.
3. Categories of Data We Process
We may collect and process the following categories of personal data, depending on your interactions with our Website:
a. Usage Data: includes information about how you use our Website, such as browser type, IP address, access times, page views, referring websites, and session duration.
b. Account Data: includes identifiers such as your full name, home or billing address, email address, and telephone number provided when you create an account or complete forms on our Website.
c. Profile Data: includes data derived from your interactions with our Website, including event preferences, ticket purchases, and other behavioral indicators.
d. Communication Data: includes the content of communications you send to us, including support queries, email correspondence, and contact form submissions.
e. Technical Data: includes device type, operating system, system configuration, mobile network data, and platform type.
f. Transaction Data: includes payment information (processed by secure third-party processors), ticket purchase history, delivery details, and billing status.
g. Preference Data: includes marketing preferences, subscription settings, and product interests, as specified by you or inferred based on your behavior.
4. Legal Bases for Processing
We process your personal data in accordance with applicable legal grounds, which may include:
– Consent: where you have explicitly agreed to the processing of your personal data, for example, by subscribing to our newsletter.
– Contract: where the processing is necessary for the performance of a contract with you, such as ticket purchases or event participation.
– Legitimate Interests: where processing is necessary for our legitimate interests, such as improving the Website, ensuring network security, or communicating event updates, provided that these interests do not override your rights and freedoms.
– Legal Obligations: where required by law or regulatory obligation.
5. Your Data Protection Rights
Subject to certain conditions, you have the following rights under GDPR and CCPA regarding your personal data:
– Right of Access: to request confirmation as to whether we process your personal data, and to receive access to such data.
– Right to Rectification: to request correction of inaccurate or incomplete data associated with your account.
– Right to Erasure: to request deletion of your personal information under applicable conditions (also referred to as the “right to be forgotten”).
– Right to Restriction of Processing: to request that we limit the way your data is used under certain conditions.
– Right to Data Portability: to receive your data in a structured, commonly used, and machine-readable format, and to request its transmission to another controller.
– Right to Object: to object to our processing of your data where we rely on legitimate interest or where your data is used for direct marketing purposes.
– Right not to be subject to automated decision-making, including profiling, where it produces legal effects concerning you or significantly affects you.
To exercise any of your rights, please contact us at [email protected]. We may require additional verification or information to fulfill such requests.
6. Security Measures
We are committed to maintaining the security of your personal data. We employ a range of organizational and technical measures designed to protect your information, including but not limited to:
– Encryption of data during transmission and storage
– Role-based access controls and user authentication
– Firewalls and anti-malware tools
– Regular security audits and vulnerability assessments
– Employee training and access governance protocols
– Data backups and disaster recovery systems
7. International Data Transfers
If your data is transferred outside of the European Economic Area (EEA), we ensure that it receives a similar level of protection through the use of:
– Standard Contractual Clauses approved by the European Commission
– Binding Corporate Rules
– Adequacy decisions issued by the European Commission for certain countries
By using our Website, you acknowledge and agree to these practices regarding cross-border data transfers.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
– Usage and Technical Data: retained for up to 12 months for analytics and diagnostic purposes.
– Account and Profile Data: retained for the duration of your relationship with us and up to 2 years after account inactivity, unless otherwise required by law.
– Transaction Data: retained for 7 years for compliance with financial and tax reporting obligations.
– Communication Data: retained for 3 years after request closure or final correspondence.
– Preference Data: reviewed annually and retained for as long as your consent remains active or until unsubscribed.
9. Cookie Policy
We use cookies and similar technologies on gwylmacsfest.com to enhance your browsing experience, understand user behavior, and deliver relevant content. The types of cookies we use include:
– Essential Cookies: necessary for the operation of the Website and enabling basic functionality such as page navigation and access to secure areas.
– Functional Cookies: allow the Website to remember your preferences, such as language settings or region.
– Analytics Cookies: help us understand Website traffic, usage patterns, and visitor interactions to improve our service.
– Performance Cookies: facilitate measurement of the effectiveness of our marketing campaigns and optimize user experience.
10. Cookie Management & Legal Compliance
In accordance with GDPR and CCPA, we provide you with a cookie consent mechanism on our Website through which you can accept or reject non-essential cookies. You may also modify your browser settings to control cookies at the device level. Users in California have additional rights under the CCPA, including the right to opt out of the sale of personal information.
11. Children’s Privacy
Our Website is not intended for children under the age of 13, and we do not knowingly collect or process personal data from anyone under this age. If we become aware that we have inadvertently collected data from a child under 13, we will take appropriate steps to delete such data from our systems.
12. Policy Updates and Notifications
We reserve the right to modify this Privacy Policy at any time to reflect changes in our legal obligations, data processing practices, or functionalities offered on gwylmacsfest.com. Material changes to this Policy will be communicated through our Website or via other appropriate channels. We encourage you to review this Policy regularly to stay informed of how we protect your data.
13. Contact Us
If you have any questions, requests, or concerns regarding this Privacy Policy or our data handling practices, please contact us at:
Email: [email protected]
We are committed to protecting your privacy rights and will respond promptly and effectively to any inquiries you may have.
This Privacy Policy reflects our commitment to data privacy in accordance with the GDPR, CCPA, and other applicable legislation. Thank you for trusting Gŵyl Macs Fest with your personal information.