Version 4
PRIVACY AND COOKIES POLICY
Effective Date: October 18, 2019
1.1
We are Etch Rock Limited. You can contact us at security@etchrock.com. Other contact details are on our website.
2.
What’s the point of this policy?
2.1
It tells you what to expect when we collect your personal information. Please only use our service if you are completely happy with this policy.
2.2
Generally, the policy covers only information provided to us. If you
give personal information to other people, such as payment providers or
other websites, please check their privacy policies.
2.3
NB Note that personal information of participants / donors /
fundraisers is collected by event organisers / charities, who are the “data
controllers”. We act as data processors of this information on their
behalf. Please contact them if you need more information.
3.
Might the policy change?
3.1
Yes. We will post any new version on our website (please check whenever
you visit the site) and also notify you by email, SMS, in-app message or
otherwise. We will assume you agree to the new version of the policy if you
use our site or app after its effective date.
4.1
Information which you upload to our service or otherwise give us such
as:
a) your name and contact details;
b) other information provided when you register with us such as date of
birth and gender;
c) details about your transactions on our service;
d) information included in your profile, such as photos, as well as posts,
reviews or which you otherwise provide for display on our service or which
you include in messages sent via our service;
e) contact or other information which you give or allow us to use for
newsletters or other marketing; and
f) your communications with us.
4.2
Information contained in Gift Aid forms or which event organisers /
charities opt to collect from you when you book tickets for an event or
make a donation via our service. This may include sensitive personal
information such as relevant medical history. (We collect this information
as data processors on behalf of event organisers / charities.)
4.3
Automated information such as the internet protocol (IP) address used
to connect your device to the internet, connection information such as
browser type and version, information about your device including
device-type and device identifier, operating system and platform, mobile
network data, a unique reference number linked to the data you enter on our
system, login details, clickstream data, details of your activity with date
/ time stamps including pages you visited and your searches / transactions.
4.4
If you log in via Facebook or Strava: Information from your public
profile, your email address and your friends list. If you make available to
us someone else’s email address for “refer a friend” or similar, we will
send a referral message to that person and we will then immediately delete
it.
5.
What’s our reason / legal basis for collecting the information?
5.1
Because it’s necessary to take steps at your request to enter into
a contract with you and/or to perform such a contract, e.g., send
service messages, process payments and fulfil orders. This applies to
initial enquiries and to contact and transaction details as well as to
location information and profiles and other information which you
provide for public display on our service.
it.
5.2
Because it’s in our “legitimate interests”, e.g., to manage and improve
our service including tracking usage patterns and preventing or detecting
fraud or abuse. This applies to automated usage data.
it.
5.3
Because you’ve specifically agreed on our service (e.g, by ticking a
consent box). This applies to contact or other information which you give
or allow us to use for newsletters or other marketing. You can withdraw
permission at any time as explained on our service or by emailing us at the
above email address.
6.1
We and/or third parties use cookies and other tracking technologies on
our website. A cookie is an identifier (a small file of letters and
numbers) that is sent to your computer. Our website’s functionality will be
limited if you configure your browser to reject cookies.
6.2
Cookies are widely used to make websites work, or work more
efficiently, as well as to provide information to the website owner or
others. Session cookies are temporary cookies that remain in the cookie
file of your browser only until your browser is closed. They allow websites
to link your actions during a browser session. Persistent cookies stay in
the cookie file of your browser for longer (how long will depend on the
lifetime of the specific cookie). For further information on cookies,
including how to use your browser to block them and how to delete cookies
already stored on your device, visit:
www.allaboutcookies.org
6.3
We ourselves place the following types of cookies:
Type of cookies
|
Purpose
|
Logged-in status
|
Assess whether you are logged in to our site
|
“Remember me”
|
Remember you and speed up your login when you return to our
site
|
Authentication
|
Identify and authenticate you to help you move easily
through the site
|
Preferences
|
Store information about the preferences you’ve selected
(e.g. favourites, currency, wishlists) and personalise the
site
|
Shopping cart
|
Remember contents of your cart and related preferences
|
Affiliate
|
Track whether you have visited us from websites affiliated
with us so we can pay affiliates and assess the
effectiveness of the affiliate links
|
Security
|
Provide security-related features to protect our site, for
example to help stop fraudulent logins
|
Cookie notice
|
Store your response to our cookie notice
|
6.4
Companies which provide us with a service also place cookies. Some of
these cookies (e.g. from Google) may involve certain information, such as
your IP address and web address of the page you’re visiting, being sent to
the company concerned. Below is a summary of the kinds of cookies used
together with details about who places them and where you can go to get
more information and to opt out (where possible):
a) Analytics cookies: These kinds of cookies
recognise and count the number of website visitors as well as providing
other information about the visit such as duration, route through the
website and where the visitor came from. This information helps us to
improve the way our website works, for example by making sure users find
what they need easily. These cookies are provided by:
-
Google Analytics (“GA”).
More:
- general information about the
types of cookies
placed by Google including analytics
- a
technical explanation
of GA cookies
- Google’s
use of its partners’ data
including how to control information collected by Google
- how to specifically
opt out from GA cookies
- Google’s
privacy policy
b) Social media cookies: These kinds of cookies are
placed by social media companies when you use their features on another
site, for example if you play embedded audio or video, click a Facebook
“like” or sent a tweet. These features may involve the relevant
companies using cookies to collect information relating to your visit
to our website or your interaction with their services or otherwise.
Click the following links for further information including how to opt
out where this is possible:
Facebook
,
Twitter
,Google Plus,LinkedIn,Pinterest,Instagram, YouTube
c) Payment provider cookies: Our payment provider may
place cookies if you use their payment services on our site:
- Stripe’s privacy policy
- Square’s
privacy policy
d) Third party log-in cookies: If you log in
through a third party website, that website will place its own cookies on
your computer:Facebook. Strava
7.
How long do we keep your personal information?
7.1
Until your account is closed or our contract with you has otherwise
ended.
7.2
We may hold on to some of your information for longer (typically up to
six years) if reasonably needed for legal, regulatory or tax reasons, deal
with disputes, prevent fraud or abuse and/or enforce our terms and
conditions.
7.3
We will delete personal information of event participants after 30 days
following closure of the event organiser’s account. (Please liaise with
event organisers about this as they are the “data controllers” of this
information.)
7.4
We will keep your information which we use for marketing until you tell
us to stop sending you marketing messages.
8.
To whom do we send or make available your personal information?
8.1
To other people who supply us with a service, e.g.
e-commerce platform providers, website hosts, content delivery networks and
businesses which help us send communications or monitor our website.
8.2
To Mailchimp (see
privacy policy) Hubspot (see
privacy policy) or
SecretSource Marketing (see
privacy policy
), if event organisers or charities opt to use those services (via our
platform) to enable them to email or otherwise communicate with you.
8.3
To event organisers / charities who opt to collect your personal
information via our platform.
8.4
To HMRC, in the case of Gift Aid information.
8.5
To other users of our service, if you create a public profile or
otherwise include the personal information in a post, comment, donation or
other public action on our service. You have the option of
hiding your profile and profile information. In the case of donations, you
can hide your name / image so that you cannot be publicly identified. To
remove information placed on the site such as comments and posts, you will
need to delete your account.
8.6
To the relevant authorities or complainants, if we think the personal
information breaches our terms and conditions, or it is necessary to
protect us or others, or that a criminal act may have been committed, or we
are required to do so by law or appropriate authority.
8.7
To potential buyers so far as reasonably necessary, in the case of an
actual or proposed (including negotiations for a) sale or merger or
business combination involving all or the relevant part of our business.
9.
Do we send your information outside the European Union?
9.1
Your personal information which we collect is stored within the EU and
is not transferred to any third countries except that your personal
information may be transferred to the US by the following companies
certified under the
EU-US Privacy Shield Framework
, which provides certain safeguards for your personal information: Google
(analytics), Mailchimp and Hubspot (email delivery) and the social media
companies referred to above.
10.
What rights do you have?
10.1
If the legal requirements are met: To ask us for access to your
personal information, to rectify it if there are mistakes, to delete or
restrict its use in certain circumstances or to “data portability” or to
withdraw any consent you’ve given (e.g. marketing).
10.2
You may also have the right to object to use of your personal
information in certain circumstances.
10.3
If you have a complaint about how we are dealing with your personal
information, please contact us via the email address above. If you are not
happy with our response or think we are not handling your personal
information in accordance with the law, you can complain to the Information
Commissioner’s Office (ICO).
10.4
For more information about your rights, visit the ICO’s website:
www.ico.org.uk.
Version 4.0