Version 5
PRIVACY AND COOKIES POLICY
Effective Date: March 29, 2021
1. Who are we?
1.1 We are Etch Rock Limited. You can contact us at security@etchrock.com. Other contact details are on our website.
2. What’s the point of this policy?
2.1 It tells you what to expect when we collect your personal information. Please only use our service if you are completely happy with this policy.
2.2 Generally, the policy covers only information provided to us. If you give personal information to other people, such as payment providers or other websites, please check their privacy policies.
2.3 NB Note that personal information of participants / donors / fundraisers is collected by event organisers / charities, who are the “data controllers”. We act as data processors of this information on their behalf. Please contact them if you need more information.
4. What do we collect?
4.1 Information which you upload to our service or otherwise give us such as: a) your name and contact details;
b) other information provided when you register with us such as date of birth and gender;
c) details about your transactions on our service;
d) information included in your profile, such as photos, as well as posts, reviews or which you otherwise provide for display on our service or which you include in messages sent via our service;
e) contact or other information which you give or allow us to use for newsletters or other marketing; and
f) your communications with us.
4.2 Information contained in Gift Aid forms or which event organisers / charities opt to collect from you when you book tickets for an event or make a donation via our service. This may include sensitive personal information such as relevant medical history. (We collect this information as data processors on behalf of event organisers / charities.)
4.3 Automated information such as the internet protocol (IP) address used to connect your device to the internet, connection information such as browser type and version, information about your device including device-type and device identifier, operating system and platform, mobile network data, a unique reference number linked to the data you enter on our system, login details, clickstream data, details of your activity with date / time stamps including pages you visited and your searches / transactions.
4.4 If you log in via Facebook or Strava: Information from your public profile, your email address and your friends list. If you make available to us someone else’s email address for “refer a friend” or similar, we will send a referral message to that person and we will then immediately delete it.
5. What’s our reason / legal basis for collecting the information?
5.1 Because it’s necessary to take steps at your request to enter into a contract with you and/or to perform such a contract, e.g., send service messages, process payments and fulfil orders. This applies to initial enquiries and to contact and transaction details as well as to location information and profiles and other information which you provide for public display on our service.
5.2 Because it’s in our “legitimate interests”, e.g., to manage and improve our service including tracking usage patterns and preventing or detecting fraud or abuse. This applies to automated usage data. 5.3 Because you’ve specifically agreed on our service (e.g, by ticking a consent box). This applies to contact or other information which you give or allow us to use for newsletters or other marketing. You can withdraw permission at any time as explained on our service or by emailing us at the above email address.
6. What about cookies?
6.1 We and/or third parties use cookies and other tracking technologies on our website. A cookie is an identifier (a small file of letters and numbers) that is sent to your computer. Our website’s functionality will be limited if you configure your browser to reject cookies.
6.2 Cookies are widely used to make websites work, or work more efficiently, as well as to provide information to the website owner or others. Session cookies are temporary cookies that remain in the cookie file of your browser only until your browser is closed. They allow websites to link your actions during a browser session. Persistent cookies stay in the cookie file of your browser for longer (how long will depend on the lifetime of the specific cookie). For further information on cookies, including how to use your browser to block them and how to delete cookies already stored on your device, visit: www.allaboutcookies.org.
6.3 We ourselves place the following types of cookies:
|
Type of cookies |
Purpose |
|
Logged-in status |
Assess whether you are logged in to our site |
|
“Remember me” |
Remember you and speed up your login when you return to our site |
|
Authentication |
Identify and authenticate you to help you move easily through the site |
|
Preferences |
Store information about the preferences you’ve selected (e.g. favourites, currency, wishlists) and personalise the site |
|
Shopping cart |
Remember contents of your cart and related preferences |
|
Affiliate |
Track whether you have visited us from websites affiliated with us so we can pay affiliates and assess the effectiveness of the affiliate links |
|
Security |
Provide security-related features to protect our site, for example to help stop fraudulent logins |
|
Cookie notice |
Store your response to our cookie notice |
6.4 Companies which provide us with a service also place cookies. Some of these cookies (e.g. from Google) may involve certain information, such as your IP address and web address of the page you’re visiting, being sent to the company concerned. Below is a summary of the kinds of cookies used together with details about who places them and where you can go to get more information and to opt out (where possible):
a) Analytics cookies: These kinds of cookies recognise and count the number of website visitors as well as providing other information about the visit such as duration, route through the website and where the visitor came from. This information helps us to improve the way our website works, for example by making sure users find what they need easily. These cookies are provided by:
• Google Analytics (“GA”). More:
- general information about the types of cookies placed by Google including analytics
- a technical explanation of GA cookies
- Google’s use of its partners’ data including how to control information collected by Google
- how to specifically opt out from GA cookies
- Google’s privacy policy
b) Social media cookies: These kinds of cookies are placed by social media companies when you use their features on another site, for example if you play embedded audio or video, click a Facebook “like” or sent a tweet. These features may involve the relevant companies using cookies to collect information relating to your visit to our website or your interaction with their services or otherwise. Click the following links for further information including how to opt out where this is possible: Facebook, Twitter, Google Plus, LinkedIn, Pinterest, Instagram, YouTube
c) Payment provider cookies: Our payment provider may place cookies if you use their payment services on our site:
- Stripe’s privacy policy
- Square’s privacy policy
d) Third party log-in cookies: If you log in through a third party website, that website will place its own cookies on your computer: Facebook. Strava.
7. How long do we keep your personal information?
7.1 Until your account is closed or our contract with you has otherwise ended.
7.2 We may hold on to some of your information for longer (typically up to six years) if reasonably needed for legal, regulatory or tax reasons, deal with disputes, prevent fraud or abuse and/or enforce our terms and conditions.
7.3 We will delete personal information of event participants after 30 days following closure of the event organiser’s account. (Please liaise with event organisers about this as they are the “data controllers” of this information.)
7.4 We will keep your information which we use for marketing until you tell us to stop sending you marketing messages.
8. To whom do we send or make available your personal information?
8.1 To other people who supply us with a service, e.g. e-commerce platform providers, website hosts, content delivery networks and businesses which help us send communications or monitor our website.
8.2 To Mailchimp (see privacy policy) Hubspot (see privacy policy) or SecretSource Marketing (see privacy policy), if event organisers or charities opt to use those services (via our platform) to enable them to email or otherwise communicate with you.
8.3 To event organisers / charities who opt to collect your personal information via our platform.
8.4 To HMRC, in the case of Gift Aid information.
8.5 To other users of our service, if you create a public profile or otherwise include the personal information in a post, comment, donation or other public action on our service. You have the option of hiding your profile and profile information. In the case of donations, you can hide your name / image so that you cannot be publicly identified. To remove information placed on the site such as comments and posts, you will need to delete your account.
8.6 To the relevant authorities or complainants, if we think the personal information breaches our terms and conditions, or it is necessary to protect us or others, or that a criminal act may have been committed, or we are required to do so by law or appropriate authority.
8.7 To potential buyers so far as reasonably necessary, in the case of an actual or proposed (including negotiations for a) sale or merger or business combination involving all or the relevant part of our business.
9. Do we send your information outside the European Union?
9.1 Your personal information which we collect is stored within the EU and is not transferred to any third countries except that your personal information may be transferred to the US by the following companies certified under the EU-US Privacy Shield Framework, which provides certain safeguards for your personal information: Google (analytics), Mailchimp and Hubspot (email delivery) and the social media companies referred to above.
10. What rights do you have?
10.1 If the legal requirements are met: To ask us for access to your personal information, to rectify it if there are mistakes, to delete or restrict its use in certain circumstances or to “data portability” or to withdraw any consent you’ve given (e.g. marketing).
10.2 You may also have the right to object to use of your personal information in certain circumstances.
10.3 If you have a complaint about how we are dealing with your personal information, please contact us via the email address above. If you are not happy with our response or think we are not handling your personal information in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
10.4 For more information about your rights, visit the ICO’s website: www.ico.org.uk.