Privacy Policy for dadafest.com
1. Introduction
At DaDaFest (accessible at dadafest.com), we are fully committed to safeguarding the personal data entrusted to us. We respect your privacy and are dedicated to ensuring that your personal information is handled in a transparent, secure, and responsible manner. This Privacy Policy outlines how we process your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, the California Consumer Privacy Act (“CCPA”), and other applicable laws.
2. Scope of Policy and Role as Data Controller
This Privacy Policy applies to personal data collected through our website, services, and interactions with you. For the purposes of data protection laws, DaDaFest is the “data controller” of your personal data, meaning we determine the purposes and means of processing.
This policy governs data collected via dadafest.com and communications made to or from the organisation, including by email, online forms, social media, and other engagement channels.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
– Usage Data: This includes information about how you interact with our website such as IP address, browser type and version, device identifiers, referral URLs, pages visited, time spent on pages, and other diagnostic data. We collect this data to ensure optimal performance and security of our digital platforms.
– Account Data: If you register or interact with our services, we may collect your full name, email address, postal address, phone number, password (hashed), and account preferences.
– Profile Data: Includes your preferences, purchase history, behaviour on the website, interactions with our campaigns or newsletters, and attendance to events.
– Communication Data: Includes records of correspondence when you contact us, including via email to [email protected], forms submitted on the website, customer support inquiries, and any feedback or surveys you complete.
– Technical Data: Information about the device you use to access our site, including the operating system, system language, browser settings, screen resolution, and network provider.
– Transaction Data: If you purchase tickets, products, or make a donation, we may collect payment information (via a secure third-party processor), billing information, transaction history, and delivery details.
– Preference Data: Marketing preferences, language selection, accessibility needs, and specific areas of interest regarding our events or communications.
4. Legal Bases for Processing
We process your personal data on the following legal grounds:
– Consent: Where applicable, such as when you opt-in to marketing emails or accept non-essential cookies, we will rely on your explicit consent.
– Contractual Necessity: For processing necessary to fulfil our contract with you, such as delivering purchased tickets or services.
– Legal Obligation: To comply with applicable legal obligations, including financial, tax, or regulatory requirements.
– Legitimate Interests: For the provision and improvement of our services, maintenance of our website, event promotion, fraud prevention, and relationship management. We ensure such processing does not override your rights and freedoms.
5. Your Rights
Under GDPR and applicable data protection laws, you have the following rights:
– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: The right to have inaccurate or incomplete data corrected.
– Right to Erasure: Commonly known as “the right to be forgotten”, you may request that your data be deleted where appropriate.
– Right to Restriction: You can request we restrict the processing of your data under certain circumstances.
– Right to Data Portability: You may request to receive your personal data in a structured, commonly used format, or request transfer to another controller, where applicable.
– Right to Object: You may object to processing based on legitimate interests, as well as to direct marketing.
To exercise your rights, please contact us at: [email protected]. We may require identity verification before processing your request.
6. Security Measures
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
– Encryption of data in transit and at rest
– Access control through role-based permissions and multi-factor authentication
– Regular security audits and software updates
– Staff data protection training and awareness
– Regular data backups and secure archiving methods
7. International Transfers
We may transfer your data to service providers or partners located outside the UK or European Economic Area (EEA). When such transfers occur, we ensure appropriate safeguards are in place, such as:
– Standard Contractual Clauses (SCCs) approved by the European Commission
– Transfer under adequacy decisions recognised by authorities
– Binding Corporate Rules, where applicable
We strive to ensure your data receives adequate protection wherever it is processed.
8. Data Retention
We retain your personal data no longer than necessary for the purposes for which it was collected, including:
– Account Data: Retained for the duration of your relationship with us, plus up to 6 years for legal or reporting purposes
– Transaction Data: Retained for up to 7 years as required for financial compliance
– Usage and Technical Data: Retained for 12 to 24 months for system analytics and diagnostics
– Communication Data: Retained up to 3 years after last contact
– Marketing Preferences: Maintained indefinitely unless you request deletion or opt-out
We periodically review and safely delete or anonymize data that is no longer required.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance user experience. Cookies are categorised as follows:
– Essential Cookies: Necessary for website functionality and security (e.g., session management, login)
– Functional Cookies: Enable enhanced features such as language preferences and accessibility tools
– Performance Cookies: Gather anonymised data about how users interact with our site to improve performance
– Analytics Cookies: Provided by third parties like Google Analytics to track aggregate behaviour
We do not use cookies to collect sensitive personal data without your consent.
10. Cookie Management and Regulatory Compliance
On your first visit to dadafest.com, you are presented with a cookie banner allowing you to accept or reject non-essential cookies. You can manage your preferences at any time through a dedicated Cookie Settings panel on our website.
We comply with GDPR by obtaining user consent before placing non-essential cookies and with the CCPA by providing California residents with the right to opt out of the “sale” or “sharing” of their personal information.
11. Children’s Privacy
We do not knowingly collect personal data from children under the age of 13. If we learn that we have inadvertently processed data from a child without verified parental consent, we will take prompt steps to delete such information. If you are a parent or guardian and believe your child has provided us personal data, please contact us at [email protected].
12. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in legal or operational practices. Where required by law or where the changes materially affect your rights, we will notify you via email or website notice. We encourage you to periodically review this page to stay informed of how we protect your data.
13. Contact Us
If you have any questions, concerns, or wish to exercise your data protection rights, please contact us at:
DaDaFest
Email: [email protected]
Website: https://dadafest.com
We are committed to full compliance with all applicable privacy regulations and are happy to assist you with any privacy-related concerns.