Your privacy is important to us. That’s why we’re committed to protecting and respecting your personal data in accordance with the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR).
Who are we?
We are Alba Real Ale Festival and will be what’s known as the ‘Controller’ of the personal data that you provide to us on this website.
How and why we collect information from you?
We seek to acquire information about you when you use our website. This includes; when you contact us through our website, when you purchase products and services from our website, or if you register to receive our newsletter service.
Whenever we request personal information from you on our website we will always aim to reasonably explain why we are collecting the information and refer you to this policy for more comprehensive detail. The points where we are requesting your personal information will be highlighted by the following symbol: 🔐
Please note, we do not collect or store personal data about you supplied or obtained from any 3rd party sources. Any data we store is only that which we have collected from you directly.
What type of information is collected from you?
Enquiry / contact forms
When you contact us about our products and services we will request personal details such as your name, address, telephone number, email address and where applicable, the company for whom you work.
When you request to receive our newsletter service we will request personal details such as your name, your email address and where applicable, the company for whom you work.
How is your information used?
We may use your information to:
- Respond to your enquiries
- Process online orders that you have placed with us (tickets or sponsorship)
- Carry out our obligations arising from any contracts entered into by you and us
- Seek your views or comments on the services we provide
- Notify you of changes to our service
- Send you communications which you have requested and that may be of interest to you
How long do we keep your information?
If you purchase any products and services from us, then under UK tax law we are required to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it can be erased on your request. We will hold your personal information on our systems indefinitely for marketing purposes or until you notify us that you no longer wish us to do so, unless your request contradicts our statutory obligations.
Who has access to your information?
As stated before, your privacy is important to us. That’s why we will not, under any circumstances, sell or rent your personal information to any third parties. In addition, we will not share your information with third parties for their specific marketing purposes.
3rd party representatives working on our behalf or in association with:
In order to respond to your enquiries, deliver products and services or to send your newsletters, we may need to pass your information to our 3rd party service providers. In all circumstances, we will remain the controller of your data and our 3rd party service providers will be processors of your data.
For example, if you subscribe to our newsletter service, your personal data may be processed by a 3rd party email processor such as MailChimp who specialise in the delivery of email newsletter services.
When we use third party service providers, we disclose only the personal information that is absolutely necessary in order to deliver the service. We also have contracts in place with all ‘3rd Party Service Providers’ that requires them to keep your information secure and not to use it for their own direct marketing purposes.
Restricting marketing communications
It’s important that you are aware that you have a choice about whether or not you wish to receive marketing information or ticket sales notifications from us.
If you have previously given us consent to process your personal data and send you marketing
information, you can withdraw this consent at any time by unsubscribing or contacting us directly.
We will aim to cease the delivery of all marketing communications to you immediately on receipt on your objection or un-subscription.
How you can access, update and delete your information?
Accessing your data
You have the right to ask for a copy of the information we hold about you. You can request a copy of this data at any time by contacting us directly. We will, where possible, always supply your personal data in a convenient and transferable format within 30 days.
Updating your data
Your personal data probably changes all of the time, and the accuracy of your information is important to us. Therefore, if your details do change, or the information we hold becomes inaccurate or out of date, please let us know by contacting us directly and we will rectify your data.
Deleting your data
If you would like us to delete or erase your personal information from our systems, then where possible (if not required for statutory or contractual requirements) we will do so within 30 days and provide confirmation that your data has been removed from our systems. To request that your personal data is erased from our systems, please contact us directly.
Transferring your information outside of Europe
In order to complete some forms of communications or service delivery, we may need to pass your information to service suppliers who are registered outside the European Union (“EU”). For example, this may occur if we use the US based newsletter emailing service provider MailChimp. We also use US based Stripe to accept secure online payments.
By submitting your personal data, you’re agreeing to this transfer, storing or processing. When transferring your information outside of the EU, we take steps to ensure that your privacy rights continue to be protected.
Our website is protected with 128 Bit SSL encryption. This means that any information we collect from you via our website is protected and secure. When you are asked for any personal data on our website, you will see a lock icon in your browser, ratifying that your data is secure.Once we receive your information, we make our best effort to ensure its security on our systems. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. In the unlikely event of our systems and your data being breached, then we will notify you within at least 30 days including full details of what parts of your personal data have been compromised.
Use of ‘cookies’
It is possible to configure or completely switch off ‘Cookies’ by changing your browser preferences.
Links from us to other websites
In order to provide you with further information or additional reference points, our website may contain links to other websites run by other organisations. Please be aware, that we cannot be responsible for the protection and privacy of your information which you provide whilst visiting other websites and such sites are not governed by this privacy
statement. You should exercise caution and look at the privacy statement applicable to the website in question.
If at any point you wish to raise a complaint about how we have handled your personal data, then please contact us directly. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in November 2019.