Privacy Policy for sweetcharitywestend.com
1. Introduction
At Sweet Charity West End, accessible via sweetcharitywestend.com, we value and safeguard your privacy. We are fully committed to ensuring that personal data collected from our users is processed in compliance with all applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”). Your right to privacy and the security of your personal information are of the utmost importance to us. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data, as well as your rights and choices regarding your information.
2. Scope of the Policy and Controller Responsibility
This Privacy Policy applies to all personal data collected through our website, sweetcharitywestend.com, including data collected when you visit the site, engage with our content, purchase tickets or merchandise, or communicate with us.
For the purposes of applicable data protection laws, the data controller responsible for your personal data is Sweet Charity West End, and we can be reached at [email protected].
3. Categories of Data Processed
We collect and process the following categories of personal data:
– Usage Data: Includes browser type and version, IP address, time zone setting, operating system, referring website URLs, pages viewed, and details about your interaction with the site. This information helps us understand site performance and improve user experience.
– Account Data: If you create an account or provide information during a purchase or inquiry, we collect your name, postal address, email address, and telephone number.
– Profile Data: Includes details regarding your preferences, transaction history, user behavior on the site, and interactions with media content or promotions.
– Communication Data: Consists of records of your correspondence and communications with us, including support requests, emails, and feedback.
– Technical Data: We collect data regarding the devices you use to access the site, including hardware model, operating system, browser plug-ins, system configuration, and screen resolution.
– Transaction Data: This includes ticket and merchandise purchases, payment confirmation, billing details, and delivery information.
– Preference Data: Encompasses marketing consents, opt-in/out settings, product or show interest areas, and related communication preferences.
4. Legal Bases for Processing
We will only process your personal data where a lawful basis applies under the GDPR or CCPA:
– Consent: Where you have granted us explicit permission, such as subscribing to our marketing communications or accepting non-essential cookies.
– Contractual Necessity: Where data processing is necessary for entering into or performing a contract with you, such as ticket sales or merchandise fulfillment.
– Legal Obligation: To fulfill our legal duties including regulatory compliance and fraud prevention.
– Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided such interests are not overridden by your rights and freedoms. Legitimate interests include service enhancement, user engagement analysis, and fraud detection.
5. Your Rights
Individuals located in the European Economic Area (EEA), United Kingdom, or California have the following rights under applicable data protection laws:
– Right of Access: You have the right to access and receive a copy of your personal data we hold.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: Under certain circumstances, you may request deletion of your personal data.
– Right to Restriction: You may request that we suspend processing of your data under specific conditions.
– Right to Portability: You may request that we provide your data in a structured, commonly used, and machine-readable format for you to transfer to another controller.
– Right to Object: You may object to processing based on legitimate interests or to direct marketing at any time.
– Do Not Sell My Personal Information (California Residents): You may request that we do not sell your personal information with third parties.
To exercise any of these rights, please contact us directly at [email protected]. We may request verification of identity before fulfilling certain requests.
6. Security Measures
We implement technical and organizational security measures to ensure a high level of protection for your personal data, including:
– Encryption of data in transit and at rest.
– Role-based access controls with authentication protocols.
– Secure server infrastructure.
– Regular data backups and disaster recovery plans.
– Cybersecurity awareness training for personnel with access to personal data.
Despite our efforts, no method of transmission over the internet or method of electronic storage is completely secure; we cannot guarantee absolute security.
7. International Data Transfers
Your personal data may be transferred to, and processed in, countries outside the EEA or UK. When we transfer data internationally, we ensure that:
– The transfer is to countries deemed to provide adequate data protection by the European Commission, or
– Appropriate Standard Contractual Clauses (SCCs) or similar legal safeguards are implemented, or
– You have provided explicit consent where no other transfer mechanism exists.
8. Data Retention
We retain personal information only as long as necessary for the purposes it was collected or as required under applicable law. Specific retention periods include:
– Usage and Technical Data: up to 26 months, for analytics and performance assessment.
– Account and Profile Data: as long as your account is active or as needed to provide services.
– Transaction Data: retained for a minimum of 6 years to comply with tax and legal obligations.
– Communication Data: up to 3 years after the last contact.
– Preference and Marketing Consent Data: until you withdraw your consent or as required by law.
Upon request or account deletion, data not required for legal or contractual obligations will be securely erased.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance functionality and user experience. Cookies fall into the following categories:
– Essential Cookies: Necessary for site functionality (e.g., session authentication, ticket cart).
– Functional Cookies: Enable preferences and personalization, such as language settings.
– Analytics Cookies: Collect information on site usage to help us improve website performance.
– Performance Cookies: Measure responsiveness and help us troubleshoot performance issues.
10. Cookie Management & Compliance
In compliance with GDPR and CCPA, we provide a cookie banner enabling users to accept or reject non-essential cookies when visiting sweetcharitywestend.com. You can manage your preferences at any time via our cookie management tool or by adjusting browser settings. For California residents, “Do Not Sell My Personal Information” preferences may also be managed via our website interface.
11. Protection of Children’s Privacy
We do not knowingly collect, solicit, or process personal information from children under the age of 13. If we learn that a child under 13 has provided us with personal information without verifiable parental consent, we will delete that information promptly. If you believe this has occurred, please contact us at [email protected].
12. Policy Updates
We may update this Privacy Policy to reflect changes to our practices or for legal compliance. Where required by law, we will notify you of such changes through email or via prominent notices on sweetcharitywestend.com. We encourage you to review this policy regularly to stay informed of how we are protecting your data.
13. Contact Us
For questions, concerns, or to exercise your data protection rights, please contact:
Email: [email protected]
If you are located in the EU or UK, you also have the right to lodge a complaint with your local data protection authority if you have concerns about how we handle your personal data.
Sweet Charity West End is committed to ensuring full compliance with GDPR, CCPA, and other relevant data protection laws. We welcome your feedback and concerns and are available to address any privacy-related inquiries at any time.