Privacy and Cookies Policy
- 1.1 We are committed to protecting the privacy of visitors to our websites http://www.merrimentatelier.com and service users.
- 1.2 These rules apply when we act as a data controller with respect to the personal data of our website visitors and service users; in other words, when we determine the purposes and means of processing this personal data.
“Personal data” is defined in Article 4 (1) of the EU General Data Protection Regulation:
“(1)“ personal data ”means any information relating to an identified or identifiable natural person (“ data subject ”); an identifiable natural person may be identified directly or indirectly, in particular by an identifier, name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, the economic, cultural or social identity of that natural person.
- 1.3 Cookies are used on our websites.
A cookie is a small text file created by our website that will be stored on a device such as a computer, smartphone or tablet from which or which the user has access to our website. The purpose of cookies is to remember and accordingly recognize user details such as username and password. Cookies also store some information about the user’s preferences or past actions in search engines.
Most browsers store all cookies in a simple file and information about them can be found in the “Privacy” or “Security” sections. The user has the opportunity to delete parts or all cookies stored on his/her devices, through the instructions in the settings of the browser he uses.
- 1.4 Our websites include privacy controls, which affect how we process your personal information. Using privacy controls, you can specify whether you want to receive direct marketing messages and restrict the publication of your information. You can access the privacy controls via [URL].
- 1.5 In this policy, “we”, “us” and “our” refer to Mrs Mariella Wilson, a certified Data Protection Officer with a registration number ZA378271 and owner of Merriment Atelier Limited.
2.How we use your personal data
- 2.1 In section 2 we set out:
a) the general categories of personal data that we may process;
b) in the case of personal data which we have not received directly from you, the source and the specific categories of such data;
c) the purposes for which we may process personal data; and
(d) the legal grounds for the processing.
- 2.2 We may process data about the use of our website and services (“usage data“). Usage data may include your IP address, geographic location, browser type and version, operating system, referral source, duration of visit, page views and navigation paths of the website, as well as information about the time of residence of the website pages. . The sources of data for use are Google Ads, Google Analytics, Facebook Pixels, Pinterest, Instagram, Yahoo. This usage data may be processed for the purposes of analyzing the use of the websites and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
- 2.3 We may process your account data (“account data“). Account information may include your name and email address. The source of your account data is you. Account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining backups of our databases and communicating with you.
When you purchase a ticket or workshop, private party or corporate events, your information is used to register for the workshop, to subscribe to our email or blog newsletters, to track your preferences and to inform you about a product and related personal interests. As a visitor to our sites, you are not required to provide any personal information.
The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
- 2.4 User profile data may include your ‘profile data, your name, email address, date of birth, relationship status, interests and hobbies, educational details and employment details. Account data may be processed for purposes that allow and control the use of our website and services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
- 2.5 We may process your personal data provided in the process of using our services (“service data”). Service details may include your name, email address, date of birth, relationship status, interests and hobbies, educational details, and employment details. The source of data for the service is you. Service data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining backups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
- 2.6 We may process information that you publish for publication on our websites or through our services (“publication data“). The publication data may be processed for the purposes of this publication and the administration of our website and services. The legal basis for this processing is our legitimate interests, namely [the proper administration of our website and business.
- 2.7 We may process the information contained in any inquiry you send us about goods and/or services (“enquiry data“). Enquiry data may be processed for the purpose of offering, marketing and selling the relevant goods and/or services for you. The legal basis for this processing is your prior consent.
- 2.8 We may process information relating to our customer relationships, including customer contact information (“customer relationship data“). Customer relationship data may include your name, position or role, the information contained in the communications between us and you or your employer. The source of customer relationship data is you. Customer relationship data may be processed to manage our customer relationships, communicate with customers, keeping records of those communications, and promoting our products and customer services. The legal basis for this processing is our legitimate interests, namely the proper management of our customer relationships.
- 2.10 We may process the information you provide to us by subscribing to our email notifications and/or free newsletters (“notification details“). Notification data may be processed for the purpose of sending the relevant notices and/or newsletters.
Your data will be included in the notification data if you have stated that you voluntarily provide it in exchange for using a discount voucher, downloading a free product, registering for an online workshop, live event or any other activity advertised on our websites, social networks, events selling platforms and others.
If you do not wish to receive information and/or marketing emails and a free newsletter from us, you can unsubscribe at any time. At the bottom of each email, there is a link to unsubscribe. If you have problems and can’t do it through the link provided, please email us to opt you out to email@example.com and your data will be manually removed from our lists.
The legal basis for this processing is your consent and the performance of a contract between you and us and/or taking steps at your request to enter into such a contract
- 2.11 We may process information contained in or relating to any communication you send us. (“Correspondent data“). Correspondence data may include the content of the communication and the metadata related to the communication. Our website will generate metadata related to the communications made through the website link forms. Correspondence data may be processed for the purpose of communicating with you and keeping records. The legal basis for this processing is our legitimate interests, namely the proper administration of the website and business and the communication with users.
- 2.13 We may process any of your personal data identified in these privacy policies when necessary for the purpose of obtaining or maintaining insurance coverage, risk management or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
- 2.14 In addition to the specific purposes for which we may process your personal data referred to in this section 2, we may also process any of your personal data where such processing is necessary to comply with a legal obligation to which we are subject or to protect your vital interests or the vital interests of another individual.
- 2.15 We may process information contained in or relating to any communication you send us. (“Social media.“). When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
- 2.16 Please do not provide us with personal data to any other person unless we ask you to do so.
3.Automated Decision Making
- 3.1 We will use your personal data for the purposes of automated decision making in order to draw your attention to topics, live workshops, tutorial on demand, products, online workshops, and other of our products or services that may be of interest to you. The automated decision-making process aims to make it easier and helpful for you to choose our product or service.
- 3.2 This automatic decision-making will involve the submission of consistent information about a product or service that you have previously stated that you are interested in. For example: if when purchasing a ticket for a workshop, you show interest in acrylic painting, then with a series of emails we will provide you with all the necessary information about this workshop including but not limited – mini-event planners, shopping list, art product suggestions and others. to facilitate and help you choose the right products.
- 3.3 The significance and possible consequences of this automated decision-making are the ability to concentrate and purposefully receive information about the live and virtual workshops and products you may want.
For your convenience, online payment buttons are located in the right places to help you quickly and easily purchase your desired workshop or product.
4.Disclosure of your personal data to other companies or individuals
- 4.1 We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) to the extent reasonably necessary for the purposes and for legal grounds.
- 4.2 We may disclose your personal information to our insurers and/or professional advisers to the extent reasonably necessary for the purpose of acquiring or maintaining insurance coverage, risk management, obtaining professional advice or establishing claims, whether in litigation or in administrative or extrajudicial proceedings.
- 4.3 We may disclose the specified categories or categories with personal data of our suppliers or subcontractors, as far as is reasonably necessary to specify the objectives.
- 4.4 The financial transactions related to our website and services are processed by our payment service providers Stripe, PayPal, Eventbrite and Facebook as well as a security system for all our products. We will exchange transaction data with our payment service providers only to the extent necessary to process your payments, refunding such payments, and process complaints and enquiries related to such payments and refunds.
- 4.5 We may disclose your enquiry data to one or more selected third party suppliers of goods and services listed on our website in order to enable them to contact you to offer, trade and selling relevant goods and/or services. Any such third party will act as a data controller in relation to the inquiry data we provide to it; and after contacting you, each third party will provide you with a copy of its own privacy statement, which will govern the use of your personal data by a third party. For example, such a third party could be Facebook, Pinterest or one of our online payment providers.
- 4.6 In addition to the specific disclosures of personal data referred to in this section 4, we may disclose your personal data when such disclosure is necessary to comply with a legal obligation to which we are subject or to protect your vital interests or vital interests of another individual. We may also disclose your personal information where such disclosure is necessary for the creation, exercise or defence of legal claims, whether in legal proceedings or administrative or out-of-court proceedings.
5.International translations of your personal data
- 5.1 In this section 5 we provide information on the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA) and the UK.
- 5.2 We have office and facilities in the United Kingdom. The European Commission has taken a “decision on adequacy” with regard to data protection laws in that country. If it is necessary to transfer data to another country, they will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission, a copy of which can be read here (https: //ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/international-transfers/).
- 5.3 The devices for hosting our website are located in London, United Kingdom. The European Commission has taken a “decision on adequacy” with regard to data protection laws in this country. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission, a copy of which can be obtained here ( https://ico.org.uk/ for-organizations / guide-to-the-general-data-protection-regulation-gdpr / international-transfers).
- 5.4 If indicating online financial institutions or categories of suppliers or subcontractors located in the United States, the European Commission has taken a “decision on adequacy” with regard to the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission, a copy of which can be obtained here – https://ico.org. uk / for-organizations / guide-to-the-general-data-protection-regulation-gdpr / international-transfers /)
- 5.5 You acknowledge that the personal data you submit for publication through our website or services may be available, on the internet, all over the world. We cannot prevent the use or misuse of such personal data by others.
6.Retention and deletion of personal data
- 6.1 This section 6 sets out the rules and procedure for data retention, which are designed to ensure compliance with our legal obligations regarding the retention and deletion of personal data.
- 6.2 Personal data that we process for any purpose or purposes are not stored longer than necessary for this purpose or for these purposes.
- 6.3 We will retain your personal data as follows:
a) A category or categories of personal data will be retained for a minimum period of 3 (three) years after the date of registration on some of our sites and for a maximum period of 7 (seven) years after the date of first registration.
In case of unsubscribing for free newsletters and using our live or online workshops, the data will be stored for a period of 1 (one) year, after which it will be deleted forever.
- 6.4 In some cases, it is not possible to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the retention period on the basis of the following criteria:
the retention period of a category of personal data will be determined on the basis of the specified criteria.
6.5 Notwithstanding the other provisions of this Section 6, we may retain your personal data when such retention is necessary to comply with a legal obligation to which we are subject or to protect your vital interests or the vital interests of another individual.
7.Security of personal data
- 7.1 We will take appropriate technical and organizational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.
- 7.2 We will store all your personal data on secure servers, personal computers and mobile devices and insecure handheld recording systems.
- 7.3 The following personal data will be stored by us in encrypted form: your name, contact information, password (s) and email.
- 7.4 Data relating to your inquiries and financial transactions that are sent from your web browser to our web server or from our web server to your web browser will be protected by the use of encryption technology.
- 7.5 You acknowledge that the transmission of unencrypted (or insufficiently encrypted) data over the Internet is inherently insecure and we cannot guarantee the security of data transmitted over the Internet.
- 7.6 You must ensure that your password is not perceived by a person or computer program. You are responsible for maintaining the confidential password you use to access our website and we will not ask you for your password (except when you log in to our website).
- 8.1 We may update these rules from time to time by posting a new version on our website.
- 8.2 You should check this page from time to time to ensure that you are satisfied with any changes to these policies.
- 8.3 We will notify you of changes to these policies by email or through the personal messaging system of our website.
- 9.1 In this section 9 we summarize the rights you have under data protection law. Some of the rights are complex and not all details are included in our summaries. You should therefore read the relevant laws and regulations from regulatory authorities for a full explanation of these rights.
- 9.2 Your basic rights under data protection law are:
a) the right of access;
(b) the right of adjustment;
(c) the right of deletion;
(d) the right to restrict processing;
(e) the right to object to the processing;
(f) the right to data portability;
(g) the right to lodge a complaint with a supervisory authority; and (
h) the right to withdraw consent.
- 9.3 You have the right to receive confirmation from us as to whether or not we process your personal data and when we do, you have access to your personal data, together with certain additional information. This additional information includes details of the purposes for which we process your data, the categories of relevant personal data and if we have shared your personal data with other people or companies.
You have the right to request information about how we use your personal data. The first copy is provided free of charge, but additional copies may be subject to a reasonable fee. You can request information about your personal information by sending us an email at firstname.lastname@example.org.
- 9.4 You have the right to request correction of your personal data stored with us.
- 9.5 In some cases, you have the right to delete your personal data without undue delay. These circumstances include: personal data are no longer necessary for the purposes for which they were collected or otherwise processed; withdraw your consent to the processing on the basis of consent; object to the processing according to certain rules of the applicable data protection legislation; the processing is for the purposes of direct marketing, and personal data have been illegally processed. However, there are exceptions to the right to delete. General exceptions include, where processing is required: to perform the right to freedom of expression and information; to comply with a legal obligation; or to establish, perform or defend legal claims.
- 9.6 In some cases, you have the right to restrict the processing of your personal data. These circumstances are: you dispute the accuracy of personal data; processing is illegal, but you oppose deletion; we no longer need personal data for processing purposes, but require personal data to establish, exercise or defend legal claims; and you have objected to the processing until this objection is confirmed. When processing is limited on this basis, we may continue to store your personal data. However, we will only process it in another way: with your consent; to establish, exercise or defend legal claims; to protect the rights of another natural or legal person; or for reasons of considerable public interest.
- 9.7 You have the right to object to the processing of your personal data on grounds related to your specific situation, but only insofar as the legal basis for the processing is that the processing is necessary for: performing the task performed in the public interest or in exercising any official powers conferred on us, or the purposes of legitimate interests pursued by us or a third party. If you make such an objection, we will stop processing personal information unless we can demonstrate convincing legitimate grounds for the processing that goes beyond your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
- 9.8 You have the right to object to the processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will stop processing your personal data for this purpose.
- 9.9 You have the right to object to the processing of your personal data for scientific or historical scientific purposes or for statistical purposes on grounds relating to your specific situation unless the processing is necessary for the performance of a task performed for reasons of public interest.
- 9.10 Insofar as the legal basis for the processing of your personal data is:
(A) consent; or
(b) that the processing is necessary for the performance of a contract to which you are a party or to take steps at your request before concluding a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, frequently used and machine-readable format. However, this right shall not apply where this would adversely affect the rights and freedoms of others.
- 9.11 If you believe that the processing of your personal information is in breach of personal data protection laws, you have the right to lodge a complaint with the data protection supervisory authority. You can do so in the EU Member State in which you normally reside, the place of work or the place of the alleged infringement.
- 9.12 To the extent that the legal basis for the processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of pre-withdrawal processing.
- 9.13 You may perform your rights in relation to your personal data by giving us written notice by mail or e-mail to email@example.com
- 10.1 Our website includes hyperlinks and details about third party websites.
- 10.2 We do not control and are not responsible for the privacy policies and practices of third parties.
11.Children’s Personal Data
- 11.1 Our website and services are aimed at people over the age of 16.
- 11.2 If we have reason to believe that we store the personal data of a person under this age in our databases, we will delete this personal data.
12. Updating the information
- 12.1 Please let us know if the personal information we hold about you needs to be corrected or updated.
13. Actions as a data processor
- 13.1 With respect to specifying data, we do not act as a data administrator; instead, we act as a data processor.
- 13.2 To the extent that we act as a data processor and not as a data controller, this policy does not apply. Our legal obligations as a data processor are scheduled in the contract between us and the respective data controller.
14. For cookies
- 14.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent from a web server to a web browser and stored by the browser. The ID is sent back to the server each time the browser requests a page from the server.
- 14.2 Cookies can be “permanent” cookies or “serial” cookies: a permanent cookie will be stored by a web browser and will remain valid until the specified expiration date unless it is deleted by the user before the expiration date. A cookie session, on the other hand, will expire at the end of the user’s session when the web browser is closed.
- 14.3 Cookies usually do not contain personally identifiable information, but the personal information we store about you may be related to the information stored in and received by cookies.
15. Cookies used by our service providers
16. Managing cookies
- 16.1 Most browsers allow you to refuse to accept cookies and delete cookies. The methods for this vary from browser to browser and from version to version. However, you can get up-to-date information about blocking and deleting cookies through these links:
(e) https://support.apple.com/kb/PH21411 (Safari);
- 16.2 Blocking all cookies will have a negative impact on the usability of many sites.
- 16.3 If you block cookies, you will not be able to use all the features of our website.
If you have any question or complaints regarding this Policy, please contact us via email: firstname.lastname@example.org