1. What information we use
1.1 We may store and process data of the following types and associate it with any account you have.
(a) Information that you explicitly give us. For example, we may store your name, contact details, payment details, and any messages you send to us.
(b) Information about any payments you make or attempt to make. For example, if you subscribe, we may store records of the fees you have paid and any tax that was included.
(c) Technical information about the software, equipment and Internet connection you use to access our services. For example, we may store your browser version, screen resolution, and IP address. Much of this is sent automatically by your browser to every web site you visit, and we will only request additional technical information that is legitimately relevant to planning and providing our services.
(d) Information about how you find and use our website. For example, we may store which pages and videos you view, the times you visit, any search terms you use, and where you came from if you follow a link to our site. Again, this is generally information that is sent and recorded by standard browser and server software when you visit any website.
2. What we do with the information we have
2.1 We may use personal data about you for the following purposes:
(a) operate the website and provide any other services you request;
(b) analyse usage of our website and content, and guide future development;
(c) communicate with you if you use our services, contact us or join our mailing lists;
(d) maintain our financial and tax records;
(e) detect and deal with actual or attempted fraud;
(f) detect and deal with actual or attempted hacking;
(g) detect and deal with access contrary to our terms; and
(h) provide evidence for and act in relation to any financial dispute or legal action.
2.2 We may process personal data for the purposes in 2.1 on the following bases:
(a) we have a legal obligation (purposes c, d, e, f, h);
(b) we are preparing for or performing a contract with you (purposes a, c, d, h);
(c) we have a legitimate interest (purposes a, b, c, d, e, f, g, h); and
(d) we have your explicit consent (purposes a, b, c, h).
2.3 We may use the e-mail address that you supply to:
(a) send you important messages about the operation of the service, such as confirming a subscription, reporting a failed payment, or notifying updated terms to subscribers; and
(b) send occasional news and general messages about our website or other services (but we won’t send extra e-mails for this purpose unless you have actively opted in to receive them, for example by asking us or joining one of our mailing lists).
2.4 If we are unable to send you important information by e-mail then we may use any other contact details we have for you to let you know and to verify your identity if you ask us to change your e-mail address on our systems.
3. Sharing personal data with third parties
3.1 We share personal data with third parties only for legitimate administrative purposes. For example, we may share your payment details with a payment processing service or our accountants.
3.2 We normally store and process personal data in the UK, but in some cases it may be transferred, stored and processed outside the EEA by third party services we use. These services and the purposes for which we use them are:
(a) Stripe (for processing payments);
(b) Google (for “analytics” to see how our web site is used); and
(c) MailChimp (for e-mail list management).
All of these third party services operate under the EU-US Privacy Shield framework.
3.3 In addition personal data may be transferred, stored and processed by third parties within the EEA. Currently the relevant service and the purpose for which we use it is:
(a) GoCardless (for processing payments).
This service has confirmed its compliance with the EU General Data Protection Regulation.
3.4 We may share aggregated data with third parties for any reason. If we do this, we will make reasonable efforts to anonymise the data so that it does not personally identify you.
4. Receiving personal data from third parties
4.1 In some cases, the services above may also collect personal data about you and then tell us about it.
4.2 Payment processing services may collect data on our behalf including:
(a) your card or bank account details, when you authorise payments;
(b) any subscriptions and related charges or attempted charges; and
(c) the results of any security checks they perform before allowing a payment.
We generally have access to this data, except that for security reasons we do not have or request direct access to full payment credentials such as your card number or bank account number.
4.3 E-mail list management services may collect data on our behalf including:
(a) whether you appear to have received and opened an e-mail successfully;
(b) any links in an e-mail that you have followed;
(c) updated contact details if you want to change your address; and
(d) requests to unsubscribe.
We generally have access to this data.
4.4 Analytics services may collect data on our behalf about how you access and use our web site, but generally supply the data to us in aggregate form without personally identifying individual visitors. However, we may receive identifiable data incidentally, for example because something you searched for identifies you or because you followed a link to our site that no-one else had.
4.5 In all cases, any personal data we receive from third parties is handled with the same safeguards as personal data we collect ourselves.
5.1 We use access controls to prevent unauthorised use of our own systems, and we encrypt personal data that we transfer out of those systems.
5.2 We encrypt personal data when communicating with the third party services we use, and we identify ourselves and verify their identity before any personal data is accessed or transferred.
5.3 Please do not send us any confidential personal data by e-mail or social media message. These systems are generally not private or under our control and we cannot guarantee the security of any information you send this way. We will never ask you to send us any confidential information, such as your card or bank details or your password, through an insecure method.
5.4 If you believe that our security or that of any outside service we use has been compromised, please contact us immediately at firstname.lastname@example.org.
7. How long we keep personal data for
7.1 Much of the personal data we collect and process is required to comply with our legal or contractual obligations or to protect us against certain types of threat. We will normally retain such data for as long as it is relevant for at least one of its original purposes. In some cases this may be a long time; for example, we are required by law to retain certain tax records for at least 7 years.
7.2 In cases where processing is not required by law but is in our legitimate interests, we may retain data for an extended period to allow long-term analysis consistent with the purposes for which it was collected, but you may have rights to object or request erasure of that data. Such requests will be evaluated on a case-by-case basis and processing stopped or data erased as appropriate.
7.3 In cases where we rely on consent, such as if you join our mailing lists, we will act on requests to update or remove personal data as fast as reasonably possible.
8. Your rights
8.1 You have several legal rights in connection with any personal data about you that we have.
8.2 In this context, “we” means the legal company operating Ballroom Genie:
Dance Futures Ltd., 115c Milton Road, Cambridge, CB4 1XE, UK.
8.4 You have a right to see what personal data we currently hold about you.
8.5 You have a right to have any incorrect data that we hold about you corrected.
8.6 You have rights to object to processing or to have data about you erased, under some circumstances.
8.7 You have a right to withdraw any consent you have previously given, and to have any related processing discontinued if we have no other lawful basis for it.
8.8 If you would like more information, want to update any information we hold about you, or want to exercise any of these rights, please contact us either by e-mail at email@example.com or by writing to the postal address above. Please mark the envelope “PRIVATE” and “DATA PROTECTION ENQUIRY”.
8.9 We may need to verify your identity before we can comply with some requests.
8.10 There is normally no charge for contacting us or exercising any of these rights. However, in some cases such as repeated or excessive requests, we may be entitled to charge a reasonable fee and we will tell you if we believe this applies.
8.11 If you are not satisfied with how we are processing personal data about you or how we have responded to any message you have sent us relating to data protection and privacy, you can contact the relevant data protection authority. In the UK, this is the Information Commissioner, whose website is at ico.org.uk.