Privacy Policy
At Spanfest, accessible via www.spanfest.com (“Website”), we are firmly committed to upholding the privacy and data protection rights of all users. This Privacy Policy has been drafted to ensure transparency in how we collect, use, store, and protect your personal data. We are devoted to providing a secure online environment and to complying fully with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act of 2018, as amended (“CCPA”).
1. Commitment to Privacy and Data Protection
We respect your individual rights and strive to process personal data responsibly, securely, and only to the extent necessary to provide our online services, including those offered at spanfest.com. Your trust is paramount, and this policy outlines our practices in protecting your personal information.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of spanfest.com and related online services. Spanfest is the “data controller” of personal data collected through the Website and is responsible for determining the purposes and means of data processing. If you have any questions or concerns regarding this policy, please contact us at [email protected].
3. Categories of Data Processed
We may collect and process the following categories of personal data depending on your interactions with our Website and services:
a. Usage Data
Includes details such as IP address, browser type and version, time zone setting, operating system and platform, device information, length of visit, and pages viewed. This data helps us understand how users engage with spanfest.com.
b. Account Data
Information provided when creating an account or registering for services, including your full name, email address, mailing address, and telephone number.
c. Profile Data
Includes your interests, purchase history, event participation, product behavior, and preferences saved in your profile.
d. Communication Data
Covers correspondence sent via contact forms, customer service requests, email exchanges, and feedback submissions.
e. Technical Data
Related to your device and network settings, such as device identifiers, browser plug-ins, and hardware configurations used to access our Website.
f. Transaction Data
Comprises payment details (provided via secure third-party processors), purchase history, billing address, and delivery information.
g. Preference Data
Includes details about your consents for marketing communications, subscription settings, event preferences, and responses to promotional materials.
4. Legal Bases for Processing
We process personal data under one or more of the following lawful bases, as defined under the GDPR:
– Contractual Necessity: To deliver our services, process payments, and communicate with you about transactions.
– Legitimate Interests: To improve Website functionality, personalize user experience, prevent fraud, and promote relevant services.
– Consent: To send marketing materials or when storing non-essential cookies.
– Legal Obligation: Where necessary to comply with legal or regulatory requirements.
Under the CCPA, we do not sell personal information and only share it for the purposes described in this policy.
5. Your Rights
As a data subject, you are granted the following rights under applicable privacy laws:
– Right of Access: You may request access to your personal data.
– Right to Rectification: You may request that inaccurate or incomplete data be updated or corrected.
– Right to Erasure: You may ask us to delete your personal data, within the limits established by law.
– Right to Restriction: You may request restriction of processing under certain circumstances.
– Right to Data Portability: You may request to receive your personal data in a structured, commonly used format.
– Right to Object: You may object to processing where we rely on legitimate interests, including for marketing purposes.
To exercise any of these rights, contact us at [email protected].
6. Security Measures
We implement robust administrative, technical, and physical measures to safeguard your personal data. These include but are not limited to:
– Data encryption in transit and at rest.
– Strict access control and authentication protocols.
– Routine security assessments and vulnerability scans.
– Regular data back-ups stored securely.
– Staff training on data protection principles and confidentiality.
7. International Transfers
If your personal data is transferred outside of the European Economic Area (EEA), we ensure that appropriate safeguards are in place. These include the use of Standard Contractual Clauses approved by the European Commission and compliance with applicable regional data protection standards.
8. Data Retention
Your personal data is retained only for as long as necessary to fulfill the business purpose for which it was collected, or to meet legal, contractual, or regulatory obligations, as described below:
– Usage and Technical Data: Up to 12 months.
– Account and Profile Data: Active account duration + 3 years.
– Communication Data: Up to 3 years.
– Transaction Data: Up to 7 years for tax and compliance purposes.
– Preference Data: Until withdrawn or updated.
After expiration of the applicable retention period, data will be securely deleted or anonymized.
9. Cookie Policy
Spanfest.com uses cookies and similar tracking technologies to enhance your browsing experience. Cookies are categorized as follows:
– Essential Cookies: Required for website functionality (e.g., login, cart).
– Functional Cookies: Enable personalization features (e.g., remembering preferences).
– Analytics Cookies: Help us understand how users interact with the Website by collecting usage statistics.
– Performance Cookies: Improve the performance and responsiveness of the Website.
No cookies are used to sell your personal information.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, you have the ability to manage your cookie preferences upon your first visit to spanfest.com and at any time thereafter by accessing our cookie settings panel. You may also adjust your browser settings to refuse certain types of cookies. We honor Do Not Track (DNT) signals where supported.
11. Special Protections for Children Under 13
Spanfest does not knowingly collect or solicit personal information from children under the age of 13. If we become aware that we have inadvertently received such data without verified parental consent, it will be promptly deleted. Parents or guardians who believe that we may have collected personal data from a child under 13 should contact us at [email protected].
12. Policy Updates and User Notifications
We may revise this Privacy Policy from time to time to reflect changes in our operations or legal obligations. All updates will be made available on spanfest.com. If material changes are introduced, we will notify users through prominent on-site banners, email communications, or other appropriate means.
You are encouraged to periodically review this policy to stay informed of how we protect your data.
13. Contact Information
For questions, concerns, or to exercise your data protection rights, please contact us:
Email: [email protected]
We are committed to conducting our operations in full alignment with data protection laws and industry best practices. If you have any concerns regarding your privacy, we encourage you to reach out to us at the email address listed above.
Thank you for trusting Spanfest with your personal information.