Privacy Policy for Spanfest.com

1. Introduction
At Spanfest.com, we are firmly committed to safeguarding your privacy and protecting your personal data. We recognize the importance of data protection and data security and process all personal information in accordance with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, share, and protect your personal data when you engage with our website and services.

2. Scope of Policy and Role of Data Controller
This Privacy Policy applies to all users of Spanfest.com and any related services. Spanfest.com is the data controller responsible for the collection and processing of your personal information in connection with our services and website. By accessing and using Spanfest.com, you acknowledge that you have read and understood this Privacy Policy.

3. Categories of Data We Process
We may collect and process the following categories of personal information:

– Usage Data: Information related to how you interact with our website, including browser type, IP address, location data, session duration, and referring URLs.
– Account Data: Information provided when creating or managing an account, including your full name, mailing address, email address, and telephone number.
– Profile Data: Information regarding your preferences, event participation, purchase history, and behavioral trends on Spanfest.com.
– Communication Data: Records of your contact with our support teams, including emails, chat logs, or support ticket history.
– Technical Data: System-related information including device type, operating system, mobile network, browser settings, and other technical configurations.
– Transaction Data: Payment and billing information, including the last four digits of your payment method, transaction history, and delivery details.
– Preference Data: Your marketing preferences, newsletter subscription status, and expressed interests in services or products.

4. Legal Bases for Processing Personal Data
We process your personal data based on one or more of the following legal grounds:

– Consent: Where you have explicitly provided your consent for a specific purpose, such as subscribing to our newsletters or accepting cookies.
– Contract Performance: Where processing is necessary for fulfilling our contractual obligations to you, including ticket delivery or customer support.
– Legitimate Interests: For our own legitimate business interests, such as service improvement, fraud prevention, and ensuring website security — provided your interests and rights do not override these interests.
– Legal Obligation: Where processing is necessary to comply with legal standards, court orders, or regulatory requirements.

5. Your Data Protection Rights
As a user, you are entitled to the following rights under GDPR and CCPA, subject to certain conditions and limitations:

– Right of Access: Request access to personal data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data (“right to be forgotten”).
– Right to Restrict Processing: Temporarily or permanently restrict our processing of your data.
– Right to Data Portability: Receive your data in a structured, commonly-used electronic format or request its transmission to another data controller.
– Right to Object: Object to processing based on legitimate interests or direct marketing.
– Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA rights.

To exercise any of these rights, please contact us via the methods listed at the end of this Policy.

6. Security Measures
We uphold industry-standard security measures to ensure the safeguarding of your personal data. These measures include:

– Data encryption in transit and at rest
– Strict access controls and authentication mechanisms
– Regular security audits
– Secure backup protocols
– Employee confidentiality agreements and data protection training

Despite these efforts, no method of data transmission over the internet or electronic storage can be guaranteed to be 100% secure.

7. International Data Transfers
Your personal data may be stored or processed outside of your country of residence, including in jurisdictions that may not offer the same level of protection. Where applicable, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or rely on other lawful transfer mechanisms. Users from the European Economic Area are assured that such transfers are undertaken in accordance with GDPR principles.

8. Data Retention
We retain personal information only as long as necessary to fulfill the purposes for which it was collected, including as required to comply with legal, regulatory, and accounting obligations. Specific retention timeframes are as follows:

– Usage and Technical Data: Up to 26 months
– Account and Transaction Data: Up to 7 years (in line with financial recordkeeping obligations)
– Communication and Support Data: 24 months
– Marketing Preference Data: Until you withdraw consent or object

When data is no longer required, it is securely deleted or anonymized.

9. Cookie Policy
Spanfest.com uses cookies and similar technologies to enhance your experience. These technologies allow us to:

– Essential Cookies: Provide core website functionality (e.g. login session).
– Functional Cookies: Remember your settings and preferences.
– Analytics Cookies: Aggregate usage statistics (e.g., page visits, bounce rates).
– Performance Cookies: Improve the responsiveness and reliability of our services.

10. Cookie Management & User Choices
You can manage your cookie preferences through a banner or preference management tool displayed when you first visit Spanfest.com. Additionally, most browsers allow you to modify your cookie settings at any time. For GDPR and CCPA compliance, we provide mechanisms to:

– Withdraw consent
– Opt-out of sale or sharing of personal information
– Set Do-Not-Track signals where supported

11. Children’s Privacy
Spanfest.com is not intended for users under the age of 13. We do not knowingly collect personal data from children. If we become aware that data from a child under 13 has been collected, we will promptly delete it. If you believe we have mistakenly collected such data, please contact us immediately.

12. Policy Updates
This Privacy Policy may be amended or updated from time to time to reflect changes in legal, technical, or business developments. We will notify users of material changes by posting an updated policy on Spanfest.com and, where appropriate, by other means such as email communication.

13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we process your personal data, you may contact us via:

Email: [email protected]

We are committed to compliance with all applicable privacy laws and to responding promptly and effectively to any privacy-related concerns you may have.