...because you have a right to know what happens to your data
We know, at MayInspire, that your information is a very sensitive thing and we believe that you should know what is happening to it at all times. This policy is here to show you our privacy practices for MayInspire.co.uk.
WHO WE ARE AND WHAT WE DO
MayInspire are a small independent craft business. Our services include;
Teach craft skills to people 18+ (16-17 or vulnerable adults are with a guardian),
Run a ticketing and registration platform for craft events,
Host ‘craft fair’ events,
Retail hand crafted items online and physically,
Host a craft themed blog, and
Manage profiles on social media platforms.
We collect the personal data of the following types of people to allow us to undertake our business activity:
Prospective, current and past event attendees (“Customers”),
Prospective, current and past venue partners and promoters (“Partners”),
Prospective, current and past stall traders (“Partners”),
Prospective, current and past event organisers (“Partner”),
Prospective, current and past online customers (“Customers”), and
Website users including blog/ social participants i.e. commenters (“Customers”).
In this policy -
“Customer” means anyone engaging with MayInspire for our service to (a) to consume information about, or attend, events ("Consumers"),(b) for any other reason including, but not limited to paying and non-paying customers. attendees, delegates, guardians, carers and website users. Consumers and third parties using our Services are all referred to in these Terms collectively as "Customers", "you" or "your".
“Partner” means traders, venue partners, event organiser and any other person whose primary purpose of supplying/ storing personal data is to arrange a craft event using MayInspire’s services.
“Site” means www.mayinspire.co.uk and other services provided under MayInspire.
THE PERSONAL DATA WE COLLECT
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Customers (Attendees) - We collect information to be able to provide our service(s) to you. This includes, but is not limited to, full name, email address, disability requirements, age and telephone number.
Customers (website users) - We collect information to be able to provide our service(s) to you. This includes, but is not limited to, full name, email address, telephone number and company name (if applicable).
Customers (Purchasers) - We collect information to be able to provide our service(s) to you. This includes, but is not limited to, full name, email address, telephone number and postage address. Bank account details are stored and processed by external companies who are safely
Partners - We collect information to be able to provide our service(s) at your location, on your behalf, or involving your services. This includes, but is not limited to, full name, job title, company name, company address, email address and telephone number.
We may also collect sensitive personal data about Customers and Partners in the form of racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership or genetic or biometric data of information concerning an individual’s health, sex life, sexual orientation and criminal convictions information. We only collect sensitive personal data from you and further process this data, where you have given your written explicit consent.
Feedback and surveys - From time-to-time, we may request information from users via surveys or feedback forms. Participation is voluntary and the user therefore has a choice whether or not to disclose this information. Information requested may include satisfaction information (such as name, company, use of the product and your views on the product), and demographic information (such as post code, age bracket). Feedback information may be published on the website as a review. We will let users know if the information will be public, before it is submitted.
WHERE WE COLLECT PERSONAL DATA FROM
The following are the different sources we may collect personal data about you from:
Directly from you: This is information you provide while enquiring, attending or otherwise engaging with regards to accessing our service(s). It may include information that you provide via emails, social media messages, phone conversations, face to face meetings, purchasing services/ items online (included third party websites), and website ‘contact form’ submissions.
From an agent/third party acting on your behalf: For example, though not limited to, a career, service provider, a colleague hiring our service(s) or a friend purchasing an event ticket.
Through publicly available sources: We use the following public sources:
Social media platforms
Job Board websites
By Reference or word of mouth: For example, you may be recommended by a friend, or former service user.
Where we collect your information through publicly available sources, an agent, third party or referral, we will gain your permission to store your information beyond first contact. In all instances, you will have the ability to remove your information from our records/ opt out of communication from us.
HOW WE STORE PERSONAL DATA
HOW LONG WE KEEP PERSONAL DATA FOR
We will only retain your personal information for as long as necessary to fulfil the purposes we collect it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
If you request that your details are completely removed from our records, then there is a chance that we may contact you again if your details are found through publicly available sources. We suggest that you allow us to minimise your data, so that we know not to approach you. Minimising data is when we retain basic identifying information (name, company name, email address and publicly available details, for example social media hyperlinks).
If you have an account with us, we will typically retain your Personal Data for a period of 90 days after you have requested that your account is closed or if it's been inactive for 7 years.
TRANSFERRING OR DISCLOSING YOUR PERSONAL DATA
We will not sell your Personal Data to third parties, including third party advertisers. This is not the business we are in and we would see it as a breach of trust with our customers.
There are certain circumstances in which we may disclose, transfer or share your Personal Data with certain third parties without further notice to you. Full details are set out below. We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. An example of this is payment transfer services, newsletter distributors or venue caterers.
Agents, Consultants and Service Providers: We may share your Personal Data with our contractors and service providers who process Personal Data on behalf of MayInspire to perform certain business-related functions. These companies include marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others. When we engage another company to perform such functions, we may provide them with information, including Personal Data, in connection with their performance of such functions.
Organisers: When you purchase tickets to or register for an event through the event page, we provide the Personal Data entered on the applicable event to Partners of such event. We are not responsible for the actions of these Partners, with respect to your Personal Data. If applicable, Partners will be listed on the event advertisement. It is important that you review the applicable policies of the Partner of an event before providing Personal Data or other information in connection with that event.
Facebook and Other Third Party Connections:
We may disclose your Personal Data if required to do so by law in order to (for example) respond to a subpoena or request from law enforcement, a court or a government agency (including in response to public authorities to meet national security or law enforcement requirements), or in the good faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect or defend our rights, interests or property or that of third parties, (c) prevent or investigate possible wrongdoing in connection with the Services, (d) act in urgent circumstances to protect the personal safety of Users of the Services or the public, or (e) protect against legal liability.
LEGAL BASIS FOR USING YOUR INFORMATION
Our legal basis for the processing of personal data is consent, although we will also rely on legitimate business interest, contract, legal obligation and express consent for specific uses of data.
Within our business, we provide products and events i.e. craft fairs and craft workshops. Customers are given the opportunity to consent to be informed of future events/ products (Marketing and advertising). Where applicable, we divide Customers into categories to be sure that they are being informed of the service(s) which they would expect to be informed of. For example, a ‘product launch’ email would not be sent to Partners who have shown no interest or given consent for receiving product related communication.
We will rely on consent for particular uses of your data and you will be asked for your express consent, if legally required. Examples of when express consent may be the lawful basis for processing include permission to store your disability requirements in order to provide and prepare a service which is inclusive to your requirements. Should we want or need to rely on consent to lawfully process your data we will request your consent verbally, by email or by an online process for the specific activity we require consent for and record your response on our records. Where consent is the lawful basis for our processing, you have the right to withdraw your consent to this particular processing at any time.
We will rely on contract if we are negotiating or have entered into an agreement with you, your organisation or any other contract to provide services to you or receive services from you or your organisation.
We will rely on legal obligation if we are legally required to hold information on you to fulfil our legal obligations. For example, this might be to protect the security and integrity of our systems and to provide you with customer service etc.
DATA REFUSAL OR REQUESTS TO STOP PROCESSING YOUR INFORMATION
If you do not provide certain information when requested, we may not be able to perform a contract that we have entered into, or we may be prevented from complying with our legal obligations.
THE TRANSFER OF DATA OUTSIDE THE EEA
No, we do not transfer personal data out of the EEA.
YOUR DATA, YOUR RIGHTS
By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country. The GDPR provides the following rights for individuals:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
REMOVING YOUR DATA
We suggest that you allow us to minimise your data so that we know not to approach you. Minimising data is when we retain basic identifying information (name, company name and email address.
If you request that your details are completely removed from our records then there is a chance that we may contact you again if your details are found through publicly available sources, included private social media groups which we are included in. Please email: firstname.lastname@example.org with your request.
If you are unhappy with how we have handled your information, or have further questions on the processing of your personal data, please write to us via email: email@example.com.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
baseless or excessive/repeated requests or;
further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We shall respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we shall advise you accordingly.
Our reply may be via phone, text message, email, post or social media. If you prefer a particular contact means over another please just let us know.
You can request your data by emailing firstname.lastname@example.org or, if you are a registered user, you can exercise these rights by logging in and visiting the My Account page.
PLEASE ALSO REFER TO