Our Privacy Policy

Last Changed: 26 July 2019

Introduction

When we use the term ‘we’, ‘us’ or ‘our’, we are referring to Nelson Arts Festival, which is a limited liability company registered under the New Zealand Companies Office. When we use the term ‘visitor’ or ‘you’ we are referring to the person that is using or that is a registered customer on our website. Our website address is www.nelsonartsfestival.nz

We comply with the New Zealand Privacy Act 1993 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person). This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.

We collect and use information through our website or our online communications (such as email lists) for the purposes set forth within this policy. This policy sets out how we will collect, use, disclose and protect your personal information. We have linked to the privacy of various external services we use in the collection or management of Personal Information.

We will not sell, rent, or share your personal information to any third party for marketing purposes without your consent.

What is personal information?

‘Personal Data’ or ‘Personal Information’ refers to any information that identifies or can be used to identify you, directly or indirectly, including, but not limited to, first and last name, date of birth, email address, gender or other demographic information.

We collect personal information when:

  • You provide that personal information to us, including via the website and any related service, through any registration, comment or subscription process, through any contact with us (e.g. telephone call or email), or when you buy or use our services and products, or when the information is publicly available. If possible, we will collect personal information from you directly.
  • You visit this website we collect anonymous information such as your IP address or domain name to analyse site traffic for “visits” but this information is not tied to a given user’s personal information. This information is collected and stored via Google Analytics.
  • You make a purchase on our website certain types of sensitive information, such as financial information, may be collected. We do not receive or retain copies of this information on our server. We redirect visitors to a secure server to complete these transactions and all data is both collected and stored by these processors. Our current payment gateways are PayPal and Stripe.

Protecting your personal information

We work very hard to protect information about you against unauthorised access, use, alteration, or destruction, and take reasonable measures to do so, such as monitoring our website and hardware for potential vulnerabilities and attacks.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

EU citizens under the GDPR, you have:

  • the right to request access to, deletion of or correction of, your personal data held by us
  • the right to restrict processing
  • be informed of what data processing is taking place
  • the right to data portability
  • the right to object to the processing of your personal data
  • rights with respect to automated decision-making and profiling
  • the right to complain to a supervisory authority

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Who on our team has access to your personal data

Members of our team have access to the information you provide us. If our partners are working on this website, they too may have access to the information provided.

For example, Administrators  can access:

  • Analytics information
  • Comments information
  • Contact form information

For WooCommerce sites, Administrators can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, email address, and billing and shipping information.
  • Wishlist details, such as products added, date of addition, name and privacy settings of your wishlists
  • Our team members have access to this information to help fulfil orders, process refunds and support you.

Other

  • Legal Requests: We may disclose your personal data if we are required by law to do so or if you violate our Terms and Conditions.
  • Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that Date in a Box Limited goes out of business or enters bankruptcy, user information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.
  • With Your Consent: We may share and disclose personal data with your consent or at your direction.

Accessing, correcting or deleting your personal information

Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.

In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.

Contact Us: If you want to exercise either of the above rights, email us at info@nelsonartsfestival.nz. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).

We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.

Contact Forms

We collect information when you fill out contact or subscribe forms on this website. The information is used only to process your enquiry and will never be passed onto any one else.

Email newsletters

We use MailChimp for our marketing automation platform. By joining our mailing list, you acknowledge that the information you provide will be transferred to MailChimp for processing in accordance with MailChimp's Privacy Policy and MailChimp's Terms & Conditions.

Joining our mailing list is optional and if you have signed up to our mailing list and would like to unsubscribe, simply email us with “Unsubscribe” in the subject area, and you will be removed immediately, along with your data on MailChimp’s database. Alternatively, all emails sent via MailChimp also have an unsubscribe link in the footer.

If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.

We do not forward or on-sell the email addresses on our mailing lists to anyone.

Comments

Information that you choose to make public when commenting on blog posts is – you guessed it – disclosed publicly.

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Social media platforms and widgets

Our website includes social media features, such as the Facebook or Facebook Like buttons. These features may collect information about your IP address and which page you are visiting on our website, and they may set a cookie to make sure the feature functions properly.

Social media features and widgets are either hosted by a third party or hosted directly on our website. We also maintain presences on social media platforms including Facebook and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.

Ecommerce information

While visiting our site, we’ll track

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
  • We’ll also use cookies to keep track of cart contents while you’re browsing our site. Read more about cookies and what their purpose is below.
  • Products you’ve added to the wishlist: we’ll use this to show you and other users your favourite products and to create targeted email campaigns.
  • We’ll also use cookies to keep track of wishlist contents while you’re browsing our site.
  • Order Information: If you have made a purchase from this website, then your information (not including any financial details) are stored in our database in order for us to fulfil your order(s). We can also refer back to your email and/or delivery details to track any orders you have inquiries about.
  • No financial information is stored or used by us, as all financial transactions are made within the following payment platforms. Please refer to the varies payment providers privacy policies.
  • Card Payments: We use Stripe – external link, which handles 28% of online transactions in the world.
  • PayPal: Pay from your bank account, debit card, or any credit cards linked to your PayPal account.
  • If we have trouble processing an order, we will use your contact information to contact you.

Your data, as mentioned below, is encrypted before transmission to prevent misuse of the transmitted data by third parties. SSL (Secure Socket Layer) is a security technology which guarantees that your personal data, including credit card information, login data and payment method, are securely transferred via the Internet. The data is encrypted, so that is only readable by the selected payment platforms system.

Your data which is collected and encrypted when making a transaction is as follows:

  • personal data (billing and shipping details which include your name, delivery address, telephone number, email address and order notes)
  • order notes request for you to indicate the names of the couple the purchase is for – we use this information solely to personalise your purchase
  • upon providing your email address there is a checkbox where you can choose to opt-in for our newsletters, if you do so, the email newsletter section of this Privacy Policy also applies to you
  • login data (username and password)
  • how you wish to pay

We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them
  • If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

All information provided by you is only used to ensure the best possible shopping experience. All information is strictly confidential. Your personal information will not be shared, on-sold, or modified in any way without your consent.

Cookies

A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time.

Most browsers support cookies, but users can set their browsers to decline them and can delete them whenever they like.

The use of cookies is an industry standard, and many major websites use them to provide useful features for their customers.

Use of Cookies

If you leave a comment on our site, you may opt-in to save your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

  • If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
  • When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Google analytics

Our websites currently use Google Analytics to help analyse how customers use our site. These analytical tools use "session cookies", which are text files placed on your computer, to collect standard internet log information and visitor behaviour information in an anonymous form.

The information generated by the Google Analytics cookie about your use of the website, including your IP address, is transmitted to and stored by Google outside New Zealand. The tracking data is stored in a database managed by Google. The tracking data is then used by Google to compile statistical reports on website activity for us to evaluate site use. This allows us to

  • discover what information is most and least used
  • determine technical design specifications, and
  • help make our sites more useful to visitors.

Most browsers are initially set up to accept cookies. If you prefer, you can set your browser to reject cookies. However, you will not be able to take full advantage of our website if you do so.

Links to other websites

Sections of this website may include links to other websites that are not operated by us. These links. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. XXXClient has no control over and assumes no responsibility for, the content, privacy policies, or practices of any third party sites or services.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Our third party data processors

In order to provide the services on this website and manage your requests in a timely manner we use a number of third parties who process personal data for our business to run fluently. These third parties have been carefully chosen and all of them are GDPR compliant. Some examples are:

WordPress when entering personal data on our website to register an account, post a comment on a blog post or when ordering from our online store
SEO Press plugin which provides analytics
MailChimp when opting-in to our newsletter
Google Analytics Dashboard for WP (GADWP) plugin by ExactMetrics provides analytics when visiting this website
Mailgun plugin when emailing us
AirTable 

Payment platforms we use are PayPal and Stripe which are both GDPR compliant.

Internet use

While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.

If you post your personal information on the website’s blog posts, message board or chat room, you acknowledge and agree that the information you post is publicly available.

If you follow a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal information. We suggest you review that site’s privacy policy before you provide personal information.

About this website’s server

This website is hosted through RunCloud or Kinsta which has data centres in Sydney, the United States, Europe and Asia. The website host’s platform complies with the EU-US Privacy Shield Framework and the Swiss-US privacy shield framework as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union to the United States, and therefore adheres to the Privacy Shield Principles.

All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.

Changes to this policy

We reserve the right to update this Privacy Policy at any time and from time to time. The most recent version of the Privacy Policy is reflected by the version date located at the bottom of this Privacy Policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on this website. When any updates are made to this Privacy Policy you will be required to accept the Privacy Police again when visiting this site for the first time after any changes have been made. We encourage you to review this Privacy Policy after updates have been made to stay informed of changes that may affect you, as your continued use of the website signifies your continuing consent to be bound by this Privacy Policy.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download