Last Changed: 26 July 2019
When we use the term ‘we’, ‘us’ or ‘our’, we are referring to Nelson Arts Festival, which is a limited liability company registered under the New Zealand Companies Office. When we use the term ‘visitor’ or ‘you’ we are referring to the person that is using or that is a registered customer on our website. Our website address is www.nelsonartsfestival.nz
We comply with the New Zealand Privacy Act 1993 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person). This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.
We collect and use information through our website or our online communications (such as email lists) for the purposes set forth within this policy. This policy sets out how we will collect, use, disclose and protect your personal information. We have linked to the privacy of various external services we use in the collection or management of Personal Information.
We will not sell, rent, or share your personal information to any third party for marketing purposes without your consent.
What is personal information?
‘Personal Data’ or ‘Personal Information’ refers to any information that identifies or can be used to identify you, directly or indirectly, including, but not limited to, first and last name, date of birth, email address, gender or other demographic information.
We collect personal information when:
- You provide that personal information to us, including via the website and any related service, through any registration, comment or subscription process, through any contact with us (e.g. telephone call or email), or when you buy or use our services and products, or when the information is publicly available. If possible, we will collect personal information from you directly.
- You visit this website we collect anonymous information such as your IP address or domain name to analyse site traffic for “visits” but this information is not tied to a given user’s personal information. This information is collected and stored via Google Analytics.
- You make a purchase on our website certain types of sensitive information, such as financial information, may be collected. We do not receive or retain copies of this information on our server. We redirect visitors to a secure server to complete these transactions and all data is both collected and stored by these processors. Our current payment gateways are PayPal and Stripe.
Protecting your personal information
We work very hard to protect information about you against unauthorised access, use, alteration, or destruction, and take reasonable measures to do so, such as monitoring our website and hardware for potential vulnerabilities and attacks.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
EU citizens under the GDPR, you have:
- the right to request access to, deletion of or correction of, your personal data held by us
- the right to restrict processing
- be informed of what data processing is taking place
- the right to data portability
- the right to object to the processing of your personal data
- rights with respect to automated decision-making and profiling
- the right to complain to a supervisory authority
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Who on our team has access to your personal data
Members of our team have access to the information you provide us. If our partners are working on this website, they too may have access to the information provided.
For example, Administrators can access:
- Analytics information
- Comments information
- Contact form information
For WooCommerce sites, Administrators can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
- Wishlist details, such as products added, date of addition, name and privacy settings of your wishlists
- Our team members have access to this information to help fulfil orders, process refunds and support you.
- Legal Requests: We may disclose your personal data if we are required by law to do so or if you violate our Terms and Conditions.
- With Your Consent: We may share and disclose personal data with your consent or at your direction.
Accessing, correcting or deleting your personal information
Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
Contact Us: If you want to exercise either of the above rights, email us at firstname.lastname@example.org. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.
We collect information when you fill out contact or subscribe forms on this website. The information is used only to process your enquiry and will never be passed onto any one else.
Joining our mailing list is optional and if you have signed up to our mailing list and would like to unsubscribe, simply email us with “Unsubscribe” in the subject area, and you will be removed immediately, along with your data on MailChimp’s database. Alternatively, all emails sent via MailChimp also have an unsubscribe link in the footer.
If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.
We do not forward or on-sell the email addresses on our mailing lists to anyone.
Information that you choose to make public when commenting on blog posts is – you guessed it – disclosed publicly.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Social media platforms and widgets
Our website includes social media features, such as the Facebook or Facebook Like buttons. These features may collect information about your IP address and which page you are visiting on our website, and they may set a cookie to make sure the feature functions properly.
Social media features and widgets are either hosted by a third party or hosted directly on our website. We also maintain presences on social media platforms including Facebook and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
While visiting our site, we’ll track
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
- Products you’ve added to the wishlist: we’ll use this to show you and other users your favourite products and to create targeted email campaigns.
- Order Information: If you have made a purchase from this website, then your information (not including any financial details) are stored in our database in order for us to fulfil your order(s). We can also refer back to your email and/or delivery details to track any orders you have inquiries about.
- No financial information is stored or used by us, as all financial transactions are made within the following payment platforms. Please refer to the varies payment providers privacy policies.
- Card Payments: We use Stripe – external link, which handles 28% of online transactions in the world.
- PayPal: Pay from your bank account, debit card, or any credit cards linked to your PayPal account.
- If we have trouble processing an order, we will use your contact information to contact you.
Your data, as mentioned below, is encrypted before transmission to prevent misuse of the transmitted data by third parties. SSL (Secure Socket Layer) is a security technology which guarantees that your personal data, including credit card information, login data and payment method, are securely transferred via the Internet. The data is encrypted, so that is only readable by the selected payment platforms system.
Your data which is collected and encrypted when making a transaction is as follows:
- personal data (billing and shipping details which include your name, delivery address, telephone number, email address and order notes)
- order notes request for you to indicate the names of the couple the purchase is for – we use this information solely to personalise your purchase
- login data (username and password)
- how you wish to pay
We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
- If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
All information provided by you is only used to ensure the best possible shopping experience. All information is strictly confidential. Your personal information will not be shared, on-sold, or modified in any way without your consent.
A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time.
Most browsers support cookies, but users can set their browsers to decline them and can delete them whenever they like.
If you leave a comment on our site, you may opt-in to save your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
- If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
- When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Our websites currently use Google Analytics to help analyse how customers use our site. These analytical tools use "session cookies", which are text files placed on your computer, to collect standard internet log information and visitor behaviour information in an anonymous form.
The information generated by the Google Analytics cookie about your use of the website, including your IP address, is transmitted to and stored by Google outside New Zealand. The tracking data is stored in a database managed by Google. The tracking data is then used by Google to compile statistical reports on website activity for us to evaluate site use. This allows us to
- discover what information is most and least used
- determine technical design specifications, and
- help make our sites more useful to visitors.
Most browsers are initially set up to accept cookies. If you prefer, you can set your browser to reject cookies. However, you will not be able to take full advantage of our website if you do so.
Links to other websites
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Our third party data processors
In order to provide the services on this website and manage your requests in a timely manner we use a number of third parties who process personal data for our business to run fluently. These third parties have been carefully chosen and all of them are GDPR compliant. Some examples are:
WordPress when entering personal data on our website to register an account, post a comment on a blog post or when ordering from our online store
SEO Press plugin which provides analytics
MailChimp when opting-in to our newsletter
Google Analytics Dashboard for WP (GADWP) plugin by ExactMetrics provides analytics when visiting this website
Mailgun plugin when emailing us
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
If you post your personal information on the website’s blog posts, message board or chat room, you acknowledge and agree that the information you post is publicly available.
About this website’s server
This website is hosted through RunCloud or Kinsta which has data centres in Sydney, the United States, Europe and Asia. The website host’s platform complies with the EU-US Privacy Shield Framework and the Swiss-US privacy shield framework as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union to the United States, and therefore adheres to the Privacy Shield Principles.
All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.
Changes to this policy
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download