Who we are
The Swing Dance Company is owned and managed by Brooke Garvey, who is a sole trader operating dance classes and associated events with a wonderful team of teachers and volunteers. Some events and classes operate under licence, in association or in partnership with other sole traders, but all activities operate in line with the The Swing Dance Company’s policies. Information can be found at our website, the address is: https://theswingdancecompany.co.uk.
Whilst we treat our customers’ privacy and data with utmost importance, we are also realistic about the size and nature of our company, and our scope to handle the requirements of GDPR. Generally we aim to select reliable and trustworthy, world-leading suppliers for our technology needs who are subject to high levels of scrutiny under GDPR. Our own small administrative team keep our systems and knowledge up-to-date, and strive to follow best practice.
We have a personal and trusting relationship with most of our customers and would encourage anybody with any concerns about our treatment of privacy and data to get in touch.
What personal data we collect and why we collect it
We collect both personal and anonymous data when you send us information or visit our website. In general, you may visit the website without telling us who you are, or revealing any personally identifiable information about yourself. However, when we do collect data it falls into one of the areas in the following paragraph.
Most information is collected when customers sign-up on our website to attend an event. Other ways we collect data include completing the “Join Our Mailing List” form on our website, by positively requesting to be added to our mailing list by email, or by completing a physical form when attending an event.
When booking for an event online, the contact details that we need include, title, first name, surname, postal address, email address and telephone number. This information is not normally collected unless it is provided voluntarily. It is necessary to collect such information in order to be able to make contact in the event of changes or cancellations to the event, and to advise you of associated or continuation events.
Event Registration Process
During the event registration process we collect information about you. This information may include but is not limited to:
- Your names
- Email address
- Phone number
- Location and traffic data (including partial IP address and browser type)
- Any other details that might be requested from you for the purpose of processing your registration or ticket purchase
Handling this data also allows us to:
- Send you important account/purchase/service information.
- Respond to your queries, refund requests, or complaints.
- Process payments and prevent fraudulent transactions. We do this on the basis of our legitimate business interests.
- Set up and administer your account, provide technical and customer support, and to verify your identity.
In order to process payments, we collect billing information on-site. Sensitive billing information is not stored on our server, but may be handled while in-transit to the payment processing server.
Masked billing information may be stored on our servers (only the last 4 digits of credit card numbers are stored: **** **** **** 1234).
When you begin registering for an event and select a ticket quantity, a cookie will be used to track your registration. This cookie lasts 1 hour.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
We keep a record of all email communications indefinitely. This is to ensure communication is successfully sent and its information is accurate. Emails received are retained for customer service purposes, but we do not use the information submitted through them for marketing purposes.
Event Check-In Record
When you attend an event, an event manager may record the time you check in or out of the event.
If you process a registration, the registration and its metadata are retained indefinitely. This is so that we can assist customers who request information about which courses, classes or events they have previously participated in, which is relevant in the case of advice being sought for future registrations.
For users that register a user account on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
We keep emails that contain the contents of contact form submissions indefinitely for customer service purposes, but we do not use the information submitted through them for marketing purposes.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
The Swing Dance Company website uses Google Analytics. Google Analytics mainly uses first-party cookies to report on visitor/user interactions on our website. Users may disable cookies or delete any individual cookie.
Legal Bases for Collecting and Using Information
Under the GDPR, there are a number of approved reasons (or “legal bases”) a company might legitimately process a person’s data. Below, we’ve outlined the most relevant legal bases under the GDPR.
Contractual necessity – When it is necessary to process booking data for classes or events in order that we can communicate essential information relating to that booking.
Consent – This is unambiguous, freely given consent, for example through accepting our cookie notice online or by joining our mailing list online, on physical forms, or by request on email. People have the right to withdraw consent, our marketing emails carry clear “unsubscribe” links.
Legitimate Interests – Our company’s legitimate interests are the lawful basis on which we process marketing emails to our customers. This process is necessary to achieve our commercial interest as it is the only route to contacting our customers. It is considered that individual customers with whom we have had a relationship would reasonably expect us to contact them by email. As emails are sent infrequently, so the impact is minimal and they are unlikely to object when balanced against the individuals interests, rights and freedoms. All marketing emails carry unsubscribe links.
Who we share your data with
We do not sell any private personal information. We share data with the following specific companies in order to deliver our services. Where available links are provided to their own privacy policies;
Mailchimp – names, email addresses, phone numbers and details of previous events attended are held by Mailchimp on their servers in USA. They are certified as compliant under the EU-US Privacy Shield Framework. They provide services for our email marketing https://mailchimp.com/legal/privacy/
Textmagic.com – Any SMS communications are processed through textmagic.com, a UK based service. SMS messages are sent through their systems and numbers are held on their servers. https://textmagic.com/privacy-policy/
Stripe.com – provides online card transactions on this website. They are a US company and they are certified under the EU-US Privacy Shield Framework. https://stripe.com/gb/privacy
Google – we use Google cloud storage and the G Suite range of applications including Gmail, where contact names, mobile numbers and email addresses are stored. Google are certified under the EU-US Privacy Shield Framework https://policies.google.com/privacy?hl=en
EdgeHosting.uk – UK based web hosting company who host our website, including databases, https://edgehosting.uk/privacy-policy
Lorraine Carver t/a Swing Dance Botley under licence to The Swing Dance Company. User registration information (names, email addresses and mobile numbers) for all users who book and/or pay for courses, classes and events in Botley (only) via this website are shared with Lorraine Carver for the management of such activities in her agreed territory. Swing Dance Botley operates in line with The Swing Dance Company’s policies.
More generally we may share data with the following:
Third Party Vendors: We may share information about you with third party vendors who need to know information about you in order to provide their services to us like payment providers, fraud prevention services, postal and email delivery services that help us stay in touch with you, customer chat and email support services that help us communicate with you, our hosting provider, those that assist us with our marketing efforts (e.g. by providing tools for identifying a specific marketing target group or improving our marketing campaigns), those that help us understand and enhance our Services (like analytics providers), who may need information about you in order to, for example, provide technical or other support services to you. We require vendors to agree to privacy commitments in order to share information with them.
To Protect Rights, Property, and Others: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect our rights, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury.
How we protect your data
We understand that treating your data safely and securely is extremely important. As a small company we have worked to build trust with our customers and that data security is a key component of this. When selecting technology partners and suppliers we always look for trusted, world leading organisations who can provide excellent systems, subject to the highest levels of scrutiny under GDPR.
Our own small administrative team keep their knowledge up-to-date and have a common-sense approach to security requirements. For example, the use of 2-step verification, by installing new system updates as soon as they are available, and following the latest advice about the treatment of emails, links and attachments to reduce malware, viruses and ransomware on our system. We use Security plug-ins on our website to protect it and the data contained within it.
When data could be accessed by 3rd party individuals, for example temporary or support staff, they would be provided with a temporary set of credentials and monitored whilst actively operating.
You have several choices available when it comes to limiting information about you:
Limit Access to Information On Your Mobile Device: Your mobile device operating system should provide you with the ability to discontinue our ability to collect stored information or location information via our mobile apps.
Opt-Out of Electronic Communications: You may opt out of receiving promotional messages from us. Just follow the unsubscribe instructions in those messages. If you opt out of promotional messages, we may still send you other messages, like those about pre-booked courses and events.
Set Your Browser to Reject Cookies: You can usually choose to set your browser to remove or reject browser cookies.
What rights you have over your data
Under the scope of the European General Data Protection Regulation (AKA the “GDPR”), data protection laws give you rights with respect to your personal data, subject to any exemptions provided by the law, including the rights to:
- Request access to your personal data;
- Request correction or deletion of your personal data;
- Object to our use and processing of your personal data;
- Request that we limit our use and processing of your personal data; and
- Request portability of your personal data.
EU individuals also have the right to make a complaint to a government supervisory authority.
You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.