If you reside in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland, you may have additional rights with respect to your Personal Data, as further outlined below. These rights may include rights under the EU’s General Data Protection Regulation (“GDPR”), if you are a resident of the EU, United Kingdom, Lichtenstein, Norway or Iceland.
Collection of your Personal Data
We collect the following categories of Personal Data about you when you use or otherwise interact with our website, blog, or store:
- Email address
- Home/work/mobile telephone number
- Postal or other physical address
- Date of Birth
- Emergency contact information
- Additional information such as preferred pronouns, and emergency contact
- IP addresses and other information collected passively, as further detailed in the “Passive Collection” section below
We collect and/or process your Personal Data in connection with the below activities related to our services and registration:
- Registration for certain events and products
- Placing transactions or orders
- Registering to attend an event
- Participating in an online survey
- Billing and collecting payments for our products and services
- Participating in discussion groups or forums
- Registering for newsletter subscriptions
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number or other details to help you with your experience.
When do we collect information?
We collect information from you when you register on our site, place an order, subscribe to a newsletter, respond to a survey, fill out a form or enter information on our site.
Processing of your Personal Data
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity (i.e. processing that is necessary for the performance of a contract with you, such as the attendance of an event) and our “legitimate interests” or the legitimate interest of others (e.g. our users) such as:
- Personalizing, improving or operating our services, products, and business
- Better understanding your needs and interests
- Fulfilling requests you make related to our services
- Providing you with information and offers from us or third parties
- Complying with our legal obligations, resolving disputes with users, enforcing our agreements
- Protecting, investigating and deterring against fraudulent, harmful, unauthorized or illegal activity
We process Personal Data for purposes such as:
- To process your orders and deliver the products or services that you have ordered
- To provide reports based on information collected from sale of our products
- To keep you up to date on the latest event announcements, policy changes, special offers, and other information
- To provide support and assistance for our services and products
- To provide the ability to contact you and provide you with shipping and billing information
- To provide customer feedback and support
- To provide and administer opt-in contests or other marketing or promotional activities on the xeniteretreat.com, weekendofwomen.com potter.camp, or affiliate websites
- To the extent you choose to participate, to conduct questionnaires and surveys in order to provide better products and services to our customers
- To support volunteer inquiries
- To meet contract or legal obligations
You can choose whether to provide PII to GC Events, but note that you may be unable to participate in certain events, offers, and services if they require PII that you have not provided. You can sign-up, and therefore consent, to receive email or newsletter communications from us. If you would like to discontinue receiving these communications, you can update your preferences by using the “Unsubscribe” link found in such emails or by contacting us using the information in the “Contact Us” section of this policy.
Data Subject Rights
You have certain rights with respect to your Personal Data as set forth below. Please note that in some circumstances, we may not be able to fully comply with your requests, or we may ask you to provide us with additional information in connection with your request, which may be Personal Data, for example, if we need to verify your identity or the nature of your request. In such situations, however, we will still respond to let you know of our decision.
To make any of the following requests, contact us using the contact details referred to in the “Contact Us” section of this policy.
- Access: You can request more information about the Personal Data we hold about you. You can also request a copy of the Personal Data.
- Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your service account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
- Objection: You can contact us to let us know that you object to the collection or use of your Personal Data for certain purposes.
- Erasure: You can request that we erase some or all of your Personal Data from our systems.
- Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
- Portability: You have the right to ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
- Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Products.
- Right to File Complaint: You have the right to lodge a complaint about Zoom’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
How long we retain your Personal Data depends on the type of data and the purpose for which we process the data.
GC Events and our third party service providers automatically collect some information about you when you use our website, using methods such as cookies and tracking technologies (further described below). Information automatically collected includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the website and/or Products.
Cookies and Tracking Technologies
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
We do not allow third-party behavioral tracking.
Sharing your Personal Data
We do not sell or rent your Personal Data to third parties for marketing purposes.
We share Personal Data within GC Events and its affiliates, and with third party service providers for purposes of data processing or storage.
We also share Personal Data with business partners, service vendors and/or authorized third-party agents or contractors in order to provide requested products or transactions, including processing orders, processing credit card transactions, hosting websites, hosting event registration and providing customer support. We only provide these third parties with Personal Data to complete/utilize the requested product or transaction.
In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Data as set forth in this policy. As required by law, we may respond to subpoenas, court orders, or similar legal process by disclosing your Personal Data and other related information, if necessary. We also may use Personal Data and other related information to establish or exercise our legal rights or defend against legal claims.
We collect and possibly share Personal Data and any other additional information available to us in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of GC Events terms of service, or as otherwise required by law.
Security of your Personal Data
GC Events is committed to protecting the Personal Data you share with us. We utilize a combination of security technologies, procedures, and organizational measures to help protect your Personal Data from unauthorized access, use or disclosure.
When we transfer credit card information over the Internet, we protect it using Secure Sockets Layer (SSL) encryption technology. We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information. All transactions are processed through a gateway provider and are not stored or processed on our servers.
Linked websites and third party services
Our websites and services may provide links to other third-party websites and services which are outside our control and not covered by this policy. We encourage you to review the privacy policies posted on these (and all) sites you visit or services you use.
Transfer and Storage of Personal Data
Our products and services are hosted and operated in the United States (“U.S.”) through GC Events and its service providers. We may transfer your Personal Data to the U.S., to any GC Events affiliate worldwide, or to third parties acting on our behalf for the purposes of processing or storage. By using any of our products or services or providing any Personal Data for any of the purposes stated above, you consent to the transfer and storage of your Personal Data, whether provided by you or obtained through a third party, to the U.S. as set forth herein, including the hosting of such Personal Data on U.S. servers.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We have not enabled Google AdSense on our site but we may do so in the future.
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
Users can visit our site anonymously.
Can change your personal information:
- By emailing us
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify you via email
- Without undue delay and within no more than 30 days of the occurrence
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions
- Process orders and to send information and updates pertaining to orders.
- Send you additional information related to your product and/or service
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CAN-SPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can:
Follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
Or email us at firstname.lastname@example.org
GC Events Co
PO Box 1483
Lake Villa, Illinois 60046
For the purposes of the EU General Data Protection Regulation 2016/679 (the “GDPR”), the data controller is GC Events Co, PO Box 1483, Lake Villa, IL 60046, United States
Effective May 25, 2018