Data protection and privacy
‘Personal Data’ - any information that relates to an identified or identifiable living individual e.g. e-mail address or phone Number.
‘Processing’ - any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘Filing systems’ - any structured set of personal data that are accessible according to specific criteria whether centralised, decentralised or dispersed on a functional or geographical basis.
‘Controller’ - determines the purposes and means of processing personal data.
‘Processor’ - is responsible for processing personal data on behalf of a controller.
‘Consent’ - any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
‘Data Subject’ - any person whose personal data is being collected, held or processed.
‘Personal Data Breach’ - a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised. disclosure of, or access to, personal data transmitted, stored or otherwise processed
When do we collect data?
We can collect data on you from a variety of different sources these include:
When you purchase products or services from the site or over the phone;
When you become a subscriber;
When you create an account in order to build and save an event.
When you speak to our customer services personnel;
Via explicit data capture measures, for example by entering competitions and completing surveys; and
Personal Data Collected Automatically from the use by you of the Sites. The data transmitted from your browser includes your IP address, the date and time of the visit the pages accessed, the access status/HTTP status code, your browser, your operating system and interface, as well as the language and version of the browser software. The legal basis for collecting and processing this personal data is to be able to operate the Sites and provide you with access to the pages you wish to access.
If you link, connect, or login to your Chillisauce Account with a third party service (e.g. Google, Facebook, LinkedIn), the third party service may send us information such as your registration and profile information from that service. This information varies and is controlled by that service or as authorised by you via your privacy settings at that service.
Where we need to comply with a legal or regulatory obligation.
In any of the above cases, the data we collect could be personal data. This Personal data includes name, email address and phone number. Our legal basis for the collection and processing of this data is the provision to you of the services purchased by you.
What do we do with your personal information?
When you buy anything via the site, we may need to collect information about you to process the transaction, fulfil your order and provide you with the services you expect. This information may include but is not limited to, details such as your name, your address and your credit card details. Card details are not held on any Chillisauce server but are linked directly to our Merchant Service provider, Secure Trading.
Unless we have your express consent we will only disclose personal data to third parties if this is required for the purpose of completing your transaction with us. This is, of course, subject to the proviso that we may disclose your data to certain permitted third parties, such as members of our own group, our own professional advisers who are bound by confidentiality codes, and when we are legally obliged to disclose your data.
By becoming a subscriber you consent to receive from us by e-mail our e-newsletter and details of other special offers which we may think may be of interest to you.
Chillisauce retains and uses your personal information to provide you with the best experience by providing you with a personalised service and to give you details of offers which we think will be of interest to you. We may also use the information to process any transactions you undertake with us and for internal administration and analysis.
We do not sell, rent or trade your personal information to third parties for marketing purposes without your express consent.
We will ensure that your personal information is kept confidential and secure, and that the appropriate technical and organisational measures, to prevent unlawful or accidental destruction, accidental loss, unauthorised disclosure or access or other unlawful forms of processing, are implemented.
We will process your personal information for the purposes listed above given our legitimate interest in undertaking marketing activities to offer you products or services that may be of your interest.
International Data Transfers
We use data processors located outside the European Economic Area only after taking such steps as are required to ensure that Personal Data they process on our behalf receives protection equivalent to that provided in the EEA. Our processors are either certified as compliant with the EU-U.S. Privacy Shield Framework where they are located in the USA or have entered into an agreement with us containing the model clauses approved by the European Commission as providing contractual protection equivalent to that provided by the data protection regulations applicable in the EEA. To learn more about the Privacy Shield program, please visitwww.privacyshield.gov.
In the UK we operate and are registered in accordance with applicable data protection legislation.
Chillisauce Newsletter subscribers have the option to opt-out of receiving further information from us.
We also monitor our marketing emails to ensure they are sent to relevant consumers. We remove email address from our database periodically if we find the consumer no longer opens or clicks through the email, this is in addition to the standard unsubscribe option in all our emails.
Data Subject Request
Under the rules of GDPR data subjects have specific rights to their personal data; these rights include obtaining copies of it, requesting changes to it, restricting the processing of it, deleting it, or receiving it in an electronic format so it can be moved to another controller. To receive this Chillisauce must receive a formal request by either email or postal letter. This will be acted on within one month of receipt. A reasonable cost could be associated with this request if it is deemed either unfounded, excessive or repetitive in character.
To change your e-mail address details log into your members area.
If you need to Modify or Change your personal details after you have made a purchase on the site please contact us as soon as possible.
We retain the personal information we collect from you for as long as necessary to fulfil the purposes we collected it for; including providing you with the service you have requested, improving customer experience, complying with tax regulations and any applicable legal, accounting, audit or reporting requirements.
If you have made an enquiry or agreed to receive marketing communications, we retain your data for up to two years unless you have made a booking with us.
If you have made a booking with us, we have to retain your basic personal data and any information related to your travel for six years - counting from the return day of your latest event - in order to comply with tax regulations and with the obligations imposed upon us by our contract with our insurers. This period also enables us to address and resolve disputes with any parties.
Right to erasure
In some circumstances you can ask us to erase your data. If you contact us to request the erasure of your personal data, we will comply with your request insofar as we are able. Note, however, that this right is not absolute and only applies in certain circumstances. For the above-mentioned reasons, we may not always be able to comply with your request, in which case we will notify you and explain why we are not able to.
If we are processing information about you purely for marketing purposes, we are always happy to erase it from our e-mailing list.
In cases where you have enquired or made a booking with us and you request the erasure of your personal data, we will make sure your account is closed and your data is not being processed anymore. Keep in mind, however, that in order to stay compliant with our Data Retention section, we may have to keep your data in our archives.
We will actively review the information we hold and when we have no ongoing legal, business or customer need to retain your personal data anymore, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), we then will securely store your personal information and isolate it from any further processing until erasure is possible.
If you have any questions or concerns about the information we hold about you, you can also contact our Data Protection Officers by firstname.lastname@example.org
Other Miscellaneous Section
Please note that in using the Channels you agree to be bound by the following obligations:
You accept financial responsibility for all transactions made under your name or account.
In order to make a purchase, you must be over 18 years old and have the legal capacity to make the transaction.
You must make sure that all the information you provide to us is true and accurate.
You must not use the any of the Channels for speculative, false or fraudulent bookings.
The transmission of threatening, defamatory, pornographic, political or racist material or any material that is otherwise unlawful is expressly prohibited.
The site and any content may not be modified, copied, transmitted, distributed, sold, displayed, licensed, or reproduced in any way by you, except if you wish to make copies of the website for your own personal and non-commercial use.
Our site may contain links to other third party websites over which Chillisauce has no control. Chillisauce cannot, therefore, have any responsibility in relation to the accuracy, completeness or quality of the information contained on those websites.
The copyright and the propriety rights on the website and other Channels and all content are owned by Chillisauce or its third party licensors and in this respect Chillisauce reserves all rights.
Chillisauce uses secure technology to safeguard information including personal information and financial transactions.
Chillisauce reserve the right to change or update its these terms and conditions relating to the use of the Channels from time to time. We will inform you on the relevant Channel when we have updated the terms. Please note that you will be unable to make a purchase from any Channel unless you have confirmed that you have read and understood the most recent version of the terms.
This user agreement is between you and Chillisauce and is governed by the laws of England and Wales.
Created 28th May 2018 Updated 13th June 2019