As an essential part of our business, we collect and manage personal data. We collect personal data and other information from and about you through this website and its associated mobile sites, applications and widgets (collectively, the “Site”). The Site and all of our services on the Site are the “Carfest Merchandise Store”. Event Merchandising Ltd (or “we”) operates theCarfest Merchandise Store. We are a controller of the personal data collected from and about you through the Carfest Merchandise Store. In doing so, we observe UK and EU data protection legislation, and are committed to protecting and respecting your privacy and rights.
Please note that we will be updating this Privacy Statement on a regular basis in order to keep you fully up-to-date with our approach to General Data Protection Regulations.
If you have any comments or queries regarding our use of your data, or you wish to unsubscribe from receiving marketing communications from us, please contact us by email at:email@example.com
There are three types of personal data we collect in connection with theCarfest Merchandise Store - information you give us, information collected automatically and information from other sources.
Information you give us
Registration data. Registration data is the information you submit to register to receive marketing communications and newsletters from us. Registration data may include, for example, first name, surname, email address, gender, country, postcode and birthdate.
Public data and posts. Public data and posts consist of reviews that you post on Carfest Merchandise Store and the personal data about you that accompanies those posts or content, which may include a name, user name, comments, likes, status, profile information and image. Public data and posts are always public, which means they are available to everyone and may be displayed in search results on external search engines. Please review the “User Content” section of the Terms and Conditions of Use, which addresses how we may use your public data and posts.
Correspondence data. In the course of corresponding with us by telephone or email, you may provide us with personal data.
Information collected automatically
Associating non-personal data with personal data.If we associate non-personal data with personal data, we will treat that combined information as personal data.
Sensitive data.We ask that you do not send us, and you do not disclose, any sensitive personal data (such as social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, genetic or health status or sexual orientation, criminal background or trade union membership) on or through Carfest Merchandise Store or otherwise.
Data about other people.If you provide us with any personal data about another person, company or organisation (for example, in connection with a referral), you represent that you have the right to give us that information to use for the purpose described onCarfest Merchandise Store.
Use of Carfest Merchandise Store by children. Carfest Merchandise Store is not intended for persons under age 16.
We use your data for the following purposes:
Our use of your personal data
Collection and use for purposes of our legitimate interests and legal obligations.We collect and use your data mainly to operate and improve our services. For example, we use your personal data to analyse your use of the site. We also use your personal data to personalise your use of the site, for example to identify your preferences. We also use your personal data to communicate with you regardingCarfest Merchandise Store, for example to reply to an inquiry you make through the site. We rely on our legitimate interests as the legal basis for processing this information. We also collect and use your personal data as necessary to comply with our legal or contractual obligations or to protect our legitimate interests, such as to detect and prevent fraud, abuse or security threats. Your failure to provide such personal data will make it impossible for us to provide you with some of our services.
Collection and use for marketing and other purposes with your consent.We also collect and use your personal data for purposes for which we have your express consent. For example, where you have given us your consent, we will use your personal data to market to you. Where we are asking for your consent, you do not have to provide your consent. If you have provided your consent in response to our request, we will use that consent as the legal basis for collecting and using the data for the purposes disclosed to you. You may withdraw your consent at any time by contacting us firstname.lastname@example.org. Also, where we are collecting personal data for marketing purposes, you have the option not to provide us with your personal data. We use a number of external companies to help us market our products and services, both on the site and elsewhere. However, these companies are prohibited from using or sharing the personal data that we provide to them, except as necessary to provide their services to us.
Our retention of your personal data.We keep your personal data for as long as needed for the purposes for which it was collected or for which you subsequently authorise it and additionally for as long as we are required to keep it because of legal obligations, professional accounting or audit standards, legal or insurance claims or regulatory proceedings.
Our sharing of personal data.We will never sell your personal data to any external organisation. However, we may share your personal data as follows:
You have the right to ask us, in writing, for a copy of all the personal data we hold about you. This is known as a "Subject Access Request". You can obtain this information at no cost. We will send you a copy of the information within 30 days of your request. To make a Subject Access Request, please send an email email@example.com. A list of your legal rights may be accessed here https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Remember that even after you unsubscribe or ask us to delete your personal data, copies of some information may remain viewable in some circumstances where, for example, you have shared information with social media or other services or, for example, when retention of such copies is necessary to comply with legal obligation or legal defence. Because of the nature of caching technology, your personal data may not be instantly inaccessible to others. We may also retain backup information related to your account on our servers for some time after cancellation or your request for deletion to comply with applicable law.
In addition, please note that you have the choice not to provide us with personal data. Also, if we have requested your consent to process personal data for a particular purpose, you have the option not to provide that consent. If you provided your consent, you may withdraw your consent at any time by contacting us firstname.lastname@example.org. However, your choices may affect our ability to provide you with certain services.
Data privacy and security.We recognise that the security of data and transactions on this website is of primary importance. We therefore ensure that all connections to the site are securely encrypted and authenticated using strong protocols, key exchanges and ciphers. Our servers are updated with the latest security patches and fixes on a regular basis.
CarFest Merchandise Store is committed to protecting the security of your data. We use a variety of security technologies and procedures to help protect your personal information from unauthorised access, use or disclosure. For example, we store the personal information you provide in computers with restricted access that are located in controlled facilities.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. For security purposes, your password should not be written down and should be regularly reset.
When we transmit sensitive information such as your credit card number and address details over the Internet, we protect it through the use of 128-bit encryption certificates and the Secure Sockets Layer (SSL) protocol - the industry-standard method for protecting web communications.
Your right to contact a supervisory authority.If you reside in the United Kingdom, the European Economic Area or Switzerland, you have the right to lodge a complaint with the relevant supervisory authority. The UK supervisory authority for data protection issues is the Information Commissioner’s Office (www.ico.org.uk). For more information about your rights under data protection laws in the European Union, see https://ec.europa.eu/info/law/law-topic/data-protection_en
Sign up to get emails about new products, events and launches!