Website Privacy Policy

Here at Salcombe Art Club we take your privacy seriously – collecting only the data we need to be able to provide you with our services. We do not share your data with any other organisations, and make every effort to ensure that the data we hold is kept secure.

What personal data we collect and why we collect it:

Buying Memberships or Booking Courses

When you visit our shop checkout, we collect your order details, billing and delivery information, and any other contact details that you provide us with. This information is collected solely for the purposes of processing your order.

Payment Details

We do not collect or hold any card details. All payments are processed externally to our site, by Stripe – their privacy policy is available at: https://stripe.com/gb/privacy. If you ask the site to “remember” your card details, the details are passed via an encrypted connection to Stripe and exchanged for a token, which is then stored in our database.

Comments & Reviews

If you leave comments or reviews on our website, we collect the data shown in the comments form, and also your IP address and browser user agent string to help with spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Membership and Our Mailing List

If you become a member of Salcombe Art Club, we will hold your email address and other contact details for the purposes of corresponding with you about your membership and for sending you members’ newsletters.

Accounts

If you create an account on our website, your username and email address will be stored in the site database. Passwords are converted to an anonymized string (also called a hash), through the use of a one-way encryption algorithm, and it is only this anonymized string that is securely stored by the site. The password itself cannot be accessed, or re-created from the hash – by us or anybody else. The website also stores any other personal information that you provide in your user profile. You can see, edit, or delete your personal information at any time. Our website administrators can also see and edit that information.

Cookies

Functional Cookies

If you log in to our site, first-party cookies will be set from our domain solely for the purposes of “remembering” you, your settings and your preferences in your own browser and for keeping you logged in.

Analytics Cookies

No analytics cookies are set when you visit our site. Analytics data is collected using scripts that do not collect any personally identifiable data and do not track users between sites. For more information visit: https://plausible.io

Marketing Cookies

Our site does not directly set any marketing cookies.

Embedded content from other websites (such as a Google maps, YouTube or Vimeo videos and social media feeds) behaves in the exact same way as if the visitor has visited the other website. In their standard implementations, these websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account (such as a Google or Facebook account) and are currently logged in to that account in your web browser. We make all reasonable efforts to ensure that any Third Party content embedded within our site is prevented from setting additional cookies for tracking and marketing purposes.

To prevent any site that you visit from setting Third Party cookies, they can be disabled in the privacy section of your web browser’s settings – for instructions on how to do this in the most popular browsers, visit the providers’ support sites: Google Chrome, Apple Safari, Mozilla Firefox or Microsoft Edge.

If you would like to protect your privacy and avoid being tracked for marketing and advertising purposes when browsing elsewhere on the internet, you may wish to consider using a privacy-focused browser such as Mozilla Firefox (https://www.mozilla.org/en-GB/firefox/new/) or Brave (https://brave.com).

Security and Spam Protection

This site employs software to protect against unauthorised login, spam and other malicious activity. Where malicious activity is detected, the IP address from which it originated will be stored.

How long we retain your data

If you leave a comment or review, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

If you provide us with your contact details or other information, we will retain it indefinitely, unless you have specifically requested otherwise or until such time as you request that it is removed. During the time that we retain your details, we will use them only for the purpose(s) for which you gave your consent – such as corresponding over a question or request, receiving news updates, or for processing orders from our shop.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

This site is hosted on a secure server situated within the EU.

Your contact information, and information for processing your orders may also be held securely in our own computer and paper records systems. Some data held in our own systems is also stored in secure cloud storage provided by Google, where it remains private and is held on servers based in the EU or on servers where it is safeguarded to the same standards as if the data was held within the EU.

How we protect your data

This site employs a secure (https) connection and, as such, any data you exchange with the site is encrypted in transit – details of our security certificate can be viewed by clicking on the symbol to the left of our website address in your browser address bar. Access to data held within the site, within our own computer systems and cloud storage is password-protected and subject to additional layers of security.

What data breach procedures we have in place

If we suspect that there has been any unauthorised access to, or disclosure of, the personal data we hold, we will immediately inform anyone who we believe may have been affected.

Our contact information

For any matter related to privacy or the storage and processing of personal data, please contact us using the details below.