Firstly, please be assured that we will never sell, give, or lend your information to others for marketing. Below describes what information is collected in the course of normal business and how we use it. Some of it is in legal terminology, as required by law, but if you have any questions please do not hesitate to contact us. We respect your privacy and are committed to protecting your personal data.
You may also view our Terms of Service here: https://crystal-rose.org/terms/
You may request to be removed from our mailing list at any time. The most expedient way to remove yourself from our mailing list is at the bottom of any publication we send to you.
2. Our website
Our website, crystal-rose.org, sells services and classes which are aimed at individuals. This website is not intended for children, and we do not knowingly collect data relating to children. By providing us with your data, you warrant to us that you are over thirteen (13) years of age.
3. Personal data which we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include anonymous data or sensitive data.
The personal data we collect falls into these categories:
Identity Data includes title, first name, last name, username or similar identifier and an encrypted version of your login/password. If you interact with us through social media, this may include your social media user name.
Contact Data includes billing address, delivery address, e-mail address, and telephone numbers.
Financial Data includes payment card partial details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Profile Data includes your username and password, purchases or orders made by you, preferences, feedback and survey responses, as well as any profile data which we have added (for example, using analytics and profiling).
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Usage Data includes information about how you use our website, products, and services.
Tracking Data includes information we collect about you from cookies and similar tracking technologies, such as web beacons, pixels, and mobile identifiers.
Marketing and Communications Data includes your preferences in receiving direct marketing from us and your communication preferences.
We do not collect any special categories of personal data about you, including sensitive data.
Sensitive Data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and bio-metric data. We do not collect any information about criminal offenses or convictions.
Where we are required to collect personal data by law, or under the terms of the contract between us, and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver services to you). If you do not provide us with the requested data, we may have to cancel a product or service you have ordered. You will be notified should this occur.
We will only use your personal data for the purpose for which it was collected or a reasonably compatible purpose if necessary.
We do not perform automated decision making or any type of automated profiling.
4. How is your personal data collected?
We use different methods to collect data from you including through:
Direct interactions. You may give us your identity, contact, or financial data by filling in forms or by corresponding with us through post, email, or through chat or social media.
This includes personal data you provide when you:
- sign up for our mailing list.
- make inquiries or request information be sent to you;
- create an account on our website;
- order our products or services;
- ask for marketing to be sent to you;
- engage with us on social media;
- enter a competition, promotion or survey;
- contact customer service;
- request help by filling out a help desk ticket; or
- leave comments or reviews on our products or services.
Automated interactions. As you interact with us, we may automatically collect technical data about your equipment, browsing actions, and patterns. We may also collect tracking data when you use our website, or when you click on one of our adverts (including those shown on social media).
Third parties or publicly available sources. We may receive personal data about you from various types of third parties, including:
- Technical data and/or tracking data from analytics providers, advertising networks, and search information providers;
- Data from any third parties who are permitted by law or have your permission to share your personal data with us, such as via social media or review sites.
How we use your personal data. We may use your personal data, when we need to perform our contract we are about to enter into or have entered into with you. For example, when you purchase our services or products. We may also use your personal data when we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance. There is no other circumstance when we will use your personal data.
5. Advertising, marketing, and your communications preferences
We send our newsletter to you if you have signed up to receive it. If at any time you change your mind, you are welcome to unsubscribe. The most expedient way to unsubscribe is to use the unsubscribe link at the bottom of the newsletter communication.
A “cookie” is a piece of information that is stored on your computer’s hard drive, and it records how you navigate through a website so that, when you revisit that website, it can present tailored options based on the information stored from your last visit. Cookies can also be used to analyze traffic and for advertising and marketing purposes.
Cookies are used by nearly all websites and do not harm your system.
There are various types of cookies:
Session cookies. These are only stored on your computer during your web session and are automatically deleted when you close your browser. They usually store an anonymous session identification allowing you to browse a website without having to log in to each page, but they do not collect any personal data from your computer.
Persistent cookies. A persistent cookie is stored as a file on your computer and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again. (For example, Google Analytics uses persistent cookies.)
Cookies are categorized as follows:
Strictly necessary cookies. These cookies are essential to enable you to use the website effectively, such as when buying a product or service, and therefore cannot be turned off. Without these cookies, we would be unable to provide the services available to you on our website. These types of cookies do not gather information about you that could be used for marketing nor do they record where you have been on the internet.
Performance cookies. These cookies enable us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources, and see which pages or parts of the website are most popular.
Functionality cookies. These cookies allow our website to remember choices you make and provide enhanced features. They may also be used to provide services you have requested such as viewing a video or commenting on a blog. The information these cookies collect is usually anonymous.
When you use our services, your device or browser may be sent cookies from third parties, for example when using embedded content and social network links. It is important for you to know that we have no access to or control over cookies used by these companies or third-party websites. We suggest you check the third-party websites for more information about their cookies and how to manage them.
7. Disclosures of your personal data
We will never share your personal data, unless required to do so. In such case, we may share your personal data with the parties set out below:
- Service providers who provide IT and system administration services;
- Professional advisers, including lawyers, bankers, auditors, and insurers; and
- Government bodies that require us to report processing activities.
8. Payment information
Crystal-rose.org uses a third party payment processor, PayPal, to process payments made for products and services through the Website. All online payments will be conducted in accordance with Payment Card Industry (PCI) data security standards (which are high!) and your billing information (which is only used by these payment processors for the purpose of performing fraud protection) is encrypted before being communicated to them. Subject to the below exceptions, your credit card details are communicated directly from your browser to these payment processors – crystal-rose.org never sees your full Permanent Account Number (PAN). This means that the payment form is either off-site or displayed in a frame on the payment page.
We only store the tokens required to identify the transaction with PayPal, issue refunds, and identify transactions made using PayPal.
9. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed in an unauthorized way. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures for any suspected personal data breach and will notify you and any applicable regulator of a breach should such breach occur.
10. Data retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
In determining the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, whether we can achieve those purposes through other means, and the applicable legal requirements.
For tax purposes, the law requires us to keep basic information about our customers (including contact data, identity data, financial data, and transaction data) for six (6) years after they stop being a customer for tax purposes.
11. Third-party links
This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
12. Your legal rights
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data, and (where the lawful ground of processing is consent) to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us at firstname.lastname@example.org.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than one month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are not happy with any aspect of how we collect and use your data, we would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
13. How to contact Crystal-Rose about privacy