Privacy Policy
Glamorgan Heritage Coast (“we”, “us”, or “our”) is committed to safeguarding your privacy and protecting your personal data. This Privacy Policy outlines how we collect, use, share, and protect your information when you access or use our website (glamorganheritagecoast.com) and associated services. We uphold the highest standards of data protection in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”), ensuring your rights are respected and your information remains secure.
1. Commitment to Privacy and Data Protection
We recognize the importance of privacy and are committed to maintaining transparency and integrity in how we process personal information. All personal data collected through glamorganheritagecoast.com is handled lawfully, fairly, and transparently, in accordance with applicable data protection legislation. We implement policies and robust technical controls to ensure that your personal data is processed securely and with your full rights in mind.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of glamorganheritagecoast.com and any interactive features, communications, or services offered through the website. Glamorgan Heritage Coast is the data controller for the processing of personal data described in this Policy, and can be reached at [email protected] for all data-related queries, concerns, or complaints.
3. Categories of Data Processed
We collect and process several categories of personal data based on your interaction with the website and the services we provide:
a) Usage Data
Information related to your activities on glamorganheritagecoast.com, including IP address, browser type, operating system, referring URLs, pages visited, access times, session duration, and navigation patterns.
b) Account Data
Personal identifiers provided when creating an account or filling out forms, such as name, postal address, email address, and telephone number.
c) Profile Data
Additional information related to personal preferences, past purchases, event participation, service usage behavioral metrics, and communication frequency preferences.
d) Communication Data
Records of your correspondence with us including customer support requests, feedback forms, and any communications submitted through online forms or by email.
e) Technical Data
Device information such as device model, browser configurations, operating system settings, screen resolution, locale settings, and technology identifiers (e.g. cookies, device IDs).
f) Transaction Data
Details used in completing orders or participating in events, such as billing addresses, partial card details (processed via third-party providers), delivery details, and transaction history.
g) Preference Data
Marketing and communication preferences, such as newsletter subscriptions, topic interests, and consent preferences regarding promotional materials.
4. Legal Bases for Processing
We process personal data under the following lawful bases as required by GDPR:
– Consent: When you affirmatively opt in to receive marketing materials or authorize us to process certain data.
– Contractual Necessity: To fulfill contractual obligations when you request services, create an account, or make a purchase.
– Legitimate Interests: To enhance website functionality, detect and prevent fraud, analyze website traffic, and improve customer experience.
– Legal Compliance: To fulfill our obligations in accordance with legal, tax, and regulatory requirements.
5. Your Rights Under Applicable Law
Subject to applicable law, you are entitled to exercise the following rights in relation to your personal data:
– Right of Access: Obtain confirmation and a copy of personal data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data where no longer necessary or where consent is withdrawn.
– Right to Restriction: Request temporary suspension of data processing during dispute resolution or verification requests.
– Right to Data Portability: Obtain a copy of your personal data in a structured, commonly used format.
– Right to Object: Object to data processing based on legitimate interests or for direct marketing purposes.
To exercise these rights, please contact us at [email protected]. We will respond to valid requests within the timeframe prescribed by law.
6. Data Security Measures
We implement administrative, technical, and physical safeguards to ensure the confidentiality, integrity, and availability of personal data. These measures include but are not limited to:
– Secure socket layer (SSL) encryption to protect data transmissions
– Role-based access controls and authentication audits
– Regular data backups and disaster recovery protocols
– Staff training in data protection best practices and incident response
7. International Transfers
If personal data is transferred outside the UK or European Economic Area (EEA), such transfers will be conducted only to territories recognized as offering adequate protection, or under legitimate safeguards such as the Standard Contractual Clauses issued by the European Commission or other appropriate legal mechanisms.
8. Data Retention Policy
We retain personal data only for as long as necessary to fulfill the purposes it was collected for. Standard timeframes include:
– Usage and Technical Data: retained for up to 24 months for analytics and security purposes.
– Account and Communication Data: retained for the duration of the user relationship and up to 6 years thereafter for legal compliance.
– Transaction Data: retained for a minimum of 6 years to comply with accounting and taxation requirements.
– Marketing and Preference Data: retained while consent remains valid or until it is withdrawn.
If you request deletion of your data, we will erase or anonymize it unless further retention is required under legal obligations.
9. Cookie Policy
We use cookies and similar technologies to optimize website performance and provide a personalized experience. The types of cookies used include:
– Essential Cookies: Necessary for site functionality and secure user authentication.
– Functional Cookies: Enhance user preferences (e.g., language choice or timezone).
– Analytics Cookies: Track user interactions to improve website performance and usability.
– Performance Cookies: Monitor server load, user navigation paths, and site responsiveness.
10. Cookie Management and Compliance
You can manage cookie settings through your browser or by using the cookie consent banner provided on glamorganheritagecoast.com. You may adjust settings to allow, block, or delete cookies at any time. By default, non-essential cookies will not be used without your prior consent, in keeping with GDPR Article 7 and CCPA obligations.
For California residents, subject to CCPA, you may request information about the categories of personal information collected, shared, or disclosed in the past 12 months, and request non-sale of your personal data.
11. Children’s Privacy
We do not knowingly collect personal information from children under 13 years of age. If we become aware that any such data has been collected without verified parental consent, we shall delete it immediately. If you believe that a child has provided us with personal information, please contact us at [email protected].
12. Policy Updates
We may revise this Privacy Policy from time to time to reflect legal, regulatory, or operational changes. Significant changes in the policy will be communicated to users through prominent notifications on glamorganheritagecoast.com or via email. Continued use of the website after changes have been made indicates acceptance of the revised terms.
13. Contact Us
For any questions, concerns, data requests, or complaints relating to this Privacy Policy or your personal data, you may contact us at:
We are committed to ensuring that your privacy is respected and that your personal information is handled in accordance with applicable data protection laws.
—
We comply fully with GDPR, CCPA, and applicable data privacy frameworks. If you have privacy concerns or wish to exercise your rights, please do not hesitate to contact us at the address provided above.