PRIVACY POLICY
At NHSCA Events (“we,” “us,” or “our”), accessible via nhscaevents.com (the “Website”), your privacy and the security of your personal information are of utmost importance to us. We are committed to respecting your privacy, protecting your personal data, and ensuring transparency regarding the ways we handle your information. This Privacy Policy outlines our practices and your rights as it relates to your personal data, in full compliance with the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”), and other applicable data protection laws.
1. Commitment to Privacy and Data Protection
We are dedicated to safeguarding the privacy of visitors to our Website and users of our services. We believe in minimal data collection, responsible data handling, and empowering individuals with control over their personal information. This Privacy Policy is designed to help you understand how we collect, use, store, and disclose information and describes the choices you can make regarding that information.
2. Scope and Role of Data Controller
This Privacy Policy applies to information collected through your use of nhscaevents.com and any related services offered through the Website. NHSCA Events acts as the “data controller” with respect to the personal data we collect, process, and store. In our role as data controller, we determine the purposes and legal basis for the processing of your personal data.
3. Categories of Data We Process
We may collect, use, and process the following categories of personal data:
a. Usage Data:
Includes information about your interaction with our Website, such as browser type, IP address, device identifiers, access times, pages viewed, referring URLs, and session duration.
b. Account Data:
Includes personal identifiers such as your full name, postal address, email address, telephone number, and account credentials when applicable.
c. Profile Data:
Includes your preferences, feedback, event registration history, purchase behavior, engagement with services, and other profiling-related activities.
d. Communication Data:
Includes records of any correspondence with us through support requests, contact forms, or official communication channels.
e. Technical Data:
Includes data related to the devices and systems you use to access our services, such as your operating system, mobile network information, device type, hardware model, browser settings, and other system configuration data.
f. Transaction Data:
Includes billing details, payment information (processed securely through third-party providers), order histories, and shipping or delivery data as necessary for event registration or merchandise fulfillment.
g. Preference Data:
Includes your responses to marketing preferences, subscription consents, and interests relating to our products, events, communications, and offerings.
4. Legal Bases for Data Processing
Under GDPR and other applicable data protection frameworks, our processing of your personal data is supported by one or more of the following legal bases:
– Contractual Necessity: To provide services requested by you, including account creation, event participation, and purchasing of products or services.
– Legitimate Interest: For purposes such as service improvement, fraud prevention, marketing (where consent is not required), and statistical analysis.
– Consent: Where you have explicitly granted permission, such as for receiving newsletters or accepting cookies.
– Legal Obligation: Where processing is required to comply with applicable laws and regulations.
5. Your Data Protection Rights
Subject to applicable laws, you have the following rights regarding your personal data:
– Right of Access: To request access to the personal information we hold about you.
– Right of Rectification: To have incorrect or incomplete personal data rectified.
– Right to Erasure: To request the deletion of your personal data under certain conditions (“right to be forgotten”).
– Right to Restriction: To request that we limit the processing of your personal data in certain circumstances.
– Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
– Right to Object: To object to processing based on legitimate interests or direct marketing.
To exercise any of the above rights, please contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational security measures in accordance with industry standards to protect your personal data. These measures include but are not limited to:
– Encryption of data during transit and at rest
– Role-based and password-protected access controls
– Regularly maintained and monitored backups
– Employee training and strict confidentiality obligations
– Secure infrastructure with appropriate physical and network protections
7. International Transfers
Where personal data is transferred outside of the European Economic Area (EEA) or the United States to a third country, we ensure such transfers are subject to appropriate safeguards, including where applicable the use of EU standard contractual clauses, data processing agreements, and compliance with regional laws such as the GDPR and CCPA.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which we collected it, including to comply with legal, tax, accounting, or reporting obligations. Retention periods are as follows:
– Usage Data: up to 12 months for analytics purposes
– Account Data: retained as long as the account is active, and for up to 3 years post-deactivation
– Profile Data: retained for active users, and up to 2 years post inactivity
– Communication Data: retained for up to 2 years for audit and support history
– Technical Data: retained up to 12 months
– Transaction Data: retained for up to 7 years
– Preference Data: stored until you update or revoke your consents
9. Cookie Policy
We use cookies and similar tracking technologies to enhance user experience, analyze site usage, and provide personalized content. Our cookies fall into the following categories:
– Essential Cookies: Necessary for the basic functioning of the Website
– Functional Cookies: Enable enhanced functionality and personalization
– Analytics Cookies: Help us understand how visitors interact with nhscaevents.com
– Performance Cookies: Monitor system performance and identify issues
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, visitors are provided with notice and, where required, options to manage their cookie preferences upon first visit. You can modify your cookie settings at any time via your browser settings or through our cookie consent banner. Rejecting certain cookies may affect parts of your user experience.
11. Protection for Children
We do not knowingly collect or solicit personal information from children under the age of 13. If you are a parent or guardian and you believe that your child has provided us with personal data, please contact us immediately at [email protected]. We will take prompt steps to delete the data.
12. Updates to This Policy
We reserve the right to make changes to this Privacy Policy from time to time to reflect changes in legal, technical, or business developments. Whenever we update the Policy, we will post the revised version on nhscaevents.com. Where required by law, we will notify you and/or seek your consent to such changes.
13. Contact
If you have any questions regarding this Privacy Policy, the data we hold, or if you wish to exercise any of your privacy rights, please reach out to our privacy team via email at: [email protected].
We are committed to full compliance with applicable privacy regulations, including the GDPR and CCPA. We take your concerns seriously and will respond promptly to any inquiries regarding the protection of your personal data.