Privacy Policy

Privacy Policy

TAPDANCE-EXCHANGE.COM (‘Our’, ‘We’, ‘Us’ and ‘This Website’ are self descriptors of the The Data Controller for the purposes of this privacy policy.) Contact information for The Data Controller is detailed at the end of this Privacy Policy.

The Data Controller takes user privacy and data protection matters seriously. This policy is subject to regular updates and amendments.

Revised date: 25/01/2024

The type of personal information we collect

This website may collect and process the following personal information:

  • Personal identifiers, contacts and characteristics
  • Legal Name
  • Business Name
  • Date of Birth
  • Billing Address
  • Delivery Address
  • Email Address
  • Contact Telephone Number
  • Username and profile information
  • Geolocation
  • Communications data such as comments, form submissions, emails and other records of your interactions with this website.
  • User Generated Content
  • Order information (but not payment information)
  • IP Address

Please note that the extent of personal information/data we collect about you and process will depend solely on how much you choose to interact with this website and the various products and services offered.

How we collect your personal information and why we process it:

Most of the personal information we collect is provided to us directly by you when you use this website and the interactive elements provided. We may process this personal information for any of the necessary reasons listed below:

  • To provide you with our digital products and services, with personalisation. Either on our website directly or with our chosen Third Party Services
  • To communicate with you, respond to consumer queries, feedback and offer support to customers. This may be from correspondence via contact forms, direct email correspondence, email newsletter subscriptions, responses to comments, user generated content and reviews made by users.
  • To maintain compliance with legal and regulatory requirements. Examples of this would be to keep records for relevant tax authorities, legal compliance, detection of fraud or any other regulatory purpose applicable to you.
  • Promotional and marketing activities, subject to user consent where required by law.

Notice in relation to UK General Data Protection Regulation (UK GDPR)

Legal bases relied upon for the collection of personal data collection and processing on this website are:

  • For fulfilling contracts
  • To comply with legal requirements (e.g for tax purposes)
  • Consent. You have the right to withdraw consent at any time. You can do this by emailing our designated data officer at: info@tapdance-exchange.com – subject to legal considerations.
  • Protection of vital interests
  • We need to perform a public task.
  • We have a legitimate interest

Your personal data and processing by third party service providers

We may share this data with third parties. Information below:

Automattic Inc.

This website uses necessary third party services owned by Automattic Inc and it’s affiliates to ensure high performance, expand functionality and improve user experience on this website. These third party services may control and process personal information and technical data in order for us to provide products and services to you. (WooCommerce), manage our email list/CRM platform (MailPoet) as well spam and security checks (Jetpack and Akismet).

Legal Bases for the party service included on our website to handle personal data:

WooCommerce: The utilization of WooCommerce for processing personal data is to fulfil contracts between you and this website. For example to satisfy purchases and orders made by you and to deliver those products and services to you successfully. Legal Basis: fulfilling contracts.

MailPoet: Personal data is processed by MailPoet when you subscribe to our mailing list and receive promotional emails from us. We are required to obtain your explicit consent to do so. You have the right to withdraw consent and unsubscribe at any time. Legal basis: consent.

Jetpack and Akismet: Necessaryto ensure site security, spam & fraud prevention. Legal basis: legitimate interest.

For more information of how Automattic Inc. And its affiliates controls, processes and shares personal data please refer to their privacy policy below.

https://automattic.com/privacy/

By utilizing this website you agree to the incorporating of third party services from Automattic Inc. in order to process your personal data for the purposes listed above and under their specified legal bases.

Payment Processors

In order to process payments and orders on this website, your personal data including name, email address, billing address, location, order information and other necessary information for the purposes of processing your order may be shared with third parties. Third Parties we may share this information with are listed below:

Stripe, Inc. (For payment processing):

Stripe is this website’s chosen Third Party Payment Processor for processing transactions/orders made by you on this website.

This includes full payment processing on behalf of The Data Controller as well sending order confirmations to you.

The use of Stripe as a third party payments processor is necessary for fulfilling contracts and for meeting legal obligations.

No payment information details (such as credit/debit card details, bank details or digital wallet details) are handled or processed by The Data Controller on this website directly, Customer payment information including bank card numbers, expiry dates, CVV codes and any other data known otherwise known as payment information is processed fully by Stripe’s own servers when you purchase through us. Stripe is a PCI Level 1 service provider.

Sharing some personal and non-personal information/data may be shared with Stripe as it is necessary for fulfilling contracts with you and for meeting legal obligations. This may include name, date of birth, address, email address, telephone number, location IP address, device identifiers, browser type or other personal identifiers.

Stripe may also use your personal information throughout the process of making a payment to detect fraud and to verify your location to confirm you are in our service area.

In most cases, Stripe processes data in a localised way depending on your location. Where data is transferred outside of the EEA, relevant safeguards are in place to protect personal data.

Please read Stripe’s privacy policy for more information on how personal information and other data types are processed by them on the link below:

Third Party Service – Company Name: Stripe, Inc.

Type: Data Processor

Privacy Policy:
https://stripe.com/gb/privacy

Data Processing Agreement (DPA):
https://stripe.com/gb/legal/dpa

By placing an order on TAPDANCE-EXCHANGE.COM you consent to the use of Stripe as a third party processor to handle your personal information and other necessary non personal data types in order to fulfil contracts with you in the form of orders that you have placed on this website.

Brevo (Sendinblue SAS)

Third Party collection and processing of your personal data by Brevo is necessary for email Newsletter subscription management sending you communications based on you consenting to communications with us.

When submitting a message via our contact form or an email subscription sign up request, Your personal information may be shared with Brevo to manage our email marketing platform for purposes of providing products and services, promotions and marketing, customer support and client communication.

Lawful Bases for sharing your personal information with Brevo is user consent.

You have the right to opt out of communication and/or amend your preferences at any time. You can follow links to unsubscribe, amend your communication preferences, you may also email the word STOP to the data controller from your email address to stop all communications except where contractually required by law.

Brevo (Sendinblue SAS) Helpful links:

Third Party Service – Company Name: Sendinblue SAS (otherwise known as Brevo)

Terms of service (including DPA):
https://www.brevo.com/legal/termsofuse/

Privacy Policy:
https://www.brevo.com/legal/privacypolicy/

By signing up to our email services, you consent of your data being collected and processed by Brevo (Sendinblue SAS)

Google Workspace – Data Sharing & Processing:

The Data Controller of this website may share personal data with Google Workspace Apps (Google LLC ). The apps that personal data is shared with and why such sharing/ processing is necessary is as follows:

Google Docs: Necessary to uphold legal obligations, for example keeping financial records from purchases or downloads and ensuring secure storage. Legal basis: Legal obligations.

Google Calender: Necessary to provide users with information on events and booking slots. Legal basis: legitimate interests.

Google Drive – Necessary to deliver digital products and services to you. Legal basis – fulfilling contracts

For more information on Google Workspace and security please see the link below:

https://workspace.google.com/security

Google Analytics:

We may collect anonymised, non personal, technical data from Google Analytics.

Such technical data we may receive from Google Analytics include; IP address (anonymised), browser type and version, device type, time visited, date visited, session length, operating system, referral URLs, bounce rate, pages visited, time viewed, conversions and general usage data. This happens automatically and as soon as you access our website if cookies are enabled on your browser.

We collect these data types to to optimise this website, improve user experience and refine our products and services. legitimate interests is the lawful basis for use.

Google Analytics default data retention period including conversions is 14 months.

You can find out more about Google Analytics and Google’s Privacy Policy on the links below:

Third Party Service – Company Name: Google LLC

Type: Data Processor

Privacy Policy:

https://policies.google.com/privacy

Data Processing Terms (DPA)
https://business.safety.google/adsprocessorterms/

YouTube & Social Media Websites – Data Sharing & Processing: Legal Basis: legitimate interest

This website displays embedded content from third party websites such as YouTube and other social media channels and third party websites. Displaying this content is necessary to provide our products and services, improve user experience and also display promotional materials associated with out business. This embedded content is displayed with legitimate interest. When third party embedded content is shown on this website, the third party may collect and process non personal and technical data such as IP address, Browser Type, location, Operating System, Tracking, usage and Analytics data. The extent of which data is processed depends on how much you interact with the content.

While types of non personal data in isolation may not be enough to identify a person, it may be possible to identify you when combining with other technical or personal data types. We ensure to protect user privacy by only using trusted third parties who have adequate safeguards in place in relation to data protection.

If you have an account with any of the third party service providers that may be integrated with this website and are logged in to their services, then that third party may process your personal data in relation to your viewing, utilization and interaction with embedded elements that they ultimately control. In addition any data processing by a third party service is subject to the terms set out in their terms of service, privacy policies and data processing agreement(s) or equivalent.

The Data Controller of this website assumes no responsibility for the agreements that may already exist between you and third parties.

Third Party Privacy Policies:

Google/ YouTube
https://policies.google.com/privacy

TikTok

https://www.tiktok.com/legal/page/eea/privacy-policy/en

Bandlab

https://blog.bandlab.com/privacy-policy/

Please note that content may or may not be shown from these third party websites on all areas of the website (if at all). In addition, some services

It is recommended that you review the privacy policies, terms and conditions and DPA’s on third party services for more information how how they may control or process your data before interacting with the services embedded on this website.

To make informed choices surrounding your data please see the following links to third party policies in relation to your data.

This website is unable to assume responsibility for the data practices of third party service providers nor do we have any control on how their policies are set.

To the best of the Data Controller’s knowledge at TAPDANCE-EXCHANGE.COM, all trusted third parties that we share data and processing tasks with take data protection matters seriously and uphold high standards when it comes to data protection and data security.

This website reserves the right to review and emend the use of third parties and amend the use of their products or services in conjunction with this website without notice.

Other notes in relation to sharing personal data with third parties

Third party payment processors this website uses implement robust security processes to protect your information.

The Data Controller of this website is not liable for the use of your data by our chosen third party service providers, any potential failures on their part or data breaches that may arise on their platforms in future.

The Data Controller of this website reviews the privacy policies, security and general business practices of third party payment processors periodically in the interest of protecting personal information of users.

The Data Controller of this website makes every effort to ensure that third party sharing of personal information only happens when absolutely necessary with third party service providers with adequate data protection practices.

In certain circumstances, the data controller may retain and share your personal information due to legal and regulatory requirements. (e.g for tax purposes or compliance with a relevant authority)

Data sharing with third parties will always be minimised as much as reasonably possible.

The Data Controller does not share your personal information with third parties except where either consent is given, where sharing is required to fulfil contracts or if sharing is a legal requirement (e.g tax purposes). The Data Controller may share financial information such as payment details and invoices to accountants, auditors or other professionals who require access to help comply with legal requirements. All recipients must adhere to UK GDPR and strict data protection standards when handling this information.

We also may receive personal information indirectly, from the following sources in the following scenarios:

Social media channels:

Should you make contact and consent to receiving communications outside this website via external social media channels, you can revoke consent of processing your data via social media channels and we will remove all data that we can from our social media accounts and systems. However, you will have to contact social media sites/companies directly if you wish to exercise your data rights in full based on your own agreements with them directly. This website’s data controller assumes no responsibility/liability for data agreements you have entered with external companies.

How we store and protect your personal information

Your personal information is securely stored and is kept confidential. The data controller does not sell your personal information to third parties.

We use encryption and SSL (secure socket layer) certificates on our website systems to ensure safe data transmission by providing encryption.

We uphold high standards of security and regularly update our systems and security protocols.

Security measures are in place to ensure the safety of personal information.

Accounts and systems used to operate this website are access restricted. Systems and software are kept regularly updated.

The Data Controller is the designated DPO and regularly reviews security processes this website uses to protect user information.

No payment information is processed by this website directly or stored on this websites servers.

Collection of non personal, technical data

Cookies

We may set authenticated cookies throughout this website. Cookies are small files placed in your browser temporarily and are used to provide necessary site functionality as well as provide the data controller with technical information which can be used for business analysis and marketing purposes as well as to optimise user experience, products and services. Lawful basis is Legitimate interest. You can opt out of cookie use at any time.

For more information on this website and cookies, please read our Cookie Policy HERE. We only ever use cookies for relevant and necessary purposes outlined in this privacy policy.

Cookies will be set when you visit this website unless configured otherwise in your browser by you.

Cookie settings can be configured in your web browser settings.. Such examples of this would be to allow, block all or block third party cookies. You can also clear cookies after using this website to remove them if that is what you wish to do. Blocking all cookies may break site functionality.

Children’s Online Privacy Protection Act. Compliance Notice

This website does not knowingly collect personal information from children under the age of 16. If new information indicates that personal information for anyone younger than 16 years old has been collected, then we will take the required steps and procedures to remove the personal data from our IT systems. If you are under the age of 16, please do not use this website.

By using this website, you are confirming that you are of legal age to do so.

Data Retention Policy:

Data retention periods for data types are as follows:

1. Financial information such as invoices and order information will be retained as long as legally necessary to comply with our legal obligations.

2. Personal information in relation to mailing list subscribers who have consented to join will be retained for as long as consent is given before withdrawal. You can unsubscribe at any time.

3. personal information in relation to providing products and services ie download access – for as long as necessary before withdrawal.

4. User generate content that is published on our website will be retained indefinitely unless consent is withdrawn. You have the right to request removal of user generated content through a request to the DPO of this website.

5. Data retained by third parties will be kept as long as stated on their respective privacy policies.

6. Legal Requirements: some data will be retained longer if required under specific legal circumstances and under legitimate request from law enforcement.

7. Content violating terms of service: certain data will be removed if against the terms of service of this website or third party website. If you post content that violates our terms and conditions we reserve the right to remove such content and terminate accounts.

Your data protection rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

If you decide to restrict processing of personal data by this website. Please submit a data request to us and we will endeavour to satisfy the removal of your personal information within 30 days from the date of request. The data controller reserves the right to anonymise certain data through encryption to be stored for legitimate interests, respecting adequate safeguards.

Updates to this Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for legal reasons. The “Last Updated” date at the beginning of this Privacy Policy indicates the latest revision.

By using our website and services, you consent to the terms of this Privacy Policy.

How to complain

If you have concerns about your personal information, You have the right to make a complaint. Please contact us at info@tapdance-exchange.com if you wish to make a request.

You are not required to pay any charge for exercising your rights. If you make a request, this website’s data controller has one month to respond to you.

You can also raise a complaint to the Information Commissioners Office (ICO) in the UK. They are the official body and regulator.

Data Controller Contact Information

See our official correspondence address on the digital business card below:

TAPDANCE-EXCHANGE.COM

For all enquiries regarding your data and privacy rights as well as more information regarding our site’s practices, please contact the data protection officer at the following email address: info@tapdance-exchange.com