Privacy Policy

If you reside in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland, you may have additional rights with respect to your Personal Data, as further outlined below. These rights may include rights under the EU’s General Data Protection Regulation (“GDPR”), if you are a resident of the EU, United Kingdom, Lichtenstein, Norway or Iceland.

Collection of your Personal Data

We collect the following categories of Personal Data about you when you use or otherwise interact with our website, blog, or store:

• Name
• Email address
• Home/work/mobile telephone number
• Postal or other physical address
• Date of Birth
• Emergency contact information
• Additional information such as preferred pronouns, and emergency contact
• IP addresses and other information collected passively, as further detailed in the “Passive Collection” section below

We collect and/or process your Personal Data in connection with the below activities related to our services and registration:

• Registration for certain events and products
• Placing transactions or orders
• Registering to attend an event
• Participating in an online survey
• Billing and collecting payments for our products and services
• Participating in discussion groups or forums
• Registering for newsletter subscriptions

When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number or other details to help you with your experience.

When do we collect information?

We collect information from you when you register on our site, place an order, subscribe to a newsletter, respond to a survey, fill out a form or enter information on our site.

Processing of your Personal Data

We will use your Personal Data only in accordance with our Privacy Policy. If you do not wish us to continue using your Personal Data in this manner, you can request that your data be removed by contacting us as specified in the “Contact Us” section.

We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity (i.e. processing that is necessary for the performance of a contract with you, such as the attendance of an event) and our “legitimate interests” or the legitimate interest of others (e.g. our users) such as:

• Personalizing, improving or operating our services, products, and business
• Better understanding your needs and interests
• Fulfilling requests you make related to our services
• Providing you with information and offers from us or third parties
• Complying with our legal obligations, resolving disputes with users, enforcing our agreements
• Protecting, investigating and deterring against fraudulent, harmful, unauthorized or illegal activity

We process Personal Data for purposes such as:

• To process your orders and deliver the products or services that you have ordered
• To provide reports based on information collected from sale of our products
• To keep you up to date on the latest event announcements, policy changes, special offers, and other information
• To provide support and assistance for our services and products
• To provide the ability to contact you and provide you with shipping and billing information
• To provide customer feedback and support
• To provide and administer opt-in contests or other marketing or promotional activities on the xeniteretreat.com, weekendofwomen.com potter.camp, or affiliate websites
• To the extent you choose to participate, to conduct questionnaires and surveys in order to provide better products and services to our customers
• To support volunteer inquiries
• To meet contract or legal obligations

Choice

You can choose whether to provide PII to GC Events, but note that you may be unable to participate in certain events, offers, and services if they require PII that you have not provided. You can sign-up, and therefore consent, to receive email or newsletter communications from us. If you would like to discontinue receiving these communications, you can update your preferences by using the “Unsubscribe” link found in such emails or by contacting us using the information in the “Contact Us” section of this policy.

Data Subject Rights

You have certain rights with respect to your Personal Data as set forth below. Please note that in some circumstances, we may not be able to fully comply with your requests, or we may ask you to provide us with additional information in connection with your request, which may be Personal Data, for example, if we need to verify your identity or the nature of your request. In such situations, however, we will still respond to let you know of our decision.

To make any of the following requests, contact us using the contact details referred to in the “Contact Us” section of this policy.

• Access: You can request more information about the Personal Data we hold about you. You can also request a copy of the Personal Data.
• Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your service account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
• Objection: You can contact us to let us know that you object to the collection or use of your Personal Data for certain purposes.
• Erasure: You can request that we erase some or all of your Personal Data from our systems.
• Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
• Portability: You have the right to ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
• Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Products.
• Right to File Complaint: You have the right to lodge a complaint about Zoom’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.

Data Retention

How long we retain your Personal Data depends on the type of data and the purpose for which we process the data.

Passive Collection

GC Events and our third party service providers automatically collect some information about you when you use our website, using methods such as cookies and tracking technologies (further described below). Information automatically collected includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the website and/or Products.

Cookies and Tracking Technologies

GC Events and our partners use cookies or similar technologies to analyze trends, administer the website, and gather information about our user base, such as location information based on IP addresses. Users can control the use of cookies at the individual browser level.

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

We do not allow third-party behavioral tracking.

Sharing your Personal Data

We do not sell or rent your Personal Data to third parties for marketing purposes.

We share Personal Data within GC Events and its affiliates, and with third party service providers for purposes of data processing or storage.

We also share Personal Data with business partners, service vendors and/or authorized third-party agents or contractors in order to provide requested products or transactions, including processing orders, processing credit card transactions, hosting websites, hosting event registration and providing customer support. We only provide these third parties with Personal Data to complete/utilize the requested product or transaction.

In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Data as set forth in this policy. As required by law, we may respond to subpoenas, court orders, or similar legal process by disclosing your Personal Data and other related information, if necessary. We also may use Personal Data and other related information to establish or exercise our legal rights or defend against legal claims.

We collect and possibly share Personal Data and any other additional information available to us in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of GC Events terms of service, or as otherwise required by law.

While navigating GC Events websites you may be directed to content or functionality that is hosted by a third-party. When information is collected on behalf of GC Events exclusively, GC Events Privacy Policy will be referenced and will govern how your information is used. For other, non-GC Events sites or services, the site/service owner’s privacy policy will be referenced. You should review such third party’s privacy and security policies prior to use.

Security of your Personal Data

GC Events is committed to protecting the Personal Data you share with us. We utilize a combination of security technologies, procedures, and organizational measures to help protect your Personal Data from unauthorized access, use or disclosure.

When we transfer credit card information over the Internet, we protect it using Secure Sockets Layer (SSL) encryption technology. We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information. All transactions are processed through a gateway provider and are not stored or processed on our servers.

Linked websites and third party services

Our websites and services may provide links to other third-party websites and services which are outside our control and not covered by this policy. We encourage you to review the privacy policies posted on these (and all) sites you visit or services you use.

Transfer and Storage of Personal Data

Our products and services are hosted and operated in the United States (“U.S.”) through GC Events and its service providers. We may transfer your Personal Data to the U.S., to any GC Events affiliate worldwide, or to third parties acting on our behalf for the purposes of processing or storage. By using any of our products or services or providing any Personal Data for any of the purposes stated above, you consent to the transfer and storage of your Personal Data, whether provided by you or obtained through a third party, to the U.S. as set forth herein, including the hosting of such Personal Data on U.S. servers.

Google

Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en

We have not enabled Google AdSense on our site but we may do so in the future.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. – See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

According to CalOPPA, we agree to the following:

Users can visit our site anonymously.

Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website.

Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the page specified above.

You will be notified of any Privacy Policy changes:

•       On our Privacy Policy Page

Can change your personal information:

•       By emailing us

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not specifically market to children under the age of 13 years old.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

We will notify you via email

•       Without undue delay and within no more than 30 days of the occurrence

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

•       Send information, respond to inquiries, and/or other requests or questions
•       Process orders and to send information and updates pertaining to orders.
•       Send you additional information related to your product and/or service
•       Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To be in accordance with CAN-SPAM, we agree to the following:

•       Not use false or misleading subjects or email addresses.
•       Identify the message as an advertisement in some reasonable way.
•       Include the physical address of our business or site headquarters.
•       Monitor third-party email marketing services for compliance, if one is used.
•       Honor opt-out/unsubscribe requests quickly.
•       Allow users to unsubscribe by using the link at the bottom of each email.

If at any time you would like to unsubscribe from receiving future emails, you can:

Follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.

Or email us at info@sparkpurple.com

Contacting Us

If there are any questions regarding this privacy policy, you may contact us using the information below.

www.sparkpurple.com

Spark Purple Co
PO Box 1483

Lake Villa, Illinois 60046

United States

info@sparkpurple.com

For the purposes of the EU General Data Protection Regulation 2016/679 (the “GDPR”), the data controller is GC Events Co, PO Box 1483, Lake Villa, IL 60046, United States

Effective May 25, 2018