The Positive Discipline Association PRIVACY POLICY
1. BACKGROUND
1.1 This privacy policy sets out how we use your personal data and what your rights are in respect of it.
1.2 We may change this privacy policy from time to time. If we make significant changes in the way we treat your personal information, or to the privacy policy, we will make that clear on this website, or by some other means such as email, so that you are able to review the changes before you continue to use our website.
1.3 This page was last updated on 24th May 2018
2. DETAILS
2.1 We are your data controller for the purposes of the personal data we will collect.
2.2 The Positive Discipline Association is a non-profit company registered in the United States of America, with its registered address PO Box 888244, Atlanta, GA 30356
2.3 If you wish to contact us in relation to this notice, please use the details found on the “Contact Us” section of our website.
3. THE PROCESSING
3.1 This privacy policy applies to all customers of the Positive Discipline Association including visitors to, and users of, www.positivediscipline.org, and any apps we may publish in the future.
3.2 The table below sets out the personal data that we will collect, why we collect it, the legal basis on which we rely and how long we will keep it.
Type of data |
Reason we process it |
Legal basis our processing |
How long we keep it |
User account data, including your name, address, your email address, a hashed password, your mobile phone number, and your order and registration history. Some of this data may be obtained from your social media account where you use that account to register on our website. |
To administer your user account, if you create one. To fulfill your registration. To deal with any queries you have about your registration and/or to process refunds.
|
It is necessary for the performance of our contract with you for the service that you order. Failure to provide this data may mean we are unable to fulfill your registration, deal with your queries or process your refunds (as the case may be). |
Until 6 years after Membership is no longer valid. |
|
To group your previous orders. If you create an account, to save your details for future orders, to make things easier for you on your next visit. To confirm your identity next time you visit. |
Our legitimate interest in (a) linking your registrations to better understand what products you are interested in; (b) increasing sales by reducing the amount of data you submit each time you register for an event; and (c) ensuring only you are able to access your account. |
|
|
To bring or defend legal claims. To effect cancellations, in the unlikely event that they are required. |
Our legitimate interest in establishing, exercising or defending legal claims. |
|
|
To prevent fraud. |
Our legitimate intent in preventing loss through fraud. |
|
The details of any query, correspondence or complaint we receive from you. |
To deal with your queries and/or complaints.
|
Where you have already purchased the relevant product: necessary to perform our contract with you. Where you have not yet purchased the product: necessary preparatory steps for entering into a contract with you for the products or services that you would like to order. Without this personal data, we would not be able to respond to your query, correspondence or complaint. |
Six years from the date your account was last used. |
|
To bring or defend legal claims.
|
Our legitimate interest in establishing, exercising or defending legal claims. |
|
The contents of your virtual shopping basket. |
To allow you to purchase items on our website.
|
Necessary preparatory steps for entering into a contract with you for the products or services that you would like to order. Without this data we would not be able to take your order. |
Two hours from last activity on our website. |
|
To retrieve your basket next time you visit, if you are logged in.
|
Our legitimate interest in increasing ordering convenience for our users.
|
One year from the date of your last visit (but you can delete the cookie used to retrieve your basket at any time via your browser settings). |
Your name and email address. |
To email you any future correspondence where you have requested it. |
Consent.
|
Immediately, unless we use this data for another purpose. |
|
To send marketing material to you.
|
Our legitimate interest in marketing our products and services. Note: we rely on the “soft opt-in” exception under the Privacy and Electronic Communication Regulations 2003. |
Until you withdraw your consent, unless we need this for another purpose. |
|
To carry out market research on how our website is used, our user’s views, and what we could do better. |
Our legitimate interest in improving our website, products and services.
|
|
Data relating to your visits to our website, for instance which pages you visited, how long you spent on them, the dates and times you visited, the searches you have made on our website, and whether you have “abandoned” a shopping cart. Data which you volunteer to us when creating your account on our website. Data obtained from a social media account you have linked to your account on our website (we may obtain this data at the time of registration or at a later date). Your purchase history. |
To understand how our customers, or certain categories of customers, use our website.
|
Our legitimate interest in understanding how our website is used in order to increase user satisfaction and improve its website.
|
Twenty six months from visit.
|
|
To understand what products and services are most likely to be of interest to you, in order to tailor the emails you send you. |
Our legitimate interest in increasing user satisfaction and sales.
|
Four years from your visit.
|
Tracking technologies linked to your browsing session, e.g. cookies and tracking pixels. |
To display adverts to you on other websites, including social media networks, for products that we think you may be interested in (known as “re-targeting”). |
Our legitimate interest in increasing user satisfaction and sales. |
90 days from the date that you visit. |
Demographic information about you. |
In order to target you with display advertising based on your demographic information. Note: we do not have access to this information – the advertising platform, e.g. Facebook, allows us to select demographic criteria for our adverts. We will not however see who fits or is targeted by these demographic criteria. |
Our legitimate interest in marketing our products and services to persons most likely to be interested in them.
|
As set by Facebook. |
You email address. |
To create “look-a-like” audiences on advertising platforms, which share similar interests or demographics to all or a sample of our existing customers. |
Our legitimate interest in optimizing our marketing activities. |
We will only retain your email address for as long as we have a reason to, as set out above. |
Data collected by our web servers, including your IP address, the type of device you are using and its operating system, the name of your ISP, the page you viewed and when you accessed it and the website from which you came. |
To maintain access logs for the purposes of technical troubleshooting and detecting potential security threats.
|
Our legitimate interest in maintaining and securing our website and systems.
|
Seven days from when you accessed our website. |
3.3 Where multiple retention periods apply to one category of data, the relevant retention period will be the longest one (although we will stop using that category of data for a purpose when the retention period for that purpose expires).
3.4 Where our legal basis for processing is:
(a) consent, you have the right to withdraw consent at any time (see the section titled “Withdrawing consent” below); or
(b) legitimate interests, you may have the right to object to our processing (see the section titled “Objecting to legitimate interests processing” below).
3.5 Other than the personal data set out above, we also collect certain non-personal data, which might derive from personal data. For instance we may keep statistical information and log data about number of visits to our website, or how visitors have navigated through our website, without keeping log information that is attributed to you. Unless it is impossible to re-identify you from this information, we will treat it as personal data.
4. WHERE WE OBTAIN YOUR PERSONAL DATA FROM
We obtain your personal data in the following ways:
4.1 directly from you, for instance where you sign up to our website, purchase something from us, communicate with us, or otherwise voluntarily providing personal data to us;
4.2 from your accounts on other website, where you give us permission to do so. For instance if you use Facebook or Twitter to log into our website, we may obtain some information from those websites;
4.3 automatically when you use our website. For instance:
(a) like most websites, we use cookies (which are smaller text files sent between your web browser and our services) to provide or improve certain functionality and to track which of our pages you visit (see our cookie policy below for more information;
(b) our web server automatically collects certain information about your use of our website, for instance some key settings on your device, what type of device you are using, the operating system on your device, the website from which you came and your IP address; and
4.4 from commercial organizations for the purposes of fraud prevention, and in some cases for the purposes of assessing whether we can provide you credit.
5. PERSONS WITH WHOM WE MAY SHARE YOUR DATA:
5.1 In general, access to your personal data will be restricted to those who have a need to access it in order to carry out their duties (for example our customer services team).
5.2 However, we will also share your personal data with the following external third parties in some circumstances:
(a) fraud prevention agencies or other third parties that assist us in preventing fraud or other forms of risk;
(b) regulators such as the ICO, and government authorities such as HMRC or the police, if we are required to do so by law or if the regulator or authority requests it and we regard that request as reasonable;
(c) our insurers, legal advisers or other third parties who need access to it in the context of managing, investigating or defending claims or complaints;
(d) in connection with re-organizations, mergers and acquisitions of all or part of our business;
(e) organizations that process your data on our behalf who are not allowed to use your data for any other purpose, for instance our web hosts and the companies we use to pick, pack and deliver your orders;
(f) other companies within our group, for instance where they provide us services; and
(g) where you have consented to do us doing so.
5.3 Where we share your personal data with our service providers, we have contracts with those service providers setting out how they must handle your personal data, including not to use your personal data other than in accordance with our instructions.
5.4 Where we have been able to full anonymize personal data, we may share that anonymized data with third parties, for instance to report to some of the brands about interest in their products.
6. TRANSFERS OUTSIDE OF THE EEA
6.1 In certain limited circumstances, we may export personal data outside of the European Economic Area for processing, and we may use third party service providers who do the same.
6.2 We only do that if there is a good reason to do it and where either:
(a) there are adequate safeguards in place (such as the appropriate contractual arrangements with suppliers, or adequacy decisions, depending on the destination country); or
(b) we are otherwise permitted by data protection law (for instance, where you consent or such transfer is necessary to provide our service to you).
7. OPTING-OUT FROM ELECTRONIC MARKETING
7.1 You can opt-out from electronic marketing sent by The Positive Discipline Association by:
(a) by visiting our unsubscribe page;
(b) by following the unsubscribe link which we include at the bottom of all electronic marketing emails; or
(c) by contacting our customer services team using the details on our “contact us” page.
8. OBJECTING TO/OPTING OUT OF/DISABLING FACEBOOK TARGETED ADVERTISING
8.1 You are able to opt-out of targeted adverts placed by us on the Facebook website by either changing your Facebook account settings or browser settings. Please see Facebook’s help page on the subject for more information.
9. OBJECTING TO/OPTING OUT OF/DISABLING GOOGLE ANALYTICS COLLECTION
9.1 You are able to disable Google Analytics data collection by installing the Google Analytics op-out browser add-on, available from Google’s Website.
10. OBJECTING TO OUR LEGITIMATE INTERESTS PROCESSING
10.1 Where we process your personal data on the basis of our legitimate interests for direct marketing purposes, you always have the right to object to that processing. To object to direct marketing, please follow the instructions for opting-out from electronic marketing immediately above.
10.2 Where we process your personal data on the basis of our legitimate interests, and the processing isn’t direct marketing, you have the right to object to other processing on the basis of our legitimate interests, but we might not have to cease processing where you do so if either:
(a) we are able to demonstrate compelling legitimate grounds for the processing which override your interests; or
(b) where that legitimate interest is the establishment, exercise or defense of legal claims.
To object to legitimate interests processing, please contact us using the details at the top of this notice.
11. YOUR RIGHTS (WITH EFFECT FROM 25 MAY 2018)
The law gives you certain rights in respect of the personal data that we hold, which you should be aware of:
11.1 You have the right to obtain your personal data from us except in limited circumstances. Where we provide it, the first copy will be free of charge, but we reserve the right to charge a small fee for additional requests;
11.2 You have the right to require us to rectify any inaccurate personal data we hold concerning you;
11.3 Taking into account the purposes of the processing, you may also have the right to have incomplete personal data completed, by means of providing a supplementary statement or otherwise;
11.4 You have the right to require us to erase your personal data on certain limited grounds (including where they are no longer necessary for the purpose for which they were collected or where we rely on consent, which you withdraw, and there is no other legal ground for the processing);
11.5 Where we process personal data either on the basis of consent or contractual necessity, you provided the personal data to us, and we process that personal data by automated means, you have the right to require us to give you your data in a commonly used electronic format;
11.6 You have the right to object to our processing of personal data which we process on the grounds of our legitimate interests, as detailed in the paragraph titled “objecting to our legitimate interest processing” above;
11.7 You have the right to require us to restrict the processing of your personal data on certain grounds, including where:
(a) you contest the accuracy of the personal data and want us to restrict processing of your personal data while we verify its accuracy;
(b) the processing is unlawful, but you request a restriction of the processing rather than erasure;
(c) we (as controller) no longer need the data for the purposes of the processing, but you have told us you require us to retain that personal data for you to establish, exercise or defend legal claims; or
(d) you have objected to us processing your personal data on grounds of legitimate interests and want us to restrict processing of your personal data while we consider your objection.
11.8 If you would like to exercise any of these rights, please contact us using the details set out at the top of this notice.
12. IF WE CAN’T REMEDY AN ISSUE YOU HAVE
Should you have any complaints or issue with our treatment of your personal data, you may lodge a complaint with the Information Commissioner’s Office (ico.org.uk).
13 COOKIES
13.1 We use cookies when you visit our site. Cookies are small text files placed on your browser, typically made up of text and numbers. Those text and numbers will correspond with a record on our webserver, which can contain information about you or your website visit.
13.2 We may use other technologies that allow us to do similar things where more appropriate to do so. For instance we may use “tracking pixels” which are tiny image files that are used to track your movements across our website.
13.3 There are four main types of cookies – here’s how and why we use them.
(a) site functionality cookies – these cookies allow you to navigate the site and use our features, such as “Add to Bag” and “Save for Later”.
(b) site analytics cookies – these cookies allow us to measure and analyze how our customers use the site, to improve both its functionality and your shopping experience.
(c) customer preference cookies – when you are browsing or shopping on our website these cookies will remember your preferences (like your language or location), so we can make your shopping experience as seamless as possible, and more personal to you; and
(d) targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.
13.4 By using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future. If you want to delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies. Further information about cookies can be found at https://ico.org.uk/for-the-public/online/cookies/.
13.5 Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site, and the complete Positive Discipline Association experience that we pride ourselves on providing our customers.