Privacy Policy
Darwin Railway Club (“we,” “us,” “our”) is committed to protecting and respecting your privacy. This Privacy Policy sets out our practices regarding the collection, use, and disclosure of personal data when you visit or interact with our website, darwinrailwayclub.com, or when you otherwise communicate with us. We are firmly dedicated to ensuring that any information you provide is handled with a privacy-first approach and in full compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Introduction
At darwinrailwayclub.com, your privacy is of utmost importance. We understand the responsibility that comes with collecting, processing, and storing your personal information. We adhere to legal and ethical standards for managing data securely and transparently. This Privacy Policy explains how your personal data is collected, used, and safeguarded.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to personal data collected through our website, services, and customer communications. For purposes of GDPR, the data controller responsible for your personal data is Darwin Railway Club. You may contact us at [email protected] regarding any matters related to data protection or the exercise of your rights.
3. Categories of Data Processed
We may collect and process various types of personal data about you, including but not limited to:
a) Usage Data
Includes information such as your IP address, browser type and version, pages visited, session duration, time zone setting, and referring URLs. This data is collected to monitor and improve the user experience on darwinrailwayclub.com.
b) Account Data
When you register, book an event, or become a member, we collect your full name, mailing address, email address, and telephone number.
c) Profile Data
Includes your account preferences, previous event attendance, purchases made with us, and behavioral data derived from your interactions with our platform.
d) Communication Data
Covers any correspondence exchanged between you and Darwin Railway Club, including support requests, inquiries, feedback, and contact history.
e) Technical Data
Pertains to the technical configurations of your device and network, such as operating system, mobile identifiers, time zone, language settings, browser plugins, and device model.
f) Transaction Data
Includes data relating to payments, booking confirmations, financial transaction histories, method of payment, billing address, and delivery/contact information.
g) Preference Data
Includes your communication preferences, marketing opt-ins, membership choices, participation history, and indicated interests in products and services.
4. Legal Bases for Processing
We will only process your personal data where we have a valid legal basis to do so under GDPR and CCPA. These include:
– Consent: You have provided clear affirmative consent for us to process your personal data for specified purposes (e.g., newsletter subscriptions).
– Contractual Necessity: The data is necessary for the performance of a contract with you or to take preparatory steps at your request.
– Legitimate Interests: The processing is necessary for our legitimate interests or those of a third party, provided your data protection rights do not override those interests.
– Legal Obligation: Where data is required to meet our legal or regulatory obligations, such as record-keeping or tax purposes.
5. Your Rights
In accordance with GDPR and CCPA, you have the right to:
– Access: Obtain confirmation of whether we process your data and access a copy of it.
– Rectification: Request that inaccuracies in your personal data be corrected.
– Erasure: Ask us to delete your personal data, subject to legal obligations.
– Restriction: Request limitation on how we process your personal data in certain circumstances.
– Portability: Receive your data in a structured, commonly used, and machine-readable format and transfer it to another controller where feasible.
CCPA-specific rights for California residents include:
– Disclosure: Request details of the categories of personal data collected and the sources, purposes, and third parties with whom it is shared.
– Opt-Out: Decline the sale or sharing of personal data if applicable.
– Non-Discrimination: Exercise your rights without facing discriminatory treatment.
You may exercise any of these rights by contacting [email protected].
6. Security Measures
We implement and maintain strict security protocols to protect your personal data. These include:
– Encryption (TLS/SSL) for data in transit and secure storage practices for data at rest.
– Role-based access controls to limit who can access personal data.
– Regular backups and disaster recovery protocols.
– Staff training on data protection obligations and privacy safeguards.
7. International Transfers
Your personal data may be transferred to, and maintained on, servers located outside your jurisdiction, including countries that may not provide the same level of data protection. Where we transfer data internationally, we do so based on one of the following safeguards:
– Standard Contractual Clauses (approved by the European Commission)
– Adequacy decisions made by regulatory authorities
– Consent from individuals for specific transfers
We ensure that any such transfers comply fully with GDPR and applicable local law.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, and reporting requirements. Specific retention periods include:
– Account Data: Retained for 5 years after account closure.
– Transaction Data: Retained for 7 years to comply with financial and tax recordkeeping.
– Communication Data: Retained for 3 years following end of correspondence.
– Usage and Technical Data: Retained for 24 months for analytics purposes.
– Preference Data: Retained until you change your preference or withdraw consent.
After the expiration of these periods, your personal data will be securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar tracking technologies for the following purposes:
– Essential Cookies: Necessary for the operation and security of the website. Without these, core functions (e.g., login, bookings) would not work.
– Functional Cookies: Enhance usability and remember user preferences to deliver personalized experiences.
– Analytics Cookies: Allow us to collect metrics and insights into how users engage with our content and features.
– Performance Cookies: Improve the speed and functionality of the website. These measure technical performance and help fix issues.
For a detailed list of cookies used, please refer to our Cookie Declaration available on darwinrailwayclub.com.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, we obtain consent for non-essential cookies via a consent banner on your first visit. You may update your cookie preferences at any time via the “Cookie Settings” link in the footer of our website.
Browser settings also allow you to block or delete cookies at your discretion. Note that disabling certain cookies may affect the functionality of darwinrailwayclub.com.
11. Children’s Privacy
Our services are not directed to persons under the age of 13, and we do not knowingly collect personal data from children. If we become aware that a child under 13 has provided us with personal information, we will take prompt steps to delete such data. Parents or guardians who believe their child has submitted personal data may contact us at [email protected].
12. Policy Updates & User Notifications
We reserve the right to modify or update this Privacy Policy to reflect changes in our practices or legal obligations. Where changes are significant, users will be notified via the website or by email (if applicable). We encourage users to periodically review this page to remain informed.
13. Contact
For questions, requests, or concerns related to this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
We are committed to addressing your privacy concerns in a comprehensive and timely manner.
Darwin Railway Club is dedicated to ensuring transparency, accountability, and full compliance with global privacy regulations. If you have concerns about your data or rights, please do not hesitate to reach out to us at the above contact email.