Effective Date: 18 sept 24 At Capoeira Sheffield, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our services, including payments made through Square. This policy is compliant with the General Data Protection Regulation (GDPR) and applies to all users in the European Union (EU) and European Economic Area (EEA).
1. Personal Data We Collect
When you make a purchase or interact with our services, we may collect the following personal data:
Contact Information: Name, email address, billing address, and phone number.
Payment Information: Credit or debit card details and transaction history.
Technical Data: IP address, browser type, and device information (collected automatically when visiting our website).
2. Purpose of Data Collection
We collect and use your personal data for the following purposes:
To process your payments and provide services you have requested.
To fulfill legal obligations, such as tax records and compliance with financial regulations.
To communicate with you regarding orders, payments, or customer support.
To improve our services and provide you with a better user experience.
3. Third-Party Data Processors
We use trusted third-party services to process your payments. For payment processing, we share your payment data with Square, Inc., which acts as our payment processor. Square may collect and process your personal data in accordance with their own privacy policy. You can read Square’s privacy policy here.
When using Square, the following personal data may be shared:
Cardholder name and payment information.
Billing and shipping addresses.
Order details.
Square complies with GDPR requirements and has implemented measures to protect your data. For more information about Square's GDPR compliance, visit their GDPR page here.
4. Legal Basis for Processing
Under GDPR, we rely on the following legal grounds to process your personal data:
Contractual Necessity: Processing your data is necessary to complete a transaction or provide a service you’ve requested.
Legal Obligations: We are required to process and store certain data to comply with legal and regulatory requirements.
Legitimate Interests: We may process data to improve our services and provide relevant offers, ensuring this processing doesn’t infringe on your rights.
5. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, including legal and accounting obligations. Typically, payment data is stored for [insert duration, e.g., 7 years] to comply with financial regulations.
6. Your Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access: You can request access to your personal data and receive a copy.
Right to Rectification: You can ask us to correct any inaccurate or incomplete information.
Right to Erasure: You can request the deletion of your personal data, subject to legal or contractual obligations.
Right to Restriction: You can request that we restrict processing of your data in certain circumstances.
Right to Data Portability: You can request that we transfer your data to another provider in a structured, machine-readable format.
Right to Object: You can object to our processing of your personal data for direct marketing or other legitimate interests.
To exercise any of these rights, please contact us at [insert contact email or form].
7. Data Security
We take the security of your data seriously and implement industry-standard measures to protect your personal information. We use encryption and secure servers to ensure that your payment information is processed safely.
8. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or for legal reasons. The most recent version will always be available on our website, and we encourage you to review it regularly.
9. Contact Us
If you have any questions about this privacy policy or how we handle your personal data
