Privacy Policy
Last Updated: December 2024
1. Introduction
Drags To Riches ("we," "us," "our," or "Company") operates the drags2riches.show website (the "Site"). This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with our Site and services.
We are committed to protecting your privacy and ensuring you have a positive experience on our website. Please read this Privacy Policy carefully to understand our practices regarding your personal data.
2. Data We Collect
Information You Provide Directly
- Contact Form Data: When you submit our contact form, we collect your name, email address, message subject, and message content.
- Account Information: If you create an account, we collect your name, email, password, and other profile information.
- Ticket Purchase Information: For event tickets, we collect billing information, payment details (processed securely), and order history.
- Mailing List Subscription: Your name, email, and subscription preferences.
Information Collected Automatically
- Technical Data: IP address, browser type, operating system, and device information.
- Usage Data: Pages visited, time spent on site, links clicked, and referral source.
- Cookies & Tracking: We use Google Analytics to understand site usage patterns (see Cookies section below).
3. How We Use Your Data
We use the information we collect for the following purposes:
- Communication: Responding to your inquiries, sending confirmation emails, and providing customer support.
- Account Management: Creating and maintaining your account, processing transactions, and sending account-related notifications.
- Service Improvement: Analyzing usage patterns to improve our website, services, and user experience.
- Marketing: With your consent, sending promotional emails about upcoming events and special offers.
- Compliance: Meeting legal and regulatory obligations.
- Security: Detecting and preventing fraudulent transactions and security threats.
4. Data Storage & Security
How We Store Your Data
Your personal information is stored on secure servers located in the United Kingdom. We use industry-standard encryption and security measures to protect your data from unauthorized access, alteration, or destruction.
Data Retention
- Contact Messages: Kept indefinitely to maintain customer support history unless you request deletion.
- Account Data: Retained while your account is active. Upon account deletion, data is retained for 30 days before permanent deletion.
- Transaction Records: Retained for 7 years for accounting and legal compliance purposes.
- Activity Logs: Retained for audit and security purposes for a minimum of 1 year.
Security Measures
- HTTPS encryption for all data in transit
- CSRF token protection on all forms
- Rate limiting on contact forms to prevent spam and abuse
- Secure password hashing for user accounts
- Regular security audits and updates
- Limited staff access to personal data on a need-to-know basis
5. Messaging System
How It Works
Our messaging system allows you to send inquiries directly through our website. Here's how your data is processed:
- You submit a message through our contact form
- Your message is securely stored in our database
- You receive a confirmation email with your message ID
- Our team reviews and responds to your message
- Communication history is maintained for your reference
Message Privacy
- Your messages are encrypted and securely stored
- Only authorized staff with "Messages" permission can view customer messages
- Internal notes added by our team are not visible to you
- Responses sent to you are delivered via email and visible in our admin system
Data Access
Your personal information and messages may be accessed by:
- Our customer service team to respond to your inquiries
- Our management team for quality assurance and training
- Legal advisors if required by law
7. Third-Party Services
Google Analytics
We use Google Analytics to analyze website traffic and user behavior. Google Analytics may collect information about your browsing activity. For more information, visit Google's Privacy Policy.
Stripe Payment Processing
Payment information is processed securely through Stripe. We do not store credit card information on our servers. For details, see Stripe's Privacy Policy.
Email Service Providers
We use email services to send transactional emails and communications. Your email address may be shared with our email service provider solely for the purpose of delivery.
Social Media
We maintain social media accounts on Facebook, Instagram, and TikTok. Information shared on these platforms is subject to their respective privacy policies.
8. Your Rights
Data Subject Rights (GDPR & UK GDPR)
If you are located in the European Union or United Kingdom, you have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Request corrections to inaccurate data
- Right to Erasure: Request deletion of your data (subject to legal obligations)
- Right to Restrict Processing: Limit how we process your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing for marketing or profiling
- Right to Lodge a Complaint: File a complaint with your local data protection authority
How to Exercise Your Rights
To exercise any of these rights, please contact us using the details in the Contact Us section below. We will respond to your request within 30 days.
9. Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, please contact us:
Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of significant changes by updating the "Last Updated" date at the top of this page. Your continued use of our website after such changes constitutes your acceptance of the updated Privacy Policy.