1 BACKGROUND
Last updated: 2 November 2023
1.1 This notice (Privacy Notice) tells you how we look after your personal data when you visit our website at https://solsticeprog.uk (Website) or when you purchase our products online, where you are an existing or prospective customer.
1.2 This notice sets out what information we collect about you, what we use it for and whom we share it with. It also explains your rights under data protection laws and what to do if you have any concerns about your personal data.
1.3 We may sometimes need to update this Privacy Notice, to reflect any changes to the way our goods or services are provided or to comply with new business practices or legal requirements. You should check this Privacy Notice regularly to see whether any changes have occurred.
2 WHO WE ARE AND OTHER IMPORTANT INFORMATION
2.1 We are Solstice, a progressive rock band based in west Northamptonshire in the UK. (we, us or our).
2.2 For all visitors to our Website and for users who purchase our products, we are the data controller of your information (which means we decide what information we collect and how it is used).
2.3 Note that we are not registered with the Information Commissioner’s Office (ICO) but we endeavour to follow best practice in terms of data privacy.
3 CONTACT DETAILS
3.1 If you have any questions about this Privacy Notice or the way that we use information, please get in touch using the following email address :
4 THE INFORMATION WE COLLECT ABOUT YOU
4.1 Personal data means any information which does (or could be used to) identify a living person. We have grouped together the types of personal data that we collect, and where we receive it from, below.
4.2 Type of personal data:
-
Identity Data: your first and last name or title.
-
Contact Data: your email address, telephone numbers, home address.
-
Technical Data: internet protocol (IP) address, browser type and version, time zone setting and generic location, browser plug-in types and versions, operating system and platform on the devices you use to access our systems.
-
Usage Data: information about how you use our website, pages you visit and messages you send us.
-
Location Data: your device location (based on your ISP and your IP address). Note we cannot identify your specific location from this data.
-
Feedback: information and responses you provide when completing surveys and questionnaires discussions and contact forms.
-
Profile Data: email address, password, username, discussion logs.
-
Marketing and Communication Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences where such options are offered.
4.3 Please note that we do not collect any payment card data or similar data relating to your method of payment when you make a purchase. You provide this data directly to PayPal who processes payments on our behalf. We only receive and process information about the timing and amount of your payment.
5 HOW WE USE YOUR INFORMATION
5.1 We are required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:
- pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy); and
- do something for which you have given your consent.
5.2 Below is set out the lawful basis we rely on when we use your personal data. If we intend to use your personal data for a new reason that is not listed below, we will update our Privacy Notice.
5.2.1 Legitimate Interests:
- Where using your information is necessary to pursue our legitimate business interests to:
a) improve and optimise our Website; monitor and make improvements to our Website to enhance security and prevent fraud;
b) provide our services to you and ensure the proper functioning of our Website; and
c) protect our business and defend ourselves against legal claims.
- Where we use your information for our legitimate interests, we have assessed whether such use is necessary and that such use will not infringe on your other rights and freedoms.
5.2.2 Consent:
-
Where you have provided your consent to providing us with information or allowing us to use or share your information.
-
Where you have consented to receive marketing material from us.
5.3 Where we need to collect your personal data (for example, in order to fulfil a contract we have with you), failure to provide us with your personal data may mean that we are not able to provide you with the services. Where we do not have the information required about you to fulfil an order, we may have to cancel the service ordered.
6 WHO WE SHARE YOUR INFORMATION WITH
6.1 We share (or may share) your personal data with:
Our personnel: our administrators who have agreements containing confidentiality and data protection obligations.
Our supply chain: other organisations that help us provide our goods. We ensure these organisations only have access to the information required to provide the support or services they offer.
Regulatory authorities: such as HM Revenue & Customs.
Our professional advisers: including but not limited our accountants or legal advisors where we require specialist advice to help us conduct our business.
7 WHERE YOUR INFORMATION IS LOCATED OR TRANSFERRED TO
7.1 We store your personal data on our servers in the United Kingdom. Where a third party is used to offer our services, we endeavour to ensure that they are also UK based.
7.2 We will not transfer information outside of the UK or EEA.
8 HOW WE KEEP YOUR INFORMATION SAFE
8.1 We implement security measures to prevent your personal data from being accidentally or illegally lost, used or accessed by those who do not have permission. These measures include:
- access controls and user authentication with complex passwords
- appropriate IT and network security
- testing and review of security measures
- incident and breach reporting processes;
- business continuity and disaster recovery processes;
8.2 If there is an incident which has affected your personal data and we are the controller, we will notify the ICO and keep you informed (where required under data protection law). Where we act as the processor for the affected personal data, we notify the ICO and support them with investigating and responding to the incident.
8.3 If you notice any unusual activity on the Website, please contact us at
9 HOW LONG WE KEEP YOUR INFORMATION
9.1 Where we act as the controller, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
9.2 To decide how long to keep personal data (also known as its retention period), we consider the volume, nature, and sensitivity of the personal data, the potential risk of harm to you if an incident were to happen, whether we require the personal data to achieve the purposes we have identified or whether we can achieve those purposes through other means and any applicable legal requirements (e.g. minimum accounting records for HM Revenue & Customs).
9.3 We may keep Identity Data, Contact Data and certain other data (specifically, any exchanges between us by email or any other means) for up to five years after the end of our relationship with you.
9.4 If you browse our Website, we keep personal data collected through our analytics tools for only as long as necessary to fulfil the purposes we collected it for, nominally 6 months.
9.5 If you have asked for information from us or you have subscribed to our mailing list, we keep your details until you ask us to stop contacting you.
10 YOUR LEGAL RIGHTS
10.1 You have specific legal rights in relation to your personal data.
10.2 We can decide not to take any action in relation to a request where we have been unable to confirm your identity (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. Usually there is no cost for exercising your data protection rights, but we may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive. If this happens we will always inform you in writing.
10.3 We will respond to your legal rights request without undue delay, but within one month of us receiving your request or confirming your identity (whichever is later). We may extend this deadline by two months if your request is complex or we have received multiple requests at once. If we need to extend the deadline, we will let you know and explain why we need the extension.
10.4 We do not respond directly to requests which relate to personal data for which we do not act as the processor. In this situation, we forward your request to the relevant controller and await their instruction before we take any action.
10.5 If you wish to make any of the right requests listed below, you can reach us at
Access: You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it to make sure we are abiding by the law.
Correction: You can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.
Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continuing holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.
Restriction: You can ask us to restrict how we use your personal data and temporarily limit the way we use it.
Objection: You can object to us using your personal data if you want us to stop using it. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.
Portability: You can ask us to send you or another organisation an electronic copy of your personal data.
Complaints: If you are unhappy with the way we collect and use your personal data, you can complain to the ICO or another relevant supervisory body, but we hope that we can respond to your concerns before it reaches that stage. Please contact us at
11. Use of Captcha
We use the hCaptcha security service (hereinafter "hCaptcha") on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation ("IMI"). hCaptcha is used to check whether user actions on our online service (such as submitting a login or contact form) meet our security requirements.
To do this, hCaptcha analyzes the behavior of the website or mobile app visitor based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website or app with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website or app, or mouse movements made by the user).
The data collected during the analysis will be forwarded to IMI. hCaptcha analysis in the "invisible mode" may take place completely in the background. Website or app visitors are not advised that such an analysis is taking place if the user is not shown a challenge. Data processing is based on Art. 6(1)(b) of the GDPR: the processing of personal data is necessary for the performance of a contract to which the website visitor is party (for example, the website terms) or in order to take steps at the request of the website visitor prior to entering into a contract.
Our online service (including our website, mobile apps, and any other apps or other forms of access offered by us) needs to ensure that it is interacting with a human, not a bot, and that activities performed by the user are not related to fraud or abuse. In addition, processing may also be based on Art. 6(1)(f) of the GDPR: our online service has a legitimate interest in protecting the service from abusive automated crawling, spam, and other forms of abuse that can harm our service or other users of our service. IMI acts as a "data processor" acting on behalf of its customers as defined under the GDPR, and a "service provider" for the purposes of the California Consumer Privacy Act (CCPA). For more information about hCaptcha’s privacy policy and terms of use, please visit the following links: https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms