Last modified: May, 2021
At AVA (“we,” “our” or “us”), we respect our users’ and customers’ (“you,” or “your”) privacy and take it extremely seriously. We will always endeavour to make clear at the point in which we collect personal data from you as to why we need your personal data and how it will be used.
If you have any questions or concerns about this Policy, or would like to exercise any of your data rights, please contact us directly by email at:
Email: [email protected]
The terms “controller,” “data subject,” “personal data,” “processing,” “processor,” “subprocessor” and “supervisory authority” have the same meanings ascribed to those same terms in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”)
INFORMATION WE COLLECT
What personal data do we collect?
In connection with the experiences that Ava offers (the “Services”), AVA acts as the data controller and we will collect the following personal data about you:
- Your name
- Your email address
- Your phone number
- Your company name
- Your payment details
- Other information that you actively send to us (for example if you contact our customer support via email or by telephone)
- Contact details of event attendees (for example in the course of delivering a group booking)
- Information from internet cookies as detailed below in the section titled “What information does AVA we collect when you visit our website and what does Ava do with that Information?”
When and how does AVA collect this personal data?
We collect the personal data outlined in the prior section when you:
- click the “Enquire Now” button on our Website, complete the pop-up web form, and submit your information to us;
- e-mail us with an inquiry;
- contact us by telephone;
- register for an AVA membership;
- enroll to receive communications from AVA, including our newsletter and membership matters;
- win an AVA auction and purchase Services through AVA;
- when you visit and interact with a third party hosted auction website that is hosted or provided by AVA; or
- are invited to a group booking by a third party that provides us with your personal data so that you can be invited to participate in the Services.
What information does AVA collect when you visit our website and what does Ava do with that Information?
Data from Cookies
We collect some types of personal data automatically from you through the use of internet web cookies[SMC1] when you visit our Website or an auction site hosted by us. Some of this information is also collected by third party service providers who we utilize to provide us with usage statistics about visitors to our Website and auction services. The personal data that is collected automatically from you in these instances include:
- the internet protocol address (“IP address”) for the computing device you use to connect to our Website or the auction site that is hosted by us;
- your computing device type;
- the version and name of the internet browser that you are using;
- the country location where your internet connection is based;
- the internet domain name of your internet service provider;
- your language preference;
- the date and time of your visit to our Website or the auction site hosted by us;
- the duration of your visit to the Website or the auction site hosted by us; and
- other demographic details regarding your interests based on your internet web history.
We use the information we automatically collect from cookies to understand the users coming to our Website and using the auction sites that we host. We use this information to detect and identify issues with our Website and auction services, combat fraud and malicious activities, and to improve and optimize the features and functionality on our Website and any auction site hosted by us. We do not deploy internet cookies for marketing purposes.
You may choose against having cookies deployed to your computing device by rejecting our request to deploy cookies to your computing device when you first arrive at our Website or to an auction site that is hosted by us. Please note that rejecting cookies will cause certain functions and features of our Website and any auction site hosted by us to be inoperable.
Other Information Collected through the Website or auction site
We collect the personal data through the Website or auction site when you:
- click the “Enquire Now” button on our Website, complete the pop-up web form, and submit your information to us;
- e-mail us with an inquiry through the Website or auction site;
- register online for an AVA membership;
- enroll to receive communications from AVA, including our newsletter and membership matters through the Website;
- win an AVA auction and purchase Services through AVA; or
- when you visit and interact with a third party hosted auction website that is hosted or provided by AVA.
None of the personal data that AVA collects is required for collection by statute. Where personal data is a contractual requirement, including in connection with registering for an AVA membership or for purchasing Services, we will denote that such information is mandatory. If you choose not to provide us with any personal data that is designated as mandatory for you to provide us, then you will not be able to participate in that function or Service.
HOW DOES AVA USE THE PERSONAL DATA THAT IT COLLECTS?
AVA’s use of your personal data depends upon your interaction with us and our Website as detailed more fully below:
- When you click the “Enquire Now” button on our Website and choose to complete the pop-up web form and submit your information to us, we use the personal data that you provide to us for purposes of contact you to provide you with additional information about a particular AVA Experience that interests you.
- If you contact us with a general enquiry through the Website, an auction site hosted by us, or via telephone, we will use the personal data that you include in your email for purposes of responding to your request.
- In the event that you choose to purchase and register online for an AVA membership, we use the personal data that we collect for purposes of creating your AVA membership, registering your online account through our Website, and providing you with all the benefits that an AVA membership confers upon members.
- If you choose to enroll to receive communications from AVA, such as our newsletter or membership communications, we use the personal data we collect, including your email address, to send you the communications that you have chosen.
- If you win an AVA auction or purchase Services from AVA, we will use your personal data for purposes of providing you with the Services that you have won or purchased.
AVA does not utilize any automated decision-making processes involving any personal data and does not engage in any profiling.
WHAT LEGAL BASIS DOES AVA RELY ON TO PROCESS YOUR PERSONAL DATA?
When you contact us with a general inquiry via email or telephone, the legal basis for our processing of this personal data is your consent and our legitimate interest in operating a platform and offering Services.
If you choose to engage the “Enquire Now” function on our Website and provide us with your personal data in connection with expressing your interest in obtaining more information about a particular AVA Experience, the legal basis for our processing is both your consent and our legitimate interest in operating our platform.
If you make a group booking or are a data subject invited by another party to participate in a group booking, the legal basis of our processing activities is pursuant to our contract with our customer and our illegitimate interest in operating our platform and providing auction services to our members.
Should you choose to register to receive our newsletter, the legal basis for this processing activity is your consent. The legal basis for sending emails to AVA members who choose to receive communications from us is your consent, but when a communication concerns some action required to be taken by you in connection with your membership, the legal basis for such communication is by contract.
If you win an AVA auction or purchase Services from AVA, the legal basis for our processing activities is by contract and our legitimate interest in operating the platform and offering our Services to customers.
The legal basis for the information we process in connection with our use of internet cookies, to the extent you affirmatively consent with your selection on the cookie popup screen on our Website, is your consent.
DOES AVA SHARE PERSONAL DATA WITH THIRD PARTIES AND WHO ARE THEY?
In connection with hosting auction sites for our partners, and making the Website and our Services available to you, AVA utilizes a number of third party service providers, including data and web hosting, email distribution, software, payment card processing and financial service providers. We only permit our third party service providers with access to your personal data to the extent such access is required for the third party service provider to render their services to us.
In some cases, we will need to transfer data to a provider of a certain AVA Experience (each, an “Experience Provider”) where it is required to redeem a given AVA Experience, (i.e. to allow the Experience Provider to deliver goods that form part of the Experience).
If we are operating a hosted auction for a partner then additional information may be provided to the Experience Provider. [SMC3]
We share personal data with the following third parties:
|MailChimp / Mandrill||To send and deliver emails to our AVA members and businesses||Yes, Mailchimp is based in the US as are its servers. MailChimp is covered by standard contractual clauses||https://mailchimp.com/legal/privacy/|
|To provide us with web analytics so we can monitor and improve our website’s performance||Yes, Google is based in the US as are its servers.
Google is covered by standard contractual clauses
|Stripe||To process payments for us||Yes, Stripe is based in the US as are its servers. Stripe is covered by standard contractual clauses||https://stripe.com/gb/privacy|
|Hotjar||To provide us with analysis of how people use our site||No.||https://www.hotjar.com/legal/policies/privacy|
|Digital Ocean||To provide us with hosting services||No.||https://www.digitalocean.com/legal/privacy-policy/|
There are certain situations in which we may share access to your personal data outside of the situations outlined above. For example, we may be required by law, to protect someone’s life, or to comply with any valid legal process, government request, rule or regulation.
WHY DO WE SHARE DATA OUTSIDE OF THE EU?
We will transfer personal data to a country outside of the European Economic Area (“EEA”), if a third party service provider that we utilize only has servers available for use that are located outside of the EEA. If this is the case we will ensure to have gained your consent or made sure that the transfer is legal and your personal data is secure by following the EU’s guidelines and utilizing an approved mechanism for a data transfer.
If you use our Services while you are outside the EEA, your information will be transferred outside the EEA in order to provide you with our Services.
The preceding section entitled “Does AVA share Personal Data with Third Parties and Who Are They?” includes information about where we send personal data outside of the EEA and the purpose for doing so.
HOW DO WE PROTECT YOUR PERSONAL DATA?
We work very hard to keep to protect your personal data. We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the personal data that we collect from you and to protect it against unlawful access and accidental loss or damage.
Our website is SSL certified and personal data is encrypted in transit and at rest. All of the third parties we work with are also assessed to ensure they follow the highest security standards.
We follow industry standards on information security management. This means we don’t just secure your data technologically but we make sure that everyone who works for us and the processes they follow are continually monitored to ensure there are no vulnerabilities.
In the unlikely event of a breach of our security we will inform the relevant regulatory body as soon as we can and at a minimum, within 72 hours and, if your personal data was involved in the breach and the breach could impact you, we would also inform you.
We reserve the right to update or change this Policy from time to time in our sole discretion. Whenever we choose to make changes or updates to this Policy, we will change the “Last Modified Date” at the top of this document or where we make a material change to this Policy, we will provide notice on the main page of our Website, and to the extent permissible by applicable law, we will directly notify you of the change. Except as otherwise required by applicable law, by continuing to access or use our Services after those changes become effective, you agree to be bound by the revised Policy.
Our current data retention policy is to delete or destroy (to the extent we are able to) personal data after the following periods:
- Records relating to a contract with us – seven (7) years from either the end of the contract or the date you last used our services or placed an order with us, being the length of time following a breach of contract in which a contract party is entitled to make a legal claim.
- Marketing records – three (3) years from the last date on which you have interacted with us.
- Event attendee records from a group booking – one (1) month from the delivery of the group experience – please note this only relates to personal data that does not relate to any contract with us (for example the email addresses of event attendees)
For any category of personal data not specifically defined in this notice, and unless otherwise specified by applicable law, the required retention period for any personal data will be deemed to be seven (7) years from the date of receipt by us of that data. The retention periods stated in this notice can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the data or if there is an on-going investigation into the data).
YOUR GDPR DATA RIGHTS
With respect to your personal data, you have the right to:
- request access to and rectification of or erasure of your personal data maintained by AVA;
- restrict AVA’s processing concerning your personal data;
- data portability for the personal data maintained by AVA;
- where AVA’s legal basis for processing your personal data is based on your consent, you have the right to withdraw your consent at any time;
- lodge a complaint with a supervisory authority based on AVA’s processing of your personal data;
- know whether the provision of personal data by us is a statutory or contractual requirement, or a requirement necessary to enter into a contract with us, as well as whether you are obliged to provide the personal data nd the possible consequence of failure to provide such data; and
- the existence of any automated decision-making, including provising, and meaningful information about the logic invoiced and the significance and consequences of such processing to you.
To the extent that you have an online account through AVA, you have the ability to edit any of your personal data through your account. Otherwise you may exercise your data rights by emailing us at [email protected]
All requests or notifications in respect of your above rights may be sent to us in writing at the contact details listed below. We will endeavour to comply with such requests as soon as possible but in any event we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to the Information Commissioner’s Office (ICO) and/or our data protection manager.
If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as possible.
We are open and transparent about our use of data so if you are unclear about how we use data or think we could improve how we deal with Personal Information, let us know!
AVA Experience LLC
Email: [email protected]
If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the Information Commissioner’s Office by visiting http://www.ico.org.uk/ for further assistance.