GDPR Consent Statement for Grafton
At Grafton, your privacy is important to us. We are committed to complying with the General Data Protection Regulation (GDPR) and ensuring that your personal data is handled with the utmost care and transparency. This statement explains how we collect, use, and protect your personal data, and how we ensure that your rights under the GDPR are respected.
1. What is GDPR?
The GDPR is a regulation that protects the privacy and personal data of individuals within the European Union (EU). It sets out the rights of individuals and the obligations of organizations that process personal data. Grafton is committed to adhering to these standards, regardless of where our users are located.
2. Personal Data We Collect
Grafton collects personal data to provide you with a better experience on our Site. The types of data we may collect include:
- Contact Information: Name, email address, and other details you provide when signing up for newsletters, creating accounts, or contacting us.
- Technical Data: IP address, browser type, operating system, and other technical information collected automatically when you visit our Site.
- Usage Data: Information about how you use our Site, including your interactions with content, preferences, and browsing behavior.
3. How We Use Your Personal Data
We use your personal data for the following purposes:
- To Provide and Improve Our Services: Enhancing the user experience, tailoring content to your interests, and providing personalized recommendations.
- Communication: Sending newsletters, updates, and responding to your inquiries or requests.
- Analytics and Research: Analyzing how users interact with our Site to improve our services and develop new features.
- Legal Compliance: Complying with our legal obligations, responding to requests from authorities, and managing any disputes.
4. Legal Basis for Processing Your Data
Grafton processes your personal data based on one or more of the following legal grounds:
- Consent: Where you have provided explicit consent for us to process your data for specific purposes, such as subscribing to our newsletter.
- Contract: Processing necessary to perform a contract with you, such as providing access to our Site.
- Legitimate Interests: Processing that is necessary for our legitimate interests, such as improving our services, unless your rights override those interests.
- Legal Obligation: When we are required to comply with legal or regulatory obligations.
5. Your Rights Under GDPR
As a data subject under GDPR, you have several rights regarding your personal data:
- Right to Access: You have the right to request access to your personal data held by us and receive information on how it is processed.
- Right to Rectification: You can request corrections to any inaccurate or incomplete personal data we hold about you.
- Right to Erasure (“Right to be Forgotten”): You can request that we delete your personal data when it is no longer necessary for the purposes for which it was collected or if you withdraw your consent.
- Right to Restrict Processing: You can ask us to restrict the processing of your data in certain circumstances, such as if you contest the accuracy of your data.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer it to another data controller.
- Right to Object: You have the right to object to the processing of your personal data, particularly for direct marketing purposes.
- Right to Withdraw Consent: If you have given consent for us to process your personal data, you can withdraw it at any time.
6. How to Exercise Your Rights
If you wish to exercise any of your rights under GDPR, please contact us at info@graftoncountyedc.org. We will respond to your request within the legal timeframe and handle your data in accordance with the GDPR requirements.
7. Data Security
Grafton implements appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. Our security practices are regularly reviewed and updated to ensure the safety of your information.
8. Sharing Your Data
Grafton does not sell, trade, or rent your personal data to third parties. We may share your data with trusted service providers, such as analytics providers or email marketing platforms, who assist us in delivering our services. These third parties are bound by confidentiality agreements and are only allowed to use your data for specified purposes under our direction.
9. International Data Transfers
Grafton may transfer your personal data outside the European Economic Area (EEA) to countries that do not provide the same level of data protection. In such cases, we ensure that appropriate safeguards are in place, such as standard contractual clauses, to protect your data.
10. Cookies and Tracking Technologies
Our Site uses cookies and similar tracking technologies to enhance your experience and collect information about your usage. For more details, please refer to our Cookies Policy.
11. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. When your data is no longer needed, we will securely delete or anonymize it.
12. Updates to This Consent Statement
Grafton may update this GDPR Consent Statement to reflect changes in our data practices or legal requirements. We encourage you to review this statement periodically to stay informed about how we protect your personal data.
13. Contact Us
If you have any questions or concerns about this GDPR Consent Statement or how we handle your personal data, please contact us at:
Email: info@graftoncountyedc.org