Whitby Kiln Logo

Privacy Statement

This privacy statement was last updated on 18 September 2021 and applies to citizens and legal permanent residents of the United Kingdom.
 

In this privacy statement, we explain what we do with the data we obtain about you via https://whitbykiln.co.uk. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose, data and retention period

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand) 

2. Sharing with other parties

We only share or disclose this data to processors for the following purposes:

Processors

3. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy.  We have concluded a data processing agreement with Google. 

4. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed. 

5. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites. 

6. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible. 

7. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

 

8. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Information Commissioner's Office:

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

9. Children

Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.

10. Contact details

Whitby PYOP Studio Limited t/a Whitby Kiln
5B Skinner Street, Whitby, YO21 3AH
United Kingdom
Website: https://whitbykiln.co.uk
Email: hello@whitbykiln.co.uk
Phone number: 01947 878 587

Annex

BackupBuddy

What personal data we collect and why we collect it

Backups

Per the functionality of this plugin, backups of your website files and/or database are created and stored locally on your server and/or remotely on 3rd party servers based on the settings of this plugin. Archives can include, but are not limited to, file and database assets, including hashed passwords, 3rd party data, uploads and user information. These backups are stored to provide critical functionality of this plugin.

Cookies

Cookies are used to handle importing and restoring backups.

Plugin Settings

Some plugin settings ask for an email address or login credentials to 3rd party services. This is stored to provide functional features to the plugin.

Recent Activity

This plugin tracks dates, times and actions of successful and unsuccessful backups and remote data transfers. This is stored to help make the plugin better and assist with troubleshooting problems.

Logging

This plugin logs some personal information such as email addresses, usernames, database and server information. This is stored to help make the plugin better and assist with troubleshooting problems.

How long we retain your data

Backups

Backup retention is completely up to the website owner. This can vary from less than one minute to indefinitely.

Cookies

Cookies used during the restore/import process expire after 24 hours.

Plugin Settings

Settings are retained indefinitely until they are changed or removed manually.

Where we send your data

Backups

Backups are automatically sent to a secure UK-Based remote destination.

How we protect your data

Backups

Backup zip files are stored with hashed file names to prevent filename guessing and directory browsing is disabled.

What third parties we receive data from

Backup Destinations

Backups can be sent to third-party destination servers, including but not limited to: Links to third party privacy policies have been included.

iThemes Security

What personal data we collect and why we collect it

Security Logs

Suggested text: The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

Suggested text: A QR code image is generated for users that set up two-factor authentication for this site. This image is generated using an iThemes hosted API. As part of generating this image, your username is sent to the API. This data is not logged. For privacy policy details, please see the iThemes Privacy Policy.

When running Security Check, ithemes.com will be contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to ithemes.com as part of this process. Requests to ithemes.com include the site's URL. For ithemes.com privacy policy details, please see the iThemes Privacy Policy.

Suggested text: This site is scanned for potential malware and vulnerabilities by the iThemes Site Scanner. We do not send personal information to the scanner; however, the scanner could find personal information posted publicly (such as in comments) during the scan.

In order to ensure file integrity, iThemes Security pulls data from wordpress.org, ithemes.com, and amazonaws.com. No personal data is sent to these sites. Requests to wordpress.org include the WordPress version, the site's locale, a list of installed plugins, and a list of each plugin's version. Requests to ithemes.com and amazonaws.com include the installed iThemes products and their versions. For wordpress.org privacy policy details, please see the WordPress Privacy Policy. For ithemes.com privacy policy details, please see the iThemes Privacy Policy. Requests to amazonaws.com are to content added and managed by iThemes which is covered by the Amazon Web Services Data Privacy policy.

How long we retain your data

Suggested text: Security logs are retained for 60 days.

Where we send your data

Suggested text: This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.

BackupBuddy

What personal data we collect and why we collect it

Backups

Per the functionality of this plugin, backups of your website files and/or database are created and stored locally on your server and/or remotely on 3rd party servers based on the settings of this plugin. Archives can include, but are not limited to, file and database assets, including hashed passwords, 3rd party data, uploads and user information. These backups are stored to provide critical functionality of this plugin.

Cookies

Cookies are used to handle importing and restoring backups.

Plugin Settings

Some plugin settings ask for an email address or login credentials to 3rd party services. This is stored to provide functional features to the plugin.

Recent Activity

This plugin tracks dates, times and actions of successful and unsuccessful backups and remote data transfers. This is stored to help make the plugin better and assist with troubleshooting problems.

Logging

This plugin logs some personal information such as email addresses, usernames, database and server information. This is stored to help make the plugin better and assist with troubleshooting problems.

How long we retain your data

Backups

Backup retention is completely up to the website owner. This can vary from less than one minute to indefinitely.

Cookies

Cookies used during the restore/import process expire after 24 hours.

Plugin Settings

Settings are retained indefinitely until they are changed or removed manually.

Where we send your data

Backups

Backups are not automatically sent to remote destinations automatically, however backups can be configured to be sent to third-party servers.

How we protect your data

Backups

Backup zip files are stored with hashed file names to prevent filename guessing and directory browsing is disabled.

What third parties we receive data from

Backup Destinations

Backups can be sent to third-party destination servers, including but not limited to: Links to third party privacy policies have been included.

iThemes Security

What personal data we collect and why we collect it

Security Logs

Suggested text: The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

Suggested text: A QR code image is generated for users that set up two-factor authentication for this site. This image is generated using an iThemes hosted API. As part of generating this image, your username is sent to the API. This data is not logged. For privacy policy details, please see the iThemes Privacy Policy.

When running Security Check, ithemes.com will be contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to ithemes.com as part of this process. Requests to ithemes.com include the site's URL. For ithemes.com privacy policy details, please see the iThemes Privacy Policy.

Suggested text: This site is scanned for potential malware and vulnerabilities by the iThemes Site Scanner. We do not send personal information to the scanner; however, the scanner could find personal information posted publicly (such as in comments) during the scan.

In order to ensure file integrity, iThemes Security pulls data from wordpress.org, ithemes.com, and amazonaws.com. No personal data is sent to these sites. Requests to wordpress.org include the WordPress version, the site's locale, a list of installed plugins, and a list of each plugin's version. Requests to ithemes.com and amazonaws.com include the installed iThemes products and their versions. For wordpress.org privacy policy details, please see the WordPress Privacy Policy. For ithemes.com privacy policy details, please see the iThemes Privacy Policy. Requests to amazonaws.com are to content added and managed by iThemes which is covered by the Amazon Web Services Data Privacy policy.

How long we retain your data

Suggested text: Security logs are retained for 60 days.

Where we send your data

Suggested text: This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.

The Events Calendar

Hello,

This information serves as a guide on what sections need to be modified due to usage of The Events Calendar and its Add-ons.

You should include the information below in the correct sections of you privacy policy.

Disclaimer: This information is only for guidance and not to be considered as legal advice.

What personal data we collect and why we collect it

Event, Venue, and Organizer Information

Through the usage of The Events Calendar, Events Calendar PRO, The Events Calendar Filter Bar, Eventbrite Tickets, and Community Events plugins, as well as our Event Aggregator Import service (contained within The Events Calendar plugin), information may be collected and stored within your website’s database.

Suggested text:

If you create, submit, import, save, or publish Event, Venue, or Organizer information, such information is retained in the local database:
  1. Venue information: name, address, city, country, province, postal code, phone, website, geographical coordinates (latitude and longitude)
  2. Organizer information: name, phone, website, email
  3. Event information: website, cost, description, date, time, image

Importing Events, Venues, and Organisers:

  1. All data present within a CSV or ICS file and external URLs (for events, venues, organisers, and tickets)
  2. Import origin data (URL from where events are being imported—such as Eventbrite, MeetUp, other compatible URL sources, and more, which can include similar or same data as listed above)
  3. Eventbrite Ticket information: name, description, cost, type, quantity
Please note that to create new events through the Community Events submission form, a user must hold a website account on this domain. This information is retained in the local database. It is also possible to create events anonymously, if the site owner has this option enabled. When purchasing Eventbrite Tickets, attendee, purchaser, and order information are stored and managed by Eventbrite.

API Keys

The Events Calendar suite offers the use of third-party API keys. The primary functions are to enhance the features we've built in, some of which use Google Maps, PayPal, Eventbrite, Meetup, and Facebook. These API keys are not supplied by Modern Tribe.

Suggested text:

We make use of certain APIs, in order to provide specific features. These APIs may include the following third party services: Google Maps (API key), Meetup (OAuth token), PayPal (email, Client ID, Client Secret), Eventbrite (API key, auth URL, Client Secret), and Zoom (email, Client ID, Client Secret).

How Long You Retain this Data

All information (data) is retained in the local database indefinitely, unless otherwise deleted.

Certain data may be exported or removed upon users’ requests via the existing Exporter or Eraser. Please note, however, that several “edge cases” exist in which we are unable to perfect the gathering and export of all data for your end users. We suggest running a search in your local database, as well as within the WordPress Dashboard, in order to identify all data collected and stored for your specific user requests.

Where We Send Your Data

Modern Tribe does not send any user data outside of your website by default.

If you have extended our plugin(s) to send data to a third-party service such as Eventbrite, Google Maps, or PayPal, user information may be passed to these external services. These services may be located abroad.

 

Important Links