Privacy Policy
At Biscuits and Blues (accessible via biscuitsandblues-sf.com), we value your privacy and are fully committed to protecting your personal data with the utmost transparency and care. This Privacy Policy outlines how your information is collected, used, disclosed, and safeguarded when you interact with our website and services. We operate under a privacy-first philosophy, and our data processing practices are designed to meet stringent privacy regulations, including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
We are firmly dedicated to protecting your personal data. We strive to ensure that your information is handled safely, transparently, and in accordance with applicable privacy laws. Whether you are browsing our website, purchasing tickets, subscribing to our newsletter, or contacting our support team, we apply rigorous protection measures to secure your data.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through biscuitsandblues-sf.com, and any related digital channels under our control. Biscuits and Blues is the data controller for the purposes of GDPR and the business entity under CCPA. If you have any questions regarding how your data is managed, please contact us at [email protected].
3. Categories of Data We Process
We collect and process various categories of personal data depending on your interaction with our services:
– Usage Data: This includes information such as your IP address, browser type and version, visited pages, time spent on our site, referring URLs, and general interaction metrics.
– Account Data: Information provided during account creation or checkout, including your full name, billing and shipping addresses, email address, and phone number.
– Profile Data: Information relating to your ticket and merchandise purchase history, musical preferences, event attendance, and user behavior while logged in.
– Communication Data: Records of your interactions with our customer support team, including email exchanges, form submissions, and call notes.
– Technical Data: Device type, operating system, browser plug-ins, screen resolution, and other technical configurations used to access our services.
– Transaction Data: Includes payment billing details (handled optionally via third-party processors), order confirmations, delivery instructions, and refund or dispute history.
– Preference Data: Marketing preferences, opt-in/out consents, and responses to promotional campaigns or surveys.
4. Legal Bases for Processing Personal Data
We process your personal data only when legally permitted to do so. Grounds for lawful processing include:
– Contractual Necessity: When processing is required to fulfill our obligations under a contract, for example, fulfilling your ticket purchase or sending booking confirmations.
– Legitimate Interest: We may collect and process data to ensure the integrity of our website, protect our rights, detect fraud, or provide customer support, provided such interests do not override your rights.
– Consent: Where required by law, we obtain your clear, affirmative consent before processing your data for marketing, cookies, or newsletter subscriptions.
– Legal Obligation: In some circumstances, we may process your data to comply with binding laws or law enforcement requests.
5. Your Rights
As a data subject, you have the following rights concerning your personal data:
– Right of Access: You may request a copy of the personal data we hold about you.
– Right to Rectification: You may request that inaccurate or incomplete personal data be corrected.
– Right to Erasure: Under specific conditions, you may request the deletion of your personal data (“right to be forgotten”).
– Right to Restriction: You may request a temporary suspension of processing under certain circumstances.
– Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
– Right to Object: You may object to data processing based on legitimate interests, especially where related to direct marketing.
To exercise any of the above rights, please email: [email protected].
6. Security Measures
We implement comprehensive technical and organizational safeguards to protect the confidentiality, integrity, and availability of your personal data. These measures include:
– Encryption protocols for data in transit and at rest
– Secure access control and user authentication systems
– Regular system and security patching
– Firewall and intrusion detection systems
– Routine backups to provide data continuity
– Staff training in data protection and cybersecurity awareness
7. International Data Transfers
As a United States-based website, data you provide may be processed and stored outside of your country of residence, including in countries that may not provide the same level of data protection. We ensure appropriate safeguards for international transfers, including the use of Standard Contractual Clauses (SCCs) and other mechanisms recognized under GDPR and CCPA as providing adequate protection.
8. Data Retention
We retain personal data for no longer than necessary for the purposes for which it was collected. Retention periods vary by data category and are reviewed regularly:
– Usage and Technical Data: Retained for up to 12 months for system administration and analytics.
– Account and Transaction Data: Retained for 7 years to comply with financial and legal obligations.
– Communication Data: Retained for 3 years from last contact for support auditing and service improvement.
– Preference and Marketing Data: Retained until consent is withdrawn or 2 years from last interaction, whichever is earlier.
After these periods, data is securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance user experience and analyze site performance. Cookies fall into the following categories:
– Essential Cookies: Required for website functionality and basic operations such as navigation or securing forms.
– Functional Cookies: Support optional features like saved preferences, remembered logins, and personalized experiences.
– Analytics Cookies: Help us understand how users interact with our site (e.g., Google Analytics).
– Performance Cookies: Improve load times and overall responsiveness of web resources.
10. Cookie Management and Compliance
We honor Do Not Track browser signals and provide full cookie control via a consent management platform available upon your first visit. You may at any time:
– Modify cookie preferences via your browser settings
– Withdraw consent by adjusting your personal settings using on-site cookie banners
– Disable non-essential cookies without affecting core site functionality
Our cookie practices are aligned with both GDPR and CCPA requirements to ensure informed user choices and complete transparency.
11. Children’s Privacy
Our services are not directed toward individuals under the age of 13. We do not knowingly collect or store personal data from children. If we become aware that we have collected data from a child without verified parental consent, we will delete that data immediately. If you believe a minor has provided us personal information, please contact [email protected].
12. Updates to This Policy
We reserve the right to modify this Privacy Policy to reflect changes in legal obligations or service practices. Significant policy changes will be conveyed via appropriate website notifications or direct email communications where applicable.
13. Contacting Us
For any privacy-related inquiries, data access requests, or concerns regarding how your personal information is processed, you are encouraged to contact our team at:
Email: [email protected]
We are proud to operate in full alignment with both GDPR and CCPA standards and remain committed to safeguarding your privacy. Please don’t hesitate to reach out at any time for further information or to exercise your rights.