House of Pageantry takes great care to safeguard personal data provided by our supporters, clients and others, and to process this data fairly and lawfully in accordance with the Data Protection Act 2018 and the General Data Protection Regulations (GDPR) which came into force at the end of May 2018.
Please read the following policy to understand how your personal information will be treated. By visiting www.houseofpageantry.com you are accepting the practices described here. This policy may change from time to time so please check back periodically.
1. Information about you
(a) We may collect personal information from you when you:
(b) This personal information may include but is not limited to the following information about you:
We may also ask for or collect some non-personal information from you.
2. How we use this information
(a) Your personal information will only be used by us to:
(b) If you do not want to receive information from us, contact us by email at email@example.com with the word “unsubscribe” in the subject field.
(d) House of Pageantry will not share your personal details with third parties, except where companies are providing services on our behalf, such as processing donations or orders. For example, when you make an online donation/platment via JustGiving or GoFundMe or Stripe.com, you are going through to a partner company and the information you give such as your credit card number and contact information is provided so that the transaction can take place.
3. How long we hold your information for
We only keep your information as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations (for example, the collection of Gift Aid). Or for example, if you have given us your details to sign up to our mailing list, we will only keep your information for as long as you continue to consent.
(a) We will take reasonable precautions to prevent the loss, misuse or unauthorised alteration of information you give us.
(b) Communications in connection with the Website, App and its content may be sent to you by us by e-mail. For ease of use and compatibility, communications will not be sent to you in an encrypted form. E-mail is not a fully secure means of communication. Whilst we try to keep our systems and communications protected against viruses and other harmful effects we cannot guarantee this.
(a) A “cookie” is a small text file that is placed on a website user’s computer hard drive by a website. There are several types of cookie.
(b) The types of cookie we use are “session cookies”, which keep track of information you have entered or looked at as you travel from page to page within the Website. These cookies have a short lifetime and expire within a short time of you leaving the Website. We do not use other types of cookie that track your internet activity after leaving the Website.
(d) Internet browsers normally accept cookies by default. However, it is possible to set an internet browser to reject cookies.
(e) You may change your cookie preferences on our site using the 'cookie settings' button in our cookie notification banner when you visit our site to switch off cookies you do not consent to us using. Please note there are some cookies that are necessary for the functioning of this Website which cannot be switched off and if you do not consent to the use of these cookies you must not use our website.
6. Your rights over your information
(a) By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. You can also ask for it to be erased and you can ask for us to give you a copy of the information.
(b) If you would like us to correct or update any information about you, then please email us at firstname.lastname@example.org
(c) You can also ask us to stop using your information – the simplest way to do this is to withdraw your consent, which you can do at any time, either by clicking the unsubscribe link at the end of any newsletter, or by emailing us at email@example.com.
Our Payment Service Provider is Stripe
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we make use of best-in-class security tools and practices to maintain a high level of security at Stripe.
All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
Stripe has two PGP keys to encrypt your communications with Stripe, or verify signed messages you receive from Stripe. Which key you make use of is dependent on the information needing to be transmitted.
We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.
Sage Pay is an active member of the PCI Security Standards Council (PCI SSC) that defines card industry global regulation.
In addition, you know that your session is in a secure encrypted environment when you see https:// in the web address, and/or when you see the locked padlock symbol alongside the URL.
So when buying through our site, you can be sure that you are completely protected.