Toni Burt Artist
Personal information that this website collects and why we collect it.
We may collect, hold, use and disclose personal information for the following purposes:
- to enable you to access and use our Site, associated applications and courses/classes that you are registered for;
- to enable you to purchase items from the shop;
- to contact and communicate with you, including with regards to any online order you place with us;
- for internal record keeping and administrative/taxation purposes;
- to comply with our legal obligations and resolve any disputes that we may have.
Registered users / students
If you register on this site and/or purchase an online class you provide your name and email address. This is used to provide an order receipt for your purchase and enables you to access your classroom/classes on this site.
For users that register on this website we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Online shop purchases
If you purchase an item from the shop you provide your name, shipping address and email address. This is used to provide an order receipt for your purchase and to ship your product to you.
Comments (blog posts)
Should you choose to add a comment to any posts that we have published on our blog, the name and email address you enter with your comment will be saved to this website’s database, along with your computer’s IP address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the third party data processors. Only your name will be shown on the public-facing website although if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed.
Your comment and it’s associated personal data will remain on this site until we see fit to either 1.) remove the comment or 2.) remove the blog post. Should you wish to have the comment and it’s associated personal data deleted, please contact us with the email address that you commented with.
If you are under 16 years of age you MUST obtain parental consent before posting a comment on our blog.
NOTE: You should avoid entering personally identifiable information to the actual comment field of any blog post comments that you submit on this website.
Newsletter and email notifications
If you choose to join our email newsletter, the email address that you submit to us will be forwarded to MailChimp and or Sender who provide us with email marketing services. We consider MailChimp and Sender to be the third party data processors. The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems.
Your email address will remain within the providers database for as long as we continue to use their services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in the footer of any email newsletters that we send you or by requesting removal via our contact form.
If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.
While your email address remains within the Providers database, you will receive occasional newsletter-style emails from us outlining upcoming events, products, new classes and giveaways.
Should you choose to contact us using the contact form on our Contact us page none of the data that you supply will be stored by this website or passed to be processed by any of the third party data processors defined below. Instead the data will be collated into an email and sent to us via our website servers.
Site visitation tracking / analytics
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this.
- Google – analytics
- Wordfence – website security
- Paypal – payment processor
- Woocommerce – shopping cart
- Mailchimp – newsletter subscription
- Sender – newsletter subscription
- WP forms – contact us page
If you have an account and you log in to this site (to access your classes), we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you purchase a class or product through this website WooCommerce makes use of 3 cookies to keep track of your cart data. These cookies contain information about your shopping cart as a whole and help WooCommerce to know when the cart data changes (eg. you add more products). The cookies contain a unique code for each customer so that it knows where to find the cart data in the database for you as a customer. No personal information is stored within these cookies. They ensure the online shop functions.
If you leave a comment or review on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
The Google Analytics cookie allows us to see basic information on user activities such as page views and time spent on our website. It has no personally identifiable information stored and is displayed only as numbers, meaning it cannot be tracked back to any individual user. Using Google Analytics helps us to see which pages are most popular so we can improve our service and bring customers more of what they are looking for.
Wordfence uses a cookie that allows the Wordfence firewall to detect logged in registered users and allow them increased access (eg. to your purchased classes). It also allows Wordfence to detect non-logged in users and restrict their access to secure areas. The cookie also lets the firewall know what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block. This cookie maintains the accessibility and security of the website and registered users.
Embedded content from other websites (eg. Vimeo)
Pages on this site may include embedded content (e.g. Vimeo videos). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Third party data processors
We use a number of third parties to process personal data on our behalf.
Storage and security
We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures such as the encryption of personal information, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
When you enter your information, such as on the checkout page, your details (including your payment method) are encrypted and securely transmitted using 256-bit SSL encryption technology.
We do not store your credit card or payment details in any way – all payments are made on the PayPal secure website.
About this website’s server
This website is hosted by VentraIP which is securely housed in an ASX-listed NEXTDC data centre located in Sydney, Australia.
NEXTDC data centres feature:
- UTI Tier III certification
- ISO 27001:2013, ISO 9001:2015 and ISO 14001:2015 certifications
- 4.5 NABERS rating (M1)
- 100% availability agreement and N+1 redundancy on power, cooling and critical systems
- Multi-layered authentication systems including bio-metric fingerprint and anti-cloning identification cards to prevent any unauthorised access.
- Inert gas fire suppression systems
- 24/7 onsite security staff and extensive CCTV network
All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.
Our responsibilities as a ‘controller’ under the GDPR
Controllers are defined by the GDPR as natural or legal persons, a public authority, agency or other body to which personal information or personal data has been disclosed, whether via a third party or not, and who determines the purposes and means of processing personal information. We are a controller under the GDPR as we collect, use and store your personal information to enable us to provide you with our goods and/or services.
As a controller, we have certain obligations under the GDPR when collecting, storing and using the personal information of EU citizens. Whether you are an EU citizen or any user of this site, your personal data will:
- be processed lawfully, fairly and in a transparent manner by us;
- only be collected for the specific purposes we have identified in the ‘collection and use of personal information’ clause above and personal information will not be further processed in a manner that is incompatible with the purposes we have identified;
- be collected in a way that is adequate, relevant and limited to what is necessary in relation to the purpose for which the personal information is processed;
- be kept up to date, where it is possible and within our control to do so (please let us know if you would like us to correct any of your personal information);
- be kept in a form which permits us to identify you, but only for so long as necessary for the purposes for which the personal data was collected;
- be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Specifically, we have the following measures in place, in accordance with the GDPR:
- Data protection policies: We have internal policies in place which set out where and how we collect personal information, how it is stored and where it goes after we get it, in order to protect your personal information.
- Right to ask us to erase your personal information: You may request us to erase personal information we hold about you.
- Right to ask us to restrict data processing: You may ask us to limit the processing of your personal information where you believe that the personal information we hold about you is wrong (to give us enough time to verify if the information needs to be changed), or where processing data is unlawful and you request us to restrict the processing of personal information rather than it being erased.
- Notification of data breaches: We will comply with the GDPR in respect of any data breach.
Your rights and controlling your personal information
- Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information as a registered user of this site, you may change your mind at any time by contacting us. If you ask us to restrict how we process your personal information, we will let you know how the restriction affects your use of our Site or products and services.
- Access and data portability: You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. You may request that we erase the personal information we hold about you at any time.
- Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below.
- Complaints: If you believe that we have breached the Australian Privacy Principles or an article of the GDPR and wish to make a complaint, please contact us and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact the Office of the Australian Information Commissioner if you wish to make a complaint.
Removing your data
If you have a registered account/classroom access on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
For any questions or notices, please contact us using our contact form.