At DigVentures we respect your right to privacy online and understand that you want to keep control of your personal information. That’s why we are committed to protecting any information you share with us.

We will never sell, distribute or intentionally make your personal information public and have implemented appropriate technical and organisational security measures to protect the data you share with us from loss and preserve its security and confidentiality. All your interactions with our website are protected by strong 256-bit encryption and we aim to collect the minimum of personal information needed to provide an effective service.

We believe in being transparent about what data we are collecting and how it will be handled. The information below sets out our privacy policy in detail. In each case we’ll explain why a particular piece of data is being processed and how long it will be retained. We are also committed to providing relevant information and control at the point of collection so that you can make informed decisions about what personal data you choose to share with us.

Our Legal Bases for Processing

We collect and process information about you only where we have legal bases for doing so. This legal bases will depend on the individual services you use and how you use them. Additional information is provided below but in general terms we will only collect and use your information where:

  • It is necessary for us to provide you with a service, including for support or to protect the safety and security of the service itself.
  • It satisfies a legitimate commercial interest which is not overridden by your data protection interests. Such as for research and development.
  • You have given us consent to do so for a specific purpose.
  • We need to process your data to comply with a legal obligation.

In cases where you have consented to our use of your personal information for a specific purpose you have the right to change your mind at any time. Where we are using your information because we have a legitimate interest to do so, you have the right to object to that use, but in some cases this may mean your are no longer able to access our services.

Third Party Data Processors

Like most businesses we rely on a number of third-party providers to support our day-to-day operations, for example in areas such as online file storage and email delivery. We may also hire third parties to operate, maintain or improve our website and other digital services. Some of these service providers will by necessity have access to or be directly involved in processing or storing a subset of the personal information you share with us.

All our third-party data processors have been carefully chosen as service suppliers who also practice responsible data handling. We believe that each has in place appropriate protections to ensure the security of the data we store or process with them and have clear policies for how they treat that data. But if in doubt you should review their individual Privacy Policies.

Amazon Web Services (File storage)
https://aws.amazon.com/compliance/data-privacy-faq/

Google (Website analytics):
https://support.google.com/analytics/answer/6004245?hl=en

HeartInternet (Hosting & email services)
https://www.heartinternet.uk/terms/heart-internet-privacy-statement

Highrise (CRM)
https://highrisehq.com/privacy/

MailChimp (Email marketing):
https://mailchimp.com/legal/privacy/

MaxCDN (Hosting)
https://www.maxcdn.com/legal/

One.com (Email services)
https://www.one.com/en/info/privacy-policy

PayPal (Payment processing)
https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

The Pixel Parlour (Digital services development & support):
https://www.pixelparlour.co.uk/about/privacy-and-cookies/

Before using or sharing your information with third parties in ways not described here or previously authorised by you, we will provide you with notice and an opportunity to control the further use or disclosure of your personal information.

Transfers outside of the European Economic Area

Under certain circumstances we will transfer your information outside of the European Economic Area. We will only do this with your informed consent, when it is necessary to perform a contract we have with you or where the receiving organisation has adequate safeguards in place – for example certification under the EU-US Privacy Shield framework.

General Browsing

Our website is hosted in the UK in a data centre managed by Heart Internet. When you visit our website or access one of the files stored on our web server information about this request will be automatically stored in our log files to provide usage statistics, enable security features and aid technical troubleshooting. This is on the legal basis of legitimate commercial interests. In these cases your IP address at the time acts as a unique identifier and is stored along with information about your operating system, browser version and the pages/files you access. These logs are retained on the server for up to 30 days, after which they are automatically deleted. Heart Internet will also record a similar set of data for the purposes of data management and security. This data is retained by them for up to 3 months.

Like most businesses we use Google Analytics to help understand how our website is being discovered and interacted with and we use this information to help improve the experience for our visitors and make decisions about future development. Google Analytics presents us with aggregate information about the geographic location, device types and operating systems used by our website visitors, but not in a way that personally identifies you. Additionally Google will record your computer’s IP address and set a number of temporary cookies in your browser to help distinguish you as an individual visitor as you move around our site. In the interests of limiting the amount of data Google collects via our site we are using Google’s standard Analytics implementation and have not enabled any additional advertising features, such as remarketing tags which would tie your usage of our site in with your broader browsing habits. Any user-level data that is associated with Analytics’ cookies are retained for up to 26 months from your last activity on our site, after which it is automatically deleted from Analytics’ servers.

Our website and emails contain a number of links to third party sites. It is important to be aware that these external sites are governed by their own privacy policies and we do not accept any responsibility or liability for these policies. The inclusion of a link to an external source should not be understood to be an endorsement of that website, its owners or their products/services. Always check the individual privacy policies of these external sites before you submit any personal data through them.

Cookies

Cookies are temporary files stored in your web browser by a website to help track usage and enable services that rely on a persistent identity. You can control which cookies you accept and remove them at any time by adjusting your browser settings or using the cookie controls we provide, but it is important to be aware that some cookies are essential and our website may not function as expected without them.

Essential cookies
These cookies are strictly necessary to provide you with services available through our websites and to use some of its features. But you can still block or delete them by changing your browser preferences.

  • analytics, third-party (DigVentures) – used by our website to remember your cookie preferences. Expire after 6 months.
  • wp_woocommerce_session (DigVentures) – Set by our website when you use our online shop Expires after 48 hours.
  • woocommerce_items_in_cart (DigVentures) – Used to temporarily store information about your cart when use our online shop. Expires at the end of your session.
  • woocommerce_cart_hash (DigVentures) – Used to temporarily store information about your cart when you use our online shop. Expires at the end of your session.
  • wordpress_[hash] (DigVentures) – used to temporarily store your authentication details when you log in to the website. Expires at the end of your session.
  • wordpress_logged_in_[hash] (DigVentures) – set to identify you to the website and tell it that you are logged in. Expires at the end of your session.

Functional cookies
These cookies are used to enhance the performance and functionality of our websites. They are non-essential but without them certain functionality may become unavailable.

  • YSC (YouTube) – used to support playback of embedded YouTube videos. Expires at the end of your session.
  • VISITOR_INFO1_LIVE (YouTube) – used to support playback of embedded YouTube videos. Expires after 8 months.
  • PREF (YouTube) – used to support playback of embedded YouTube videos. Expires after 8 months.

Analytics and customisation cookies
These cookies collect information to help us understand how our website is being used or customise it in order to enhance your experience.

  • _ga (Google Analytics) – used to distinguish between users. Expires after 2 years.
  • _gat (Google Analytics) – used to distinguish between users. Expires after 24 hours.
  • _gid – (Google Analytics) – used to throttle the request rate. Expires after 1 minute.
  • loc, mus, ssc, uid, uvc (AddThis) – set by the service we use to provide social sharing to record usage stats, including the geographic location of sharers. Expire after 1 month.
  • _atuvc (AddThis) – used to update the social sharing counter when you share one of our website pages. Expires after 13 months.
  • _atuvs (AddThis) – used to enable social sharing features. Expires after 30 minutes.
  • uid (AddThis) – used by AddThis to recognise you as a returning visitor if you revisit the site. Expires after 13 months.
  • uvc (AddThis) – used by AddThis to record any social sharing activity via our website. Expires after 13 months.
  • loc (AddThis) – set by AddThis to geo-locate (to a state level) any social sharing activity. Expires after 13 months.

Advertising cookies
These cookies are used to make advertising messages more relevant to you and your interests.

  • None currently set

Email Marketing

We use MailChimp for our email marketing. So when you subscribe to our newsletter directly or opt-in during checkout the email address and name you submit will be held securely by them and the information also made accessible to us. MailChimp’s servers are based in the United States, so your information may be transferred to, stored, or processed in the US. MailChimp participates in and has certified its compliance with the EU- U.S. Privacy Shield Framework, which certifies that is has adequate safeguards in place. As a respected email marketing provider MailChimp won’t share your information with any unauthorised third parties or contact you directly at any time – you can read their full privacy policy here: https://mailchimp.com/legal/privacy/

When you sign-up directly we use a double opt-in process to help ensure that it really is you who wants to subscribe. A confirmation email will be sent to the email address provided with a link to click. Only after clicking that link will you be opted-in to receive our emails. At this point MailChimp will also collect your IP address which, along with a timestamp, helps provide our evidence of consent should we need to provide this to the regulator.

You can also choose to opt-in during checkout when you support one of our Projects or purchase a product through our Online Shop. In these cases the details provided, which include your name and email address will be passed to MailChimp shortly after checkout.

By default we will retain your data in MailChimp for as long as you choose to stay subscribed or such time as we consider your account to be in-active (ie. you are no longer opening or engaging with our emails).

You can update your details or opt-out of our emails at any time using the ‘Unsubscribe’ or ‘Email Preferences’ links found at the bottom of every email we send via MailChimp. If you unsubscribe MailChimp will retain your email address for the purposes of a suppression list to ensure that no further marketing messages can be sent unless you actively choose to opt-in again.

In addition to the information you supply at sign-up MailChimp will also capture data about your interactions with our emails and website, such as which links you click within an email and which pages you go on to visit on our website. It does this using a combination of tracking pixels and cookies. You can learn more about those in the Cookies section of this privacy policy. We use this information to help improve our product and provide more personalised messaging.

We may also combine the information you provide us at sign-up with data from other sources, such as our website, to help us improve the relevance of the emails we send you. For example if you choose to support one of our projects we will record that information in your MailChimp subscriber profile to ensure that the content of our emails reflects it.

Transactional Emails

Any transactional emails generated by our website – such as password recovery messages or order receipts are sent using Amazon SES. On its way out your message will pass through anti-spam filters operated by Amazon Web Services to identify poor quality content or viruses. These are automated processes with no human involvement. Amazon will only access email content under very limited circumstances, such as investigating fraudulent or abusive activity. You can read the detail of Amazon’s data privacy policy here: https://aws.amazon.com/compliance/data-privacy-faq/

Payment Processing

We use PayPal as an online payment processor, so when you make a purchase through our website some of the information you submit is sent to them to allow your payment to processed. PayPal is committed to handling your personal data securely and will not reveal your financial information to any third party except with your express permission or if required to do so by a court order or other legal process. You can read the full in their privacy statement here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full. Please be aware that PayPal may transfer information relating to your transaction outside the European Economic Area, but in such cases they are committed to protecting it with adequate safeguards.

All the information you submit at checkout is transmitted securely via an encrypted https connection and the information we receive from these transactions is just that needed to process or support your order. That includes your name, email address, billing address and contact phone number, but does not include any sensitive financial information such as credit card numbers or bank account details. We will retain this information, along with the details of your purchase, for 5 years as part of our financial records.

Supporting a Project

When you support one of our projects the information we collect at checkout is only that which we require to process and support your order.

Your name, email address and phone number are used to uniquely identify your order and provide us with a point of contact for any follow-up communication such as sending you an electronic receipt. We also collect your IP address and physical address to facilitate payment processing and meet our obligations to maintain appropriate financial records. For example we need to know the country of origin of all transactions for calculating VAT. Depending on the support level you choose additional details relating to its benefits may also be collected, for example t-shirt size. This order information is retained for up to 5 years after which is erased.

Payment processing is handled by PayPal and only they have access to sensitive financial information shared during your purchase, such as your credit/debit card details. You can learn more in the Payment Processing section above.

We will send you any essential information relating to the project you are supporting by email. But during checkout you also have the option to opt-in to our more general newsletter. If you choose to do this your details will also process as described in the Email Marketing section of this Privacy Policy.

Purchasing a Product/Experience

When you purchase a product or book an experience through our website the information we collect at checkout is only that which we require to process and support your order.

Your name, email address and phone number are used to uniquely identify your order and provide us with a point of contact for any follow-up communication such as sending you an electronic receipt. We also collect your IP address and physical address to facilitate payment processing and meet our obligations to maintain appropriate financial records. For example we need to know the country of origin of all transactions for calculating VAT. Depending on the product being purchased additional details specifically relating to it may be required, such as your t-shirt size. This order information is retained for up to 5 years after which is erased.

Payment processing is handled by PayPal and only they have access to sensitive financial information shared during your purchase, such as your credit/debit card details. You can learn more in the Payment Processing section above.

We will send you any essential information relating to your purchase by email. But during checkout you also have the option to opt-in to our more general newsletter. If you choose to do this your details will also process as described in the Email Marketing section of this Privacy Policy.

Participating in an Online Course

When you book onto one of our online courses the information we collect at checkout is only that which we require to process and support your order.

Your name, email address and phone number are used to uniquely identify your order and provide us with a point of contact for any follow-up communication such as sending you an electronic receipt. We also collect your IP address and physical address to facilitate payment processing and meet our obligations to maintain appropriate financial records. For example we need to know the country of origin of all transactions for calculating VAT. This order information is retained for up to 5 years after which is erased.

Because course materials are restricted just to registered participants you will create a DigVentures Account during booking, which you will then use to access the course online. You can close this account at any time, but it is important to be aware that you will also then lose access to the online course materials.

Course updates are delivered via email, so after booking your name, email address and details of which course you have enrolled on will be transferred to our email service provider (MailChimp). You can opt-out of these emails at any time, but it’s important to be aware that you may not get the full benefit of attending the course as a result.

Your DigVentures Account

You have the option to create an account during checkout when you support a project, buy a product or book an experience. A DigVentures account streamlines your checkout process and gives you additional control over your personal data, including the ability to directly edit details such as your name, contact email address and physical billing address or request its removal.

When logged-in any orders placed will be attributed to your account. You can view your order history from the past 5 years, after which the data is removed from our records.

You can close your account at any time by using the option within. Please be aware that it may take up to 30 days for your account closure request to be processed and any associated data to be removed from our primary and backup systems. Will not remove information held by us for the legitimate purpose of financial record-keeping or to meet our obligations to log personal data processing activities.

Participating in a Project

When you choose to support or participate in one of our excavation projects, in addition to the information we collect and manage which relates to the purchase itself and your account (see above), we also include you as a Team Member within the Project Team Pages.

The Team Page will include the following information:

  • Your name (for online and field school participants)
  • What you do in real life (for online and field school participants)
  • Your project highlights (for field school participants)
  • Which archaeological records you have produced (for field school participants)
  • Your Team Photo (for field school participants, provided by you in advance or taken on-site with your permission)

An archaeological archive collects and records data which relate to the excavation of an archaeological site. Our Project Microsite and Digital Dig Team form part of that archive and important for the long-term preservation of the site.

When we get in touch with you about the Project, we will ask if you are happy to appear on our Team Page.

Information on our Team Pages will be retained as part of the archaeological archive and not normally removed. If you wish to be removed retrospectively from the Team Pages, we are able to do this.

Contacting us by Email

When you send us an email, either to one of the addresses displayed on our website or an an individual member of staff, we will collect your email address and any other information you provide within your email.

One.com are our email service provider so any emails you send us will be stored on their servers, which are located in Denmark. You can learn more here: https://www.one.com/en/info/privacy-policy

The information you provide will only be processed in relation to the purpose of your correspondence with us. We have no fixed retention period for email correspondence, but we are committed to only storing your data for no longer than is necessary to serve our legitimate interests of record keeping or to perform a contract we have entered into with you.

Children Under 16

Our website and services are not for use by children under 16 years and we will not knowingly collect or use the personal data of children. If you are under the age of 16 please do not provide any personal data even if prompted to do so.

Personal Data Breaches

A breach is considered any loss, alteration, unauthorised disclosure of, or access to, personal data. We are committed to disclosing any personal data breaches that might adversely affect your rights and freedoms without undue delay so that you can take appropriate action. Any notifiable breaches will also be reported to the UK’s Information Commissioner’s Office within 72 hrs. This includes breaches affecting the third party services identified in this privacy policy, where personal data is being held on our behalf.

Questions & Access Requests

The General Data Protection Regulation (2018) gives you the right to know what person data we hold, to have it updated if it is inaccurate or removed entirely if you no longer consent to our use of it. We will endeavour to respond to any such requests within one month confirming receipt and outlining what follow-up actions will be taken and when.

We also welcome questions about our Privacy Policy and these or any access requests should be directed to our Data Protection Office at: hello@digventures.com

DigVentures
Attn. Data Protection Officer
The Workshop, Victoria Yard
26 Newgate
Barnard Castle
DL12 8NG

Policy Changes

Any updates we may make to our Privacy Policy in the future will be published on this page and significant changes noted below.

24 May 2018 – Expanded Privacy Policy published in preparation for the new General Data Protection Regulation