top of page

Privacy Policy

Effective Date: August 1, 2025
DRUM PARTY
Website: https://www.drumparty.org/

1. Introduction

DRUM PARTY (“we,” “us,” “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your personal information in accordance with:

  • The General Data Protection Regulation (EU) 2016/679 (“GDPR”)

  • The UK Data Protection Act 2018 (“DPA”)

  • The California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”)

  • Virginia Consumer Data Protection Act (VCDPA)

  • Other applicable U.S. state privacy laws

  • The Children’s Online Privacy Protection Act (COPPA)

  • The CAN-SPAM Act

  • Other relevant international data protection laws

We act as a “Data Controller” when determining how and why your personal data is processed.

 

2. Principles of Data Processing

DRUM PARTY adheres to the core principles of lawful, fair, and transparent data processing, as outlined in applicable U.S. and international privacy laws, including the General Data Protection Regulation (GDPR), UK Data Protection Act (DPA), and state-level laws such as the CCPA/CPRA and VCDPA. These principles guide every interaction we have with your personal data and are integral to our commitment to ethical data handling.

 

2.1 Lawfulness, Fairness, and Transparency

We process personal data only when there is a clear and lawful reason to do so. We ensure that all individuals are informed about how their data is collected, used, stored, and shared. This Privacy Policy is part of our effort to maintain complete transparency.

We will only process your personal data where:

  • You have given clear and informed consent, which you can withdraw at any time.

  • The processing is necessary to fulfill a contract, such as responding to service requests or processing orders.

  • The processing is required to comply with legal obligations, such as tax reporting or fraud prevention.

  • The processing is in our legitimate interest (or that of a third party), provided that those interests are not overridden by your rights and freedoms.

 

2.2 Purpose Limitation

We collect personal data solely for specific, explicit, and legitimate purposes, such as contacting you, processing transactions, improving our services, or fulfilling legal obligations. We do not use your personal data in a way that is incompatible with those original purposes unless we obtain your explicit consent.

 

2.3 Data Minimization

We only collect data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. We do not ask for more information than we need, and we avoid retaining unnecessary personal data.

 

2.4 Accuracy

We take reasonable steps to ensure that the personal data we process is accurate and kept up to date. If you believe any data we hold is incorrect or outdated, you have the right to request correction (see Section 14.0 – Your Rights).

 

2.5 Storage Limitation

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or to comply with applicable legal, regulatory, tax, or accounting requirements. When data is no longer needed, we securely delete or anonymize it.

 

2.6 Integrity and Confidentiality (Security)

We implement appropriate technical and organizational measures to safeguard personal data from unauthorized access, disclosure, alteration, or destruction. This includes using encryption, secure servers, access controls, and staff training.

 

2.7 Accountability

As a data controller, DRUM PARTY is responsible for and able to demonstrate compliance with these principles. We document our data protection activities and regularly review our practices to ensure ongoing compliance and continual improvement.

 

3. Core Privacy Commitments

At DRUM PARTY, protecting your privacy is central to our operations. We are committed to upholding the highest standards of transparency, accountability, and data protection. Our core commitments guide how we collect, manage, and secure your personal information:

 

3.1 User Privacy Is a Fundamental Right

We believe that every individual has the right to control their personal information. We treat your data with the same level of care and respect as we would expect for our own. Privacy is not a privilege—it is a principle.

 

3.2 Data Minimization and Purpose Limitation

We only collect personal data that is necessary for clearly defined and lawful purposes, such as processing contact requests, donations, or purchases. We do not collect excessive or irrelevant data, and we will never use your information for purposes beyond those disclosed in this policy without obtaining your consent.

 

3.3 No Selling or Renting of Personal Data

DRUM PARTY does not and will never sell, rent, lease, or trade your personal information to third parties for commercial purposes. We only share data with trusted third-party processors who act on our behalf under strict contractual obligations and security standards.

 

3.4 Clear and Transparent Communication

We strive to communicate clearly about how your data is used. This includes notifying you about data collection at the point of entry, honoring your right to opt out of marketing or non-essential data uses, and providing this detailed Privacy Policy as part of our commitment to transparency.

 

3.5 Secure Storage and Data Integrity

We use secure technologies, including encryption, firewalls, and access controls, to protect your data from unauthorized access, misuse, loss, or disclosure. We routinely review and update our security measures to reflect evolving industry best practices.

 

3.6 User Control and Consent

You have full control over how your data is used. This includes the ability to:

  • Withdraw consent at any time

  • Access and review the personal information we hold about you

  • Request that we correct inaccurate data

  • Request deletion or restriction of your personal information

  • Object to data processing under applicable law

 

3.7 Respect for International Privacy Laws

We apply data protection best practices globally, even in jurisdictions that may not require it. If you are located outside the United States, we treat your data in accordance with international privacy frameworks, including the GDPR and relevant U.S. state laws.

 

3.8 Ongoing Compliance and Ethical Responsibility

We continuously review our internal policies, employee training, vendor relationships, and platform configurations to maintain compliance with evolving legal standards. Beyond legal compliance, we consider it our ethical responsibility to respect and protect your privacy.

 

4. Legal Compliance

DRUM PARTY is committed to protecting your personal information and ensuring that our practices comply with all relevant data protection and privacy legislation, both in the United States and internationally. Our privacy operations are designed to align with the most rigorous privacy standards and regulatory frameworks in effect today, including:

United States Federal and State Laws

  • California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA): We honor California residents’ rights to know, access, delete, and opt out of the sale or sharing of personal information.

  • Virginia Consumer Data Protection Act (VCDPA): We comply with Virginia's rights-based framework for data control and processing transparency.

  • Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA): We monitor and adhere to emerging state-level consumer privacy laws.

  • Children’s Online Privacy Protection Act (COPPA): We do not knowingly collect personal data from children under 13 and comply with all requirements when children’s data is potentially involved.

  • CAN-SPAM Act: We comply with rules for commercial emails, including opt-out requirements and truthful subject lines.

 

International Laws and Standards

  • General Data Protection Regulation (GDPR – EU 2016/679): We meet all GDPR requirements, including lawful basis for data processing, transparency, data minimization, accuracy, and data subject rights such as access, rectification, erasure, restriction, and data portability.

  • UK Data Protection Act 2018: For users in the United Kingdom, we apply the same high standard of data protection, in line with GDPR and UK-specific requirements.

  • ePrivacy Directive (EU Cookie Law): We follow consent and disclosure obligations for the use of cookies and online tracking technologies.

 

International Data Transfer Mechanisms

  • We rely on legal mechanisms such as the EU-U.S. and Swiss-U.S. Data Privacy Frameworks, Standard Contractual Clauses (SCCs), and adequacy decisions to ensure lawful transfers of data across borders, particularly when transferring data from the European Economic Area (EEA) or the United Kingdom to the United States.

 

Platform-Specific and Industry Compliance

  • Wix Platform: Our website is built on Wix, which is fully compliant with applicable data protection laws and certified under major privacy frameworks.

  • PCI DSS (Payment Card Industry Data Security Standard): All online transactions conducted through our website follow strict encryption and data protection standards.

 

Duty of Care and Best Practices

DRUM PARTY follows industry’s best practices to protect the privacy of its users, including:

  • Transparency in data collection and use

  • Secure storage and transmission of data

  • Minimum data collection necessary for business purposes

  • Respect for data subject rights regardless of jurisdiction

  • Continuous monitoring of privacy law developments to ensure ongoing compliance

If you have specific questions about how your data is processed in your jurisdiction, you may contact our Data Controller (see Section 15.0).

 

5. Data We Collect and How We Use It

5.1 Website Analytics

We use Google Analytics via Wix to track visitor behavior (non-personally identifiable data such as browser, region, and time spent). Google may collect your IP address, but we do not access that data.

 

5.2 Contact Forms and Email

When you submit a contact form or email us at stephaniesdrumparty@gmail.com, your data is stored securely in our Wix Contacts database and processed via encrypted email (TLS/SSL).

 

5.3 User Accounts and Newsletters

Your email may be retained for communications or updates. You may unsubscribe at any time via the link in emails or by contacting us directly.

 

6. Website Hosting and Data Transfers

This website is hosted on the Wix.com Ltd. platform. Wix provides a fully managed cloud-based hosting environment with scalable servers located in data centers around the world, including the United States, Europe, and other regions. The hosting infrastructure is provided through Amazon Web Services (AWS) and other industry-leading providers, ensuring high levels of performance, reliability, and security.

 

All data collected through this website—including form submissions, contact information, analytics data, and e-commerce records—is stored on Wix-managed servers that are protected by firewalls, intrusion prevention systems, and continuous security monitoring.

All traffic between your browser and our website is encrypted using SSL (Secure Socket Layer) technology, which ensures that all data transmitted is secure and cannot be intercepted by malicious actors. The website also uses HTTPS (Hypertext Transfer Protocol Secure) as the standard protocol for safe browsing.

 

International Data Transfers

Depending on your location, your personal data may be transferred to and stored in countries outside of your own jurisdiction. For example, if you are located in the European Economic Area (EEA) or the United Kingdom, your personal data may be processed in the United States or other non-EEA countries.

To ensure legal compliance with international data protection standards:

  • Wix participates in and complies with the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework as outlined by the U.S. Department of Commerce.

  • Data transfers are conducted under lawful mechanisms such as standard contractual clauses (SCCs) or adequacy decisions where applicable.

  • DRUM PARTY ensures that any cross-border data transfer is protected by appropriate safeguards in accordance with GDPR Article 46 and other applicable laws.

By using this website and submitting your personal information, you consent to the transfer, storage, and processing of your data outside your country of residence, including in countries where data protection standards may differ from those in your jurisdiction.

We take every reasonable measure to ensure your personal data is handled securely and in accordance with this Privacy Policy.

 

7. Third-Party Processors

We use the following third-party processors to help manage and deliver services through our website. These processors handle certain data on our behalf and are selected for their commitment to privacy and compliance with applicable data protection regulations.

Wix.com Ltd.

  • Provides our website platform, contact form management, email communications, and online store infrastructure.

  • Wix is certified under the EU-U.S. and Swiss-U.S. Data Privacy Frameworks.

  • Wix Privacy Policy (https://www.wix.com/about/privacy)

Google LLC

  • Provides analytics tools (Google Analytics) used to monitor website performance and visitor behavior.

  • Google is a certified participant in the EU-U.S. Data Privacy Framework.

  • Google Privacy Policy (https://policies.google.com/privacy)

Givebutter, Inc.

  • Used to process donations and fundraising campaigns securely through embedded forms or links.

  • Givebutter is PCI-compliant and utilizes encryption and security best practices to protect donor data.

  • Personal data collected through Givebutter may include name, email, payment information, and donation history.

  • Givebutter Privacy Policy

All third-party processors listed above are contractually obligated to use your personal data solely for the purposes of providing their services to us and are required to maintain the confidentiality and security of your data.

 

8. Data Breach Notification

We will notify users and authorities within 72 hours of a known data breach involving personally identifiable information.

 

9. Social Media and External Links

This site and its owners engage on social media per the respective platform’s terms and privacy policies. We advise using discretion when interacting via social platforms.

We are not responsible for external websites linked from our pages. Please review their privacy policies separately.

 

10. Children's Privacy

We do not knowingly collect personal data from children under 18. If you believe a child has provided personal data, please contact us and we will promptly remove it.

 

11. Cross-Border Data Transfers

By using this website, you consent to your data being transferred and processed outside of your country, including in the U.S. We ensure safeguards are in place per GDPR and other frameworks.

 

12. Cookies and Tracking

This website uses cookies to enhance performance, enable key functionality, and support analytics. These cookies are primarily provided by Wix and are used in compliance with privacy laws.

Cookie Consent Banner

We use the Wix Cookie Banner to notify users about our use of cookies in accordance with applicable laws such as the GDPR, CCPA, and other privacy regulations. The banner provides users with the ability to:

  • Learn about the types of cookies we use

  • Accept all cookies, reject non-essential cookies, or customize their cookie preferences

  • Withdraw or modify consent at any time

This ensures that all visitors are given clear, informed choices before non-essential cookies are stored on their device.

 

Cookies Used on This Site (Wix):

​Cookie Name   | Purpose / Description | Duration | Type

XSRF-TOKEN | Used for security; helps prevent Cross-Site Request Forgery attacks | Session | Essential / Security

hs   | Security cookie | Session | Essential / Security

svSession | Identifies unique visitors and tracks a visitor’s sessions on a site | 2 years | Functionality / Analytics

SSR-caching | Indicates how a site was rendered (server-side or browser) | 1 minute | Performance

_wixCIDX | Used for system monitoring/debugging | 3 months  | Functionality / Analytics

_wix_browser_sess | Used for system monitoring/debugging | Session  | Functionality / Analytics

consent-policy | Stores the user’s cookie consent preferences | 12 months  | Essential / Compliance

smSession | Identifies logged-in site members | Session |Essential / Authentication

TSxxxxxxxx  | (Where x is a random string) Used for security and anti-fraud purposes | Session | Security

TSxxxxxxxx_d  | (Where x is a random string) Used for security and anti-fraud purposes | Session | Security

bSession | Measures system effectiveness | 30 minutes | Performance

fedops.logger.sessionId | Used for stability and performance measurement |12 months | Analytics

wixLanguage  | Saves the user’s preferred language | 12 months |Functionality

bSession | Essential | System effectiveness measurement | 30 minutes

fr | Advertisement | Used by Facebook to deliver, measure, and improve ads | Varies

_ga, _gid, _gat | Performance | Google Analytics tracking of user behavior  | Varies

SSR-caching | Essential | Identifies the system rendering the site | 1 minute

visitor_info1_live | Advertisement | Used by YouTube to track info on embedded videos |Varies

_wix_browser_sess | Essential | System monitoring/debugging

_wixCIDX| Essential | System monitoring/debugging | 3 months

XSRF-TOKEN | Essential | Prevents cross-site request forgery | Session

YSC | Performance | Tracks views of embedded YouTube videos | Session

Managing Cookies

You may choose to disable or delete cookies in your browser settings. Please note that some site functionality may be affected if cookies are disabled.

 

13. Shopping and Payments

Purchases made on our website are securely processed via Wix’s e-commerce system. Wix and associated payment gateways are PCI-DSS compliant and encrypt payment data.

Your data is only stored as long as needed to complete the transaction.

 

14. Your Rights

Depending on your location, your rights may include:

  • Access to your data

  • Correction of inaccurate data

  • Deletion (“right to be forgotten”)

  • Data portability

  • Object to or restrict processing

  • Withdraw consent

To exercise these rights, contact us at stephaniesdrumparty@gmail.com

 

15. Data Controller

Stephanie Spreeman
Email:  stephaniesdrumparty@gmail.com
Phone: (540) 288-6765
Website: https://www.drumparty.org/

 

16. Changes to This Privacy Policy

We may update this policy periodically. Updates will be reflected by the “Effective Date” at the top. We encourage you to review this policy regularly.

 

17. Disclaimer

The content provided in this Privacy Policy is for general informational purposes only and is not intended to constitute legal advice or to substitute for obtaining legal counsel. While we make every effort to ensure this policy complies with applicable privacy laws, we do not make any representations or warranties, express or implied, regarding the accuracy, completeness, or adequacy of the information contained herein.

 

DRUM PARTY assumes no responsibility or liability for any errors or omissions in the content of this policy. Use of this policy or our website is at your own risk, and you are encouraged to consult with a qualified legal professional to ensure compliance with all applicable privacy and data protection regulations relevant to your specific situation.

By using our website, you acknowledge and agree to the terms outlined in this policy and understand that it may change without prior notice.

bottom of page