Irish Festivals, Inc.

1. Introduction and Scope

Irish Festivals, Inc. ("we," "our," or "us") is committed to protecting your privacy and handling your personal information with transparency and care. This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information when you visit our websites (including irishfest.com, irishfestsummerschool.com, celticmke.com, irishfestscrapbook.com, irishfestschoolofmusic.com, wardirishmusicarchives.com, and all related subdomains and affiliated sites), use our services, register for events, or otherwise interact with us (collectively, the "Services").

This Policy applies to all individuals who access or use our Services, including residents of the European Economic Area (EEA), the United Kingdom (UK), and all U.S. states that have enacted consumer privacy legislation. We are committed to complying with applicable privacy laws, including but not limited to:

• The EU General Data Protection Regulation (GDPR) and UK GDPR
• The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
• The Virginia Consumer Data Protection Act (VCDPA)
• The Colorado Privacy Act (CPA)
• The Connecticut Data Privacy Act (CTDPA)
• The Texas Data Privacy and Security Act (TDPSA)
• The Montana Consumer Data Privacy Act (MCDPA)
• The Oregon Consumer Privacy Act (OCPA)
• Other applicable U.S. state and federal privacy laws

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of our policy or practices, please discontinue use of our Services.

2. Contact Information and Data Controller

Irish Festivals, Inc. is the data controller responsible for your personal information. If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Irish Festivals, Inc.

1532 N. Wauwatosa Ave., Milwaukee, WI 53213

Telephone: (414) 476-3378

Email: privacypolicy@irishfest.com

For GDPR-related inquiries from EEA or UK residents, you may also have the right to contact your local Data Protection Authority (DPA). We will respond to all privacy-related inquiries within the timeframes required by applicable law (generally within 30 days, or 45 days where permitted by law with notice of an extension).

3. Information We Collect

3.1 Information You Provide Directly

We collect information you voluntarily provide when you:

• Register for an account or event (name, email address, mailing address, phone number)
• Purchase tickets or merchandise (billing and payment information processed by our third-party payment processors)
• Submit forms, surveys, contest entries, vendor submissions, or entertainment submissions
• Sign up for email communications or newsletters
• Volunteer or apply to participate
• Contact us via phone, email, or web forms
• Post comments or interact with us on social media

We do not directly collect or store sensitive financial information such as full credit card numbers, bank account numbers, or Social Security Numbers through our websites. Payment processing is handled by PCI-DSS-compliant third-party processors.

3.2 Information Collected Automatically

When you visit our websites, our web servers and analytics tools automatically collect certain technical information, including:

• IP address and approximate geographic location
• Browser type, version, and configuration
• Operating system and device type
• Referring URLs and pages visited within our site
• Date, time, and duration of your visit
• Clickstream data and navigation patterns

We use Google Analytics to better understand how visitors interact with our websites. Google Analytics collects data that is shared with Google. For more information on how Google handles this data, please review Google’s Privacy Policy at https://policies.google.com/privacy.

3.3 Cookies and Similar Tracking Technologies

We use cookies and similar tracking technologies (such as pixel IDs and tags) to operate and improve our Services. Cookies are small data files stored on your device. The types of cookies we use include:

• Essential/Strictly Necessary Cookies: Required for the operation of our websites (e.g., maintaining login sessions to access restricted content). These cannot be disabled without impairing site functionality.
• Analytics/Performance Cookies: Help us understand how visitors use our site (e.g., Google Analytics). These are used only with your consent where required by law.
• Functional Cookies: Remember your preferences and settings.

Where required by applicable law (including GDPR), we will seek your consent before placing non-essential cookies. You may withdraw consent or manage cookie preferences at any time by adjusting your browser settings. Note that disabling certain cookies may affect website functionality.

4. How We Use Your Information

4.1 Purposes of Processing

We use the information we collect for the following purposes:

• To operate, maintain, and improve our websites and Services
• To process event registrations, ticket purchases, and related transactions
• To communicate with you about events, updates, news, and promotions you have requested
• To respond to your inquiries, requests, and customer service needs
• To administer contests, volunteer programs, vendor programs, and other activities
• To analyze website usage, traffic patterns, and visitor behavior
• To personalize content and targeted advertising
• To enforce our Terms and Conditions and other applicable policies
• To comply with legal obligations and respond to lawful requests from public authorities
• To protect the security, integrity, and rights of our organization and users
• To send you new or unanticipated communications, with notice and the opportunity to opt out

4.2 Legal Bases for Processing (GDPR)

For individuals in the EEA or UK, we process your personal data under the following legal bases as defined in Article 6 of the GDPR:

• Consent (Art. 6(1)(a)): Where you have given clear, specific consent — for example, for marketing emails, non-essential cookies, or optional analytics tracking. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Contract Performance (Art. 6(1)(b)): Processing necessary to fulfill a contract with you, such as processing a ticket purchase or event registration.
• Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable legal and regulatory obligations.
• Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate interests, such as fraud prevention, IT security, website analytics, and improving our Services — where these interests are not overridden by your fundamental rights and freedoms.

5. How We Share Your Information

We do not sell your personal information to third parties. We do not share your personal information except in the following circumstances:

• Service Providers: We share information with trusted third-party vendors who assist us in operating our websites and Services (e.g., email delivery platforms, analytics providers, payment processors, ticketing systems). These vendors are contractually obligated to use your information only as directed by us and in accordance with applicable law.
• Advertising: We utilize information for advertising purposes.
• Legal Requirements: We may disclose information when required by law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, comply with a legal obligation, or prevent fraud or illegal activity.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of that transaction, subject to applicable privacy law requirements.
• With Your Consent: We may share information for purposes not described in this Policy with your explicit prior consent.

6. Your Privacy Rights — California Residents (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023. These rights include:

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, our business or commercial purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You have the right to request that we correct inaccurate personal information we hold about you.
• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information with third parties for cross-context behavioral advertising. If this practice changes, we will provide a conspicuous “Do Not Sell or Share My Personal Information” link.
• Right to Limit Use of Sensitive Personal Information: To the extent we collect sensitive personal information, you have the right to limit its use to what is necessary to provide the Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your California privacy rights, please contact us using the information in Section 2 above. We will verify your identity before fulfilling your request. You may designate an authorized agent to submit requests on your behalf.

California “Shin’s Law” (Civil Code § 1798.83): California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes without your consent.

7. Your Privacy Rights — Other U.S. State Residents

Residents of Virginia, Colorado, Connecticut, Texas, Montana, Oregon, and other states with enacted consumer privacy laws may have some or all of the following rights, subject to applicable exemptions and thresholds:

• Right to Access: The right to confirm whether we are processing your personal data and to access that data.
• Right to Correction: The right to request correction of inaccurate personal data.
• Right to Deletion: The right to request deletion of personal data provided by or obtained about you.
• Right to Data Portability: The right to obtain a copy of your personal data in a portable, usable format.
• Right to Opt-Out of Targeted Advertising: The right to opt out of the processing of your personal data for targeted advertising.
• Right to Opt-Out of Profiling: The right to opt out of profiling decisions that produce legal or similarly significant effects.
• Right to Appeal: Where applicable, if we deny your privacy rights request, you have the right to appeal our decision. To submit an appeal, contact us using the information in Section 2 with the subject line “Privacy Rights Appeal.” We will respond within the timeframe required by your state’s applicable law.

To exercise any of these rights, please contact us using the information in Section 2. We will respond within the applicable statutory timeframe (generally 30–45 days).

8. Your Privacy Rights

8.1 EEA and UK Residents (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the GDPR and UK GDPR:

• Right of Access (Art. 15): The right to obtain confirmation of whether we process your personal data and to receive a copy of it.
• Right to Rectification (Art. 16): The right to have inaccurate or incomplete personal data corrected.
• Right to Erasure / ‘Right to be Forgotten’ (Art. 17): The right to request deletion of your personal data under certain circumstances.
• Right to Restriction of Processing (Art. 18): The right to request that we limit how we process your data in certain situations.
• Right to Data Portability (Art. 20): The right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to Object (Art. 21): The right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at https://edpb.europa.eu/about-edpb/board/members_en.

To exercise your GDPR rights, please contact us using the information provided in Section 2. We will respond within 30 days (extendable by an additional two months in complex cases, with notice).

International Data Transfers: If you are in the EEA or UK, please note that we are based in the United States. When we transfer your personal data to the U.S., we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms as required by applicable law.

8.2 U.S. Residents

You may have rights under certain U.S. state data protection laws to request access to retrieve details about the personal information we maintain and how we have processed it or delete your personal information. These rights are not absolute, and in certain cases, we may decline your request as permitted by law. To exercise these rights, you can contact us by submitting a Data Subject Access Request (DSAR) form, by visiting the link here.

Under certain U.S. state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws.

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identify or authority to make the request. However, if we cannot verify your identify from the information already maintained by us, we may request that you provide additional information for security or fraud-prevention purposes.

If you submit the request through an authorized agent, we may need to collect additional information to verify your identify before processing your request and the agent will need to provide a written and signed permission from you to submit such request on your behalf.

9. Marketing Communications and Opt-Out

If you have provided us with your email address, postal address, or phone number, you may receive periodic communications from us about events, news, and promotions.

You may opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link included in any marketing email
• Contacting us by telephone at (414) 476-3378
• Contacting us by email at info@irishfest.com
• Writing to us at 1532 N. Wauwatosa Ave., Milwaukee, WI 53213

Please note that even after opting out of marketing communications, we may still send you transactional or operational messages related to services you have requested (e.g., event registration confirmations, ticketing information).

10. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The factors we consider in determining retention periods include:

• The nature and sensitivity of the personal information
• The purposes for which the information was collected and whether those purposes have been fulfilled
• Our legal, regulatory, and contractual obligations
• The potential risk of harm from unauthorized use or disclosure

When personal information is no longer needed, we will securely delete or anonymize it in accordance with our data retention schedules. If you request deletion of your data, we will fulfill your request to the extent permitted by law (for example, we may retain certain records as required by applicable tax, legal, or audit obligations).

11. Security

We implement appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, accidental loss, disclosure, alteration, or destruction. These measures include physical facility security, access controls, and reasonable industry-standard practices for data protection.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that affects your rights or freedoms, we will notify affected individuals and applicable regulatory authorities as required by law.

You are responsible for maintaining the confidentiality of any passwords or account credentials you use to access our Services.

12. Third-Party Websites and External Links

Irish Festivals, Inc. site(s) may contain links to third-party websites. Irish Festivals, Inc. does not control and cannot be held legally responsible for the security practices, privacy policies, or content of websites outside its ownership or organizational control. Users are encouraged to review the security and privacy policies of any external websites they visit.

Your use of third-party websites is at your own risk and subject to the terms and privacy policies of those third parties. The inclusion of a link to a third-party website on our sites does not imply endorsement, sponsorship, or affiliation with that website or its operators.

Additionally, our websites may include social media features and widgets (such as Facebook, Instagram, and similar platform integrations). These features may collect your IP address and information about the pages you visit and may set cookies. Social media features and widgets are governed by the privacy policies of the companies that provide them.

13. Cookie Consent and Preferences

Where required by applicable law — including for visitors from the EEA and UK — we obtain consent before placing non-essential cookies on your device. You may manage or withdraw your cookie consent at any time by:

• Adjusting your browser settings to refuse or delete cookies
• Using the Google Analytics opt-out tool described in Section 3.2
• Contacting us for assistance with cookie preferences

Please be aware that disabling cookies may affect the functionality of portions of our website that require login sessions or personalization features.

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, applicable law, or for other operational, legal, or regulatory reasons. When we make material changes, we will post the revised Policy on this page.

Your continued use of our Services after any changes constitutes your acceptance of the revised Policy.

15. Do Not Track

Some web browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. There is currently no universally accepted standard for how websites should respond to DNT signals. At this time, our websites do not alter their data collection and use practices in response to DNT browser signals. We will revisit this position if and when a uniform standard is established.

16. Complaints and Dispute Resolution

If you have a concern or complaint about how we handle your personal information, we encourage you to contact us first using the information in Section 2. We take all privacy complaints seriously and will work to resolve your concern promptly.

EEA and UK residents have the right to escalate unresolved complaints to their applicable supervisory authority. California residents may contact the California Privacy Protection Agency (CPPA) or the California Attorney General. Residents of other states may contact their state’s Attorney General.