GDPR Policy for MartonInCleveland.uk

Introduction

At MartonInCleveland.uk, safeguarding your privacy and personal data is our top priority. We are fully committed to complying with the General Data Protection Regulation (GDPR), which establishes rigorous standards for the protection of personal data within the European Union and United Kingdom. This policy outlines the types of data we collect, the purposes for which it is processed, how we ensure its security, and the rights of our users under GDPR. By using our website and services, you agree to the terms outlined in this policy.

1. Data Collection

Types of Data Collected

We collect various types of personal data depending on your interaction with our website:

User Data:

Name, email address, phone number, and postal address when registering an account or subscribing to newsletters.

Login credentials for accessing user accounts securely.

Business Data:

Business names, contact details (such as phone numbers and emails), location, and descriptions provided for listings.

Event Data:

Details about events submitted by organizers, including event names, descriptions, dates, locations, and contact information.

Data submitted by attendees during event registrations, such as names and email addresses.

Technical and Usage Data:

IP addresses, browser types, device information, and cookies to enhance website performance and analyze traffic patterns.

Session and activity logs, including pages visited and actions performed on the website.

Sources of Data

Data is collected directly from users when they interact with our website (e.g., via registration forms, event submissions, or surveys).

We may also collect data from third-party services (e.g., analytics tools) to improve functionality and performance.

2. Purpose of Data Processing

The data we collect is used for specific and lawful purposes:

1. Core Operations:

Enabling business and event listings.

Facilitating user account creation, event registration, and ticketing systems.

Sending confirmations or updates related to events or account actions.

2. Community Engagement:

Allowing users to submit events or business listings for community collaboration.

Promoting events, businesses, and services relevant to the community.

3. Marketing and Communication:

Sending newsletters, promotional offers, or updates with user consent.

Providing personalized recommendations based on user preferences.

4. Website Optimization:

Analyzing technical data to improve usability, design, and security.

Conducting surveys to understand user needs better.

3. Legal Basis for Processing

We process personal data based on one or more of the following GDPR legal bases:

Consent: You have explicitly given consent for data collection and processing by agreeing to our terms during registration or form submissions. You can withdraw consent at any time.

Contractual Necessity: Data is processed as required to fulfill agreements with users (e.g., providing event registration services or supporting business listings).

Legitimate Interests: Processing data to improve our services, ensure website functionality, and protect the community's interests.

Legal Compliance: In certain cases, processing may be required to comply with applicable laws or respond to legal obligations.

4. Data Storage and Retention

Storage Locations

Your data is stored securely on servers located within the United Kingdom or European Union, ensuring GDPR compliance.

Retention Policy

Data is retained only for as long as necessary to fulfill its intended purpose.

Event-related data is deleted after the event concludes unless the user opts to retain it for future reference.

Business listing data remains active until the business requests removal or the listing expires.

Account Deregistration:

If a user chooses to deregister their account, all personal data associated with the account is immediately and securely deleted from our servers.

We use industry-standard protocols to ensure safe and permanent data deletion.

5. Data Sharing

Policy on Data Sharing

We never sell, rent, or give personal data to any third parties or external companies for any purpose.

Personal data may only be shared with:

Third-Party Service Providers: These include trusted vendors who assist with payment processing, website hosting, email delivery, and analytics. All third-party providers are contractually bound to adhere to GDPR standards.

Legal Authorities: We may disclose personal data if required by law or to protect the rights and safety of users.

6. User Rights

Under GDPR, users have the following rights concerning their personal data:

Access and Transparency

You can request access to your personal data to understand what has been collected and how it is processed.

Rectification

If you notice inaccuracies in your data, you can request corrections.

Erasure ("Right to Be Forgotten")

You have the right to request the deletion of your personal data. This includes all data collected, which is promptly and permanently deleted upon deregistration of your account.

Restriction of Processing

You can limit how your data is processed under specific circumstances.

Data Portability

You can request a copy of your data in a structured and machine-readable format for transfer to another service provider.

Objection

You may object to certain types of data processing, including marketing communications.

7. Cookies and Tracking

Cookie Usage

MartonInCleveland.uk uses cookies to:

Improve user experience.

Analyze traffic patterns and optimize website performance.

Managing Cookies

Users can manage or disable cookies through browser settings. Disabling cookies may affect the functionality of certain website features.

8. Data Security

We implement comprehensive security measures to protect your personal data:

Encryption: Sensitive data is encrypted during storage and transmission.

Access Control: Personal data is accessible only to authorized personnel.

Regular Audits: We conduct periodic security audits to identify vulnerabilities.

Incident Response: We have protocols in place to respond swiftly to any security breaches.

9. Breach Notification

In the event of a data breach:

We will notify affected users promptly, within 72 hours, detailing the nature and scope of the breach.

Relevant authorities will be informed in compliance with GDPR.

10. Contact Information

If you have questions, concerns, or requests regarding this policy, please contact us:

Email: privacy@martonincleveland.uk

11. Policy Updates

This GDPR policy is reviewed regularly and updated as necessary to comply with changes in regulations or to reflect new practices. We will inform users of significant updates via email or website notifications.