This Privacy Notice describes how we respect privacy when we deal with personal information collected by our organisation (Deeside Bike Collective). It explains what personal information we collect, why we collect it and how we secure it and use it. If you have any comments or questions about this privacy notice, feel free to contact us at info@deesidebikecollective.co.uk. Our website address is https://deesidebikecollective.co.uk.

1. Personal data that we collect and why we collect it


The following list explains the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed. 

PurposeData TypeLegal basis
Managing registered website users and MembersName, email address, date of birth, postcode, join date and other information you share in your profile’s “About You” field, on the Join Us or Edit Profile form.Consent: you have actively consented via signing up to become a member through our website
Communicating with members who have subscribed to email updatesName, email address, date of birth, membership details, postcode and mailing preferences shared with us within your members profile (as above) and/or email list signup form (via Mailchimp)Consent: you have actively consented by signing up to receive the emails. Sharing this information with Mailchimp enables us to customise our communications where necessary, to help improve the relevance and effectiveness of our communications with our members.
Responding to enquiries about our organisation, its work or eventsName, email address, any other information you share in the Contact Us form on this website or send to us via emailLegitimate interests: it is necessary for us to read and store your message so that we can respond in the way that you would expect
Organising events/volunteeringName, email, phone number, emergency contact information, other specific information relevant to the event.Legitimate interests: it is necessary for us to store your contact details to contact you quickly or in an emergency and to pass your details on to the event organiser(s).
Processing donations via our fundraising page or paypal through the websiteName, email, payment informationLegitimate interests: this information is necessary for us to fulfill your intention of donating money and your expectation of receiving a confirmation message
Promoting the cause and applying for fundingAnonymised and aggregated data regarding our membersLegitimate interests: in order to evidence the level of support we have from the community, our Administrator or Members Manager may access membership data and share it in an appropriately anonymised format.
Providing website functionality and securityTechnical or functional cookies may be set on your browser for future access, (see Cookie Policy); for login attempts, password reset requests and comment submissions the following used may be recorded: attempting user’s email address/username and browser agent, as well IP address and IP-related HTTP headers attached to the device.
JetPack Brute Force Attack protection will be turned on if deemed necessary to maintain website integrity.
Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.
Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.
Data Synced (?): Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.
Legitimate interests: Necessary cookies may be used, for example, to temporarily store information about a booking in progress as well as any error/confirmation messages whilst submitting or managing your events or event bookings. Stored information may be used to block malicious attempts to hack into users accounts or destabilise the website. Data stored is deleted after 12 days, which is deemed the minimum necessary for preventing and/or investigating problems and security breeches. Users have access to erasure or export of data associated with their user name and/or email address.
Providing authentication services and app-based publishingUltimateMember Social Login collects data when a visitor register, login or link the account with with any of the enabled social provider (Google or Facebook). It collects and, if used for account creation, adds the following data to the profile: email address, first name, surname and profile picture.Consent: Users consent to these terms when they join the website and are reminded again of the terms when they activate these services. Users cannot access the authentication services until they have an existing account on the website and have agreed to our terms and privacy notice.
Checking and displaying user comments and spam preventionWhen visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. The IP address is anonymised before it is stored.Consent: The person posting the comment must agree to our Privacy Notice and Terms of Use before posting the comment.
Understanding our visitors and providing website enhancements such as embedded maps, spam blocking, ease of logging in, paymentsStatistical and tracking cookies (see Cookie Policy)Consent: Your consent to the use of additional cookies as described in our Cookie Policy will be asked when you first visit the website, and at least annually thereafter. You can review and change your previous consent choices by clicking the “Manage consent” button at the bottom of the page at any time.
Sharing information with the public about the teamName, email address, join date and other information you share in your profile’s “About You” field, on the Join Us or Edit Profile form.Consent: Core and Trustee members can opt in to sharing their profile publicly on the website.

2. How we use your data

We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as described in the table in section 1.  For example, we may use your personal information to:
● reply to enquiries that you send to us;
● handle donations or other transactions that you initiate;
● where you have specifically agreed to this, send you communications by email relating to our work and events which we think may be of interest to you.

3. When we share your data

We will never sell your data or pass it on for commercial gain in any way.

We will only pass your data to third parties in the following circumstances:

● you have provided your explicit consent for us to pass data to a named third party;
● for the purposes of a third party processing data on our behalf where we have in place data processing agreements with those third parties which fulfil our legal obligations in relation to the use of third party data processors;
● we are required by law to share your data;

3.1. Data Processors

We will only pass data to third parties outside of the EU where appropriate safeguards are in place in accordance with EU/UK Law through the adoption of Standard Contractual Clauses. These are usually incorporated into the contractual terms for the service, making them binding terms for the data processor.

  • This website is hosted by Siteground and all data stored on this website is handled in accordance with their Terms and Policies and Data Processing Agreement.
  • We use Mailchimp for most of our email communications. Mailchimp data is stored in the US, protected by the incorporation of EU standard contractual clauses into their Terms and backed up by their Privacy Policy and Data Processing Addendum.
  • We use Google Cloud Platform for internal organisation, receiving and sending emails, document storage and website login authentication (if users choose to log in with Google). Google Cloud may transfer your data outwith the EU in accordance with their Terms and EU Standard Contractual Clauses and we have a signed Data Processing Agreement with Google Cloud. Find out more about GDPR and Google Cloud
  • This website uses embedded Google services such as Analytics, Maps, and YouTube which use your web browser to send certain information to Google. This includes the URL of the page that you’re visiting and your IP address. We have taken steps to anonymise your IP address where possible (such as in Google Analytics reporting) in line with the principle of data minimisation. Google may also set cookies on your browser or read cookies that are already there. Find out more about how Google uses information from sites or apps that use their services.
  • If you request a password reset, your IP address will be included in the reset email so that you can see if someone else is trying to gain access to your account.
  • Ultimate Member Social Login stores the personal data on your site and does not share it with anyone except the access token which used for the authenticated communication with the social providers (Google Cloud and Facebook) to facilitate the login process.
  • Automattic provides three services. JetPack Connect and the Jetpack WooCommerce app are used for content editing and order management. Purchases, donations and orders made via the website may be processed by Automattic in order to allow the Administrator or Shop Manager to view it in the WooCommerce mobile app. Brute Force Protect by JetPack monitors attempts to access the site and blocks IP addresses known for malicious activity before they even get access to the website. Automattic have provided a signed DPA and published a GDPR compliant privacy policy.
  • We use Friendly Captcha, a Germany-based privacy-friendly solution to spam prevention. When you submit a form that includes the Friendly Captcha widget and send a puzzle request, they collect the following log data: The request headers User-Agent, Origin and Referer; The puzzle itself, which contains information about the account and site key it is related to; The version of the widget; and A timestamp. They store an anonymized counter per IP address for dynamic puzzle difficulty on the edge network to detect malicious users and minimize blocking legitimate users. This data is stored entirely separately from the rest of the data and cannot be correlated to specific websites or anything else. They anonymize IP addresses using a one-way hash of certain values so they cannot be personally identified. They do NOT ask for other information or personal information, such as your name, email, and online profiles. Their Privacy Policy applies.
  • We use PayPal to process some donations and payments.

4. How long we retain your data

We take the principles of data minimisation and removal very seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data in a timely manner once it is no longer required. 

Member and Registered User data is retained in our website’s database indefinitely whilst the membership remains active. Data can be exported or removed upon users request using the Download Your Data or Erase Your Data tools in your Privacy Settings (visit our Privacy Centre for help with this). Members who opt in to email communications will have their data passed to MailChimp via our the Ulitimate Member MailChimp extension. Data is retained by MailChimp until you have unsubscribed from the mailing list or deleted your profile from the website, upon which your data is erased by MailChimp. 

Event registration data for logged in website users entered via the website is stored in the same way as Member and Registered User data.

Event Registration data entered via the website will be stored on this website and may be transferred to our secure online cloud storage and managed in the same way as described below.

Events-related and volunteering information will a secure online cloud storage system such as Google Drive. Once relevant information is no longer required, it will be erased within 30 days (or sooner if requested by the data subject as detailed below).

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

5. What rights you have over your data
You have a range of rights over your data, described here: 

You have a right to be informed about how your data is used. That is what this document is for.

You have the right of access to your information.  If you have an account as a member on our site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. For members, this is a provided in a format which allows the possibility of data portability. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. You can find information about and links to the relevant tools on the Privacy Centre Page.

You have the right to ask for rectification and/or erasure of your information. See the relevant links on the Privacy Centre Page.

Where data processing is based on consent, you may revoke your consent or object to data processing at any time and we will make it as easy as possible for you to do this (for example by putting ‘unsubscribe’ links at the bottom of all our emails). You can limit how much data you share with us down to the minimum data set required for membership / comment verification.

You have the right to lodge a complaint with the Information Commissioner if you feel your rights have been infringed.  A full summary of your legal rights over your data can be found on the Information Commissioner’s website here: https://ico.org.uk/ 

If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please refer to information in the Privacy Centre, and Contact Us if you require any guidance. Please note that relying on some of these rights, such as the right to delete your data, will make it impossible for us to continue to deliver some services to you such as counting you as a member or including you in our email newsletters. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.

7. Website specifics 

This website uses SSL technology to encrypt data sent to and from the website. We have implemented privacy-friendly measures to prevent unauthorised logins (“I’m a human” check box on login). Backups are stored as securely as the rest of our organisations data. We used a managed hosting solution to provide additional security features such as monitoring and automatic updates. Username and password complexity requirements, fine-grained permission settings, and modified login, join and password reset pages bolster user authentication and access control. Administrators, editors and the small number of users who require access to members information are required to use 2 factor authentication to log in to the website, mailing list system and hosting configuration interfaces and access to FTP and Database is tightly controlled. Access attempts and potential security hazards are monitored and alerts sent to the website administrator who actively manages risks, keeping software updated and locking out users exhibiting suspicious activity.

The website will attempt to resize and remove EXIF data on upload to protect your privacy but if you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS).

Articles on this site may include embedded content (e.g. YouTube videos, Google Maps). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. You will therefore be asked to consent to this tracking before the embedded content can be displayed.

6. Cookies & usage tracking

This website uses cookies and other related technologies (for convenience all technologies are referred to as “cookies”). Cookies are also placed by third parties we have engaged.

This website uses the Privacy Suite for WordPress by Complianz to collect and record Browser and Device-based Consent. For this functionality, your IP address is anonymized and stored in our database. This service does not process any personally identifiable information and does not share any data with the service provider. For more information, see the Complianz Privacy Statement.

See our Cookie Policy for more information about the use of cookies on our website.

8. Events Manager, Event Bookings, Volunteering and Google Maps

We use Google services to generate maps and provide auto-completion when searching for events by location, which may collect data via your browser in accordance to Google’s privacy policy.

We collect and store information you submit to us when making a booking, for the purpose of reserving your requested spaces at our event and maintaining a record of attendance. This information may be shared with the relevant event organiser(s).

We collect and store information you submit to us about events (and corresponding locations) which event managers add to the website. We may use cookies to temporarily store information about a booking in progress as well as any error/confirmation messages whilst submitting or managing your events and locations.

9. Online Store and Event Ticket Purchases

We collect information about you during the checkout process on our store.

While you visit our site, we’ll track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of basket contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Invite you to become a member and join our email list

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we may store order information for up to 2 years for tax and accounting purposes. Failed, pending and cancelled order information will be kept for up to 30 days. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews, if you choose to leave them.

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, email address, and billing and shipping information.

Our team members have access to this information to help fulfill orders, process refunds and support you. Our event managers will have access to information on event ticket purchases.

We collect information about you during the checkout process on our store.

What we collect and store

While you visit our site, we’ll track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of basket contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 2 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store product comments or reviews, if you choose to leave them.

Who on our team has access

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, email address, and billing and shipping information.

Our team members have access to this information to help fulfill orders, process refunds and support you.

What we share with others

We share information with third parties who help us provide our orders and store services to you; for example —

Payments

We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.

Please see the PayPal Privacy Policy for more details.

10. Modifications

We may modify this Privacy Notice from time to time and will publish the most current version on our website. If a modification meaningfully reduces your rights, we’ll notify people whose personal data we hold and is affected.