This Privacy Notice describes how we respect privacy when we deal with personal information collected by our organisation (Deeside Bike Collective). It explains what personal information we collect, why we collect it and how we secure it and use it. If you have any comments or questions about this privacy notice, feel free to contact us at info@deesidebikecollective.co.uk. Our website address is https://www.deesidebikecollective.co.uk.

1. Personal data that we collect and why we collect it


The following list explains the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed. 

PurposeData TypeLegal basis
Managing registered website users and MembersName, email address, date of birth, postcode, join date and other information you share in your profile’s “About You” field, on the Join Us or Edit Profile form.Consent: you have actively consented via signing up to become a member through our website
Communicating with members who have subscribed to email updatesName, email address, date of birth, membership details, postcode and mailing preferences shared with us within your members profile (as above) and/or email list signup form (via Mailchimp)Consent: you have actively consented by signing up to receive the emails. Sharing this information with Mailchimp enables us to customise our communications where necessary, to help improve the relevance and effectiveness of our communications with our members.
Responding to enquiries about our organisation, its work or eventsName, email address, any other information you share in the Contact Us form on this website or send to us via emailLegitimate interests: it is necessary for us to read and store your message so that we can respond in the way that you would expect
Organising events/volunteeringName, email, phone number, emergency contact information, other specific information relevant to the event.Legitimate interests: it is necessary for us to store your contact details to contact you quickly or in an emergency and to pass your details on to the event organiser(s).
Processing donations via our fundraising page or paypal through the websiteName, email, payment informationLegitimate interests: this information is necessary for us to fulfill your intention of donating money and your expectation of receiving a confirmation message
Promoting the cause and applying for fundingAnonymised and aggregated data regarding our membersLegitimate interests: in order to evidence the level of support we have from the community, our Administrator or Members Manager may access membership data and share it in an appropriately anonymised format.
Providing website functionality and securityTechnical or functional cookies (see Cookie Policy)
IP address, the attempting user’s email address/username and browser agent, as well as all IP-related HTTP headers attached to the attempting user may be recorded for login attempts, password reset requests and comment submissions
Legitimate interests: Necessary cookies may be used, for example, to temporarily store information about a booking in progress as well as any error/confirmation messages whilst submitting or managing your events or event bookings. Stored information may be used to block malicious attempts to hack into users accounts or destabilise the website. Data stored is deleted after 30 days or 100 entries, which is deemed the minimum necessary for preventing and/or investigating a security breech. Users have access to erasure or export of data associated with their user name.
Providing authentication services and app-based publishingNextend Social Login collects data when a visitor register, login or link the account with with any of the enabled social provider (Google or Facebook). It collects the following data: email address, name, social provider identifier and access token.
JetPack Connect (used by authors & editors only) require sharing of: WordPress.com-connected site ID, Jetpack active/inactive status, Jetpack version, locale/language, title, URL, and icon.
Additionally, for activity tracking by JetPack: IP address, WordPress.com username, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.
Consent: Users consent to these terms when they join the website and are reminded again of the terms when they activate these services. Users cannot access the authentication services until they have an existing account on the website and have agreed to our terms and privacy notice.
Checking and displaying user comments and spam preventionWhen visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. The IP address is anonymised before it is stored.Consent: The person posting the comment must agree to our Privacy Notice and Terms of Use before posting the comment.
Understanding our visitors and providing website enhancements such as embedded maps, spam blocking, ease of logging in, paymentsStatistical and tracking cookies (see Cookie Policy)Consent: Your consent to the use of additional cookies as described in our Cookie Policy will be asked when you first visit the website, and at least annually thereafter. You can review and change your previous consent choices by clicking the “Manage consent” button at the bottom of the page at any time.
Sharing information with the public about the teamName, email address, join date and other information you share in your profile’s “About You” field, on the Join Us or Edit Profile form.Consent: Core and Trustee members can opt in to sharing their profile publicly on the website.

2. How we use your data

We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as described in the table in section 1.  For example, we may use your personal information to:
● reply to enquiries that you send to us;
● handle donations or other transactions that you initiate;
● where you have specifically agreed to this, send you communications by email relating to our work and events which we think may be of interest to you.

3. When we share your data

We will never sell your data or pass it on for commercial gain in any way.

We will only pass your data to third parties in the following circumstances:

● you have provided your explicit consent for us to pass data to a named third party;
● for the purposes of a third party processing data on our behalf where we have in place data processing agreements with those third parties which fulfil our legal obligations in relation to the use of third party data processors;
● we are required by law to share your data;

3.1. Data Processors

We will only pass data to third parties outside of the EU where appropriate safeguards are in place in accordance with EU/UK Law through the adoption of Standard Contractual Clauses. These are usually incorporated into the contractual terms for the service, making them binding terms for the data processor.

  • This website is hosted by Namecheap and all data stored on this website is handled in accordance with their Privacy Policy, Signed Data Processing Addendum and Terms of Service. Their Data Processing Addendum incorporates Standard Contractual Clauses to safeguard transfers between the UK/EU and the US (where the data is stored).
  • We use Mailchimp for most of our email communications. Mailchimp data is stored in the US, protected by the incorporation of EU standard contractual clauses into their Terms and backed up by their Privacy Policy and Data Processing Addendum.
  • We use Google Cloud Platform for internal organisation, receiving and sending emails, document storage and website login authentication (if users choose to log in with Google). Google Cloud may transfer your data outwith the EU in accordance with their Terms and EU Standard Contractual Clauses and we have a signed Data Processing Agreement with Google Cloud. Find out more about GDPR and Google Cloud
  • This website uses embedded Google services such as Analytics, Maps, and YouTube which use your web browser to send certain information to Google. This includes the URL of the page that you’re visiting and your IP address. We have taken steps to anonymise your IP address where possible (such as in Google Analytics reporting) in line with the principle of data minimisation. Google may also set cookies on your browser or read cookies that are already there. Find out more about how Google uses information from sites or apps that use their services.
  • If you request a password reset, your IP address will be included in the reset email so that you can see if someone else is trying to gain access to your account.
  • Nextend Social Login stores the personal data on your site and does not share it with anyone except the access token which used for the authenticated communication with the social providers (Google Cloud and Facebook).
  • WordPress.Com provides two services. JetPack connect for content editing via an app is described above. Brute Force Protect by JetPack is switched on when the website is under a sustained brute force login attack. It monitors attempts to access the site and blocks IP addresses known for malicious activity before they even get access to the website. WordPress.com have provided a signed DPA. Other than the number of attempts blocked, visitors data is not stored.
  • We use Friendly Captcha, a Germany-based privacy-friendly solution to spam prevention. When you submit a form that includes the Friendly Captcha widget and send a puzzle request, they collect the following log data: The request headers User-Agent, Origin and Referer; The puzzle itself, which contains information about the account and site key it is related to; The version of the widget; and A timestamp. They store an anonymized counter per IP address for dynamic puzzle difficulty on the edge network to detect malicious users and minimize blocking legitimate users. This data is stored entirely separately from the rest of the data and cannot be correlated to specific websites or anything else. They anonymize IP addresses using a one-way hash of certain values so they cannot be personally identified. They do NOT ask for other information or personal information, such as your name, email, and online profiles. Their Privacy Policy applies.

4. How long we retain your data

We take the principles of data minimisation and removal very seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data in a timely manner once it is no longer required. 

Member and Registered User data is retained in our website’s database indefinitely whilst the membership remains active. Data can be exported or removed upon users request using the Download Your Data or Erase Your Data tools in your Privacy Settings (visit our Privacy Centre for help with this). Members who opt in to email communications will have their data passed to MailChimp via our the Ulitimate Member MailChimp extension. Data is retained by MailChimp until you have unsubscribed from the mailing list or deleted your profile from the website, upon which your data is erased by MailChimp. 

Event registration data for logged in website users entered via the website is stored in the same way as Member and Registered User data.

Event Registration data entered via the website will be stored on this website and may be transferred to our secure online cloud storage and managed in the same way as described below.

Events-related and volunteering information will a secure online cloud storage system such as Google Drive. Once relevant information is no longer required, it will be erased within 28 days (or sooner if requested by the data subject as detailed below).

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

5. What rights you have over your data
You have a range of rights over your data, described here: 

You have a right to be informed about how your data is used. That is what this document is for.

You have the right of access to your information.  If you have an account as a member on our site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. For members, this is a provided in a format which allows the possibility of data portability. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. You can find information about and links to the relevant tools on the Privacy Centre Page.

You have the right to ask for rectification and/or erasure of your information. See the relevant links on the Privacy Centre Page.

Where data processing is based on consent, you may revoke your consent or object to data processing at any time and we will make it as easy as possible for you to do this (for example by putting ‘unsubscribe’ links at the bottom of all our emails). You can limit how much data you share with us down to the minimum data set required for membership / comment verification.

You have the right to lodge a complaint with the Information Commissioner if you feel your rights have been infringed.  A full summary of your legal rights over your data can be found on the Information Commissioner’s website here: https://ico.org.uk/ 

If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please refer to information in the Privacy Centre, and Contact Us if you require any guidance. Please note that relying on some of these rights, such as the right to delete your data, will make it impossible for us to continue to deliver some services to you such as counting you as a member or including you in our email newsletters. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.

7. Website specifics 

This website uses SSL technology to encrypt data sent to and from the website. We have implemented privacy-friendly measures to prevent unauthorised logins (“I’m a human” check box on login). Backups are stored as securely as the rest of our organisations data. We used a managed hosting solution to provide additional security features such as monitoring and automatic updates. Username and password complexity requirements, fine-grained permission settings, and modified login, join and password reset pages bolster user authentication and access control. Administrators, editors and the small number of users who require access to members information are required to use 2 factor authentication to log in to the website, mailing list system and hosting configuration interfaces and access to FTP and Database is tightly controlled. Access attempts and potential security hazards are monitored and alerts sent to the website administrator who actively manages risks, keeping software updated and locking out users exhibiting suspicious activity.

The website will attempt to resize and remove EXIF data on upload to protect your privacy but if you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS).

Articles on this site may include embedded content (e.g. YouTube videos, Google Maps). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. You will therefore be asked to consent to this tracking before the embedded content can be displayed.

6. Cookies & usage tracking

This website uses cookies and other related technologies (for convenience all technologies are referred to as “cookies”). Cookies are also placed by third parties we have engaged. See our Cookie Policy for more information about the use of cookies on our website.

8. Events Manager, Event Bookings, Volunteering and Google Maps

We use Google services to generate maps and provide auto-completion when searching for events by location, which may collect data via your browser in accordance to Google’s privacy policy.

We collect and store information you submit to us when making a booking, for the purpose of reserving your requested spaces at our event and maintaining a record of attendance. This information may be shared with the relevant event organiser(s).

We collect and store information you submit to us about events (and corresponding locations) which event managers add to the website. We may use cookies to temporarily store information about a booking in progress as well as any error/confirmation messages whilst submitting or managing your events and locations.

9. Modifications

We may modify this Privacy Notice from time to time and will publish the most current version on our website. If a modification meaningfully reduces your rights, we’ll notify people whose personal data we hold and is affected.