Privacy Policy
Last updated: 27 November 2025
GDPR Compliant: This policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Controller
Stoneclough Community Council ("SCC", "we", "us", or "our") is the data controller responsible for your personal data.
Contact: stonecloughcollective@gmail.com
Address: Stoneclough, Farnworth, Bolton, Greater Manchester, United Kingdom
2. What Data We Collect
We collect and process the following categories of personal data:
Account Information
- Full name
- Email address
- Phone number (optional)
- Postcode/address (for local verification)
Membership Data
- Constitution signatory status and date
- Membership tier (Community, Verified, Supporting, Founder)
- Verification status
Payment Information
- We use Stripe to process payments securely
- We do NOT store your full card details on our servers
- Stripe customer ID and subscription status only
Activity Data
- Issue reports you submit
- Survey and poll responses
- Business listings (if applicable)
- Event registrations
3. Legal Basis for Processing
Under UK GDPR, we process your data based on the following lawful bases:
| Purpose | Legal Basis |
|---|---|
| Account creation and authentication | Contract performance |
| Processing membership subscriptions | Contract performance |
| Community issue reporting | Legitimate interest |
| Sending service-related communications | Legitimate interest |
| Marketing emails (if opted in) | Consent |
| Analytics and service improvement | Legitimate interest |
4. How We Use Your Data
We use your personal data to:
- Create and manage your SCC membership account
- Verify your local connection to Stoneclough and surrounding areas
- Process subscription payments for Supporting Members
- Enable you to report local issues and participate in community decisions
- Send important updates about the SCC, local matters, and your account
- Maintain the Business Directory and Events Calendar
- Generate anonymised statistics about community engagement
- Comply with legal obligations
5. Data Sharing
We may share your data with:
Service Providers
- Supabase - Database and authentication services (EU-based)
- Stripe - Payment processing (PCI-DSS compliant)
- Vercel - Website hosting
Public Authorities
We may share anonymised issue reports with Bolton Council, Greater Manchester Combined Authority, or other relevant bodies to advocate for our community. Personal details are only shared with your explicit consent or where required by law.
We NEVER sell your personal data to third parties.
6. Your Rights Under GDPR
Right to Access
Request a copy of all personal data we hold about you.
Right to Portability
Receive your data in a machine-readable format.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your data ("right to be forgotten").
Right to Restrict Processing
Limit how we use your data in certain circumstances.
Right to Object
Object to processing based on legitimate interests.
To exercise any of these rights, contact us at stonecloughcollective@gmail.com. We will respond within 30 days.
7. Data Retention
We retain your personal data for as long as necessary to provide our services:
- Account data: Until you delete your account or request erasure
- Constitution signatory records: Permanently (as part of SCC's official records)
- Payment records: 7 years (for tax and legal compliance)
- Issue reports: 3 years after resolution (for community records)
8. Data Security
We implement appropriate technical and organisational measures to protect your data:
- Encryption in transit (HTTPS/TLS) and at rest
- Secure authentication via Supabase Auth
- Row Level Security (RLS) policies on all database tables
- PCI-DSS compliant payment processing via Stripe
- Regular security reviews and updates
- Access controls limiting staff access to personal data
9. Cookies
We use essential cookies only:
- Authentication cookies: To keep you signed in securely
- Session cookies: To maintain your session state
We do NOT use tracking cookies, advertising cookies, or third-party analytics that track individual users.
10. Contact and Complaints
If you have questions or concerns about this policy or how we handle your data, contact us:
Email: stonecloughcollective@gmail.com
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.