UK GDPR Compliant. This policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Section 1
Data Controller
The data controller for this website is Jack Thomas Tebay, trading as Stoneclough Community Hub, contactable at admin@stoneclough.uk.
Address: Stoneclough, Farnworth, Bolton, Greater Manchester, United Kingdom
ICO Registration: We are registered with the Information Commissioner's Office (ICO). Registration number to be confirmed — register at ico.org.uk if not yet completed (£40/year for small organisations).
Section 2
What Data We Collect
We collect and process the following categories of personal data:
Account Information
- Full name
- Email address
- Phone number (optional)
- Postcode or address (for local verification)
Membership Data
- Membership tier and verification status
- Poll and survey participation history
- Business listings (if applicable)
Payment Information
- Payments are processed by Stripe — we do not store full card details
- Stripe customer ID and subscription status only
Activity Data
- Issue reports you submit
- Survey and poll responses
- Event registrations
Section 3
Legal Basis for Processing
| Processing Purpose | Legal Basis |
|---|---|
| Account creation & authentication | Contract performance |
| Payment processing | Contract performance |
| Email notifications (opted-in) | Legitimate interests / Consent |
| Analytics | Legitimate interests |
| Civic participation records | Public interest |
| Issue reporting | Legitimate interests |
| Marketing emails (if opted in) | Consent |
Section 4
Data Retention Schedule
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until deletion requested | Service delivery |
| Transaction records | 7 years | HMRC requirements |
| Report submissions | 3 years | Civic accountability |
| Analytics data | 26 months | Industry standard |
| Cookie consent records | 3 years | ICO guidance |
Section 5
Your Rights Under UK GDPR
Right of Access
Request a copy of all personal data we hold about you (Subject Access Request).
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your data ('right to be forgotten').
Right to Portability
Receive your data in a machine-readable format.
Right to Restriction
Limit how we use your data in certain circumstances.
Right to Object
Object to processing based on legitimate interests.
To exercise any of these rights, email admin@stoneclough.uk. We will respond within 30 calendar days.
Section 6
Data Sharing
We share data only with trusted third-party service providers:
Supabase — Database and authentication (EU-based)
Stripe — Payment processing (PCI-DSS compliant)
Vercel — Website hosting
We may share anonymised issue reports with Bolton Council, Greater Manchester Combined Authority, or other public bodies to advocate for our community. Personal details are only shared with your explicit consent or where required by law.
We never sell your personal data to third parties.
Section 7
Data Security
- Encryption in transit (HTTPS/TLS) and at rest
- Secure authentication via Supabase Auth
- Row Level Security (RLS) policies on all database tables
- PCI-DSS compliant payment processing via Stripe
- Regular security reviews and access controls
Section 8
Complaints
If you have questions or concerns about this policy or how we handle your data, contact us at admin@stoneclough.uk.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk/concerns
Phone: 0303 123 1113
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.