Privacy Policy for British Railway Heritage Chronicle (BritishRailwaysHistory.com)
Last Updated: [Date]
This Privacy Policy describes how British Railway Heritage Chronicle ("we", "us", or "our"), operating via the website BritishRailwaysHistory.com, collects, uses, and discloses your personal information when you visit, use our services, or interact with us.
We are committed to protecting and respecting your privacy in compliance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Controller
The data controller responsible for your personal data is British Railway Heritage Chronicle. For any questions regarding this policy or our privacy practices, please contact us at: [Insert Contact Email Address].
2. Information We Collect
We collect and process the following categories of personal data:
2.1. Information You Provide Voluntarily
- Contact Information: Such as your name and email address, when you subscribe to our newsletter, submit an enquiry via our contact form, or submit historical content.
- User Content: Any information, stories, photographs, or documents you voluntarily submit for publication or community discussion.
- Communication Data: Records of your correspondence with us.
2.2. Information Collected Automatically
- Technical Data: Internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Usage Data: Information about how you use our website, including pages viewed, time spent on pages, clickstream data, and the referring website address.
- Cookies and Similar Technologies: We use cookies and similar tracking technologies. For detailed information, please see our Cookie Policy (Section 9).
3. How We Use Your Information (Purposes and Legal Bases)
We will only use your personal data when the law allows us to. Under UK GDPR, our legal bases for processing include:
| Purpose of Processing | Categories of Data | Legal Basis for Processing |
|---|---|---|
| To operate, maintain, and provide the core features of our website. | Technical Data, Usage Data | Legitimate Interests (to run and administer our service efficiently). |
| To send you our email newsletter, if you have requested it. | Contact Information | Consent (which you can withdraw at any time). |
| To respond to your enquiries and provide user support. | Contact Information, Communication Data | Legitimate Interests (to respond to and manage our relationship with our audience). |
| To process and, with your permission, publish user-submitted historical content. | Contact Information, User Content | Consent (for publication). Legitimate Interests (for review and administration). |
| To analyse and improve our website's performance, content, and user experience. | Technical Data, Usage Data | Legitimate Interests (to study how users interact with our site, to develop it, and inform our content strategy). |
| To prevent fraud, ensure security, and comply with legal obligations. | Technical Data, Usage Data | Legal Obligation / Legitimate Interests (to protect our website and business). |
4. How We Share Your Information
We do not sell, trade, or rent your personal data to third parties. We may share your data in the following limited circumstances:
- Service Providers: With trusted third-party vendors who provide services on our behalf (e.g., website hosting, email distribution, analytics). These providers are contractually bound to use your data only to provide the service and protect it.
- Legal Requirements: If required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
- Protection of Rights: To enforce our terms of use, protect the security of our website, or defend the rights, property, or safety of us, our users, or others.
- With Your Consent: For any other purpose, we will explicitly ask for your consent before sharing.
5. International Data Transfers
Our website is hosted within the United Kingdom. However, some of our third-party service providers (e.g., email marketing platforms) may be based outside the UK. If we transfer your personal data outside the UK, we will ensure a similar degree of protection is afforded to it by using specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
6. Data Security
We have implemented appropriate technical and organisational security measures designed to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
7. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Newsletter Data: Retained until you unsubscribe.
- Enquiry Data: Retained for 24 months after the enquiry is resolved for record-keeping.
- Technical & Usage Data: Typically aggregated or anonymised within 26 months.
- Published User Content: Retained indefinitely as part of the historical archive, alongside your credited name (as provided).
You can request deletion of your personal data at any time (see Your Rights below).
8. Your Legal Rights Under UK GDPR
You have the following rights regarding your personal data:
- The right to access: You can request a copy of the personal data we hold about you.
- The right to rectification: You can request correction of inaccurate or incomplete data.
- The right to erasure ("the right to be forgotten"): You can request deletion of your personal data, subject to certain conditions.
- The right to restrict processing: You can request we suspend processing of your data.
- The right to data portability: You can request a transfer of your data to another service.
- The right to object: You can object to processing based on legitimate interests.
- Rights related to automated decision-making: We do not engage in automated decision-making or profiling.
- The right to withdraw consent: Where we rely on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us using the details in Section 1. We may need to request specific information from you to confirm your identity. You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO).
9. Cookies and Tracking Technologies
Our website uses cookies (small text files stored on your device) to distinguish you from other users. This helps us provide a better experience and improve our site.
9.1. Types of Cookies We Use
- Essential/Strictly Necessary Cookies: Required for the website to function (e.g., security). They do not require consent.
- Analytical/Performance Cookies: Allow us to count visits and traffic sources to measure and improve performance. They are anonymised.
- Functionality Cookies: Enable enhanced functionality and personalisation (e.g., remembering your preferences).
9.2. Managing Cookies
When you first visit our site, you will be presented with a cookie banner where you can consent to non-essential cookies. You can also manage your browser settings to refuse all or some cookies. Please note that disabling cookies may affect the functionality of parts of this website.
10. Third-Party Links
Our website may contain links to other sites of historical interest (e.g., railway museums, archives). This privacy policy applies only to our website. We encourage you to read the privacy policy of any other site you visit.
11. Children's Privacy
Our website is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with data, please contact us, and we will delete such information.
12. Changes to This Privacy Policy
We may update this policy periodically. The "Last Updated" date at the top will be revised. We will notify subscribers of material changes via email. We encourage you to review this page occasionally.
13. Contact Us
For questions, comments, or requests regarding this Privacy Policy or our data practices, please contact:
British Railway Heritage Chronicle
Email: [Insert Contact Email Address]