Greater Craigmillar Community Calendar Logo
Greater Craigmillar Community Calendar

Privacy Policy

Effective: 28 May 2026 UK GDPR Compliant

Your privacy matters to us. This policy explains how we collect, use, and protect your personal data.

In Simple Terms:

We only collect information we need to run the calendar. We do not sell your data. You control what you share with us. Any event organisers who upload posters are fully responsible for their content, including AI-generated images, copyright, and consent from people pictured.

1. What Data We Collect
Public Visitors
  • IP address (anonymous analytics only)
  • Page views and referral source
  • Browser type and device
Registered Users
  • Email address
  • Name and organisation name
  • Password (encrypted)
  • Login timestamps
  • Activity logs (actions, IP address, timestamp)
Event Data
  • Event titles and descriptions
  • Poster files (images and documents)
  • Location data
  • Date and time information
2. How We Use Your Data
Operate the Calendar

Display events, manage approvals, send email notifications

Maintain Security

Login attempt limiting, activity logging, fraud prevention

Improve the Service

Visitor analytics, popular event tracking, performance monitoring

Send Important Updates

Event approvals, rejections, announcements, and system notifications

3. Legal Basis for Processing (UK GDPR)
Public Visitors

Legitimate interests – we use analytics and security measures to protect and improve the website.

Registered Users

Contractual necessity – we process your data to provide the account service you requested.

4. Data Sharing
We do NOT sell your data.

We share data only in these circumstances:

  • Email Service Provider – to send notification emails
  • Hosting Provider – who stores the data securely on our behalf
  • Legal Requirements – court order, police request, or legal obligation

We never share your data for marketing purposes or with third-party advertisers.

5. Your Rights Under UK GDPR
Right to Access – See what data we hold about you
Right to Rectify – Correct inaccurate data
Right to Delete – Request account deletion
Right to Restrict – Limit how we use your data
Right to Data Portability – Get a copy of your data
Right to Object – Object to certain processing

Registered users can request account deletion via their profile page. Public visitors should contact the Super Administrator directly.

6. Data Retention Periods
  • Activity logs – retained for 12 months
  • Deleted account data – anonymised within 30 days after deletion approval
  • Visitor analytics – anonymised after 26 months
  • Active account data – retained while your account is active
  • Event data – removed 2 days after the event date (auto-cleanup)
  • Rejected event submissions – deleted after 90 days
7. Cookies & Tracking

We use essential cookies for:

  • Session management (keeping you logged in)
  • Security (CSRF protection)
  • Visitor analytics (anonymous counts only)

We do not use tracking cookies for advertising or cross-site tracking.

8. Children's Privacy

The calendar is intended for general audiences. Event organisers are solely responsible for obtaining parental consent before featuring any identifiable child in posters or photographs.

If you believe a child's image has been used without consent, please contact the Super Administrator immediately.

9. Changes to This Privacy Policy

We may update this policy from time to time. The "Effective Date" at the top indicates when changes were last made. For registered users, we will notify you of significant changes via email or dashboard announcement.

10. Contact Us

For any privacy concerns, data requests, or questions about this policy, please contact the Super Administrator:

Back to Home View Terms of Use
Last reviewed: 14 June 2026