Before I draft a final, ready-to-publish privacy policy, I need a few confirmations so it’s accurate and legally compliant (and avoids any placeholders or guesses):
– Data controller details:
– Legal name of the organisation that operates CartersMounts
– Registered or correspondence address (including country)
– General contact email and phone (if any) for privacy enquiries
– Data Protection Officer (DPO):
– Do you have a formally appointed DPO? If yes, provide their contact details. If not, confirm “No DPO appointed” and provide a privacy contact.
– Services and processors used on the site:
– Hosting provider (and location if known)
– Analytics (e.g., Google Analytics), advertising pixels, performance/error tracking, A/B testing tools
– Email/newsletter service (e.g., Mailchimp), CRM or membership system, payment processors/donations, event ticketing, forms (e.g., Typeform), scheduling, survey tools
– Any embedded content (e.g., YouTube, Vimeo, Google Maps), social media widgets
– Cookies:
– Do you operate a cookie banner with granular consent and prior blocking of non-essential cookies?
– Any specific cookies you want listed (or confirm to use a standard category-based list without a detailed cookie table)
– Data you collect:
– Membership/junior membership applications, bookings, event entries, shop orders, donations, newsletters, volunteering, safety/incident reports, photography/video at events, CCTV at the boathouse
– Whether you collect data about children (junior members) and how parental/guardian consent is obtained
– International data transfers:
– Any tools or processors that store/process data outside the UK (e.g., US-based services)
– Retention:
– Your preferred retention periods for: enquiries, memberships, financial records, safeguarding/incident records, newsletter lists, website analytics, and account data. If you prefer, I can apply conservative UK best-practice defaults.
– Automated decision-making/profiling:
– Do you do any? (Likely no—please confirm.)
– Effective date you want shown on the policy
Once I have these details, I’ll provide a complete HTML-formatted policy with numbered sections, compliant with UK GDPR, Data Protection Act 2018, and PECR, including data collection, purposes, legal bases, retention, rights, cookies, security, international transfers, DPO/contact, and policy updates.