GDPR Compliant

Privacy Policy

Your privacy matters to us. This policy explains what data we collect, how we use it, and the rights you have over your personal information.

Last updated: May 2026  ·  GDPR & UK Data Protection Act 2018

🔒

We protect your data

Encrypted storage and secure connections

🚫

No data selling

We never sell your personal information

✋

You're in control

Access, update, or delete your data anytime

🇪🇺

GDPR compliant

Full compliance with EU & UK data laws

Section 01

Who We Are

Unity Roots Go Blue ("we", "our", "us") operates the website at nz-unityroots.org.uk. We are the data controller responsible for your personal data collected through this Platform.

We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable data protection legislation.

Section 02

Data We Collect

We collect and process the following categories of personal data:

Category	Examples	Source
Account data	Name, email address, username, password (hashed)	You provide directly
Profile data	Profile picture, bio, country of origin	You provide directly
Content data	Stories, comments, saved posts	You create on Platform
Usage data	Pages visited, time spent, clicks, device type	Collected automatically
Technical data	IP address, browser type, operating system	Collected automatically
Communication data	Support emails, contact form submissions	You provide directly

We do not collect sensitive personal data (such as health, financial, or biometric data) unless explicitly required and with your clear consent.

Section 03

How We Use Your Data

We use your personal data for the following purposes:

Creating and managing your account and providing access to the Platform
Personalising your experience and showing relevant content
Sending transactional emails (account confirmation, password reset, security alerts)
Sending platform updates and community notifications (you can opt out at any time)
Moderating content and enforcing our Community Guidelines and Terms
Analysing usage patterns to improve our Platform and user experience
Complying with legal obligations and responding to lawful requests

Section 04

Legal Basis for Processing

Under the UK GDPR, we rely on the following legal bases to process your personal data:

Contract — Processing necessary to provide the services you signed up for
Legitimate interests — Platform security, fraud prevention, and service improvement
Consent — Marketing emails and optional cookies (you can withdraw consent at any time)
Legal obligation — Where processing is required to comply with applicable law

Section 05

Data Sharing

We do not sell, rent, or trade your personal data. We may share your data with trusted third parties only where necessary:

Hosting provider — For secure website and data storage
Email service provider — To send transactional and notification emails
Analytics provider — For anonymised usage analytics (no individual identification)
Law enforcement — Where required by law or to protect the safety of users

All third-party processors are bound by data processing agreements and are required to maintain appropriate security standards.

We never sell your data. Your personal information is never shared with advertisers, data brokers, or third parties for their own marketing purposes.

Section 06

Cookies

We use cookies and similar tracking technologies to operate the Platform and improve your experience. Cookies are small text files stored on your device.

Type	Purpose	Duration
Essential	Login sessions, security tokens	Session / 30 days
Functional	User preferences, language settings	1 year
Analytics	Page views, traffic sources (anonymised)	Up to 2 years

You can control cookies through your browser settings. Disabling essential cookies may affect your ability to use the Platform.

Section 07

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes it was collected for, including for legal, accounting, or reporting requirements.

Account data is retained for the duration of your account and up to 2 years after deletion
Published content may remain visible after account deletion unless you request removal
Anonymised usage data may be retained indefinitely for statistical purposes
Legal and compliance records may be retained for up to 7 years

Section 08

Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

👁️

Right of Access

Request a copy of the personal data we hold about you.

✏️

Right to Rectification

Request correction of inaccurate or incomplete data.

🗑️

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

⏸️

Right to Restriction

Request restriction of processing in certain circumstances.

📦

Right to Portability

Receive your data in a structured, machine-readable format.

🚫

Right to Object

Object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, contact us at privacy@unityroots.org. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

Section 09

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against accidental loss, unauthorised access, disclosure, or alteration. These include:

SSL/TLS encryption for all data transmitted to and from the Platform
Passwords stored using bcrypt hashing — we never store plain-text passwords
Regular security audits and vulnerability assessments
Access controls limiting staff access to personal data on a need-to-know basis
Automatic session timeouts and secure cookie flags

In the event of a personal data breach, we will notify affected users and the ICO within 72 hours where required by law.

Section 10

Children's Privacy

The Platform is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If we become aware that we have collected data from a child under 16 without appropriate consent, we will promptly delete that data.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

Section 11

International Data Transfers

Your data may be processed in countries outside the UK or European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO, or we transfer data only to countries with an adequacy decision.

Section 12

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email or via a prominent notice on the Platform at least 14 days before the changes take effect.

We encourage you to review this policy periodically. The "Last updated" date at the top of this page indicates when it was last revised.

Section 13

Contact & Data Protection Officer

For any privacy-related questions, requests to exercise your rights, or concerns about how we handle your data, please contact us:

Email: privacy@unityroots.org
Subject line: "Privacy Request – [Your Name]"
ICO (UK regulator): ico.org.uk — Tel: 0303 123 1113

Questions about your privacy?

We take your data rights seriously. Our team will respond within 30 days.

Contact Privacy Team Terms & Conditions