Privacy Policy

1. Who we are and how to contact us

This Privacy Policy explains how JMBarrieSociety collects, uses, shares, and protects your personal data when you visit or interact with the website jmbarriesociety.co.uk. We act as the “data controller” for the personal data we process about you.

If you have any questions about this Policy or your data, contact us at: privacy@jmbarriesociety.co.uk

2. Scope of this Policy

This Policy applies to the personal data we collect through jmbarriesociety.co.uk, including forms, emails, event registrations, newsletter sign-ups, and cookies or similar technologies. It also covers communications we send in relation to the website. It does not cover third-party websites or services that we do not control.

3. The data we collect

We may collect and process the following categories of data:

  • Identity and contact details: name, email address, telephone number, organisation or affiliation (if provided).
  • Communications: messages you send via contact forms or email, and your correspondence preferences.
  • Newsletter and updates: your email address and preferences if you subscribe.
  • Events or activities: registration details you provide, such as name and contact information, and any accessibility or dietary information you choose to disclose (only if necessary for the event).
  • Technical and usage data: IP address, device and browser type, pages visited, referring URLs, time and date of visits, and interactions with site features. This may be collected via server logs and cookies or similar technologies.
  • Feedback and surveys: responses you provide.
  • Social media: if you interact with our social media profiles, the platforms may share certain information with us based on your settings.

4. How we collect your data

  • Directly from you: when you fill in forms, subscribe to updates, register for events or activities, contact us by email, or otherwise communicate with us.
  • Automatically: through cookies, server logs, and similar technologies when you browse the site.
  • From third parties: analytics providers, event platforms, email service providers, or social media platforms, in accordance with their privacy notices and your settings.

5. Purposes and legal bases for processing

We process personal data only where we have a lawful basis under the UK GDPR and the Data Protection Act 2018. The purposes and legal bases include:

  • Operating and improving the site: to run, maintain, secure, and enhance the website; to analyse usage and performance; to troubleshoot and prevent fraud or abuse.

    Legal basis: our legitimate interests in operating an effective and secure website.
  • Responding to enquiries: to reply to your questions and requests.

    Legal basis: our legitimate interests in responding to enquiries; or steps necessary at your request prior to entering a contract.
  • Newsletters and updates: to send you emails you have requested and manage your subscriptions.

    Legal basis: your consent; and compliance with the Privacy and Electronic Communications Regulations (PECR).
  • Events or activities: to manage registrations, communications, attendance, and follow-up.

    Legal basis: performance of a contract or steps taken at your request; legitimate interests in administering events; and, where necessary for optional details, your explicit consent.
  • Compliance and record-keeping: to comply with legal obligations and maintain appropriate records.

    Legal basis: legal obligation; legitimate interests in proper administration and defense of legal claims.
  • Security and fraud prevention: to protect the site and our users.

    Legal basis: legitimate interests in ensuring security and preventing misuse.
  • Marketing beyond newsletters: where applicable and permitted by law, to send information about our work that may be of interest.

    Legal basis: consent (or soft opt-in where permitted by PECR); you can object or opt out at any time.

We do not sell your personal data. We do not use your data for automated decision-making that produces legal or similarly significant effects.

6. Cookies and similar technologies

We use cookies and similar technologies to make our site work, to remember your preferences, and to understand how the site is used. Cookies are small files placed on your device.

Types of cookies we may use:

  • Strictly necessary cookies: required for core functionality and security. These are set without consent.
  • Preferences cookies: remember choices such as language and display settings. These may require consent.
  • Analytics cookies: help us measure and improve site performance and understand visitor interactions. These require consent under PECR unless strictly necessary and kept anonymous.
  • Functional or embedded content cookies: support features like video or social embeds if used. These may be set by third parties and require consent.

Cookie duration: session cookies expire when you close your browser; persistent cookies may last from a few days up to 24 months, depending on purpose. We aim to set analytics cookies for no longer than 13–26 months.

Your choices: on your first visit, you may be asked to accept or reject non-essential cookies. You can change your preferences at any time via your browser settings by blocking or deleting cookies. Blocking some cookies may affect site functionality. At present, we do not respond to browser “Do Not Track” signals.

7. Sharing your data

We share personal data only as necessary and with appropriate safeguards:

  • Service providers (processors): hosting, content management, email delivery, analytics, event administration, and website security providers who process data on our instructions and under contract.
  • Professional advisers: auditors, legal counsel, or similar professionals where reasonably necessary.
  • Legal and compliance: if required by law, regulation, court order, or to protect rights, safety, or security.
  • With your consent: where you ask us to share data or where sharing is clearly necessary for a service you request.

We require all recipients to protect your data and to process it only for the purposes we specify.

8. International data transfers

Our primary hosting and processing may be located in the United Kingdom or the European Economic Area (EEA). If we transfer personal data outside the UK (or permit access from outside the UK), we will ensure appropriate safeguards are in place, such as:

  • An adequacy regulation by the UK government for the destination country; or
  • Standard Contractual Clauses with the UK International Data Transfer Addendum (or the International Data Transfer Agreement) and, where necessary, supplementary measures.

You can contact us for more information about the safeguards used for particular transfers.

9. Data retention

We keep personal data only for as long as necessary for the purposes described in this Policy or as required by law. Typical retention periods are:

  • Enquiries and correspondence: up to 24 months after last contact.
  • Newsletter subscriptions: until you unsubscribe, then limited suppression records kept for up to 24 months to respect your opt-out.
  • Event or activity records: for the duration of the event plus up to 24 months; financial records (if applicable) up to 6 years to meet legal obligations.
  • Analytics data: typically 13–26 months.
  • Server logs and security records: up to 12 months, unless required longer for security or legal reasons.

When retention ends, we delete or irreversibly anonymise the data.

10. Data security

We take appropriate technical and organisational measures to protect your personal data, including secure hosting, access controls, encryption in transit where feasible (HTTPS), regular updates, and restricted access based on role. While we work to safeguard your information, no method of transmission or storage is completely secure; we cannot guarantee absolute security.

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will assess and, where required, notify the Information Commissioner’s Office (ICO) and affected individuals in line with legal requirements.

11. Your rights

Under the UK GDPR, you have the following rights (subject to conditions and exemptions):

  • Access: request a copy of your personal data and information about how we process it.
  • Rectification: ask us to correct inaccurate or incomplete data.
  • Erasure: ask us to delete your data in certain circumstances.
  • Restriction: ask us to restrict processing in certain circumstances.
  • Portability: receive your data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible and lawful.
  • Objection: object to processing based on our legitimate interests or for direct marketing.
  • Withdraw consent: where processing relies on consent, you can withdraw it at any time. Withdrawal does not affect processing before withdrawal.

12. How to exercise your rights

To exercise your rights or ask a question, contact us at privacy@jmbarriesociety.co.uk. We may need to verify your identity before responding. We aim to respond within one month of receiving your request. If your request is complex or numerous, we may extend this period by up to two further months and will inform you.

13. Children’s privacy

Our website is intended for a general audience. We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you believe a child has provided us with personal data without consent, please contact us and we will take appropriate steps to delete it.

14. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee privacy matters. You can contact our DPO at: dpo@jmbarriesociety.co.uk

15. Third-party websites and services

The website may include content from or links to third-party services. Those parties are responsible for their own privacy practices. We encourage you to review their privacy information before providing personal data.

16. Legal bases for marketing under PECR

We will only send you electronic marketing (such as newsletters) with your consent, or where permitted by PECR under the “soft opt-in” for similar services you have previously requested. You can opt out of marketing at any time by following the instructions in our emails or by contacting us.

17. International users

Our processing is governed by UK data protection law. If you access the site from outside the UK, you do so on your own initiative and are responsible for compliance with local laws where they apply.

18. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, or legal requirements. If we make material changes, we will post a prominent notice on the website. Please check this page periodically for updates.

19. Complaints

If you have concerns about our use of your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO). Contact details for the ICO include telephone 0303 123 1113 and postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

20. Effective date

Effective date: 6 December 2025

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2025 JMBarrieSociety