PRIVACY POLICY

Effective date: 13 September 2025

1) Who we are and scope of this Policy

This Privacy Policy explains how uk.joinsermo.com (the “Site”) collects and processes personal data when you visit or interact with the Site. The data controller is the Site Operator (the “Controller,” “we,” “us,” or “our”). This Policy does not apply to Sermo’s services; Sermo is a separate controller for any data you provide to it.

2) Summary

  • We collect limited personal data that you choose to share (e.g., contact messages, newsletter sign‑ups, comments) and technical/analytics data generated by your use of the Site.

  • We use this data to operate the Site, moderate abuse/spam, understand performance and usage, and send opted‑in communications.

  • We do not sell your personal data.

  • We honor your rights under UK GDPR, including the right to access, rectify, erase, restrict, object, and port your data, and to withdraw consent at any time.

3) What we collect

3.1 Information you provide

  • Contact and enquiry data: name, email address, and the content of your message when you contact us.

  • Newsletter/updates: email address when you subscribe or request updates; we store your subscription preferences and timestamp.

  • Comments/user‑generated content: name (display name), email address (not publicly shown), comment text, and technical anti‑spam signals (e.g., IP address and user‑agent).

  • Surveys/feedback forms (optional): if we run feedback forms on the Site, we will collect the fields you submit.

3.2 Information collected automatically

  • Log and device data: IP address, browser type/version, pages viewed, referral source, and timestamps collected by our hosting infrastructure and security tools for operational and security purposes.

  • Cookies and similar technologies: We use essential cookies to operate the Site and analytics cookies (e.g., Google Analytics 4) to understand usage. Analytics may collect pseudonymous identifiers, approximate geolocation (city/region level), and event data (e.g., page views, clicks). We do not use advertising or retargeting cookies.

4) Lawful bases for processing (UK GDPR)

We rely on the following bases:

  • Consent: for sending newsletters/marketing emails and for placing analytics cookies (where required).

  • Legitimate interests: to operate the Site, prevent fraud and abuse (including comment moderation/spam detection), maintain security, and compile aggregated statistics that help us improve the Site. We balance these interests against your rights and freedoms.

  • Legal obligation: to comply with applicable laws, court orders, or regulatory requirements.

5) How we use personal data

  • To provide, maintain, troubleshoot, and secure the Site.

  • To respond to enquiries and support requests.

  • To moderate comments, prevent spam/abuse, and maintain community standards.

  • To analyze Site performance and improve content and user experience.

  • To send you newsletters or updates where you have opted in (you can unsubscribe at any time).

  • To comply with legal obligations and enforce our Terms.

6) Retention

We retain personal data only for as long as necessary for the purposes described:

  • Contact enquiries: typically up to 24 months after resolution.

  • Newsletter subscription data: until you unsubscribe, plus up to 24 months to maintain suppression lists and compliance records.

  • Comments and anti‑spam logs: typically 5 years to maintain discussion integrity and address disputes.

  • Analytics data: kept in our analytics tool for up to 14 months (or the closest available retention setting).

7) Sharing and recipients

We share personal data with service providers acting on our behalf (“processors”), including:

  • Website hosting and security (e.g., managed WordPress hosting, CDN, DDoS protection).

  • Email delivery and newsletter tools used to send updates and manage subscriptions.

  • Analytics providers (e.g., Google Analytics 4) that help us understand Site usage.
    These providers are bound by contracts that require them to protect your data and only process it according to our instructions. We may also share data where required by law or in connection with the sale or transfer of our business.

8) International transfers

Where personal data is transferred outside the UK/EEA (for example, to the United States for analytics or email services), we rely on appropriate safeguards such as adequacy decisions (including participation in recognized data‑transfer frameworks) or approved standard contractual clauses with necessary UK addenda. You can contact us for details of the specific safeguards in place.

9) Cookies and controls

  • Types of cookies:

    • Essential: required to provide the Site (e.g., load balancing, security, consent management).

    • Analytics: help us measure and improve performance.

  • Your choices: On your first visit, we display a consent prompt for non‑essential cookies. You can accept or reject analytics cookies and change your choice at any time via the cookie settings link (footer). You can also manage cookies in your browser settings and opt out of analytics using tools provided by your browser or operating system. Rejecting analytics cookies will not affect your access to the Site.

10) Your rights

Subject to conditions and exemptions under UK GDPR, you have the right to access, rectify, erase, restrict or object to processing, and the right to data portability. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). We encourage you to contact us first so we can address your concerns.

11) Security

We employ administrative, technical, and organizational measures appropriate to the risk, including encryption in transit (HTTPS), access controls, audit logs, and regular updates. However, no system is completely secure; you use the Site at your own risk.

12) Children’s privacy

The Site is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided personal data via the Site, please contact us so we can delete it.

13) Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new effective date. Where changes are material, we may also notify subscribers/commenters by email. Please review this Policy periodically.