Privacy Policy - UK Folklore & Mythology Archive

Privacy Policy for UK Folklore & Mythology Archive (UKFolkloreArchive.com)

Last Updated: [Date of Last Update]

Effective Date: [Effective Date]

Welcome to the UK Folklore & Mythology Archive ("the Archive", "we", "us", or "our"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website UKFolkloreArchive.com (the "Site") and interact with our services.

This policy is written in accordance with, and governed by, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this Privacy Policy carefully. By accessing or using our Site, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Site.

1. Data Controller

For the purposes of the UK GDPR, the data controller is:

UK Folklore & Mythology Archive
[Insert Registered or Correspondence Address, if applicable]
Email: [Insert Data Protection Contact Email]

2. The Information We Collect

We collect several types of information from and about users of our Site, which may include personal data. "Personal data" means any information relating to an identified or identifiable natural person.

2.1. Information You Provide Voluntarily

  • Contact Information: When you contact us via email or a contact form, you may provide your name, email address, and the content of your message.
  • User Contributions: If you submit folklore stories, research, corrections, comments, or other content to the Archive, we collect the information you provide, which may include personal identifiers or details within the content.
  • Newsletter Sign-ups: If you subscribe to our newsletter, we collect your email address.
  • Account Information: If we offer user accounts in the future, we will collect information necessary to create and maintain your account (e.g., username, password, email).

2.2. Information Collected Automatically

As you navigate through the Site, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns:

  • Log Data: Information that your browser sends whenever you visit our Site ("log data"). This may include your computer's Internet Protocol (IP) address, browser type and version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, and other diagnostic data.
  • Cookies and Similar Technologies: We may use cookies, web beacons, and other tracking technologies. Please see our Cookie Policy (Section 9) for more detailed information.
  • Device Information: We may collect information about the device you use to access our Site, including the hardware model, operating system, and unique device identifiers.

2.3. Information from Third Parties

We may receive limited information about you from third-party services, such as analytics providers (e.g., Google Analytics) or social media platforms, if you interact with our content on those platforms. This data is typically aggregated and anonymised.

3. How We Use Your Information

We use the information we collect for various purposes, based on the following legal bases under the UK GDPR: performance of a contract, legitimate interests, compliance with a legal obligation, or your consent.

  • To Provide and Maintain the Site: To operate, maintain, and improve the functionality of the UK Folklore & Mythology Archive (Legal basis: Legitimate interests).
  • To Communicate with You: To respond to your inquiries, comments, or requests for information (Legal basis: Legitimate interests/Performance of a contract).
  • To Manage User Contributions: To review, moderate, and publish folklore submissions and user-generated content (Legal basis: Legitimate interests/Consent, where applicable).
  • To Send Newsletters: To send you periodic newsletters if you have subscribed, which you can unsubscribe from at any time (Legal basis: Consent).
  • For Site Analytics: To analyse trends, administer the site, track users' movements around the site, and gather demographic information about our user base as a whole. This helps us understand how our content is used and improve the Site (Legal basis: Legitimate interests).
  • For Security: To detect, prevent, and address technical issues, fraud, or potential security breaches (Legal basis: Legitimate interests/Legal obligation).
  • To Comply with Law: To comply with applicable laws, regulations, and legal processes (Legal basis: Legal obligation).

4. Legal Basis for Processing (UK GDPR)

We will only process your personal data when we have a valid legal basis to do so. The primary legal bases we rely on are:

  • Legitimate Interests: Our processing is necessary for our legitimate interests in operating and improving the Archive as a cultural and educational resource, ensuring network and information security, and communicating with the public, provided these interests are not overridden by your rights and interests.
  • Consent: For certain specific purposes, such as sending marketing newsletters, we will ask for your explicit consent. You can withdraw your consent at any time.
  • Performance of a Contract: If you enter into an agreement with us (e.g., for a research collaboration), processing necessary to fulfil that contract.
  • Legal Obligation: Where we need to comply with a legal or regulatory obligation.

5. How We Share Your Information

We do not sell, trade, or rent your personal identification information to others. We may share generic aggregated demographic information not linked to any personal data with partners or for research purposes.

We may share your personal data in the following limited circumstances:

  • Service Providers: With trusted third-party vendors who perform services on our behalf, such as website hosting, data analysis, email delivery, and IT services. These providers are contractually bound to protect your data and use it only for the purposes we specify.
  • Legal Requirements: If required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
  • Protection of Rights: To enforce our Terms of Use, protect the security of the Archive, or protect our rights, privacy, safety, or property, and/or that of our users or the public.
  • Academic or Cultural Collaboration: With academic institutions or cultural organisations for legitimate research or archival purposes, where data would typically be anonymised or shared under strict data sharing agreements.

6. International Data Transfers

Your information, including personal data, is processed at our operating offices and in any data centres where our service providers are located. If we transfer your personal data outside the United Kingdom to a country not deemed to provide an adequate level of data protection, we will ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or specific contractual clauses approved for use in the UK.

7. Data Security

We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process. These include encryption, access controls, and secure server configurations. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

8. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, or as required to comply with our legal obligations, resolve disputes, and enforce our agreements. Criteria used to determine retention periods include:

  • The ongoing necessity of the data for the original purpose.
  • Legal or regulatory obligations that require specific retention periods (e.g., for tax or accounting purposes).
  • The nature and sensitivity of the data.
  • Your ability to have the data deleted upon request, subject to legal exceptions.

For example, log files are typically retained for a short period for security analysis, while contact enquiry emails may be retained for several years for reference and service improvement. Newsletter subscription data is retained until you unsubscribe.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Site and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

We use the following categories of cookies:

  • Essential Cookies: Necessary for the Site to function and cannot be switched off.
  • Analytics Cookies: Allow us to count visits and traffic sources to measure and improve Site performance.
  • Functionality Cookies: Enable enhanced functionality and personalisation (if applicable).

A more detailed Cookie Policy, including a list of specific cookies we use, is available [Insert Link to Separate Cookie Policy or provide details here].

10. Your Data Protection Rights under UK GDPR

Under the UK GDPR, you have the following rights regarding your personal data. To exercise any of these rights, please contact us using the details in Section 13.

  • The Right to Access: You have the right to request copies of your personal data.
  • The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The Right to Erasure (the "Right to be Forgotten"): You have the right to request that we erase your personal data, under certain conditions.
  • The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions (e.g., for direct marketing).
  • The Right to Data Portability: You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.
  • Rights related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling.

We will respond to all legitimate requests within one month. We may need to request specific information from you to help us confirm your identity before processing your request. You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) (www.ico.org.uk).

11. Children's Privacy

Our Site is a cultural archive intended for a general audience and is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under age 13 without verification of parental consent, we will take steps to remove that information from our servers.

12. Links to Other Websites

Our Site contains links to other websites that are not operated by us, such as references to academic sources, other folklore archives, or historical records. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact our designated data protection contact:

Email: [Insert Data Protection Contact Email]
Postal Address: [Insert Postal Address for Data Protection Requests]

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We will also endeavour to provide a more prominent notice if changes are material. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.