London, UK | — | —
This notice explains how brave Projects collects, uses, shares and protects personal information when you use braveprojects.co.uk. If anything is unclear, email hello@braveprojects.co.uk.
brave Projects is a privately funded non-profit arts organisation based in London. We are the data controller for the personal information described here under the UK GDPR, and the EU GDPR if you are in the European Economic Area. Contact: hello@braveprojects.co.uk.
We do not make significant automated decisions about you.
We never sell your personal information. We rely on trusted service providers across categories such as cloud hosting, database, identity and session storage, content management, transactional email and analytics. They process information only on our instructions, under contracts that meet UK and EU GDPR. We can tell you who they are on request. We may also disclose information where required by law, to protect someone’s vital interests, or to investigate serious abuse of the community.
Some providers process data in the United States. Where personal information leaves the UK or EEA we rely on the safeguards required by UK and EU GDPR (the UK Extension to the EU-US Data Privacy Framework, or the UK International Data Transfer Agreement).
We keep personal information only as long as we need it for the purposes above and for any period required by law. When you delete your community account we delete or anonymise your account record and content. Short-lived data such as sessions, password-reset tokens and analytics events expire on their own short timers. Email hello@braveprojects.co.uk for the specific period for any data type.
You have the right under UK and EU GDPR to access the personal information we hold about you, ask us to correct or delete it, get a copy in a portable format, restrict or object to how we use it, and withdraw any consent you have given. To exercise any right, email hello@braveprojects.co.uk. We will respond within one calendar month.
The community is intended for users aged 16 or over. We do not knowingly collect personal information from children under 16. If you believe a child has given us their information without parental consent, contact us and we will delete it.
We take reasonable technical measures to keep your data safe: bcrypt password hashes, HTTPS, HTTP-only Secure session cookies, access-controlled admin tools and rate-limited auth endpoints. No online service can be made completely secure. If we discover a personal-data breach likely to put your rights at risk, we will notify the UK Information Commissioner’s Office within 72 hours and tell you without undue delay if the risk to you is high.
We only send marketing email (the newsletter) if you have asked for it, and every newsletter has an unsubscribe link. Transactional notifications (replies, mentions, password resets, account-approval results) are part of the community service. You can turn off mentions and replies in your profile; security-related emails cannot be turned off.
We are not responsible for the privacy practices of external sites we link to or that community members share.
We will update this notice when our practices change. The “Last updated” date at the top shows when we last revised it. For significant changes we will notify community members by email or a notice on the community page.
Please tell us first. Email hello@braveprojects.co.ukand we will try to put it right. You also have the right to complain to the UK Information Commissioner’s Office at ico.org.uk/make-a-complaint, or to your local data protection authority if you are in the EEA.