1. Who We Are and How to Contact Us

Britain Direct is operated under the direction of One Brit Abroad, with all official communications, data subject requests, inquiries, or notices directed exclusively through Telegram at @BritainDirect. No other contact methods are authorised for privacy-related matters.

We do not maintain a physical office or public email for privacy inquiries to minimise data exposure and maintain operational security.

2. Information We Collect

We practice data minimisation and collect only what is strictly necessary for the Services to function and for our legitimate interests in operating a free-expression-focused community platform.

2.1 Information You Provide Directly

• Account Registration Data (if you choose to register for enhanced features such as the Members-Only Area): username, password (hashed), email address (optional but may be required for certain verifications), and any self-provided biographical or profile information.
• User-Generated Content: posts, comments, forum threads, replies, uploaded media, or other contributions.
• Communications: messages sent via contact forms, direct messages (if enabled), or Telegram interactions for support/privacy requests.

2.2 Automatically Collected Information

• Technical/Usage Data: IP address, browser type/version, operating system, device identifiers, pages visited, time/date of access, referral sources, and basic analytics (e.g., via server logs or minimal analytics tools configured for privacy).
• Cookies and Similar Technologies: We use only essential cookies for site functionality (e.g., session management, security). No tracking, advertising, or non-essential cookies are deployed unless explicitly consented to (and even then, minimally). See our separate Cookie Policy (if applicable) or banner notices.

2.3 Information We Do Not Collect

We do not collect:

• Precise geolocation data
• Financial/payment information (unless through secure third-party processors for any future paid features, with separate notices)
• Sensitive personal data (special category data under UK GDPR Article 9) unless voluntarily provided in public posts (in which case, you are responsible for the disclosure)
• Data from children under 16 (or 13 in some contexts); the Services are not directed at minors

3. How We Use Your Information (Purposes and Lawful Bases)

We process personal data only for the following purposes, relying on the most appropriate lawful basis under UK GDPR Article 6:

We do not use your data for automated decision-making, profiling, marketing to third parties, or behavioural advertising.

4. Sharing and Disclosure of Your Information

We are strongly committed to not sharing your personal data unless strictly necessary or legally required.

• No voluntary sharing with law enforcement, government agencies, or third parties absent a valid, proportionate UK court order, warrant, or legal compulsion under UK law.
• Internal use only by authorised personnel (minimal team) bound by confidentiality.
• Service providers (e.g., hosting, domain registrars) process data on our instructions with strict data processing agreements (DPAs) compliant with UK GDPR Article 28. We select privacy-focused providers where possible.
• Publicly visible data (e.g., forum posts) is shared by design as part of the Services; you control what you post publicly.
• In event of business transfer (unlikely), data may transfer with safeguards.

No international transfers outside the UK occur unless to UK-adequate jurisdictions or with appropriate safeguards (e.g., standard contractual clauses).

5. Data Retention

We retain personal data only for as long as necessary:

• Account data: Until account deletion or inactivity (typically 2 years post-last activity).
• Content: Retained indefinitely for archival/historical purposes unless removed for violations or upon valid erasure request.
• Logs/technical data: Up to 12 months for security.
• Rights requests: Retained as required for accountability (e.g., 6 years under limitation periods).

After these periods, data is securely deleted or anonymised.

6. Your Rights Under UK GDPR

You have the following rights (subject to exemptions):

• Access (Art. 15): Request confirmation of processing and copies of your data.
• Rectification (Art. 16): Correct inaccurate/incomplete data.
• Erasure ("right to be forgotten") (Art. 17): Delete data where no overriding legitimate ground.
• Restriction (Art. 18): Limit processing in certain cases.
• Object (Art. 21): To processing based on legitimate interests.
• Data portability (Art. 20): Receive data in structured format (where technically feasible).
• Withdraw consent (if consent-based).
• Complain to the Information Commissioner's Office (ICO): https://ico.org.uk/make-a-complaint/

To exercise rights, contact us exclusively via Telegram @BritainDirect. We respond within one month (extendable by two months for complexity).

We may verify identity to prevent unauthorised access.

7. Security of Your Information

We implement appropriate technical and organisational measures (Art. 32 UK GDPR), including:

• Encryption in transit (HTTPS/TLS)
• Hashed passwords
• Access controls
• Regular security reviews
• Minimal data collection to reduce risk

However, no system is 100% secure; you are responsible for securing your own devices/credentials.

8. Third-Party Links and Services

The Services may contain links to external sites. We are not responsible for their privacy practices. Review their policies separately.

9. Changes to This Privacy Policy

We may update this Policy to reflect changes in law, Services, or practices. Changes are posted here with the updated "Last Updated" date. Continued use constitutes acceptance. Material changes may be notified via site notice or direct message where feasible.

10. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of England and Wales. Disputes fall under the exclusive jurisdiction of English courts.

For any questions, contact @BritainDirect on Telegram.