Privacy

1. About This Privacy Policy

Saltire Social ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit and use Saltire Social (the "Platform"), accessible via our website and any associated mobile interfaces.

This policy is issued in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and the ICO Age Appropriate Design Code (Children's Code). It applies to all users of the Platform, including visitors, registered users, and users under the age of 18.

Please read this Privacy Policy carefully. By using the Platform, you acknowledge that you have read and understood this policy. If you do not agree with our practices, please do not use the Platform.

2. Who We Are (Data Controller)

Saltire Social is the data controller for personal data processed through the Platform. This means we determine the purposes and means by which your personal data is processed.

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us:

  • Email: [email protected]

  • Post: Data Protection Officer, Saltire Social, Scotland, United Kingdom

You also have the right to contact the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection, at any time:

  • Website: ico.org.uk

  • Helpline: 0303 123 1113

3. Personal Data We Collect

3.1 Data You Provide Directly

When you register for or use Saltire Social, we may collect the following categories of personal data:

  • Account information: name or username, email address, date of birth, and password

  • Profile information: profile picture, biography, location (if you choose to share it), and links to other social profiles

  • User Content: posts, comments, images, videos, audio, direct messages, and other content you submit to the Platform

  • Communications: messages you send to us, including support requests, feedback, and reports

  • Payment information: if applicable, billing name, address, and payment card details (processed securely via third-party payment processors; we do not store full card details)

3.2 Data We Collect Automatically

When you access the Platform, we automatically collect certain technical and usage data, including:

  • Device and connection information: IP address, browser type and version, operating system, device identifiers, and mobile network information

  • Usage data: pages visited, features used, links clicked, time and duration of visits, search queries, and interaction data

  • Log data: server logs, error reports, and performance data

  • Cookies and similar technologies: as described in Section 9 of this policy

3.3 Data We Receive from Third Parties

We may receive personal data about you from:

  • Social sign-in providers (e.g. Google or Apple) if you choose to register or log in using a third-party account

  • Other users who tag or mention you in their content

  • Advertising and analytics partners, subject to their own privacy policies and your consent where required

4. How We Use Your Personal Data

We use your personal data only where we have a lawful basis to do so under UK GDPR. The table below sets out our processing activities and their lawful bases:

4.1 To Provide and Operate the Platform

Lawful basis: Performance of a contract. We use your data to create and manage your account, deliver the Platform's features and services, process transactions, and provide customer support.

4.2 To Keep You Safe and Enforce Our Policies

Lawful basis: Legitimate interests / Legal obligation. We use data to detect and prevent fraud, abuse, spam, and illegal activity; to enforce our Terms and Conditions and Community Guidelines; and to respond to law enforcement requests where required by law.

4.3 To Personalise Your Experience

Lawful basis: Legitimate interests / Consent (where required). We may use data about your activity and preferences to tailor your feed, suggest connections, and surface relevant content.

4.4 To Communicate with You

Lawful basis: Performance of a contract / Legitimate interests / Consent. We use your contact details to send service notifications, security alerts, updates to our policies, and, where you have opted in, marketing communications. You may unsubscribe from marketing communications at any time.

4.5 To Improve the Platform

Lawful basis: Legitimate interests. We use aggregated and anonymised usage data to analyse trends, diagnose technical issues, conduct research, and improve the Platform's functionality and performance.

4.6 To Comply with Legal Obligations

Lawful basis: Legal obligation. We may process your data to comply with applicable Scottish, UK, and international legal requirements, including data retention laws, tax obligations, and court orders.

5. Special Category and Sensitive Data

We do not intentionally collect special category personal data (as defined under Article 9 UK GDPR), which includes data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, sex life, or sexual orientation.

However, you may choose to share such information voluntarily in your profile or User Content. Where you do so, you are providing explicit consent for us to process that data as part of your use of the Platform. You may withdraw such consent by removing that data from your profile or content at any time.

We take extra care to protect any sensitive data that may be shared on the Platform and apply appropriate technical and organisational safeguards.

6. Children's Privacy

We take the privacy and safety of children very seriously. The Platform is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent. If we become aware that a child under 13 has provided us with personal data without appropriate consent, we will take steps to delete that data promptly.

For users aged 13 to 17, we comply with the ICO's Age Appropriate Design Code. This includes:

  • Applying high privacy settings by default for child users

  • Not using nudge techniques or design patterns to encourage children to share more data than necessary

  • Not profiling children for targeted advertising purposes

  • Providing age-appropriate privacy information in plain, clear language

Parents or guardians who believe their child has registered without their consent should contact us at [email protected] so we can take appropriate action.

7. Sharing Your Personal Data

We do not sell your personal data to third parties. We may share your data in the following circumstances:

7.1 Service Providers

We share data with trusted third-party service providers who assist us in operating the Platform, including cloud hosting providers, email delivery services, payment processors, analytics providers, and customer support tools. All such providers are contractually bound to process your data only on our instructions and in accordance with UK GDPR.

7.2 Legal and Regulatory Authorities

We may disclose your data to law enforcement agencies, regulatory bodies, or courts where required to do so by law, including in response to lawful requests from Police Scotland, the National Crime Agency, or other competent authorities.

7.3 Safety and Security

Where we have a good-faith belief that disclosure is necessary to prevent serious harm, fraud, illegal activity, or threats to the safety of any person, we may share relevant data with appropriate authorities or third parties.

7.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the successor entity. We will notify you of any such change and the choices available to you.

7.5 With Your Consent

We may share your data with third parties where you have given your explicit consent to do so.

8. International Data Transfers

The Platform is primarily operated from Scotland, United Kingdom. Some of our third-party service providers may process data outside the UK. Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place, such as:

  • Transfers to countries with UK adequacy regulations in place

  • Use of the International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses

  • Binding Corporate Rules where applicable

You may request details of the safeguards we use for international transfers by contacting us at [email protected].

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (such as pixels and local storage) to operate the Platform, remember your preferences, and understand how users interact with our services.

9.1 Types of Cookies We Use

  • Strictly necessary cookies: Required for the Platform to function. These cannot be disabled.

  • Functional cookies: Remember your preferences and settings to improve your experience.

  • Analytics cookies: Help us understand how users interact with the Platform so we can improve it (e.g. page views, session duration).

  • Marketing cookies: Used to deliver relevant advertising where you have consented.

9.2 Managing Cookies

When you first visit the Platform, you will be shown a cookie consent banner allowing you to accept or decline non-essential cookies. You can update your preferences at any time via the cookie settings link in the footer of the Platform. You can also control cookies through your browser settings, though this may affect Platform functionality.

10. How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods include:

  • Account data: Retained for the duration of your account and for up to 30 days following account deletion, to allow for account recovery requests

  • User Content: Deleted within 90 days of account deletion, unless required to be retained for legal proceedings or safety investigations

  • Usage and log data: Generally retained for up to 12 months for security and analytics purposes

  • Communications and support data: Retained for up to 3 years to assist with ongoing support, legal claims, or complaints

  • Financial records: Retained for 7 years in compliance with HMRC requirements

Where data is no longer required, we securely delete or anonymise it in accordance with our data disposal procedures.

11. Your Data Protection Rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

  • Right of access: You may request a copy of the personal data we hold about you (a Subject Access Request, or SAR).

  • Right to rectification: You may ask us to correct inaccurate or incomplete personal data.

  • Right to erasure: You may request that we delete your personal data, subject to certain legal exceptions.

  • Right to restrict processing: You may ask us to restrict the processing of your data in certain circumstances.

  • Right to data portability: You may request a structured, machine-readable copy of your data to transfer to another service.

  • Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.

  • Rights related to automated decision-making: You have the right not to be subject to solely automated decisions that produce significant legal or similarly significant effects.

  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected] or use the data management tools available in your account settings. We will respond to all verified requests within one calendar month, as required by UK GDPR. This period may be extended by a further two months for complex or multiple requests, and we will notify you accordingly.

You will not be charged a fee for exercising your rights unless your request is clearly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or decline to respond.

12. How We Protect Your Data

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit using TLS (Transport Layer Security)

  • Encryption of sensitive data at rest

  • Access controls and role-based permissions for staff handling personal data

  • Regular security assessments and penetration testing

  • Staff training on data protection and information security

  • Incident response and breach notification procedures

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, inform affected users without undue delay.

While we take all reasonable steps to protect your data, no transmission over the internet or electronic storage system is completely secure. You are responsible for keeping your account credentials confidential and for notifying us promptly of any suspected unauthorised access.

13. Third-Party Links and Services

The Platform may contain links to third-party websites, plug-ins, and applications. Clicking those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party services and are not responsible for their privacy practices. We encourage you to read the privacy policy of every third-party service you visit or use.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated policy on this page with a new "Last updated" date

  • Notify you via email or a prominent in-Platform notice where the changes are significant

We encourage you to review this policy periodically. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree to the revised policy, you must stop using the Platform and delete your account.

15. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data protection practices, please contact us:

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk/make-a-complaint

  • Telephone: 0303 123 1113

  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

© 2026 Saltire Social English
English
About Terms Privacy Support Center Directory
Saltire Social https://saltiresocial.com