Privacy Policy

Steeky Community Platform ("we", "us", "our", or "Company") operates the steeky.com website and mobile application (collectively, the "Service").

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data. We are committed to maintaining the highest standards of data protection in accordance with the UK Data Protection Act 2018 and the UK GDPR (as retained in UK law).

1. Definitions

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, or erasure.

Data Controller: The natural or legal person who determines the purposes and means of processing personal data (Steeky).

Data Subject: The individual to whom personal data relates (you, the user).

2. Information Collection and Use

2.1 Types of Personal Data We Collect

We collect and process the following categories of personal data:

Account Information: Username, email address, password hash, profile information, and avatar image
Content Data: Posts, comments, community memberships, and user-generated content you create or upload
Communication Data: Messages, feedback, and correspondence with our support team
Technical Data: IP address, device type, browser type, operating system, and access logs
Usage Data: Pages visited, features used, interaction duration, and timestamps
Session Data: Session identifiers and authentication tokens

2.2 How We Collect Information

When you register for an account or update your profile
When you create posts, comments, or join communities
When you interact with our Service
Automatically through cookies, web beacons, and similar tracking technologies
When you contact our support team

2.3 Use of Information

We use the collected data for the following purposes:

To provide, maintain, and improve our Service
To create and manage your account
To personalise your experience and recommend relevant communities
To send service-related announcements and updates
To respond to your inquiries and provide customer support
To detect, prevent, and address fraud, security, or technical issues
To comply with legal obligations and enforce our Terms of Service
To conduct analytics and improve our Service performance

3. Legal Basis for Processing

Under the UK GDPR, we process your personal data on the following legal bases:

3.1 Performance of Contract

Processing necessary to provide our Service to you, such as creating and managing your account, processing your requests, and delivering the functionality you expect.

3.2 Legal Obligation

Processing necessary to comply with applicable laws and regulations, including data protection laws, anti-fraud requirements, and law enforcement requests.

3.3 Legitimate Interests

Processing carried out for our legitimate business interests, including:

Maintaining the security and integrity of our Service
Preventing fraud and abuse
Monitoring and analysing Service usage and performance
Marketing our Service (with your consent where required)
Protecting the rights and safety of our users and company

3.4 Consent

Where we rely on consent, we will obtain explicit consent before processing your personal data for marketing purposes or non-essential cookies.

4. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, in accordance with the UK Data Protection Act 2018.

4.1 Retention Periods

Account Data: Retained while your account is active. After account deletion, we retain limited data for up to 90 days to process your request and comply with legal obligations.
Content Data: Posts and comments are retained while your account is active. Upon account deletion, public content may be archived but anonymised.
Login History: Retained for 12 months for security purposes.
Technical and Usage Data: Retained for up to 12 months for analytics and security purposes.
Communication Data: Retained for the duration necessary to resolve your inquiry, then for up to 3 years for record-keeping purposes.

4.2 Account Deletion

You may request permanent deletion of your account at any time. Upon deletion, we will erase your personal data within 90 days, except where we are required to retain it by law or for legitimate business purposes (such as fraud prevention).

5. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit using SSL/TLS protocols
Password hashing using secure cryptographic algorithms
Regular security audits and vulnerability assessments
Access controls and role-based permissions
Secure session management and authentication tokens
Regular backups and disaster recovery procedures
Staff training on data protection and security practices

Note: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data using commercially acceptable means, we cannot guarantee absolute security.

6. Your Data Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to obtain confirmation of whether your personal data is being processed and to receive a copy of that data in a structured, commonly used, and machine-readable format.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, such as when it is no longer necessary or if you withdraw consent.

Right to Restrict Processing (Article 18)

You have the right to request restriction of processing in certain circumstances, such as while we verify the accuracy of contested data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object (Article 21)

You have the right to object to processing of your personal data for legitimate interests or marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects, unless such processing is necessary to fulfil a contract or you have given explicit consent.

Right to Withdraw Consent

Where we process data based on consent, you have the right to withdraw that consent at any time.

6.1 How to Exercise Your Rights

To exercise any of these rights, please submit a written request to our Data Protection Officer at the contact details provided in Section 11. We will respond to your request within 30 days (extendable by two further months where justified). Please note that in some cases, we may need to verify your identity before processing your request.

7. Cookies and Tracking Technologies

7.1 What Are Cookies?

Cookies are small files stored on your device that contain information about your browsing activity. We use cookies to enhance your experience, remember your preferences, and analyse how you use our Service.

7.2 Types of Cookies We Use

Essential Cookies: Required for the Service to function (e.g., session authentication). These do not require consent.
Functional Cookies: Remember your preferences and settings to provide a personalised experience.
Analytical Cookies: Help us understand how users interact with our Service through anonymised usage data.
Marketing Cookies: Used to deliver targeted advertising and track marketing campaign effectiveness.

7.3 Cookie Consent

We obtain your consent before deploying non-essential cookies. You can manage your cookie preferences through your browser settings or our cookie consent banner. Disabling cookies may affect some features of our Service.

7.4 Web Beacons and Similar Technologies

We may use web beacons, pixels, and similar tracking technologies in emails and on our website to track email opens and user interactions.

8. Children's Privacy

Our Service is not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13, we will delete such data and terminate the child's account immediately.

For users aged 13-18, we provide additional privacy protections and limit marketing communications.

9. International Data Transfers

Your personal data is primarily stored and processed in the United Kingdom. However, in some cases, we may transfer your data to third-party service providers outside the UK (including outside the EEA). Where we transfer data internationally, we implement appropriate safeguards, including:

Standard contractual clauses approved by the ICO
Adequacy decisions (where applicable)
Your explicit consent for the transfer

Any such transfers will be conducted in accordance with the UK Data Protection Act 2018 and the UK GDPR.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our Service after such modifications constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise any of your data rights, please contact us using the details below:

Steeky Community Platform

Email: privacy@steeky.com

Data Protection Officer: dpo@steeky.com

Address: Steeky Community Platform, UK

Response Time: We aim to respond to all data requests within 30 days of receipt.

11.1 Supervisory Authority

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority for data protection:

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Website: www.ico.org.uk

Telephone: 0303 123 1113

Table of Contents