Privacy Policy

At discovernearme, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website and services. We are committed to protecting your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

discovernearme is the data controller for personal data collected through this website. discovernearme is operated as an individual business (not incorporated as a limited company). We are fully committed to compliance with UK GDPR and the Data Protection Act 2018.

If you have any questions about how we handle your data, you can contact us via the contact form on our Contact page or by email at hello@discovernearme.co.uk.

discovernearme is not required to appoint a Data Protection Officer under UK GDPR Article 37, as we:

• Employ fewer than 250 people
• Do not engage in large-scale systematic monitoring
• Do not process special category data (such as health, biometric, or genetic data) as a core activity

For all data protection enquiries, please contact us via the contact form on our Contact page.

We may collect the following categories of personal data: contact information (name, email address); account credentials (hashed password or OAuth tokens); usage data (pages visited, search queries, events viewed); saved events and preferences; device and browser information; and approximate location data when you use location-based features.

Some information we display is not collected directly from you:

Event listings (including event organiser names, venue names, and event descriptions) are aggregated from thousands of publicly accessible websites across the UK. This information is publicly available and is collected to provide you with comprehensive event discovery.

We process this public information under the legal basis of legitimate interests (providing a useful event discovery service). If you believe your personal information appears in an event listing and you wish to have it removed, please contact us via our Contact page.

All personal data you provide directly (such as your account details, saved events, and preferences) is collected from you with your knowledge and consent.

We use your personal data to: provide and improve our services; personalise your experience including event recommendations; send you event alerts and notifications you have subscribed to; respond to your enquiries; analyse usage patterns to improve the platform; and comply with legal obligations.

We will only send you marketing emails if you have explicitly opted in. Marketing emails include newsletters, curated event recommendations, and feature announcements.

How to Opt In:

When you create an account, you can choose to receive marketing emails by checking the "Send me event recommendations and updates" box. You can also enable marketing emails at any time in your Account Settings.

What We Send:

• Weekly curated event recommendations based on your preferences
• Monthly newsletter with new features and upcoming events
• Occasional announcements about new discovernearme features

We typically send no more than 2-3 marketing emails per month. You can adjust your preferences at any time.

How to Opt Out:

Click the "Unsubscribe" link at the bottom of any marketing email, or disable marketing emails in your Account Settings. You will be removed from our marketing list within 48 hours.

Transactional Emails:

We will continue to send you essential transactional emails (such as alert notifications you've configured, password resets, and account confirmations) even if you opt out of marketing. These are necessary to provide the service you've requested.

Third-Party Marketing:

We do not sell your email address or share it with third parties for their marketing purposes.

We process your personal data on the following legal bases: contract performance (to provide the services you have requested); legitimate interests (to improve our service and prevent fraud); consent (for marketing communications and non-essential cookies); and legal obligation (where required by law).

We use cookies to improve your experience and analyse site usage. Cookies are small text files stored on your device.

Cookie Consent:

When you first visit discovernearme, you'll see a cookie consent banner with three options:

• Accept All — consents to all cookie categories (essential, analytics, marketing)
• Reject All — declines non-essential cookies (essential cookies remain active)
• Manage Preferences — opens settings modal to choose specific categories

Your preferences are stored locally in your browser and apply across all pages. You can change your preferences at any time by clicking "Cookie Settings" in the footer.

Cookie Categories:

• Essential cookies: Required for site functionality (session management, security). Cannot be disabled.
• Analytics cookies: Help us understand how visitors use our site. Anonymised data only.
• Marketing cookies: Enable personalised content recommendations. Can be disabled.

For full details on the cookies we use, see our Cookie Policy.

Consent Duration: Your cookie preferences remain active for 12 months. After this period, we'll ask you to confirm your preferences again.

We do not sell your personal data. We may share your data with the following third parties:

• Amazon Web Services (AWS) — cloud hosting and infrastructure, specifically: Amazon Cognito (user authentication and account management), Amazon DynamoDB (event and user data storage), Amazon SES (email delivery for alerts and account notifications), and AWS Lambda (server-side processing). Data is processed subject to AWS data processing agreements.
• Google Analytics 4 — website analytics (page views, feature usage, events clicked). GA4 is only loaded and analytics cookies are only set after you explicitly accept analytics cookies via our consent banner. You can opt out at any time via Cookie Settings in the footer.
• Google Maps Platform — venue maps displayed on event detail pages. Subject to Google's privacy policy.

We may also share data with law enforcement or regulatory authorities where required by law. All third parties are required to maintain appropriate security measures and are bound by data processing agreements.

We do not use automated decision-making (including profiling) that produces legal or similarly significant effects concerning you.

Our event recommendations are based on simple criteria matching: we show you events that match your selected location, date range, and category filters. This does not involve profiling under UK GDPR. You can adjust your preferences at any time via the filters on each page.

If we introduce automated decision-making in the future, we will update this policy and notify you accordingly.

We retain your personal data for as long as your account is active or as needed to provide you with our services. Account data is deleted within 30 days of account closure. Usage logs are retained for up to 12 months. We may retain anonymised, aggregated data indefinitely for analytics purposes.

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate personal data
• Erasure ("right to be forgotten") of your personal data in certain circumstances
• Restrict processing of your personal data
• Data portability
• Object to processing based on legitimate interests
• Withdraw consent at any time — see "How to Withdraw Consent" below

Withdrawing consent does not affect the lawfulness of processing before withdrawal.

To exercise any of your rights, please contact us via the contact form on our Contact page. We will respond to your request within one month. In complex cases, we may extend this period by a further two months and will notify you accordingly. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

You can withdraw your consent for the following at any time:

Cookie Consent:

Click "Cookie Settings" in the footer of any page, or click "Manage Preferences" in the cookie banner to adjust your preferences. Changes take effect immediately.

Marketing Emails:

Click the "Unsubscribe" link at the bottom of any marketing email, or update your communication preferences in Account Settings. You will be removed from our marketing list within 48 hours.

Account and Personal Data:

To withdraw all consent and delete your account, visit Account Settings and click "Delete Account". All your personal data will be permanently deleted within 30 days.

Location Access:

discovernearme accesses your approximate location only when you use location-based features. To withdraw consent, deny location permissions in your browser settings. You can still use all features by entering a location manually.

Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data transmission (HTTPS), hashed passwords, access controls, and regular security reviews. However, no method of transmission over the internet is completely secure.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.

Notification Timeline:

• We will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of a breach, where feasible
• We will notify affected users as soon as possible after assessing the risk, typically within 72 hours

What We Will Tell You:

• The nature of the breach and categories of data affected
• Likely consequences of the breach
• Measures we have taken or propose to take to address the breach
• Contact details for further information and support

How We Will Notify You:

• Email to your registered email address
• Prominent notice on our website homepage

What You Should Do:

We will provide specific guidance based on the nature of the breach, which may include changing your password, monitoring your accounts, or other protective measures.

Our Track Record:

To date, discovernearme has not experienced any reportable personal data breaches. We maintain regular security audits and monitoring to prevent incidents.

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the ICO. We will always tell you if we intend to transfer your personal data internationally.

discovernearme is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected personal data from a child, please contact us immediately and we will take steps to delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting a prominent notice on our website or by email. We encourage you to review this policy periodically.

For privacy-related enquiries, to exercise your data rights, or to raise a concern, please contact us at hello@discovernearme.co.uk or via the contact form on our Contact page.