Legal

    Privacy Policy

    Last updated: 18 May 2026

    1. Who we are

    BritRockHeaven ("BRH", "we", "us", "our") operates the website www.britrockheaven.com. We are an independent UK-based publication covering British rock culture. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, BritRockHeaven is the data controller for personal data processed through this site.

    Contact for privacy matters: contact@britrockheaven.com.

    2. What data we collect

    • Account data — email, username, display name, optional avatar and bio, when you create an account.
    • Submissions & enquiries — information you provide via track submissions, contact forms, media package enquiries, comments, polls and newsletter sign-ups.
    • Payment data — handled by Stripe; we do not store card details on our servers.
    • Technical & usage data — IP address, device, browser, referring page, pages viewed, and approximate location, collected via privacy-friendly analytics.
    • Cookies & similar technologies — see Section 6.

    3. How we use your data & legal bases

    We process personal data under the following UK GDPR legal bases:

    • Contract — to provide accounts, process submissions and payments, and respond to enquiries.
    • Legitimate interests — to run, secure and improve the site, prevent spam and abuse, and produce aggregated analytics.
    • Consent — for newsletter sign-ups, non-essential cookies, and personalised advertising (see Section 6).
    • Legal obligation — to comply with tax, accounting and other UK legal requirements.

    4. Sharing your data

    We do not sell your personal data. We share limited data with trusted processors who help us operate the site:

    • Supabase (hosting, authentication, database)
    • Stripe (payment processing)
    • FormSubmit (contact and enquiry form delivery)
    • Google AdSense (advertising — see Section 6)
    • Privacy-friendly analytics provider (aggregated site metrics)

    Some of these providers may transfer data outside the UK/EEA. Where they do, transfers are protected by appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses.

    5. How long we keep data

    We keep personal data only for as long as necessary for the purposes set out in this policy, to comply with legal obligations, or to resolve disputes. Account data is kept while your account is active and deleted on request. Enquiry and submission emails are retained for up to 24 months. Aggregated analytics data may be retained indefinitely.

    6. Cookies & advertising

    We use a small number of cookies to keep you signed in, remember your preferences, and understand how the site is used. With your consent, we also display advertising via Google AdSense.

    Google AdSense. Google and its partners use cookies and similar technologies to serve ads based on your visits to this and other websites. For users in the UK, EEA and Switzerland, ads are served on a non-personalised basis unless you provide consent via our consent banner. You can review and change your choices at any time using the "Manage cookie preferences" link in the footer.

    You can learn how Google uses information from sites that use its services at policies.google.com/technologies/partner-sites, and opt out of personalised advertising at google.com/settings/ads.

    7. Your rights

    Under UK GDPR you have the right to:

    • Access the personal data we hold about you
    • Request correction of inaccurate data
    • Request deletion of your data ("right to be forgotten")
    • Restrict or object to certain processing
    • Withdraw consent at any time (for consent-based processing)
    • Request portability of data you provided to us

    To exercise any of these rights, email contact@britrockheaven.com. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

    8. Children

    BritRockHeaven is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

    9. Security

    We use industry-standard technical and organisational measures — including encrypted connections (HTTPS), access controls, and reputable processors — to protect your data. No method of transmission over the internet is 100% secure, but we work hard to safeguard your information.

    10. Changes to this policy

    We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top of this page.

    Now Playing

    Better Love

    Rosellas