Privacy Policy

How we collect, use and protect your information

Who we are

Great Park Community Centre Association (GPCC) is a registered charity (No. 1155567) based at Roseden Way, Newcastle Great Park, Newcastle upon Tyne, NE13 9BD. We are registered with the Information Commissioner's Office (ICO) as a data controller.

This privacy policy explains how we collect, use, and protect your personal information when you use our website (yourgpcc.com) and our online booking platform.

If you have any questions about this policy or how we handle your data, please contact us at bookings@yourgpcc.com or call 0191 236 8196.

What information we collect

When you make an enquiry or create a booking account, we collect:

• Your name, email address, and telephone number
• Your organisation name (if applicable)
• Billing address and payment information
• Details of spaces hired, booking dates and times

When you visit our website, we collect:

• Technical information such as your IP address, browser type, and pages visited
• This information is collected via session cookies (see Cookies section below)

When you contact us, we collect:

• The content of your enquiry or message and your contact details

We do not collect sensitive personal data (such as health information, ethnicity, or political views) unless you voluntarily provide it in a message to us.

How we use your information

We use your personal information to:

• Process and manage your space hire bookings
• Issue invoices and collect payments
• Send booking confirmations, reminders, and relevant administrative communications
• Respond to your enquiries and complaints
• Maintain accurate financial and booking records as required by law
• Improve our services and website

We will only contact you for marketing purposes if you have given us explicit consent to do so. You may withdraw consent at any time by contacting us at bookings@yourgpcc.com.

Our legal basis for processing your data

We process your personal data under the following lawful bases (UK GDPR):

• Contract — to fulfil your booking and process payments
• Legal obligation — to maintain financial records and comply with HMRC requirements
• Legitimate interests — to manage our facilities and communicate with hirers about their bookings
• Consent — for any optional marketing communications

Payment processing

Payments made through our platform are processed by:

• GoCardless Ltd — for Direct Debit payments. GoCardless is authorised by the Financial Conduct Authority. Their privacy policy is available at gocardless.com/privacy
• Stripe Inc— for card payments. Stripe's privacy policy is available at stripe.com/gb/privacy

We do not store your full payment card details. Payment data is handled securely by these providers in accordance with PCI DSS standards.

How we store your information

Your data is stored securely on servers located in the United Kingdom (Microsoft Azure, UK South region). We use industry-standard security measures including encrypted connections (HTTPS) and access controls to protect your information.

We use the following Microsoft services to operate our platform:

• Microsoft Azure — hosting and database storage (UK South)
• Microsoft Azure Communication Services — for sending transactional emails
• Microsoft Entra — for staff authentication

How long we keep your information

After these periods, your data is securely deleted.

Cookies

Cookies are small text files stored on your device by your browser. We use the following cookies on our website and booking platform:

Essential cookies — required for the platform to function:

• Session cookies to keep you logged in during your visit
• Security cookies to protect against cross-site request forgery

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. We do not use Google Analytics or any similar tracking service.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the booking platform.

Sharing your information

We do not sell or share your personal data with third parties for marketing purposes.

We may share your information with:

• Our payment processors (GoCardless, Stripe) — as described above
• Our technology providers (Microsoft Azure) — for hosting and email delivery
• Law enforcement or regulatory bodies — where required by law

All third parties who process data on our behalf are contractually required to handle it securely and only for the purposes we specify.

Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Correct any inaccurate information
• Delete your personal data (subject to legal retention requirements)
• Restrict how we process your data
• Object to processing based on legitimate interests
• Portability — receive your data in a portable format
• Withdraw consent at any time for processing based on consent

To exercise any of these rights, please contact us at bookings@yourgpcc.com or write to us at the address above. We will respond within 30 days.

Complaints

If you are unhappy with how we handle your personal data, you have the right to complain to the Information Commissioner's Office (ICO):

We would appreciate the opportunity to address your concerns before you contact the ICO — please get in touch with us first at bookings@yourgpcc.com.

Changes to this policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.