Privacy Policy

Last Updated: 18 November 2025

LeftLion Ltd ("we", "our", or "us") operates Notts.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website and services (the "Service"). We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller:
LeftLion Ltd
Company Number: 08661252
VAT Number: GB189381166
Email: [email protected]

Please read this Privacy Policy carefully. By using our Service, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

1.1 Information You Provide to Us

Account Information

When you create an account on Notts.com, we collect:

• Email address (required)

• First name (required)

• Last name (required)

• Avatar/profile picture (optional)

• Marketing email preferences (optional)

Event and Venue Information

When you submit event listings or venue information, you may optionally provide:

• Contact name

• Contact email address

• Contact phone number

• Images and promotional materials

• Event descriptions and venue details

Payment Information

When you purchase paid services (such as boosted listings), we collect:

• Payment information is processed securely by our payment processor, Stripe. We do not store your full credit card details on our servers.

• We maintain a credit balance associated with your account

• Transaction history for billing and accounting purposes

Communications

If you contact us directly, we may receive additional information such as the contents of your message, any attachments, and any other information you choose to provide.

1.2 Information We Collect Automatically

Usage Data

When you access the Service, we automatically collect certain information, including:

• IP address

• Browser type and version

• Device information

• Pages visited and time spent on pages

• Referring website addresses

• Date and time of access

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service. Cookies are small data files stored on your device. We use:

• Essential Cookies: Required for the Service to function, including session cookies for authentication and site functionality

• Analytics Cookies: We use Google Analytics to understand how users interact with our Service, including pages visited, time spent, and user journeys

• Advertising Cookies (Future): We plan to implement Google Ads in the future, which will use cookies for targeted advertising. We will obtain your consent before implementing these cookies.

You can control cookie preferences through your browser settings. However, disabling certain cookies may impact the functionality of the Service.

2. How We Use Your Information

We use the personal data we collect for the following purposes, based on the legal grounds specified:

2.1 Performance of Contract

To provide and maintain our Service, including:

• Creating and managing your account

• Processing event and venue submissions

• Processing payments for boosted listings and other paid services

• Communicating with you about your account and listings

• Providing customer support

2.2 Legitimate Interests

For our legitimate business interests, including:

• Improving and optimizing our Service

• Analyzing usage patterns and trends using Google Analytics

• Detecting, preventing, and addressing fraud, security issues, and technical problems

• Enforcing our Terms of Use

• Maintaining the security and integrity of our Service

2.3 Consent

With your explicit consent:

• Sending marketing emails and newsletters (only if you opt in)

• Using analytics cookies to improve your experience

• Future use of advertising cookies (consent will be requested separately)

You may withdraw your consent at any time by contacting us or using the unsubscribe link in marketing emails.

2.4 Legal Obligations

To comply with legal obligations, including:

• Responding to legal requests and preventing illegal activities

• Maintaining records for tax and accounting purposes

• Complying with court orders and law enforcement requests

3. How We Share Your Information

We do not sell your personal data. We may share your information in the following circumstances:

3.1 Third-Party Service Providers

We share data with trusted third-party service providers who assist us in operating our Service:

• Hosting: OVH provides our dedicated server hosting

• Payment Processing: Stripe processes payments securely on our behalf

• Email Services: SendGrid and Postmark send transactional and marketing emails

• Analytics: Google Analytics analyzes website usage and performance

• Mapping Services: Google Maps provides location and mapping functionality

• Advertising (Future): Google Ads will provide advertising services

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Event Feeds

We provide event data feeds to approved partner organizations. These feeds may include event details and associated contact information for event organizers. We only share this information with organizations that have been vetted and approved by us.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

3.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will provide notice before your data is transferred and becomes subject to a different Privacy Policy.

4. International Data Transfers

Some of our third-party service providers (including Stripe, Google Analytics, Google Maps, SendGrid, and Postmark) may process data outside the United Kingdom. When we transfer your personal data outside the UK, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO)

• Adequacy decisions recognizing equivalent data protection standards

• Binding corporate rules and certifications

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: We retain your account information for 6 months after you delete your account, to allow for account recovery and to comply with legal obligations

• Event and Venue Listings: We retain event and venue information indefinitely unless you request removal. Historical event data helps us provide valuable content and analytics

• Images: Unused images are periodically removed from our system as part of routine maintenance

• Payment Records: We retain payment and transaction records for 7 years to comply with UK tax and accounting regulations

• Marketing Communications: We retain marketing preferences until you unsubscribe or delete your account

After the retention period expires, we securely delete or anonymize your personal data.

6. Your Rights Under UK GDPR

Under UK data protection law, you have the following rights regarding your personal data:

6.1 Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format.

6.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

6.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

6.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

6.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

6.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

6.7 Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.

6.8 Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

6.9 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases, we may extend this period by up to two additional months, and we will inform you of any such extension.

6.10 Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with the law, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: https://ico.org.uk

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption of data in transit using SSL/TLS protocols

• Secure authentication and access controls

• Regular security assessments and updates

• Staff training on data protection and security

• Secure payment processing through PCI DSS compliant providers (Stripe)

• Regular backups and disaster recovery procedures

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry-standard practices.

8. Children's Privacy

While our Service does not have age restrictions, we do not knowingly collect personal data from children under 13 without parental consent. If you are under 13, please obtain permission from a parent or guardian before using our Service. If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that information.

9. Marketing Communications

If you opt in to receive marketing emails, we may send you:

• Newsletters about events and activities in Nottingham

• Updates about new features and services

• Promotional offers for paid services

• Information about events that may interest you

You can unsubscribe from marketing emails at any time by:

• Clicking the "unsubscribe" link in any marketing email

• Updating your email preferences in your account settings

• Contacting us at [email protected]

Please note that even if you unsubscribe from marketing emails, we will still send you essential transactional emails related to your account and services.

10. Third-Party Websites

Our Service may contain links to third-party websites, including event organizer websites, ticket vendors, and social media platforms. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party websites you visit.

11. Cookie Management

You can manage your cookie preferences in several ways:

11.1 Browser Settings

Most web browsers allow you to control cookies through their settings. You can typically:

• View what cookies are stored and delete them individually

• Block all cookies from specific websites

• Block all third-party cookies

• Delete all cookies when you close your browser

• Enable "private browsing" or "incognito" mode

Please note that blocking certain cookies may impact the functionality of our Service.

11.2 Google Analytics Opt-Out

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout

11.3 Future Advertising Cookie Consent

When we implement Google Ads, we will provide a cookie consent banner allowing you to accept or reject advertising cookies. You will be able to change your preferences at any time.

12. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Currently, there is no industry consensus on how to respond to DNT signals. We do not currently respond to DNT signals, but we will update this policy if industry standards are established.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page

• Updating the "Last Updated" date at the top of this policy

• Sending you an email notification (for significant changes that affect your rights)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

LeftLion Ltd
Email: [email protected]
Company Number: 08661252
VAT Number: GB189381166

15. Legal Basis Summary

For your reference, here is a summary of the legal bases we rely on for processing your personal data: