BelfastFleadh Guide2 – 9 Aug

Legal

Privacy policy

Effective 5 May 2026.

This page explains what personal data the Belfast Fleadh Guide collects, why we collect it, how long we keep it, and the rights you have under UK GDPR and the Data Protection Act 2018. Plain English first; the legal references sit alongside.

1. Who we are

The Belfast Fleadh Guide (the “service”) is built and operated by Lavery Ltd. (“we”, “us”, “our”), 12–18 Bradbury Place, Belfast BT7 1RS. Company no. NI002186, VAT GB252747549. We are the data controller for any personal data processed through this site.

Privacy questions, access requests and complaints should go to contact@belfastfleadh.com. If you’re not happy with how we’ve handled your data you also have the right to complain to the UK Information Commissioner’s Office (ICO).

2. What we collect, and why

We try to collect as little as possible. This table covers everything the service stores about you, the lawful basis we rely on (UK GDPR Art. 6), and how long we keep it.

DataWhyLawful basisRetention
Account details — name, email, authentication state. Held by our auth provider Clerk.To let you sign in and protect your account.Performance of contract (Art. 6(1)(b)) and our legitimate interest in account security (Art. 6(1)(f)).Until you delete the account, then up to 30 days in Clerk’s soft-delete buffer.
Operator submission — venue name, address, contact email, phone, photos, opening hours.To list your venue on the public guide and contact you about approval.Performance of contract (Art. 6(1)(b)) and legitimate interest in running a moderated directory.For the lifetime of the listing. Two years after the last update if the listing is unclaimed or rejected.
Crowd reports — venue you tagged, the tag you chose (e.g. “Good buzz”), the approximate time, your account ID or a randomly generated device ID. We never store the precise GPS fix used for the geofence check.To show other visitors how busy each venue is right now.Legitimate interest (Art. 6(1)(f)).Each report expires after 45 minutes of being shown live. Aggregated, non-identifying counts may be kept longer for analytics.
Chat messages — text you post in a venue thread plus your account ID.To run the moderated per-venue chat and let operators reply.Performance of contract (Art. 6(1)(b)) and legitimate interest in moderation (Art. 6(1)(f)).Visible for 7 days, then archived. Deleted on request or after 90 days, whichever is sooner.
Saved venues / events — held only in your browser’s local storage.So your shortlist persists between visits without an account.Consent (Art. 6(1)(a)) by your action.Stored on your device until you clear it or remove it in the app.
Approximate location — only when you tap “use my location”.To show distance and walking time to nearby venues.Consent (Art. 6(1)(a)).Held in memory only. We never write it to our database.
Marketing list — operator email + your active opt-in.Updates during Fleadh week, news about the next Fleadh, occasional offers from Lavery’s and partner venues.Consent (Art. 6(1)(a)).Two years from your most recent opt-in or interaction, then deleted. Every email includes a one-click unsubscribe.
Product analytics — pages viewed, in- app events, a pseudonymous identifier. Captured by PostHog (EU host).To understand which features get used so we can keep improving the guide.Consent (Art. 6(1)(a)).13 months, then automatically purged by PostHog.
Advertising / conversion — whether you completed an action (such as a venue signup) after arriving from a Google ad. Measured by Google Ads (gtag.js).To measure whether our Google ads are working, so we don’t waste money on ads that don’t help.Consent (Art. 6(1)(a)).Per Google’s ad-data retention; we keep no copy ourselves.
Server logs — IP address, request path, status code. Held by our hosting providers.Security, abuse prevention, and to investigate errors.Legitimate interest (Art. 6(1)(f)).30 days.

3. Cookies and similar storage

We use cookies and your browser’s local storage in three buckets:

  • Strictly necessary — required to run the site. These are exempt from the consent requirement under regulation 6(4) of PECR. They include the Clerk session cookie that keeps you signed in, an anonymous device identifier we use to rate-limit abusive crowd reports (stored as fleadh:anon-id in local storage), your saved-items shortlist (fleadh:saved-items), and the record of your cookie choice itself (fleadh:consent). If you reject the optional bucket below, only these remain.
  • Analytics — PostHog drops a small set of cookies plus a local-storage entry to attribute pageviews to a pseudonymous visitor. We never load PostHog at all until you opt in on the consent banner.
  • Marketing — Google Ads conversion tracking (gtag.js) sets advertising cookies so Google can tell us when an ad led to an action like a venue signup. The tag is never loaded until you opt in to the marketing bucket; it stays off if you choose “Only essentials” or leave marketing unticked under “Customise”.

You can change your decision at any time using the Cookie preferences link in the page footer. Doing so re-shows the banner; choosing “Only essentials” stops both PostHog and Google Ads for the rest of the session and clears their identity on the next page load.

We do not sell your data, and we do not use any other advertising trackers, retargeting pixels, or third-party social-media cookies beyond the Google Ads conversion tag described above.

4. Marketing emails

When operators sign up for a venue listing, we ask whether you’d like to hear from us by email. The checkbox is un-ticked by default — you have to actively opt in. If you opt in we use your address only for:

  • Fleadh-week updates — programme changes, late-running events, weather call-offs, traffic / road closures that affect your venue.
  • Next-year announcements — when the dates for the next Belfast Fleadh are confirmed and what we have planned for the guide.
  • Occasional offers from Lavery’s and partner venues during Fleadh week.

Every email includes an unsubscribe link in the footer. You can also email us at contact@belfastfleadh.com and we’ll remove you within seven days. Withdrawing consent is as easy as giving it.

We retain marketing details for two years from your most recent opt-in or last interaction with one of our emails, after which we delete the record.

5. Who we share data with

We don’t sell or rent your data. We do rely on a small number of vetted sub-processors to run the service:

  • Clerk (Clerk.com Inc., USA) — user authentication. Operates under the EU/UK–US Data Privacy Framework with Standard Contractual Clauses as a backstop.
  • Convex (Convex, Inc., USA) — application database and realtime backend. SCCs in place for transfers from the UK.
  • Vercel (Vercel Inc., USA) — web hosting and CDN.
  • Cloudflare (Cloudflare Inc., USA) — DNS, edge caching, and the Turnstile bot-prevention widget on our public forms.
  • PostHog (PostHog Inc.) — product analytics, hosted in the EU (eu.posthog.com) so personal data does not leave the European Economic Area.
  • Google (Google Ireland Ltd / Google LLC, USA) — Google Ads conversion measurement, only when you have opted in to the marketing bucket. Operates under the EU/UK–US Data Privacy Framework with Standard Contractual Clauses as a backstop.
  • Resend (Resend.com Inc., USA) — transactional email delivery (account messages, operator-approval emails, marketing send when you have opted in).
  • OpenStreetMap / Nominatim — for address lookup when an operator types a venue address. Only the address string is sent.

We may also share information when legally required to do so, when investigating credible safety concerns, or with your consent.

6. International transfers

Our analytics provider (PostHog) is hosted in the EU. Other providers may process data in the United States. Where this happens we rely on the UK International Data Transfer Addendum or Standard Contractual Clauses, plus, where available, certification under the EU/UK–US Data Privacy Framework. Copies of these safeguards are available on request.

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct data that’s inaccurate or out of date.
  • Erase your data (the “right to be forgotten”), subject to limited exceptions such as our need to keep moderation logs.
  • Restrict or object to specific processing, including direct marketing — we’ll always honour an objection to marketing.
  • Withdraw consent at any time, where consent was the basis (for example for analytics or marketing).
  • Data portability — receive a machine- readable copy of the data you provided.
  • Lodge a complaint with the ICO.

To exercise any of these rights, email contact@belfastfleadh.com. We’ll respond within one calendar month.

8. Security

The service runs on TLS end-to-end. Authentication is delegated to Clerk, with multi-factor authentication available for operator and admin accounts. Public forms are protected by Cloudflare Turnstile and per-IP rate limiting. Backend functions enforce role-based authorisation server- side; we never trust the client.

We’ll notify affected users and the ICO within 72 hours if a personal-data breach is likely to result in a risk to your rights and freedoms, as required by Art. 33 and 34 UK GDPR.

9. Children

The Belfast Fleadh Guide is intended for adults attending or running venues at the Belfast Fleadh. The minimum age for posting chat messages or crowd reports is 13, in line with the ICO’s Age Appropriate Design Code. We don’t knowingly collect data from younger children; if you believe we have, please contact us so we can remove it.

10. Changes

If we change this policy in any material way we’ll update the effective date above, bump the cookie banner version, and (for changes that affect your rights) email opted-in users. The previous version is always available on request.

11. Contact

Lavery Ltd., 12–18 Bradbury Place, Belfast BT7 1RS. Company no. NI002186 · VAT GB252747549.

contact@belfastfleadh.com

See also our terms of use.