Definitions
•"User", "you", or "your" means any individual accessing or using the Services.
•"Committee Member" means an authorised representative of UMHC with administrative or decision-making responsibilities.
•"Personal Data" means any information relating to an identified or identifiable natural person as defined under the UK General Data Protection Regulation ("UK GDPR").
•"Third-Party Providers" means the external services UMHC engages, including but not limited to Supabase, Kinde, Mailgun, Vercel, Cloudflare, and WhatsApp.
•"Committee Member" means an authorised representative of UMHC with administrative or decision-making responsibilities.
•"Personal Data" means any information relating to an identified or identifiable natural person as defined under the UK General Data Protection Regulation ("UK GDPR").
•"Third-Party Providers" means the external services UMHC engages, including but not limited to Supabase, Kinde, Mailgun, Vercel, Cloudflare, and WhatsApp.
Data Collection and Processing
2.1 User Data
UMHC may collect and process the following Personal Data when you submit a manual request to join our WhatsApp community:
•First name and surname
•Email address
•Telephone number
•Self-identification (e.g., student, alumni, public, other)
•Optional: trip participation history with UMHC
When automatic access is granted, we process the following:
•Email address (for delivery of the WhatsApp link via Mailgun)
•Telephone number, provided once by the User as a verification step to reduce automated and fraudulent submissions. This number is processed transiently for validation purposes only. It is not stored, or retained in any database or system controlled by UMHC or its Third-Party Providers.
2.2 Website and Analytics Data
When you access the Services, the following may be collected automatically:
•IP address, browser, and device information
•Anonymised analytics and performance metrics (via Vercel)
•Bot-detection and security data (via Cloudflare Turnstile)
•Cookies and caching technologies
2.3 Committee Members' Data
Committee Member authentication and role-based access is managed by Kinde. Data relating to committee members is processed for the purposes of identity management, access control, and accountability.
2.4 Communications
If you contact UMHC by email, we will process any Personal Data contained in your correspondence.
UMHC may collect and process the following Personal Data when you submit a manual request to join our WhatsApp community:
•First name and surname
•Email address
•Telephone number
•Self-identification (e.g., student, alumni, public, other)
•Optional: trip participation history with UMHC
When automatic access is granted, we process the following:
•Email address (for delivery of the WhatsApp link via Mailgun)
•Telephone number, provided once by the User as a verification step to reduce automated and fraudulent submissions. This number is processed transiently for validation purposes only. It is not stored, or retained in any database or system controlled by UMHC or its Third-Party Providers.
2.2 Website and Analytics Data
When you access the Services, the following may be collected automatically:
•IP address, browser, and device information
•Anonymised analytics and performance metrics (via Vercel)
•Bot-detection and security data (via Cloudflare Turnstile)
•Cookies and caching technologies
2.3 Committee Members' Data
Committee Member authentication and role-based access is managed by Kinde. Data relating to committee members is processed for the purposes of identity management, access control, and accountability.
2.4 Communications
If you contact UMHC by email, we will process any Personal Data contained in your correspondence.
Lawful Basis and Purpose
Personal Data is processed under Article 6(1)(b) and 6(1)(f) of the UK GDPR, namely:
•For the performance of providing access to the WhatsApp community and related Services;
•For UMHC's legitimate interests in preventing abuse of the Services, including the use of temporary telephone number submission as a security measure.
•For the performance of providing access to the WhatsApp community and related Services;
•For UMHC's legitimate interests in preventing abuse of the Services, including the use of temporary telephone number submission as a security measure.
Retention of Data
•Personal Data collected through manual WhatsApp requests shall be retained for no longer than 30 days, after which it shall be permanently deleted, irrespective of approval outcome.
•Committee Member data shall be retained for the duration of their role.
•Analytics data may be retained in anonymised or aggregated form.
•Email communications may be retained as necessary for record-keeping.
•Committee Member data shall be retained for the duration of their role.
•Analytics data may be retained in anonymised or aggregated form.
•Email communications may be retained as necessary for record-keeping.
Data Sharing and Transfers
UMHC does not sell Personal Data. Data may be shared only with Third-Party Providers strictly necessary to operate the Services, namely:
•Supabase (data storage)
•Kinde (authentication and committee management)
•Mailgun (email sending)
•Vercel (hosting, analytics, performance monitoring)
•Cloudflare (security and optimisation)
•WhatsApp (community hosting, subject to WhatsApp's own terms)
Each Third-Party Provider processes Personal Data under its own privacy policy and terms of service.
•Supabase (data storage)
•Kinde (authentication and committee management)
•Mailgun (email sending)
•Vercel (hosting, analytics, performance monitoring)
•Cloudflare (security and optimisation)
•WhatsApp (community hosting, subject to WhatsApp's own terms)
Each Third-Party Provider processes Personal Data under its own privacy policy and terms of service.
User Rights
Under the UK GDPR, Users have the right to:
•Access their Personal Data
•Rectify inaccuracies
•Request erasure ("right to be forgotten")
•Restrict or object to processing
•Obtain a copy of their data in a portable format
Requests may be submitted to data@umhc.org.uk. UMHC will respond in accordance with statutory timeframes.
•Access their Personal Data
•Rectify inaccuracies
•Request erasure ("right to be forgotten")
•Restrict or object to processing
•Obtain a copy of their data in a portable format
Requests may be submitted to data@umhc.org.uk. UMHC will respond in accordance with statutory timeframes.
WhatsApp Community Rules
•Admission to the WhatsApp community is at UMHC's discretion.
•UMHC reserves the right to remove or block Users from the WhatsApp community, events, or the website for conduct deemed inappropriate or contrary to UMHC's policies.
•Users must comply with WhatsApp's own eligibility and age restrictions. UMHC is not responsible for enforcement of WhatsApp's policies.
•UMHC reserves the right to remove or block Users from the WhatsApp community, events, or the website for conduct deemed inappropriate or contrary to UMHC's policies.
•Users must comply with WhatsApp's own eligibility and age restrictions. UMHC is not responsible for enforcement of WhatsApp's policies.
Security
UMHC implements appropriate technical and organisational measures to safeguard Personal Data, including restricted access to Supabase, role-based permissions via Kinde, and security measures provided by our Third-Party Providers.
No system can guarantee absolute security. UMHC shall not be held liable for unauthorised access, disclosure, or loss of data beyond reasonable control.
No system can guarantee absolute security. UMHC shall not be held liable for unauthorised access, disclosure, or loss of data beyond reasonable control.
Cookies
The Services use cookies and caching technologies to optimise performance, enhance security, and collect anonymised analytics. Users may manage cookies through their browser settings, but certain features may not function without them.
Disclaimers and Limitation of Liability
•The Services are provided on an "as is" and "as available" basis.
•UMHC disclaims all warranties, express or implied, including but not limited to fitness for a particular purpose.
•UMHC shall not be liable for indirect, incidental, or consequential damages arising out of or related to use of the Services.
•UMHC shall not be responsible for interruptions, errors, or failures caused by Third-Party Providers, including but not limited to WhatsApp, Vercel, Supabase, Mailgun, Cloudflare, or Kinde.
•To the maximum extent permitted by law, UMHC's total liability to any User shall not exceed £100.
•UMHC disclaims all warranties, express or implied, including but not limited to fitness for a particular purpose.
•UMHC shall not be liable for indirect, incidental, or consequential damages arising out of or related to use of the Services.
•UMHC shall not be responsible for interruptions, errors, or failures caused by Third-Party Providers, including but not limited to WhatsApp, Vercel, Supabase, Mailgun, Cloudflare, or Kinde.
•To the maximum extent permitted by law, UMHC's total liability to any User shall not exceed £100.
Changes
UMHC reserves the right to amend this Agreement at any time. The updated version will be posted on the website with the "Last Updated" date revised accordingly. Continued use of the Services constitutes acceptance of any changes.
Governing Law
This Agreement shall be governed by and construed in accordance with the laws of England and Wales. Users agree that the courts of England and Wales shall have exclusive jurisdiction over any dispute arising from or relating to this Agreement.
Severability
If any provision of this Agreement is held invalid or unenforceable, the remaining provisions shall remain in full force and effect.
Contact Information
For general enquiries: contact@umhc.org.uk
For GDPR or data protection requests: data@umhc.org.uk
For GDPR or data protection requests: data@umhc.org.uk