Privacy Policy
This Privacy Policy explains how Hotspots1 Ltd (“we”, “us”, “our”) collects, uses and shares personal data when you use our website and services.
Who we are (Controller)
Hotspots1 Ltd (Company No. 17029974) is the controller of your personal data.
Registered office: International House, 109-111 Fulham Palace Road, London, W6 8JA, United Kingdom
Email: simon@hotspots1.com
What personal data we collect
All users
- Account details: email address and authentication data needed to sign in (handled via Firebase Authentication).
- Contact data: messages you send via our contact form and any information you include in them.
- Technical data: basic logs and device/usage information (e.g., IP address, browser type, dates/times) for security, troubleshooting and service operation.
Business users
- Business profile content: business name, address, description, website and other business details you choose to upload.
- Events content: event listings you create (e.g., title, date/time, location, description, links).
Public / searchable content: Business profiles and events are intended to be visible to other registered users. Please avoid posting personal data you do not want others to see.
How we use your personal data (purposes and lawful basis)
We use your data for the purposes below. UK GDPR requires a lawful basis for each purpose.
-
To create and manage your account, and provide the service
Lawful basis: Contract (necessary to provide the service you request). -
To allow business users to publish business listings and events, and make them searchable to registered users
Lawful basis: Contract (providing the platform features) and Legitimate interests (operating a listings/events service). -
To respond to enquiries and provide support
Lawful basis: Legitimate interests (responding to messages you send us). -
To keep the service secure and prevent abuse/fraud
Lawful basis: Legitimate interests (protecting our service and users). -
To measure and improve our website using analytics cookies (Google Analytics)
Lawful basis: Consent (we only run non-essential analytics cookies if you opt in). -
To comply with legal obligations
Lawful basis: Legal obligation (where applicable).
Facebook connection (autoposting)
Business users may connect a Facebook Page so that we can automatically post event information to that Page. We do not request or store your personal Facebook profile information for other purposes. To enable posting, we may process technical identifiers such as the Page ID and an access token/permission needed to post. You can disconnect this feature at any time (if available in your settings) or by removing our app’s access within Facebook.
Who we share data with
We do not sell your personal data. We may share data with trusted service providers who process data on our behalf to operate the website, including:
- Google Firebase (authentication and related infrastructure)
- Google Analytics (website analytics, only if you consent to analytics cookies)
- Facebook (only to post event content to a connected business Page where you enable this feature)
- Hosting/IT providers used to run and secure the website (as applicable)
We may also disclose information if required by law, regulation, or a valid legal request.
International transfers
Some of our service providers (such as Google and Facebook) may process data outside the UK. Where this happens, we use appropriate safeguards to protect your data (for example, international data transfer agreements / standard contractual clauses).
How long we keep your data
- Account data: kept for as long as your account is active. If you delete your account, we delete or anonymise associated personal data, except where we need to keep something for legal, security, or backup purposes for a limited period.
- Business profile and events: kept until you delete them or delete your account.
- Contact form messages: kept for as long as needed to handle your enquiry and then for a reasonable period in case of follow-up.
- Analytics data: retained according to our Google Analytics settings and only collected if you consent.
Your rights
Under UK GDPR, you may have rights including:
- Access to your personal data
- Correction of inaccurate data
- Deletion of your data
- Restriction of processing
- Objection to processing (where we rely on legitimate interests)
- Data portability (in certain circumstances)
- Withdraw consent at any time (where we rely on consent, e.g. analytics cookies)
To exercise your rights, contact us at simon@hotspots1.com.
You also have the right to complain to the UK Information Commissioner’s Office (ICO).
Cookies
We use essential cookies/technologies needed for the website to function and to keep it secure. We also use non-essential analytics cookies (Google Analytics) only if you choose to accept them via our cookie banner. You can change your cookie preferences at any time by clicking the link in the footer.
Security
We use appropriate technical and organisational measures to protect personal data. No method of transmission or storage is 100% secure.
Children
Our service is not intended for children. If you believe a child has provided personal data, please contact us.
Changes to this policy
We may update this policy from time to time. We will post the updated version on this page and update the “Last updated” date below.
Last updated: 19 February 2026