Great British PAC

Privacy & Cookies Policy

This policy applies to GBP Corporation Limited (trading as Great British PAC), a company incorporated in England & Wales with registered number 15939470, whose registered office is at Webb House, 20 Church Green East, Redditch, Worcestershire, B98 8BP. Last reviewed June 2026.

To review or change your analytics cookie choice, use .

This policy explains what personal data we collect when you use this website, why we collect it, who we share it with, how long we keep it, and the rights you have over it. GBP Corporation Limited is the “data controller” for this data, which means we decide how and why it is processed.

It applies to this website only. It does not cover other sites we link to, such as our online shop, our policy platform, or our social media pages — each of those has its own privacy policy.

The data we collect

Information you give us directly, depending on how you use the site:

  • Account and membership details — your name and email address when you register as a supporter or join one of our membership tiers.
  • Contact and enquiry details — the name, email address and message you send when you use our contact, report or “promote an idea” forms.
  • Donation and payment information — when you donate or pay for membership, our payment processor (Stripe) handles your card details directly. We receive a record of the payment (amount, date, and a Stripe reference) but we never see or store your full card number.

Information collected automatically when you visit:

  • Technical and usage data — your IP address, browser type, device and operating system, the pages you view and how you move through the site. This is collected through Google Analytics (see “Cookies and analytics” below) and only when you have not opted out.

How we use your data

We use your data to:

  • create and manage your supporter or membership account and give you access to the member area;
  • take and record payments and donations, and meet our financial and legal record-keeping duties;
  • respond to your enquiries, reports and submissions;
  • send you campaign updates, newsletters and other emails you have asked to receive;
  • understand how the site is used so we can improve it (analytics).

Our legal bases

Under UK data protection law we must have a lawful basis for using your data. We rely on:

  • Contract — to manage your account and membership and to process payments you have asked us to take.
  • Consent — to send you marketing emails, and to run analytics cookies. You can withdraw this at any time (unsubscribe links are in every marketing email, and you can opt out of analytics using the “Manage cookies” link).
  • Legitimate interests — to respond to your enquiries, keep the site secure, and run our organisation efficiently, where doing so does not override your rights.
  • Legal obligation — to keep financial records and to comply with the law.

Email marketing

If you sign up as a supporter or member, or otherwise ask to hear from us, we will send you campaign updates and newsletters through our email provider, Brevo. Every email includes an unsubscribe link, and you can stop receiving them at any time. Unsubscribing from marketing does not affect service messages we need to send you about your account or a payment.

Who we share data with

We do not sell your data. We share it only with the service providers we use to run the site, and only as far as they need it to provide their service to us:

  • Supabase — hosts our database and powers your account sign-in.
  • Stripe — processes donations and membership payments.
  • Brevo — sends our newsletters and campaign emails.
  • Google Analytics — provides website usage statistics (only if you have not opted out).

Each of these is bound to protect your data and use it only on our instructions. We may also disclose data where we are legally required to do so, or to protect our rights, property or safety. Some of these providers may process data outside the UK; where they do, we rely on appropriate safeguards (such as UK/EU-approved data transfer terms).

Cookies and analytics

Cookies are small files stored on your device. We use two kinds:

Essential cookies (always on)

These are needed for the site to work and cannot be switched off. They include the sign-in cookies that keep you logged in to your account (set by Supabase), cookies set by Stripe during payment to prevent fraud, and a small cookie that remembers your cookie choice. We do not need your consent for these.

Analytics cookies (Google Analytics)

We use Google Analytics 4 to understand how visitors use the site — for example, which pages are popular and how people arrive. It sets cookies (typically named “_ga” and “_ga_…”) to recognise returning visitors and measure usage. This is anonymous, aggregated reporting; we do not use it to identify you personally.

Analytics is on by default, but you are in control. When you first visit, a small banner lets you accept or reject analytics. You can change your choice at any time using the “Manage cookies” link in the footer or below. If you opt out, we stop sending data to Google Analytics and clear its cookies from your browser.

You can also block or delete cookies through your browser settings, and Google provides a browser add-on to opt out of Google Analytics across all sites.

How long we keep your data

We keep your data only for as long as we need it. Account and membership data is kept while your account is active and for a reasonable period afterwards. Payment and donation records are kept for as long as the law requires us to keep financial records. Enquiry messages are kept only as long as needed to deal with your query. Analytics data is retained by Google for a limited period and then deleted or aggregated. If you ask us to delete your data, we will, unless we are legally required to keep it; even then, it may remain on secure backups for a short time before being overwritten.

Keeping your data secure

We use technical and organisational measures to protect your data. Access to your account is protected by sign-in, the site is served over an encrypted (HTTPS) connection, and your data is held on secure, access-controlled systems. Payment details are handled entirely by Stripe over encrypted connections. If you believe your data has been misused or accessed without authorisation, please tell us straight away at info@greatbritishpac.com.

Your rights

Under UK data protection law you have the right to:

  • Access — ask for a copy of the data we hold about you.
  • Rectification — ask us to correct data that is wrong or incomplete.
  • Erasure — ask us to delete your data.
  • Restriction — ask us to limit how we use your data.
  • Portability — ask us to transfer your data to you or another provider.
  • Objection — object to our use of your data, including for marketing or where we rely on legitimate interests.
  • Withdraw consent — at any time, where we rely on your consent (for example, marketing or analytics).

To exercise any of these rights, email us at info@greatbritishpac.com. We will respond within one month. There is normally no charge.

If you are unhappy with how we handle your data, you can complain to the Information Commissioner’s Office (ICO), the UK’s data protection regulator, at https://ico.org.uk/ or by calling 0303 123 1113. We would, however, appreciate the chance to address your concerns first.

Children

This site is intended for adults. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to this policy

We may update this policy from time to time to reflect changes to the site or the law. The latest version will always be on this page, and significant changes will be highlighted. This policy was last reviewed in June 2026.

Contact us

For any privacy question, or to exercise your rights, email info@greatbritishpac.com or write to us at GBP Corporation Limited, Webb House, 20 Church Green East, Redditch, Worcestershire, B98 8BP.