This policy explains how we collect, use, and share personal data in compliance with UK GDPR and the Data Protection Act 2018. It applies to the meets, our online spaces, and purchases/donations.
We use secure platforms and limit access to only trusted staff who have passed their probation period. Internal moderation data is kept confidential.
Defining attendee
BristolFurs does not maintain an official attendee registry. We consider a data subject an attendee if they have:
- participated in our events
- engaged in online spaces
If you no longer wish to be considered an attendee, please notify us at privacy@bristolfurs.co.uk, and we will take this as a data deletion request.
Data we collect and why
Donations and purchases - Stripe
When you make a donation or purchase through Ko-fi, all payment data is handled and kept in Stripe’s secure systems. Whilst we have access to this information, we do not export or download the data ourselves. Stripe’s GDPR policy can be found here.
Data accessible to us includes:
- Full legal name
- Postcode
- Type of card (e.g., Visa, Mastercard)
- Expiry date of banking card
- Last 4 digits of banking card number
- The bank handling the transaction
- Email addresses
This allows Stripe to take donations and help us confirm purchases.
Age verification (checking ID)
To help us enforce our rules restricting our events and online spaces to those over the age of 18, we may ask to see identification to verify your age.
We only inspect ID visually and do not capture or store this information other than to confirm to other staff that you are 18 or over.
In the event that we need to request this information online, any photos of your ID you share with a staff member in direct messages will not be captured, stored or shared.
We may permit partial redaction before an ID is sent to us to avoid capturing unnecessary data.
Online spaces
When interacting in our Discord server, Telegram group, or other online spaces we moderate, we may collect:
- Online handles (usernames and display names).
- Profile pictures.
- Pronouns.
- Information that’s displayed on your public profile.
- Content you post.
In order to moderate the community, verify users, and maintain a safe space.
When contacting us via email, we will have access to the following information:
- Your email address.
- Information voluntarily provided.
We use this information to respond to your query. The contents of your email may be shared with other members of BristolFurs staff if they need to be aware of the information you have provided or in order to assist with answering your email.
Storage and retention
- Internal moderation notes are retained as long as the user is a regular attendee of Bristol Furs (see ‘defining attendee’ section).
- Payment data is retained according to Stripe’s data retention policy.
- We will retain relevant information regarding attendees who have received disciplinary action indefinitely.
- We will hold relevant information regarding attendees who are under investigation by BristolFurs staff.
- ID checks are not recorded or retained.
Email storage and retention
We review email contacts annually. On review, we will delete email contacts of attendees who:
- we have not had correspondence within the last 365 days
- we can confirm are no longer an attendee (see ‘defining attendee’ section)
Any correspondence from the email address we are erasing will also be deleted where legally possible (see ‘individual rights’ section).
We operate on this basis as BristolFurs is run by volunteers and, as such, it is not feasible for our mailbox and contacts to be reviewed on a more regular basis.
Lawful basis for processing
We rely on the following lawful bases under GDPR:
- Consent – when emailing us, donating, attending meets or engaging in online spaces
- Contractual obligation – for merch orders
- Legitimate interest – to keep our group safe and enjoyable
- Legal obligation – when required to share data with authorities
Data sharing
We do not sell or trade your personal data, but may share minimal necessary data under the following circumstances:
- With other furry groups or event organisers if a subject is banned or poses a known risk
- With the police or relevant authorities when legally required
We only share data that is required for the context of the situation.
Individual rights
We recognise that to remain in compliance with GDPR, individuals have the right to request:
- access to the personal data we hold about you
- that we correct inaccurate data
- deletion of data concerning them (where legally possible)
- object to processing
Once you make one of the requests above, we will fulfill it within 30 days as per the timeframe legally required by GDPR. It is within our right to extend this time frame by 60 days if the request is complex or if there are multiple requests submitted by the same individual. You will be informed if an extension is required.
- Requests to erase or access personal data related to an individual who is under investigation by law enforcement may be delayed until investigation has concluded (GDPR Art 6, paragraph 1 c) (GDPR Art 17, paragraph 3 b).
- Requests to erase or access personal data related to an individual that is under investigation by Bristol Furs staff may be delayed until investigation has concluded (GDPR Art 6, paragraph 1 f).
Both policy points above are also in compliance with GDPR Art 6, paragraph 1 d.
To exercise these rights, please contact us at: privacy@bristolfurs.co.uk.
This document was last updated on 28 October 2025.