Privacy Policy

Effective Date: May 31, 2025

Last Updated: May 31, 2025

At Bron Yr Aur, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR).

This Privacy Policy also explains our practices in line with the European Union General Data Protection Regulation (EU GDPR), California Consumer Privacy Act (CCPA), and other applicable global privacy laws for users outside the UK.

1. Who We Are

Bron Yr Aur is a social enterprise and micronation initiative. We collect personal data from individuals who choose to purchase Founding Citizenship as part of our nation-building project.

2. What Information We Collect

When you purchase Founding Citizenship, we collect the following personal data:

  • Full name

  • Email address

  • Postal address (for welcome pack delivery)

  • Payment information (processed securely via our payment provider)

  • Citizenship preferences (e.g., chosen honorary title)

  • Communication preferences

3. Why We Collect Your Information

We collect and use your personal data for the following purposes:

  • To process your citizenship purchase and payment

  • To issue and deliver your citizenship documentation (digital and physical)

  • To register your name in the official Founding Citizens Registry

  • To manage your access to citizen-only platforms, experiences, and communications

  • To fulfill our legal and regulatory obligations

4. Legal Basis for Processing

Under the UK GDPR, the lawful bases for processing your personal data include:

  • Contractual necessity – to fulfill our agreement with you as a Founding Citizen

  • Legal obligation – to comply with applicable laws

  • Legitimate interests – to maintain accurate citizenship records and engage with our community

  • Consent – for optional communications and marketing, where applicable

If you are located in the European Union, Canada, or other regions, we also process your data in accordance with local laws including EU GDPR and PIPEDA, relying on equivalent legal bases.

5. How We Store and Protect Your Data

Your data is securely stored using encrypted servers and password-protected systems. Physical welcome materials are processed through verified mailing services. We implement appropriate technical and organizational measures to protect against unauthorized access, disclosure, or destruction of your data.

6. Data Sharing

We do not sell or share your data with third parties for marketing purposes. Your data may be shared only with:

  • Payment processors (e.g., Stripe, PayPal)

  • Cloud hosting or service platforms (under strict data processing agreements)

  • Legal authorities, if required by law

In jurisdictions such as California, we confirm that we do not sell or share personal data for cross-context behavioural advertising as defined under the CCPA.

7. International Data Transfers

If we transfer your personal data outside the UK, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or transfers to countries with adequate protection levels.

This applies to users in the EU, Canada, or elsewhere, and includes data transfers to our cloud service providers or mailing agents outside your home jurisdiction. We take steps to ensure your data is protected regardless of location.

8. How Long We Keep Your Data

We retain your data only for as long as necessary to fulfill the purposes described above. Citizenship records may be kept indefinitely for historical and community archive purposes, unless a data subject exercises their right to erasure (see below).

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Access – request a copy of the data we hold about you

  • Rectification – request corrections to inaccurate or incomplete data

  • Erasure – request deletion of your data, where applicable

  • Restriction – request a pause on processing

  • Objection – object to processing based on legitimate interest

  • Data portability – request transfer of your data to another service

  • Withdraw consent – for communications where consent was given

If you are a resident of California, you may also:

  • Request to know what personal data we collect and how we use it
  • Request deletion of your personal data (with some lawful exceptions)
  • Opt out of any sale or sharing of your data (note: we do not sell your data)
  • Designate an authorized agent to act on your behalf

If you are a resident of Canada, you may:

  • Request access to and correction of your data
  • Inquire about how we safeguard your data during cross-border transfers
  • File a complaint with the Office of the Privacy Commissioner of Canada (OPC)

To exercise any of these rights, please contact us at: [email protected].

 

10. Contact Information

For questions or concerns about this Privacy Policy or your data:

Data Controller: Bron Yr Aur

Email: [email protected]

Postal Address: Bron Yr Aur Micronation, Government Administrative Office, Unit 1 Dyfi Eco Park, Machynlleth, Powys, SY20 8AX, Wales, UK

If you believe we have not handled your data properly, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk

You may also contact:

  • European Data Protection Board (EDPB) if you are in the EU
  • Office of the Privacy Commissioner (Canada):priv.gc.ca
  • California Attorney General (USA):ca.gov/privacy