Privacy Policy

How we collect, use, and protect your personal information.

Last updated: 11 March 2026

1. Introduction

BuzzCopper is a project operated in association with Asian Hornet Alert, a not-for-profit organisation dedicated to protecting UK pollinators from the invasive Yellow-Legged Asian Hornet (Vespa velutina).

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use this website (test-www.buzzcopper.org) and our related services. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

The data controller responsible for your personal data is Asian Hornet Alert, operating the BuzzCopper project. For any data protection enquiries, please contact us at support@test-www.buzzcopper.org.

3. What Data We Collect

We may collect the following types of personal data:

3.1 Information you provide

  • Account registration: name, email address, password (stored as a secure hash)
  • Contact form submissions: name, email address, subject, category, message content
  • Preorder registrations: product selection, quantity, and postcode (no payment card details are stored on our servers)
  • Shop purchases: name, email address, shipping address, order details (payment is processed securely by Stripe — we do not store card details)
  • Support tickets: subject, message content, and any files you attach

3.2 Information collected automatically

  • Usage data: pages visited, time spent, referring pages (via Google Analytics 4)
  • Device data: browser type, operating system, screen resolution
  • IP address: used for security (login throttling, spam prevention) and approximate geolocation
  • Cookies: essential session cookies, analytics cookies (see Section 8)

3.3 Detection device data

  • Sighting images: photographs captured by BuzzCopper devices at bait stations
  • Location data: GPS coordinates of device placement (provided by the device operator)
  • Detection logs: timestamps and classification results from the onboard AI model

4. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and manage your account and device registrations
  • To process preorder registrations and shop orders
  • To respond to your enquiries and provide support
  • To send detection alerts and notifications (if you have registered a device)
  • To display sighting data on the public sighting map (location data only — no personal details)
  • To improve our website and services through anonymised analytics
  • To prevent fraud, abuse, and spam (via reCAPTCHA and login throttling)
  • To comply with legal obligations

5. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: for analytics cookies and marketing communications (where applicable)
  • Contract: to fulfil orders and provide services you have requested
  • Legitimate interests: to improve our services, prevent fraud, and operate the detection network (balanced against your rights and freedoms)
  • Legal obligation: to comply with applicable UK laws

6. Data Sharing

We do not sell your personal data. We may share data with the following parties:

  • Stripe: payment processing for shop orders (subject to Stripe's Privacy Policy)
  • Google: analytics (GA4) and spam prevention (reCAPTCHA v3) (subject to Google's Privacy Policy)
  • Asian Hornet Alert / CATCH: verified sighting data (location and images only — no personal details) to support the national detection network
  • National Bee Unit: confirmed sighting data may be shared with the Animal and Plant Health Agency (APHA) for biosecurity purposes
  • Email service providers: to deliver transactional emails (order confirmations, alerts, support responses)

7. Data Retention

  • Account data: retained for the lifetime of your account. You may request deletion at any time.
  • Contact form submissions: not stored in our database — sent via email only and retained according to email provider policies.
  • Order data: retained for 6 years to comply with UK tax and accounting requirements.
  • Login history: retained for 12 months for security auditing purposes.
  • Detection data: sighting images and logs are retained indefinitely for scientific and conservation purposes.
  • Analytics data: anonymised and retained according to Google Analytics data retention settings.

8. Cookies

This website uses the following cookies:

Cookie Purpose Duration
PHPSESSID Essential session management Session
REMEMBERME Persistent login (if selected) 1 year
_ga, _ga_* Google Analytics 4 2 years

You can control cookies through your browser settings. Disabling essential cookies may prevent parts of the website from functioning correctly.

9. Your Rights

Under the UK GDPR, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data (subject to legal retention requirements)
  • Right to restriction: request that we limit how we use your data
  • Right to data portability: receive your data in a structured, commonly used format
  • Right to object: object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at support@test-www.buzzcopper.org. We will respond within one month.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS encryption for all data in transit
  • Password hashing using bcrypt
  • CSRF protection on all forms
  • Rate limiting on authentication endpoints
  • Two-factor authentication support for user accounts
  • Regular security updates and monitoring

11. Children's Privacy

This website is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

12. International Transfers

Some of our service providers (such as Google and Stripe) may process data outside the UK. Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, in compliance with the UK GDPR.

13. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a revised "Last updated" date. We encourage you to review this page periodically.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: