1. Data Controller Information

Chingis
42 Deansgate
Manchester, M3 2BW
United Kingdom
Email: chingisenkhbaatar@gmail.com
Phone: +44 (0118) 999-881-999

We are registered with the Information Commissioner's Office (ICO).
Registration Number: 1234567890

2. Your Rights Under UK Data Protection Law

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

• The right to be informed about our collection and use of your personal data
• The right to access your personal data (commonly known as a "subject access request")
• The right to have your personal data rectified if any of your personal data is inaccurate or incomplete
• The right to be forgotten (deletion or removal of personal data)
• The right to restrict processing of your personal data
• The right to data portability (obtaining a copy of your data to reuse with another service)
• The right to object to us using your personal data for particular purposes
• Rights relating to automated decision-making and profiling

To exercise any of these rights, please contact us using the details in Section 1. We will respond to your request within one month.

3. Data We Collect

3.1 Account and Authentication Data

When you create an account or log in using NextAuth, we collect:

• Email address
• Password (securely hashed)
• Name (if provided)
• Authentication provider data (when using third-party login)

3.2 Usage Data

• IP address
• Browser type and version
• Operating system
• Access times and dates
• Pages visited
• Session information

4. How We Use Your Data

We use your personal data for the following purposes:

• To provide and manage your account
• To authenticate your identity when you log in
• To communicate with you about your account or our services
• To ensure the security of your account
• To comply with our legal obligations

5. Legal Basis for Processing

Under UK data protection law, we process your personal data on the following grounds:

• Contract: Processing necessary for the performance of our contract with you (account services)
• Legal Obligation: Processing necessary for compliance with our legal obligations
• Legitimate Interests: Processing necessary for our legitimate interests (security, fraud prevention)
• Consent: Where you have given clear consent for specific processing activities

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of personal data
• Secure authentication processes
• Regular security assessments
• Staff training on data protection
• Access controls and authentication

7. Data Retention

We retain your personal data only for as long as necessary:

• Account data: While your account is active plus 6 years after closure (for legal requirements)
• Authentication logs: 12 months
• Usage data: 26 months

8. International Transfers

Your data is primarily stored and processed in the UK. If we transfer your data outside the UK, we ensure appropriate safeguards are in place through:

• UK International Data Transfer Agreements (IDTAs)
• UK Addendum to the EU Standard Contractual Clauses
• Adequacy regulations under UK GDPR

9. Cookies

We use essential cookies for authentication and security purposes. These cookies are necessary for the functioning of our authentication system and are exempt from the consent requirement under UK regulations.

10. Your Right to Complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details above. You can also complain to the ICO:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

11. Changes to This Privacy Notice

We keep our privacy notice under regular review. This privacy notice was last updated on30/08/2025. Historic versions can be obtained by contacting us.