ANESFHS Burial Sites
Sign in

Privacy Policy

Effective date: 22 May 2018 — last updated for this application: July 2025

This privacy policy explains how the ANESFHS Burial Sites web application (operated by the Aberdeen and North-East Scotland Family History Society, “the Society”) collects, uses, and protects any personal information you provide when you use this service. The Society is committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy may be updated from time to time. The effective date above will be revised whenever a material change is made. Please review it periodically.

1. Who we are

The Aberdeen and North-East Scotland Family History Society (ANESFHS) is a registered Scottish charity. Our principal address is:

158–164 King Street, Aberdeen AB24 5BD, Scotland, UK
Email: memorial-index@anesfhs.org.uk

2. What information we collect

This application offers sign-in via third-party identity providers (Google, Microsoft, and Facebook). When you sign in using one of these services, the provider sends us only the following:

  • Your name (as registered with the provider)
  • Your email address
  • A profile picture URL (Google only, displayed in the page header)

We do not receive or store your password. Your password remains entirely with the identity provider you choose.

We do not collect postal addresses, telephone numbers, payment details, or any information beyond what is listed above.

We do not collect any personal information from users who are not signed in. The burial site records and memorial inscriptions available on this site are historical records and do not relate to living individuals.

3. How we use your information

Your email address is used solely to:

  • Verify that you are a registered Society volunteer or member
  • Assign the appropriate access level within this application (Guest, Member, Volunteer, or Admin)
  • Display your name in the application header while you are signed in

We do not use your information for marketing, profiling, or any purpose other than granting appropriate access to this application.

4. Legal basis for processing

We process your name and email address on the basis of legitimate interests (UK GDPR Article 6(1)(f)): specifically, to control access to volunteer and member-only sections of this application and to protect the integrity of the data held within it.

5. Data sharing and third parties

We do not sell, share, or transfer your personal information to any third party, except as follows:

  • Identity providers (Google, Microsoft, Facebook): your sign-in is handled entirely by these providers under their own privacy policies. We only receive the data described in section 2 above.
  • Hosting infrastructure: this application is hosted on Google Cloud Run. Data in transit is encrypted using TLS. No personal data is written to persistent cloud storage.

6. Cookies and session data

This application uses a single encrypted authentication cookie to maintain your signed-in session. This cookie contains your name, email address, and access role. It is not used for tracking or advertising purposes. No third-party cookies are set by this application.

Google One Tap (if displayed on the sign-in page) is loaded from Google’s servers and is subject to Google’s Privacy Policy.

7. How long we retain your data

Your name and email address are held in our volunteer/member database for as long as you remain an active volunteer or member of the Society. If you cease your membership or volunteer role, your record may be archived in accordance with the Society’s wider data retention policy.

Your sign-in session cookie expires after 14 days of inactivity or when you explicitly sign out.

8. Security

We take appropriate technical and organisational measures to protect your personal information, including:

  • All traffic is served over HTTPS with HSTS enforced
  • Authentication cookies are encrypted using ASP.NET Core Data Protection
  • We never ask for or store passwords
  • Access to administrative functions requires a verified Society role

9. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Rectification of any inaccurate data
  • Erasure (“right to be forgotten”) — see our Data Deletion page
  • Restriction of processing
  • Object to processing based on legitimate interests
  • Portability of your data

To exercise any of these rights, please write to us at the address in section 1, or email memorial-index@anesfhs.org.uk. We will respond within 30 days.

10. Links to other websites

This application may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies.

11. Changes to this policy

We may update this policy from time to time. Material changes will be reflected in the effective date at the top of this page. Continued use of this application after any change constitutes your acceptance of the updated policy.

12. Contact us

If you have any questions about this privacy policy or the data we hold, please contact us at: memorial-index@anesfhs.org.uk or write to us at 158–164 King Street, Aberdeen AB24 5BD.

v1.0.73 (build 835)
An unhandled error has occurred. Reload 🗙

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please reload the page.