Privacy Policy

Last Updated: 8 February 2026

1. Introduction

Caledonia TX Ltd, trading as ROCK.SCOT ("we," "us," "our"), is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Data Controller:
Caledonia TX Ltd
Company Registration: SC646223
VAT Number: 491589639
Email: studio@rock.scot

2. Information We Collect

2.1 Information You Provide

When you use our advertising booking system, we collect:

• Contact Information: First name, last name, email address, phone number
• Business Information: Company name, business address
• Campaign Information: Advertising package selection, campaign dates, budget
• Payment Information: Billing details (processed securely by our payment provider)
• Communications: Any messages you send us via email or contact forms

2.2 Information Collected Automatically

When you visit our website, we automatically collect:

• Usage Data: Pages viewed, time spent on pages, navigation paths
• Device Information: Browser type, device type (mobile/desktop/tablet), operating system
• Location Data: General geographic location (country/region) based on IP address
• Cookies: See our Cookie Policy for details

2.3 Listening Data

When you stream our radio station:

• Stream Connection: IP address, connection time, listening duration
• Device Information: Player type, device model
• Note: We do NOT collect the content of what you listen to or create listening profiles linked to individuals

3. Legal Basis for Processing

We process your personal data under the following legal bases:

3.1 Contractual Necessity

Processing necessary to fulfill advertising contracts and provide services you've requested.

3.2 Legitimate Interests

• Operating and improving our radio station
• Understanding how our website is used
• Preventing fraud and abuse
• Network and information security

3.3 Consent

• Marketing communications (you can withdraw consent anytime)
• Non-essential cookies (you can manage preferences anytime)

3.4 Legal Obligation

• Compliance with Ofcom broadcasting regulations
• Tax and accounting requirements
• Responding to lawful requests from authorities

4. How We Use Your Information

4.1 Service Provision

• Processing and fulfilling advertising bookings
• Providing streaming services
• Communicating about your campaigns
• Customer support and inquiries

4.2 Business Operations

• Billing and payment processing
• Maintaining business records
• Compliance with Ofcom regulations
• Financial reporting and tax compliance

4.3 Analytics and Improvement

• Understanding website usage patterns
• Improving user experience
• Testing new features
• Analyzing listening trends (aggregated, non-identifiable)

4.4 Marketing (With Consent)

• Sending promotional emails about our services
• Special offers and new package announcements
• Industry news and updates

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with trusted third parties who help us operate:

• Supabase (Database hosting): Stores booking and customer data - EU/US servers
• Broadcast.Radio (Streaming): Handles audio stream delivery
• Payment Processors: Stripe/PayPal for secure payment processing
• Email Services: For transactional and marketing emails

All processors are bound by data processing agreements (DPAs) and comply with UK GDPR.

5.2 Legal Requirements

We may disclose your data when required by:

• Ofcom or other regulatory authorities
• Law enforcement (with valid legal request)
• Courts or tribunals
• Tax authorities (HMRC)

5.3 Business Transfers

In the event of a merger, acquisition, or sale, your data may be transferred to the new entity.

6. International Data Transfers

Some of our service providers are located outside the UK/EEA. When transferring data internationally, we ensure:

• Use of Standard Contractual Clauses (SCCs) approved by the UK ICO
• Adequacy decisions for countries deemed safe by UK government
• Additional safeguards where necessary

7. Data Retention

7.1 Retention Periods

• Customer Data: 7 years from last transaction (tax/accounting requirements)
• Marketing Data: Until consent withdrawn or 2 years of inactivity
• Website Analytics: 26 months (PECR maximum for non-essential cookies)
• Listening Logs: 90 days (Ofcom retention requirement)
• Correspondence: 6 years from last contact

7.2 Deletion

After retention periods expire, data is securely deleted or anonymized.

8. Your Rights Under UK GDPR

8.1 Right of Access

Request a copy of all personal data we hold about you.

8.2 Right to Rectification

Correct inaccurate or incomplete data.

8.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your data (subject to legal retention requirements).

8.4 Right to Restrict Processing

Limit how we use your data in certain circumstances.

8.5 Right to Data Portability

Receive your data in a machine-readable format.

8.6 Right to Object

Object to processing based on legitimate interests or direct marketing.

8.7 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling.

8.8 Exercising Your Rights

To exercise any rights, email: studio@rock.scot
We will respond within 30 days (or 90 days for complex requests).

9. Security Measures

We protect your data using:

• HTTPS encryption for all website communications
• Encrypted database storage
• Access controls and authentication
• Regular security audits
• Staff training on data protection
• Incident response procedures

10. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately.

11. Ofcom Compliance

As an Ofcom-licensed broadcaster, we comply with:

• Broadcasting Code requirements
• Content standards and editorial policies
• Complaints handling procedures
• Technical and coverage obligations
• Logging and record-keeping requirements

12. Advertising Compliance

When we run advertisements, we comply with:

• CAP Code: UK Code of Non-broadcast Advertising and Direct & Promotional Marketing
• BCAP Code: UK Code of Broadcast Advertising
• ASA Regulations: Advertising Standards Authority guidelines
• PECR: Rules on electronic marketing communications

13. Changes to This Policy

We may update this policy to reflect changes in law or our practices. Significant changes will be notified via email or prominent website notice.

14. Contact & Complaints

14.1 Contact Us

Data Protection Officer:
Email: studio@rock.scot
Post: Caledonia TX Ltd, [Your Address], Scotland

14.2 Complaints to ICO

If unsatisfied with our response, you can complain to:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

15. Definitions

• Personal Data: Information relating to an identified or identifiable person
• Processing: Any operation performed on personal data
• Controller: Entity determining purposes and means of processing
• Processor: Entity processing data on behalf of controller
• Consent: Freely given, specific, informed indicatio