We run the site as a community resource and not to make money, therefore we try and do right by our users when it comes to privacy, currently we collect information about you to allow us to effectively run the site and for a better user experience and we don't sell it to third parties, we don't send mass mailings, the site only sends update notifications if you have selected to and you can unselect it at any time. You do have to give us a small amount of data (a valid email address) and we will automatically collect some info from you (ip address, timezone etc) but it's just the minimum we feel we need to not make using the site a terrible experience.
The exception are the adverts, in theory we don't collect that data, the space on page is sub-let to google, they put the advert in it and they (we assume) are collecting no end of tracking data from them. We wish we didn't have to use adverts that did this, but they are pretty much the only source of income the site. If you'd be interested in paying a small fee to go ad-free, do let us know.
Log files are maintained and analysed of all requests for files on this website's web servers. Log files do not capture traditional personal information but do capture the user's IP address (which is possibly classed as PII under GDP), which is automatically recognised by our web servers.
We also collect anything you add to your profile or anything you choose to post on the forum, but that should hopefully be obvious. This stuff we class as public data not personal data, it's all optional, if you want to keep it private don't add it / post it (though you can asked for it to be removed).
We don't collect or buy-in data from out side the site (i.e. mailing lists of fans to entice as potential members).
We don't have a set retention period on any person data, but the GDPR you have a right to have it removed. Unless you tell us otherwise, this will simply be a case of removing your account from our systems, this includes private messages but does not include public messages (although the personal information about the owner normally shown next to posts will no longer exist). As we don't have a set retention period, consider it "indefinitely", we have active users and posts from over 15 years ago and we think this is a good thing.
Only admins and backroom staff of the site (which can be viewed here - https://www.brfcs.com/mb/index.php?/staff/ ) can access your personal data, not moderators, authors or other users, except for the information you choose to display on your public profile (such as display name). The other exemption is the people who are responsible for keeping the web hosting infrastructure up and running.
The data itself is currently held in France (which inside the EU for the geographically challenged), with disaster recover options in the UK/Ireland.
Finally, because the USA has some specific legislation around marketing to under 13 year olds, we took the decision (like most social media sites) to never collect or maintain information at our website from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.
The GDPR whilst a pain for people like us who run websites (especially those who do it for free, for the good of the community) is great for you as users as it gives you a boat load of new rights and an expectations that your data will be treated in the right way. For more info see https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ This includes your right to have your data removed and your right to remove consent from us using your data (which in our case, is pretty much the same thing) and your right to lodge a complaint with the ICO (but please, talk to us first, we do want to do the right thing with your data).
BRFCS.com is "owned" by a limited company, BRFCS Ltd, which may seem odd for a community resource that nobody takes a wage or dividend from, but once upon a time it allowed us some level of personal legal protection. However, it does mean we have a legal obligation to to provide postal contact data (though, we much prefer email) - BRFCS.com (C/O Glenn Pegden) , 5 Reedsdale Avenue, Gildersome, Leeds, LS27 7JE. However you'll normally get much quicker response by emailing email@example.com (as multiple people receive those emails). Despite no longer involved in the day to day running of the site, for the purposes of GDPR, Glenn acts as Representative, Data Protection Officer, Chief Cook and Bottle washer, he wishes he didn't, but nobody else would do it.
Finally, Thank You for reading this far, we doubt very few will, but as you did, feel free to tweet @brfcsdotcom and let us know. It will make a very dull process seem slightly less pointless.