Privacy Policy

Last updated: 19 December 2025

This notice explains how What's New Central ("we", "us") processes personal data when you use this site. We follow UK GDPR and the Data Protection Act 2018.

Who we are & contact

Data controller: What's New Central (sole operator).

For data rights requests or privacy concerns, you may contact us via direct email or your preferred method. Information about how to contact us is available on the site.

Data we collect

  • From you (when downloading): Your IP address and general technical information (user agent, timestamps, request logs) are recorded by our hosting platform for security and analytics purposes.
  • From administrators: Authentication data (email, role) provided by your identity provider (Azure AAD) for secure admin access to content management.
  • Local browser data: Theme preference is stored locally on your device only; we do not track this centrally.
  • We do not collect names, email addresses, download history, or other identifying information from public visitors.

How and why we use it (lawful bases)

  • Serve content downloads: We process technical/log data to provide the service (legitimate interests).
  • Secure admin access: Authentication data allows only authorized personnel to upload and manage content (legitimate interests).
  • Security and fraud prevention: Server logs help us detect and prevent abuse, attacks, or unauthorized access (legitimate interests).
  • Compliance: We retain logs as required by legal and regulatory obligations.
  • Local preferences: Theme selection is stored only on your device with your consent (implied by using the site).

Cookies and local storage

We use only essential cookies for authenticated admin sessions (Azure Static Web Apps) and local storage to remember your theme preference. We do not use advertising or analytics cookies. See the Cookies Policy for details.

Sharing and transfers

  • Hosting and authentication are provided by Microsoft Azure. Data may be processed in the UK or other regions used by Azure for resilience.
  • We do not sell personal data. We only share data with service providers where necessary to operate the site and protect the service.

Retention

We keep server logs and operational data only as long as needed for security, troubleshooting, and audit purposes (typically up to 12 months unless a longer retention period is required by law or for ongoing investigations). Downloaded content (presentations, files) remains available only as long as the operator chooses to publish it.

Your rights

If you are a public visitor, you have the right to request access to any personal data we hold about you, correct it, request deletion, or object to processing. Since we collect minimal personal data from public visitors, most rights requests can be fulfilled quickly.

If you are an administrator, you can manage or delete your authentication data by adjusting your identity provider settings.

You can clear your local theme preference at any time by clearing your browser's local storage or cookies.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Security

We use HTTPS, role-based access for admins, and Azure platform security controls. No method is 100% secure, but we aim to protect your data with appropriate technical and organisational measures.

Children

This site is not intended for children under 16. We do not knowingly collect data from children.

Changes

We will update this notice when our practices change. The "Last updated" date shows the latest revision.