diff --git a/democracy_club/templates/privacy.html b/democracy_club/templates/privacy.html index 765f7a56..01b8b61f 100644 --- a/democracy_club/templates/privacy.html +++ b/democracy_club/templates/privacy.html @@ -11,70 +11,98 @@

Privacy & Terms

## Privacy -This site is run by Democracy Club Community Interest Company. We are a UK-registered not-for-profit dedicated to providing opportunities for greater democratic engagement. Our registered office address is Democracy Club, Spacehoppers, New Mills, Libbys Drive, Stroud, GL5 1RN. +This site is run by Democracy Club Community Interest Company. We are a UK-registered not-for-profit dedicated to +providing opportunities for greater democratic engagement. Our registered office address is Democracy Club, +Spacehoppers, New Mills, Libbys Drive, Stroud, GL5 1RN. -In a nutshell, we care about your privacy. We collect data to see how people use our sites so that we can improve them. We don’t carry adverts and we don’t sell your data. +In a nutshell, we care about your privacy. We collect data to see how people use our sites so that we can improve them. +We don’t carry adverts, and we don’t sell your data. ## Privacy, in detail -###Why do we collect data? +### Why do we collect data? -The law says we must have a ‘lawful purpose’ to collect personal data. We collect and process personal information either because we have your explicit consent to do so or because we have a legitimate interest in improving our services. +The law says we must have a ‘lawful purpose’ to collect personal data. We collect and process personal information +either because we have your explicit consent to do so or because we have a legitimate interest in improving our +services. -Democracy Club CIC runs several digital services whose purpose is to increase democratic engagement, as well as secondary services that indirectly serve those aims, such as a crowdsourcing database, an email list and an online chat space. These services or tools are made more useful or can only exist as a result of personal data being shared with us. +Democracy Club CIC runs several digital services whose purpose is to increase democratic engagement, as well as +secondary services that indirectly serve those aims, such as a crowdsourcing database, an email list and an online chat +space. These services or tools are made more useful or can only exist as a result of personal data being shared with us. -###What data do we collect? +### What data do we collect? -When you use any of our services, we may store your IP address ([a unique identifier for your device or internet connection](https://simple.m.wikipedia.org/wiki/IP_address)) in order to understand how our websites are used and to help with some parts of our server administration. +When you use any of our services, we may store your IP +address ([a unique identifier for your device or internet connection](https://simple.m.wikipedia.org/wiki/IP_address)) +in order to understand how our websites are used and to help with some parts of our server administration. -If you sign up to any of our services, such as a mailing list or election reminders, we collect the data you provide so that we can keep in touch and provide you with relevant information. +If you sign up to any of our services, such as a mailing list, we collect the data you provide so +that we can keep in touch and provide you with relevant information. -If you sign up to help crowdsource data, we will store your username and email address. The edits you make will be publicly recorded alongside your username, which, depending on the username you choose, may allow you to be identified personally. If you have chosen an anonymous username, Democracy Club administrators will be able to see the email address linked to it. +If you sign up to help crowdsource data, we will store your username and email address. The edits you make will be +publicly recorded alongside your username, which, depending on the username you choose, may allow you to be identified +personally. If you have chosen an anonymous username, Democracy Club administrators will be able to see the email +address linked to it. -Several of our services provide information to you based on your postcode. We store your postcode so we can produce anonymised statistics, such as when we total up the number of users in an area. For example, we made [this table](https://democracyclub.github.io/wheredoivote-usage-may-2018/data/wheredoivote-usage-may-2018) of users in a council area. +Several of our services provide information to you based on your postcode. We store your postcode so we can produce +anonymised statistics, such as when we total up the number of users in an area. For example, we +made [this table](https://democracyclub.github.io/wheredoivote-usage-may-2018/data/wheredoivote-usage-may-2018) of users +in a council area. -###Do we share information with others? +### Do we share information with others? The personal data we collect on candidates becomes open data available to anyone to increase democratic engagement. -If you use our websites, we log events that happen on our website using Papertrail by SolarWinds. You can see their [privacy policy](https://www.solarwinds.com/legal/privacy) here. +If you sign up for our online chat, Slack, you’ll be subject to +their [privacy policy](https://slack.com/privacy-policy). -If you sign up to receive emails from us, we use a third-party service called SendGrid to send the emails. Here’s their [privacy policy](https://sendgrid.com/policies/privacy/services-privacy-policy/). +Everything else, including postcode logging and server access logs are stored on our hosting provider, AWS. We only use +the `eu-west-2` AWS region, meaning data is stored in the UK. You can read more +on [how AWS process this data](https://aws.amazon.com/compliance/eu-data-protection/). -If you sign up for our online chat, Slack, you’ll be subject to their [privacy policy](https://slack.com/privacy-policy). +Slack and AWS are US companies. They must observe the same GDPR rules when processing data from the EU. -SolarWinds, Slack and SendGrid are US companies. They must observe the same GDPR rules when processing data from the EU. +### For how long do we keep personal data? -We store and process data using Amazon Web Services, a popular ‘cloud’ service, using servers based in the EU. +We keep personal data for as long as we have consent or as long as is necessary to pursue the goal of greater democratic +engagement and is consistent with the public interest. -###For how long do we keep personal data? +For example, we will maintain a record of candidates as a matter of public fact, but we can remove contact details, +or information that isn't part of a public notice, on application. The nature of open data means that we can only +do this on the web properties we control. -We keep personal data for as long as we have consent or as long as is necessary to pursue the goal of greater democratic engagement and is consistent with the public interest. +If you sign up for one of our services, such as our mailing list, we will keep your data until you +notify us that you no longer wish to use the service. -For example, we will maintain a record of candidates as a matter of public fact, but we can remove contact details on application. The nature of open data means that we can only do this on the web properties we control. +### Cookies, tracking and third-party services -If you sign up for one of our services, such as our mailing list or election reminders, we will keep your data until you notify us that you no longer wish to use the service. +We sometimes use cookies track if you are logged in to a website. This type of cookie is ‘strictly necessary’ +for the log-in feature to work. -###Cookies, tracking and third-party services +We track usage of our services so that we can see how people are using it, what pages people are looking at and so on in +order to improve the service. -We sometimes use cookies to improve the service to you (for example, so that you can use the website without having to identify yourself on each page, and to protect the site against malicious use). +We use GoatCounter to do this. It does not identify you personally. You can read more about +[GoatCounter's GDPR policy](https://www.goatcounter.com/help/gdpr) and their +[privacy policy](https://www.goatcounter.com/help/privacy). -We track usage of our services so that we can see how people are using it, what pages people are looking at and so on in order to improve the service. We use Google Analytics to do this. It does not identify you personally, but you can use a browser plugin to opt out of this kind of tracking and see [this page](https://policies.google.com/technologies/partner-sites) for more on how Google uses data. +### Your rights -###Your rights +You can ask to see the personal data we hold for you. You can also ask us to delete it. In both cases we must respond +within one month. We will not erase data that is of a public record, such as the name of a candidate in an election. -You can ask to see the personal data we hold for you. You can also ask us to delete it. In both cases we must respond within one month. We will not erase data that is of a public record, such as the name of a candidate in an election. - -You can ask that we correct any erroneous personal data we hold about you. We will aim to do that as quickly as possible. +You can ask that we correct any erroneous personal data we hold about you. We will aim to do that as quickly as +possible. You have the right to object to the use of your personal data. -###Contact us - -To exercise your personal data rights or for any questions about how we process data, please email [hello@democracyclub.org.uk](mailto:hello@democracyclub.org.uk). +### Contact us -If you believe that we are not observing your personal data rights, you also have the right to complain to the Information Commissioner’s Office and potentially to a judicial remedy. +To exercise your personal data rights or for any questions about how we process data, please +email [hello@democracyclub.org.uk](mailto:hello@democracyclub.org.uk). +If you believe that we are not observing your personal data rights, you also have the right to complain to the +Information Commissioner’s Office and potentially to a judicial remedy. ## Terms