-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Privacy Policy with necessary info for GDPR
Related CoVE PR OpenDataServices/cove#1021
- Loading branch information
Showing
1 changed file
with
78 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -37,7 +37,7 @@ <h2>{% trans "How we use cookies" %}</h2> | |
| <li>{% trans "Remember your choices within the application, for your convenience, and where relevant remember that you are logged into the application." %}</li> | ||
| </ul> | ||
|
|
||
| <p>{% blocktrans %}We use <a href="http://piwik.org">Piwik</a> to analyse usage of our website (see Piwik section below). This uses cookies to identify you (anonymously) as the same user, so that we can analyse our web traffic better. E.g. it allows us to count how many users we have, instead of just total page views or analyse what pages people commonly visit together.{% endblocktrans %}</p> | ||
| <p>{% blocktrans %}We use <a href="http://matomo.org">Matomo</a> to analyse usage of our website (see "Understanding website visitor and traffic patterns" section below). This uses cookies to identify you (anonymously) as the same user, so that we can analyse our web traffic better. E.g. it allows us to count how many users we have, instead of just total page views or analyse what pages people commonly visit together.{% endblocktrans %}</p> | ||
| <p>{% blocktrans %}If you do allow cookies to be used, Piwik uses 1st party cookies, set on the domain of this website. Cookies created by Piwik start with: {% endblocktrans %}</p> | ||
|
|
||
| <ul> | ||
|
|
@@ -57,36 +57,94 @@ <h2>{% trans "How we use cookies" %}</h2> | |
|
|
||
| <p>{% blocktrans %}If you choose not to accept these cookies the application may not work for you.{% endblocktrans %}</p> | ||
|
|
||
| <h2>{% trans "Piwik Traffic Analytics" %}</h2> | ||
|
|
||
| <p>{% blocktrans %}We use our own hosted version of <a href="http://piwik.org">Piwik</a> to analyse our web traffic. We do this to get an idea of how much traffic we are getting, where from and when.{% endblocktrans %}</p> | ||
| <p>{% blocktrans %}If you have set your web browser to "I do not want to be tracked" (DoNotTrack is enabled) then Piwik will not track your visit.{% endblocktrans %}</p> | ||
| <p>{% blocktrans %}Piwik also it’s own opt out mechanism:{% endblocktrans %}</p> | ||
| <h2>Privacy Notice</h2> | ||
|
|
||
| <p> | ||
|
|
||
|
|
||
| Open Data Services Co-operative Limited | ||
| is committed to ensuring that your privacy is protected. This privacy notice sets out how we collect and process any personal data when you use this website.</p> | ||
|
|
||
| <p>We may change this notice from time to time by updating this page. This notice is effective from 24th May 2018.</p> | ||
|
|
||
| <p>Data controller:<br/> | ||
|
|
||
| Open Data Services Co-operative Limited, 1st Floor, Holyoake House, Hanover Street, Manchester, Greater Manchester, England, M60 0AS. <a href="mailto:[email protected]">[email protected]</a>. | ||
|
|
||
| <br/>Contact us if would like a copy of the information held on you or if you believe that any information we are holding on you is incorrect or incomplete. | ||
|
|
||
| </p> | ||
|
|
||
| <p>You have the following rights concerning this data: <ul> | ||
| <li>Right to be informed, which is the purpose of this privacy notice</li> | ||
| <li>Right to Access, Rectification, Erasure, and to Restrict Processing. Note that the right to Erasure and Restrict Processing are balanced against our legitimate interests. Where relevant, you need to provide information to re-identify yourself from our pseudonymised data, see <a href="https://gdpr-info.eu/art-11-gdpr/">GDPR Article 11</a></li> | ||
| <li>Right to object to our processing.</li> | ||
| </ul></p> | ||
|
|
||
| <p>Our supervisory authority is the <a href="https://ico.org.uk/">ICO in the UK</a>. You have the right to lodge a complaint with them.</p> | ||
|
|
||
| <p>We process personal data for the following purposes: <ul> | ||
| <li>Understanding website visitor and traffic patterns</li> | ||
| <li>Understanding server behaviour</li> | ||
| <li>Identifying and being alerted to software errors</li> | ||
| </ul></p> | ||
|
|
||
| We rely on <a href="https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/">legitimate interests</a> (<a href="https://gdpr-info.eu/art-6-gdpr/">GDPR Article 6(1)(f)</a>) as the lawful basis for this processing. Details about the type of data, the purpose of the processing and legitimate interests, and the storage and retention of the data are set out below. | ||
|
|
||
|
|
||
| <h3>Understanding website visitor and traffic patterns</h3> | ||
| We collect data about your visits to the website, for the purpose of analysing how the website is used, so that we can improve it. A self hosted copy of Matomo is used for this. | ||
|
|
||
| <p>Personal data we collect:<ul> | ||
| <li>Your IP address - this is pseudonymised by redacting the second half of the address</li> | ||
| <li>Referrer (what page you arrived at one of our web pages from)</li> | ||
| <li>Information about your device, OS and browser</li> | ||
| </ul>We do not use this data to personally identify individuals, but it is possible that it could be used to do so, particularly if combined with other datasets.</p> | ||
|
|
||
| <p>You can opt out of this processing: | ||
| If you have set your web browser to "I do not want to be tracked" (DoNotTrack is enabled) then Matomo will not track your visit.</p> | ||
|
|
||
| <p>Matomo also it’s own opt out mechanism:</p> | ||
| <!-- opt out iframe - clicking this will mean people can opt out of tracking --> | ||
| <iframe style="border: 1; height: 150px; width: 600px;" src="http://mon.opendataservices.coop/piwik/index.php?module=CoreAdminHome&action=optOut&language=en"></iframe> | ||
| <iframe style="border: 1; height: 150px; width: 600px;" src="https://mon.opendataservices.coop/piwik/index.php?module=CoreAdminHome&action=optOut&language=en"></iframe> | ||
|
|
||
| <p>Data processors: Bytemark.</p> | ||
|
|
||
| <p>No data is transferred to third countries or international organisations.</p> | ||
|
|
||
| <p>The data is kept indefinitely, in pseudonymised form.</p> | ||
|
|
||
| <h2>{% trans "Server Logs" %}</h2> | ||
| <h3>Understanding server behaviour</h3> | ||
| We collect data about your visits to the website in server logs. This is for the purpose of debugging network issues, monitoring server usage, and identifying malicious usage. | ||
|
|
||
| <p>{% blocktrans %}Open Data Services Co-operative Limited keep server logs of traffic to, and activity on, our all of our servers. Primarily this is to help us keep our servers healthy and working by knowing how much activity is taking place on them.{% endblocktrans %}</p> | ||
| <p>{% blocktrans %}We use the ELK stack (Elasticsearch, Logstash, Kibana) to analyse Server logs.{% endblocktrans %}</p> | ||
| <p>{% blocktrans %}Our server logs record information such as your IP address, the browser you are using, and your operating system. Generally, this is considered not to constitute personal information, but we recognise that when aggregated, and analysed there is a chance that this data could potentially enable identification of individuals. This is not something we do. {% endblocktrans %}</p> | ||
| <p>Personal data we collect:<ul> | ||
| <li>Your IP address</li> | ||
| <li>User agent (information about the OS and browser that you use)</li> | ||
| <li>Referrer (what page you arrived at one of our web pages from)</li> | ||
| </ul>We do not use this data to personally identify individuals, but it is possible that it could be used to do so, particularly if combined with other datasets.</p> | ||
|
|
||
| <h2>{% trans "Privacy Policy" %}</h2> | ||
| <p>Data processors: Bytemark.</p> | ||
|
|
||
| <p>No data is transferred to third countries or international organisations.</p> | ||
|
|
||
| <p>The data is kept indefinitely.</p> | ||
|
|
||
| <p>{% blocktrans %}This privacy policy sets out how Open Data Services Co-operative Limited uses and protects any information that you give Open Data Services Co-operative Limited when you use this website.{% endblocktrans %}</p> | ||
| <p>{% blocktrans %}Open Data Services Co-operative Limited is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.{% endblocktrans %}</p> | ||
| <p>{% blocktrans %}Open Data Services Co-operative Limited may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 1st April 2015.{% endblocktrans %}</p> | ||
| <h3>Identifying and being alerted to software errors</h3> | ||
| When an error occurs on our site, we record details about the visit that caused it. We use <a href="https://sentry.io/welcome/">Sentry</a> for this. | ||
|
|
||
| <h3>{% trans "What we collect" %}</h3> | ||
| <p>Data we collect:<ul> | ||
| <li>Your IP address</li> | ||
| <li>User agent (information about the OS and browser that you use)</li> | ||
| <li>Referrer (what page you arrived at one of our web pages from)</li> | ||
| </ul>We do not use this data to personally identify individuals, but it is possible that it could be used to do so, particularly if combined with other datasets.</p> | ||
|
|
||
| <p>{% blocktrans %}Currently we do not collect any personal information from you when you use this website.{% endblocktrans %}</p> | ||
| <p>{% blocktrans %}Open Data Services Co-operative Limited does create and store metadata about your use of the application, in order to monitor how the application is being used.{% endblocktrans %}</p> | ||
| <p>Data processors: Sentry (Functional Software, Inc.)</p> | ||
|
|
||
| <p>Data is transferred to Functional Software, Inc. who are based in the USA.</p> | ||
| <p>The data is kept for 90 days.</p> | ||
|
|
||
| <h2>{% trans "Controlling your personal information" %}</h2> | ||
|
|
||
| <p>{% blocktrans %}Although this application does not record any personal information you may like to know that you may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please email the Data Protection Officer at [email protected]. If you would like to write to us our registered addresess is 32 Church Road, Hove, East Sussex, England, BN3 2FN. Further details are available on the <a href="https://opencorporates.com/companies/gb/09506232">Open Data Services Co-operative Limited page at Open Corporates</a>.{% endblocktrans %}</p> | ||
| <p>{% blocktrans %}If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.{% endblocktrans %}</p> | ||
|
|
||
| <h2>{% trans "Security" %}</h2> | ||
|
|
||
|
|
||