Who we are

The greendurham.org.uk website is a project run by Transition Durham, a unincorporated association providing a network to support and encourage local green action, especially around climate change, community resilience and our dependency on finite fossil fuels. The site also incorporates the websites of Durham Local Food and the North East Permaculture Network.

What personal data we collect and why we collect it

All Visitors

Some information is automatically collected for all visitors to the website. This includes:

Technical information

– Your Internet protocol (IP) address

– Your browser type and version

– Your computer’s operating system

– Screen Dimensions

– Language

– Country you are located

Detail of your visit

– The website or search engine you used to find our site

– Which pages you visit and for how long

– Any links you click on while visiting

This data is processed on the legal basis of our legitimate interest in providing, monitoring, improving and maintaining the security of the services provided by the website.

Contact Forms

When visitors complete a form we collect their name, email address and the additional data shown on the form. User profile details may also be included, If the visitor is logged in at the time.

The Google reCAPTCHA service is used to protect the site from spam and abuse. The Google Privacy Policy and Google Terms of Service can be found here:

https://policies.google.com/privacy

https://policies.google.com/terms  

Depending on the type of form, details are emailed to an account owner or to members of the website team. Although a secure method is used to send emails, end to end security can not be assured as this depends on the method used by the recipient to retrieve the message

Messages sent to account owners are also held on the site database to allow them to be viewed from the account owner’s dashboard.

Details of emails sent by the website host are also stored on the server for thirty days. These can be viewed by the website team. This allows us to confirm emails are being sent in the correct format and to the intended email account. It also allows us to follow up any issues of inappropriate messages being sent.

Where a form is used to request to be added to a riseup email list or google group the user’s name and email will be passed to the service. The privacy policy for riseup.net and google.com can be found here:

https://riseup.net/en/privacy-policy

https://policies.google.com/privacy

This data is processed on the legal basis of our legitimate interest in providing a method of communication for visitors, reducing spam and abuse, allowing requests to be actioned and enabling correspondence.

Account Users

In addition to details covered for Contact Forms, data sent as an account application is stored as part of a user’s profile. This includes your organisation’s name, bio, web site address and your position within the organisation. These details can be amended by the account owner and are visible to website admin users.

Some profile details may appear on public pages including your organisation’s display name and listings linked to your account. Email address details are not shown on public pages but it may be possible for visitors to send messages to your profile’s email address using a contact form.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/ . After approval your profile picture may be visible on some public pages.

Listings

All details entered on a listing may be displayed on a public page. This includes contact details such as address and telephone number but does not include the email address field.

Claimed Listings

Claimed listings are indicated with a blue tick and may show a link to the user account of the owner. Visitors may send messages using a contact form to the email address of the owner.

Events & Notices

Event and Notice details will be displayed on a public page.

Media

Uploaded media may be displayed on public pages of the site. You should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

This data is processed on the legal basis of our legitimate interest in providing, monitoring, improving and maintaining the security of the services provided by the website.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Location

The Open Street Map (OSM) service is used to show maps on the search results page and detail view. The OSM privacy policy can be found here:

https://wiki.osmfoundation.org/wiki/Privacy_Policy#Data_we_receive_automatically

The Google Maps service is used to find geographic coordinates from a street address when a listing is being added or amended. Google’s privacy policy and Google Maps’ additional terms of service can be found here:

https://policies.google.com/privacy

https://maps.google.com/help/terms_maps/

The geoIP-db and ipapi services are used to identify your location based on the IP address you are using to access the site. This is used to provide location based services within the site and visitor analytics to improve the service. The privacy policy for geoIP-db and ipapi can be found here:

https://geoip-db.com/privacy

https://ipapi.co/privacy/

Analytics

We gather and analyse visitor data in order to monitor and improve the service provided by the site and to recognise and stop any misuse. This includes the use of Matomo Analytics. Analytics is carried out on the website’s host server and does not involve sharing data with a 3rd party service.

Analytics data for an individual visitor can be viewed by website administrators. Some reports derived from anonymised data may be made public (e.g Number of visitors for a page, post or  listing).

Cookies

A cookie is a small file stored on a visitor’s computer. It allows the site to store useful information and read it back next time you visit. Each cookie has an expiry date telling your web browser when it should be deleted.

Cookie Notice

A cookie is used to remember the choices made on the notice settings. This prevents the notice reappearing on each page. The cookie contains no personal data and lasts for 1 year.

Matomo

Matomo may issue a number of cookies including a unique visitor ID lasting 13 months; an attribution cookie, storing the referrer initially used to visit the website, lasting 6 months; session cookies, used to temporarily store data for the visit, lasting 30 minutes; a test cookie, sent to check the visitor’s browser supports cookies. The test cookie contains no personal data which is immediately deleted.

Matomo is only enabled when a visitor accepts the cookie notice. There is also an option in the notice settings, to disable Matomo while accepting other necessary cookies.

Login

If you visit the login page we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account the login cookies will be removed.

If you edit or publish an article an additional cookie will be saved. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Who we share your data with

Your personal data is only shared with third parties in order to provide the service. Details and links to third party policies can be found elsewhere in this document.

We will not share your personal data with third parties for marketing purposes.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Details of email messages sent by the website host are stored on the server for 30 days.

Analytics data for an individual visitor can be held on the host server for up to 180 days.

What rights you have over your data

Under data protection law, you have rights including:

Your right of access

You have the right to ask us for copies of your personal information.

Your right to rectification

You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your personal information in certain circumstances

Your right to object to processing

You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability

You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

If you have any questions about how we handle your personal information, please get in touch using the greendurham.org.uk/contact/ form

Additional information

How we protect your data

The site is accessed over an SSL/HTTPS connection. This encrypts data sent between your web browser and the server hosting the site to prevent this data from being accessed by unauthorised third parties.

What data breach procedures we have in place

We will inform the subject of a security breach within 72 hours of it being discovered.

Where relevant we will attempt to reset the password of any affected users. We will create a system backup and attempt to identify the issue, removing or updating code where necessary. We will then look at the measures needed to prevent a similar issue from happening again.

What automated decision making and/or profiling we do with user data

Some automation is necessary to provide the service. This is needed to protect the site from spam and to confirm the location of site visitors. Further details can be found in the “Location” and “Contact forms” sections of this document.

Automated decision making or profiling is not used as part of the account or listing approval process.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us using the greendurham.org.uk/contact/ form

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk