Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Privacy and Cookies policy

Latest revision: July 2012 concerning cookies and email. Revision information is now at the bottom of this page.

Overview

Privacy International strongly believes that you have the right to control the use of your personal information, and that your privacy must be respected. We strictly limit the processing of your personal information, and work only with other organizations who do the same.

Personal information that you provide to Privacy International will be used only for the service you have requested.

Privacy International does not sell, rent or lease personal data. We do not purchase or otherwise obtain data from other sources.

Any subpoena or attempts by government agencies or private sector organisations to gain access to any information that you give us will be vigorously challenged.

In accordance with the Data Protection Act 1998 and the Office of the Information Commissioner we are not registered on the public register of data controllers as we are a not for profit organisation. Irrespective of this, below we outline in detail our organisational and website information processing practices in various sections: Organisational, Cookies, Website, Corrections, & Changes.

Organizational Privacy Policy

We collect as little personal information as possible.

Communications

Emails received through info@privacy.org are reviewed by one staff member and sent onwards when necessary to other staff members. Similarly, emails sent to our other general addresses, e.g. bigbrother@privacy.org, are reviewed and deleted as quickly as possible. We do not disclose the names of senders to others outside of PI, i.e. third parties, without your permission.

We use a number of email service providers in the United States and the United Kingdom. As a result our emails are susceptible to lawful access in those jurisdictions. We do our utmost to remove emails from the servers as often and as quickly as possible so that legal action would be directed at us instead of our email service providers. We select our service providers on the basis of their privacy awareness, and work with most of our service providers to advise them on privacy protection. Our current service provider is GreenNet (see below). 

Information we receive by post is collected by one staff member, reviewed, and sent onwards when necessary to other staff members. These items are destroyed as soon as possible. We do not disclose the names of senders to third parties, and we endeavour to keep files secure. When the content of messages is shared with others outside of PI, e.g. with our trustees, advisory board, judging panels, etc., we de-identify the messages as much as possible.

We run a limited number of mailing lists, and the membership of the mailing lists are kept confidential, though this information is shared with our mail service providers for the purpose of list-management.

We do not have a back-up policy for our communications. Each employee, as he or she sees fit, may retain the content of specific communications the he or she receives and sends, but we endeavour to keep this information stored securely through the use of cryptography.

We do not solicit information on political and religious beliefs or medical information. When such sensitive personal information is received through our email or postal address we delete or anonymize this information as soon as possible.

Telephone calls received on our number are serviced by BT and are beyond our control. As a result, the traffic data for these calls may be retained in accordance with various laws and a voluntary code of practice for the retention of communications data. Voice-mail messages left on that number are stored locally. Our practice is to delete these messages as soon as possible.

Financial Information

We have created a PayPal account to administer on-line donations. We have discussed our account with PayPal officials and in our deliberations we came to the conclusion that PayPal offers a safer and more secure way to make online payments. PayPal does not share your credit card or bank account number with Privacy International. PayPal processes data in compliance with the EU Directive and US data privacy laws applicable to financial institutions. PayPal does not sell or rent its users' personal information to third parties for their marketing purposes and will disclose users' personal information only in accordance with PayPal's privacy policy. PayPal utilizes computer safeguards such as firewalls and data encryption, enforces physical access controls to its buildings and files, and authorizes access to personal information only for those employees who require it to fulfill their job responsibilities. For a more information on how PayPal processes your data please see their privacy policy (available on PayPal's website).

After discussions with Privacy International, Paypal also allows you to close your customer account once you no longer require it. Your account information may stay active with PayPal for legal and audit purposes, in accordance with PayPal's privacy policy.

Our financial accounts are held with the Co-operative Bank, an institution we selected because of their ethical practices. Any donations made to PI in the form of a cheque will be processed by the Co-operative Bank, and in accordance with the bank's privacy policy, and in accordance with UK law.  Information about all donations are kept in accordance with financial auditing requirements.

Employee Information

We collect employee information for accounting and administration purposes. This information includes national insurance numbers, tax codes, and bank account information. We share some of this information with our Accountants, Armstrong & Co., who we selected because of their ethical practices. Payment information is shared with our bank, and with Government agencies in accordance with UK law.

Occasionally we receive employment information from prospective interns and employees. This information is shared internally until that individual becomes a candidate for employment. At that point we may share the CV with our advisers and trustees. We file unsuccessful applications for two years with the consent of the individual applicant.

The personal information of our trustees and some board members are collected for accounting and administration purposes. Some of this information is shared with the Charities Commission, Companies House, our bank, and others in accordance with law.

We keep all accounting and administration information for auditing purposes, in accordance with standard practice and UK law.

Cookies Policy

We use cookies which expire in 1 month to monitor web traffic, set via self-hosted Piwik, which only presents us with aggregate numbers of downloads of each document, page, etc; any IP addresses have the last octet removed. We also honour Do Not Track. Details of this are documented in a blog post

We also use a cookie for managing your session: if you submit a form, a session cookie may be set to allow you to confirm a subsequent resubmission is not a duplicate. We do not store that cookie information.

We may also point from our website to other internet services that do use cookies. This is particularly the case with multi-media services, and with the links that we post on our Twitter account. We wish this wasn't the case and we continue to do the utmost we can to prevent and dissuade the use of third party cookies on other sites.

Website Privacy Policy

We work closely with our webhost service provider, GreenNet, to ensure that your personal information is protected. GreenNet is based in the United Kingdom.

Our website uses a cookie for managing your session. We may also point from our website to other internet services that do use cookies. This is particularly the case with multi-media services, and with the links that we post on our Twitter account. We wish this wasn't the case and we continue to do the utmost we can to prevent and dissuade the use of third party cookies on other sites.

The processing of web usage data is kept to a minimum. Our website management software only presents us with aggregate numbers of downloads of each document and does not provide us with access to IP logs. We honour do not track.

We use this information to provide an indication of faults and to identify peak usage times so that we can decide when to make major site modifications.

We also use this information to ascertain what material is of use to the general public. At no point do we deduce 'who' is downloading material. We only ascertain 'whether' and 'how many' downloads there are.

GreenNet may use the logs and other information for their own business purposes, such as for troubleshooting and defining usage patterns, in accordance with their Code of Conduct. We have reviewed their Code of Conduct and advised them on best practices.

GreenNet has refused to take part in the UK Government's voluntary traffic data retention scheme. As a result, visit logs (time, visitor's IP address, webpage visited, visitor's webbrowser and OS, referring webpage address) are kept for only seven days. PI does not access this information in its raw form and PI does not review specific user activity.

Social Media

Privacy International uses social media and social networking services to advance our work. These applications require the use of third party service providers. Notably, we have a Facebook Group and a Twitter feed.

The Facebook page is administered by Facebook and is accessible by Facebook users who already have consented to Facebook's privacy policy. We have worked closely with Facebook to advance their privacy protections for all their users, and we will continue to push for stronger protections. The Group page is managed by PI staff members. We do not store information on our followers nor process any information beyond Facebook.

The Twitter account we use is administered by Twitter, in accordance with Twitter's Privacy Policy. In November 2009 we integrated our Twitter Account onto our website through the use of a plug-in. This results in our comments, and the comments of others that we redirect, being published temporarily on our website, and links to our feed on Twitter's site. These posts also include the publishing of links to 'URL Shortening' services who convert short URLs into longer URLs that direct users to other websites. There are known security and privacy concerns around the use of these (link off-site), but we ensure that all redirected shortened URLs are first verified by us before being sent to our feed and on to our website. The shortener-service providers may keep track of your IP address and other information, and we continue to seek a more security- and privacy-friendly solution. If you click on a shortened-URL, it will most likely redirect you eventually to a third party site that contains a file or document relating to the Tweet, and the third party site will have its own privacy practices that may include trying to place a cookie and/or web-bug on your computer, collecting your IP address, and other forms of tracking. The Twitter feed may include the usernames of other Twitter users, particularly when we respond to questions and/or 'retweet'. Apart from this information appearing on our website temporarily, we do not process this information beyond the Twitter-environment.

Finally, we use direct messaging on occasion in both media, where individuals and organisations contact us on Facebook by leaving messages in our Inbox or by sending us Direct Messages on Twitter. We aim to delete these messages as soon as we have responded to the queries. We are also seeking a solution to merge our Facebook and Twitter activities and doing so may involve some integration and sharing of services, but we will endeavour to ensure that the additional processing of personal information is kept to an absolute minimum.

Corrections

Privacy International will endeavour to keep your personal information accurate. If you require access to personal information we hold on you, wish to amend an inaccuracy, or have your information deleted from our files then please contact the Data Controller at privacyint@privacy.org.

Changes to this policy

In the event that this policy is changed at any time, the date and nature of the change will be clearly indicated in this document. In the event that the change has a material impact on the handling of your personal information, we will contact you to seek your consent.

Questions

If you have any questions regarding our privacy policy or require any clarifications, please contact privacyint@privacy.org.

About Privacy International

Privacy International is registered with Companies House in the United Kingdom, and our address is Privacy International, 62 Britton Street, , United Kingdom.

Revisions

 

In June/July 2012, we updated this policy to take account of the "Cookies law", and honor DoNotTrack. We also added a cookies section to this policy. We also updated the email provider to remove references to our previous provider, and note that our mail is hosted by GreenNet.  We also made updates due to our status as a charity.

In February 2011 we started the process of adjusting our privacy policy to reflect some alterations we are making to our internet services. In particular, we have moved to a Drupal-based website that uses session cookies. The current configuration involves session cookies that last one month, but we are trying to find ways to reduce that period of time.

In May 2011 we began using analytics on our website to monitor when, where and how people access information so that we can redesign the site to better suit our users' needs. We selected to use our own Piwik implementation because it has included some privacy elements in the design process (see the Piwik blog for some mentioning of this functionality). While we disagree with the use of the term 'anonymity', we have implemented AnonymizeIP, which removes the last octet of the IP addresses. We are looking into the use of iframes for the purpose of enabling an opt-out but we are concerned with the abuse of iframes.

 

  • Updated Februrary 23, 2007 to raise awareness about impending changes in service providers: Neomailbox for mail services, Skype for telephone services, and Paypal for receiving donations. Also added link to the Cooperative Bank's privacy policy.
  • Updated March 16, 2007 to include language regarding the processing of data by PayPal.

  • Updated April 11, 2007 to fix syntax errors and add information regarding Neomailbox's privacy practices for our communications data.
  • Updated July 20, 2009 to change our mailing address.

  • Updated November 12, 2009 to include information on our use of Social Media.
  • Updated in February 2011 to notify on our transition to new internet services.

  • Updated in June 2011 to notify of our transition to using analytics.
     
  • Updated in May 2012 to notify of analytics (piwik) now run by PI not a trusted partner.
     
  • Updated in June & July 2012 to account for the UK Cookie Law and DoNotTrack in piwik.