Latest revision: July 2012 concerning cookies and email. Revision information is now at the bottom of this page.
Privacy International strongly believes that you have the right to control the use of your personal information, and that your privacy must be respected. We strictly limit the processing of your personal information, and work only with other organizations who do the same.
Personal information that you provide to Privacy International will be used only for the service you have requested.
Privacy International does not sell, rent or lease personal data. We do not purchase or otherwise obtain data from other sources.
Any subpoena or attempts by government agencies or private sector organisations to gain access to any information that you give us will be vigorously challenged.
In accordance with the Data Protection Act 1998 and the Office of the Information Commissioner we are not registered on the public register of data controllers as we are a not for profit organisation. Irrespective of this, below we outline in detail our organisational and website information processing practices in various sections: Organisational, Cookies, Website, Corrections, & Changes.
We collect as little personal information as possible.
Emails received through firstname.lastname@example.org are reviewed by one staff member and sent onwards when necessary to other staff members. Similarly, emails sent to our other general addresses, e.g. email@example.com, are reviewed and deleted as quickly as possible. We do not disclose the names of senders to others outside of PI, i.e. third parties, without your permission.
We use a number of email service providers in the United States and the United Kingdom. As a result our emails are susceptible to lawful access in those jurisdictions. We do our utmost to remove emails from the servers as often and as quickly as possible so that legal action would be directed at us instead of our email service providers. We select our service providers on the basis of their privacy awareness, and work with most of our service providers to advise them on privacy protection. Our current service provider is GreenNet (see below).
Information we receive by post is collected by one staff member, reviewed, and sent onwards when necessary to other staff members. These items are destroyed as soon as possible. We do not disclose the names of senders to third parties, and we endeavour to keep files secure. When the content of messages is shared with others outside of PI, e.g. with our trustees, advisory board, judging panels, etc., we de-identify the messages as much as possible.
We run a limited number of mailing lists, and the membership of the mailing lists are kept confidential, though this information is shared with our mail service providers for the purpose of list-management.
We do not have a back-up policy for our communications. Each employee, as he or she sees fit, may retain the content of specific communications the he or she receives and sends, but we endeavour to keep this information stored securely through the use of cryptography.
We do not solicit information on political and religious beliefs or medical information. When such sensitive personal information is received through our email or postal address we delete or anonymize this information as soon as possible.
Telephone calls received on our number are serviced by BT and are beyond our control. As a result, the traffic data for these calls may be retained in accordance with various laws and a voluntary code of practice for the retention of communications data. Voice-mail messages left on that number are stored locally. Our practice is to delete these messages as soon as possible.
We collect employee information for accounting and administration purposes. This information includes national insurance numbers, tax codes, and bank account information. We share some of this information with our Accountants, Armstrong & Co., who we selected because of their ethical practices. Payment information is shared with our bank, and with Government agencies in accordance with UK law.
Occasionally we receive employment information from prospective interns and employees. This information is shared internally until that individual becomes a candidate for employment. At that point we may share the CV with our advisers and trustees. We file unsuccessful applications for two years with the consent of the individual applicant.
The personal information of our trustees and some board members are collected for accounting and administration purposes. Some of this information is shared with the Charities Commission, Companies House, our bank, and others in accordance with law.
We keep all accounting and administration information for auditing purposes, in accordance with standard practice and UK law.
We also use a cookie for managing your session: if you submit a form, a session cookie may be set to allow you to confirm a subsequent resubmission is not a duplicate. We do not store that cookie information.
We work closely with our webhost service provider, GreenNet, to ensure that your personal information is protected. GreenNet is based in the United Kingdom.
The processing of web usage data is kept to a minimum. Our website management software only presents us with aggregate numbers of downloads of each document and does not provide us with access to IP logs. We honour do not track.
We use this information to provide an indication of faults and to identify peak usage times so that we can decide when to make major site modifications.
We also use this information to ascertain what material is of use to the general public. At no point do we deduce 'who' is downloading material. We only ascertain 'whether' and 'how many' downloads there are.
GreenNet may use the logs and other information for their own business purposes, such as for troubleshooting and defining usage patterns, in accordance with their Code of Conduct. We have reviewed their Code of Conduct and advised them on best practices.
GreenNet has refused to take part in the UK Government's voluntary traffic data retention scheme. As a result, visit logs (time, visitor's IP address, webpage visited, visitor's webbrowser and OS, referring webpage address) are kept for only seven days. PI does not access this information in its raw form and PI does not review specific user activity.
Privacy International uses social media and social networking services to advance our work. These applications require the use of third party service providers. Notably, we have a Facebook Group and a Twitter feed.
Finally, we use direct messaging on occasion in both media, where individuals and organisations contact us on Facebook by leaving messages in our Inbox or by sending us Direct Messages on Twitter. We aim to delete these messages as soon as we have responded to the queries. We are also seeking a solution to merge our Facebook and Twitter activities and doing so may involve some integration and sharing of services, but we will endeavour to ensure that the additional processing of personal information is kept to an absolute minimum.
Privacy International will endeavour to keep your personal information accurate. If you require access to personal information we hold on you, wish to amend an inaccuracy, or have your information deleted from our files then please contact the Data Controller at firstname.lastname@example.org.
Changes to this policy
In the event that this policy is changed at any time, the date and nature of the change will be clearly indicated in this document. In the event that the change has a material impact on the handling of your personal information, we will contact you to seek your consent.
About Privacy International
Privacy International is registered with Companies House in the United Kingdom, and our address is Privacy International, 62 Britton Street, , United Kingdom.
In June/July 2012, we updated this policy to take account of the "Cookies law", and honor DoNotTrack. We also added a cookies section to this policy. We also updated the email provider to remove references to our previous provider, and note that our mail is hosted by GreenNet. We also made updates due to our status as a charity.
In May 2011 we began using analytics on our website to monitor when, where and how people access information so that we can redesign the site to better suit our users' needs. We selected to use our own Piwik implementation because it has included some privacy elements in the design process (see the Piwik blog for some mentioning of this functionality). While we disagree with the use of the term 'anonymity', we have implemented AnonymizeIP, which removes the last octet of the IP addresses. We are looking into the use of iframes for the purpose of enabling an opt-out but we are concerned with the abuse of iframes.
Updated March 16, 2007 to include language regarding the processing of data by PayPal.
- Updated April 11, 2007 to fix syntax errors and add information regarding Neomailbox's privacy practices for our communications data.
Updated July 20, 2009 to change our mailing address.
- Updated November 12, 2009 to include information on our use of Social Media.
Updated in February 2011 to notify on our transition to new internet services.
- Updated in June 2011 to notify of our transition to using analytics.
- Updated in May 2012 to notify of analytics (piwik) now run by PI not a trusted partner.
- Updated in June & July 2012 to account for the UK Cookie Law and DoNotTrack in piwik.