{"id":1306,"date":"2019-02-18T16:07:24","date_gmt":"2019-02-18T16:07:24","guid":{"rendered":"http:\/\/ctrlshift.org.uk\/?page_id=1306"},"modified":"2023-08-11T11:44:09","modified_gmt":"2023-08-11T11:44:09","slug":"privacy-policy","status":"publish","type":"page","link":"https:\/\/ctrlshift.org.uk\/privacy-policy\/","title":{"rendered":"Privacy Policy"},"content":{"rendered":"\n<ol class=\"wp-block-list\">\n<li><strong>Overview<\/strong><\/li>\n<\/ol>\n\n\n\n<p><a href=\"http:\/\/vive.transitiontogether.org.uk\">https:\/\/ctrlshift.org.uk\/<\/a> is maintained by Transition Network. if you have any questions, need to submit a data subject request. Please email privacy@transitionnetwork.org<\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li><strong>Analytics<\/strong><\/li>\n<\/ol>\n\n\n\n<p>We host our own analytics server using Matomo software.<a href=\"http:\/\/analytics.transition-space.org\"> analytics.transition-space.org<\/a>, This is hosted on<a href=\"http:\/\/netcup.de\"> Netcup.de<\/a> under the terms detailed below<\/p>\n\n\n\n<p><strong>3. Helpdesk<\/strong><\/p>\n\n\n\n<p>We use a helpdesk service to manage support tickets<a href=\"http:\/\/helpdesk.transition-space.org\"> helpdesk.transition-space.org<\/a>. This is hosted on<a href=\"http:\/\/netcup.de\"> Netcup.de<\/a> under the terms detailed below<\/p>\n\n\n\n<p><strong>4. Cookies<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Cookie<\/strong><\/td><td><strong>Domain<\/strong><\/td><td><strong>Description<\/strong><\/td><td><strong>Duration<\/strong><\/td><td><strong>Type<\/strong><\/td><\/tr><tr><td><strong>PHPSESSID<\/strong><\/td><td><a href=\"http:\/\/vive.transitiontogether.org.uk\"><strong>https:\/\/ctrlshift.org.uk\/<\/strong><\/a><\/td><td><strong>This cookie is native to PHP applications. The cookie is used to store and identify a users&#8217; unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.<\/strong><\/td><td><strong>1 month<\/strong><\/td><td><strong>Necessary<\/strong><\/td><\/tr><tr><td><strong>_csrf<\/strong><\/td><td><a href=\"http:\/\/vive.transitiontogether.org.uk\"><strong>https:\/\/ctrlshift.org.uk\/<\/strong><\/a><\/td><td><strong>This cookie is essential for the security of the website and visitor. It ensures visitor browsing security by preventing cross-site request forgery.<\/strong><\/td><td><strong>Session<\/strong><\/td><td><strong>Necessary<\/strong><\/td><\/tr><tr><td><strong>_pk_id.3.9ba3<\/strong><\/td><td><a href=\"http:\/\/vive.transitiontogether.org.uk\"><strong>https:\/\/ctrlshift.org.uk\/<\/strong><\/a><\/td><td><strong>Matamo set this cookie to store a unique user ID.<\/strong><\/td><td><strong>1 year 27 days<\/strong><\/td><td><strong>Analytics<\/strong><\/td><\/tr><tr><td><strong>_pk_ses.3.9ba3<\/strong><\/td><td><a href=\"http:\/\/vive.transitiontogether.org.uk\"><strong>https:\/\/ctrlshift.org.uk\/<\/strong><\/a><\/td><td><strong>This cookie is used to store a unique session ID for gathering information on how the users use the website.<\/strong><\/td><td><strong>30 minutes<\/strong><\/td><td><strong>Analytics<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<ol class=\"wp-block-list\" start=\"6\">\n<li><strong>Transition Network as a Controller<\/strong><\/li>\n<\/ol>\n\n\n\n<p>Transition Network is the controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection:<\/p>\n\n\n\n<p>Transition Network, c\/o Darnells 30 Fore Street Totnes, TQ9 5RP Totnes, UK<\/p>\n\n\n\n<p>The data protection officer is<a href=\"https:\/\/vive.transitiontogether.org.uk\/u\/samuk\/home\"> Sam Rossiter<\/a><\/p>\n\n\n\n<p>Phone: +44 (0)1803 865 669<\/p>\n\n\n\n<p>Email: privacy@transitionnetwork.org<\/p>\n\n\n\n<p>Website:<a href=\"https:\/\/transitionnetwork.org\/\"> https:\/\/transitionnetwork.org\/<\/a><\/p>\n\n\n\n<p>Under the General Data Protection Regulation (GDPR), Transition Network acts as a <em>controller<\/em> of your personal data in the following cases:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>if you visit the<a href=\"http:\/\/vive.transitiontogether.org.uk\"> https:\/\/ctrlshift.org.uk\/<\/a> website<\/li>\n\n\n\n<li>if you register or sign up for an account on<a href=\"http:\/\/vive.transitiontogether.org.uk\"> https:\/\/ctrlshift.org.uk\/<\/a> and use the service (registered users)<\/li>\n\n\n\n<li>if you email privacy@<a href=\"https:\/\/dataprotection.social\/@privacat\">transit<\/a><a href=\"http:\/\/ionnetwork.org\">ionnetwork.org<\/a><\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\" start=\"8\">\n<li><strong>What types of personal data are processed ?<\/strong><\/li>\n<\/ol>\n\n\n\n<p>We process the following types of personal data:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Registered user information:<\/strong> email address, userid, password, IP address, metadata, subscriptions, and server preferences.<\/li>\n\n\n\n<li><strong>Profile information<\/strong>: profile picture, bio, profile metadata (which may infer details about our users).<\/li>\n\n\n\n<li><strong>Website Visitors<\/strong>: IP address, metadata.<\/li>\n\n\n\n<li><strong>Metadata<\/strong>: Information about the terminal or machine used to connect to<a href=\"http:\/\/vive.transitiontogether.org.uk\"> https:\/\/ctrlshift.org.uk\/<\/a>, your machine&#8217;s operating system, display resolution, web browser and browser version, date of access to the website, and details your logged-in sessions. If you email us, we may also see email header information.<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\" start=\"9\">\n<li><strong>Purposes for processing data<\/strong><\/li>\n<\/ol>\n\n\n\n<p>Personal data noted above is processed because otherwise the service doesn&#8217;t really work.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Registered user information<\/strong> is necessary to provision and administer accounts.<\/li>\n\n\n\n<li><strong>Profile information<\/strong> is provided by you and can be as much or as little as you desire.&nbsp;<\/li>\n\n\n\n<li><strong>IP address and other machine identifiers<\/strong> are collected by default in CtrlShift for the purposes of allowing us block\/disable access to problematic users or bots, to render the site properly on different devices, and because that is how the internet generally works.<\/li>\n<\/ul>\n\n\n\n<p>Some information (such as user access, registration, errors, etc.) are also stored in separate Linux system logs (SystemD), which are also maintained on<a href=\"http:\/\/hetzner.de\"> Hetzner.de<\/a>. These logs serve the purpose of maintenance and security of the server, and are rotated every 14 days.<\/p>\n\n\n\n<p>Backups are further retained for 90 days on Scaleaway<\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"10\">\n<li><strong>Legal basis for processing data<\/strong><\/li>\n<\/ol>\n\n\n\n<p>Transition Network relies on <strong>consent<\/strong> for processing follower information, posts, DMs, likes..<\/p>\n\n\n\n<p>We rely on your consent if you create an account, update your profile, follow users, post, contact us via the privacy@transitionnetwork.org email address, or open a support ticket at<a href=\"http:\/\/helpdesk.transition-space.org\"> helpdesk.transition-space.org<\/a><\/p>\n\n\n\n<p>In the unlikely event that you do something dodgy on the site, Transition Network relies on legitimate interests for subsequent processing (i.e., account suspension, deletion, or if necessary, reporting to authorities). If we are served with a legal order requiring us to provide information relating to you in connection with suspected or alleged misuse of the service, and we comply with that order, the lawful basis will be <strong>necessity to comply with a legal obligation<\/strong>. Please don&#8217;t let it come to that.<\/p>\n\n\n\n<p>Transition Network rely on <strong>contractual necessity<\/strong> and <strong>legitimate interests<\/strong> to host this website and deal with emails. Transition Network have agreements in place with<a href=\"http:\/\/hetzner.de\"> Hetzner.de<\/a> for hosting, based in Germany, We backup data to Scaleaway. We have agreements with<a href=\"https:\/\/www.mailgun.com\/gdpr\/\"> Mailgun<\/a> for delivery of email<\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"11\">\n<li><strong>Retaining your data<\/strong><\/li>\n<\/ol>\n\n\n\n<p>By emailing <a href=\"mailto:privacy@transitionnetwork.org\">privacy@transitionnetwork.org<\/a> you can request deletion your account and data<\/p>\n\n\n\n<p>The<a href=\"http:\/\/vive.transitiontogether.org.uk\"> https:\/\/ctrlshift.org.uk\/<\/a> server attempts to delete content stored in logs automatically after 14 days, to make optimal use of server space. At the moment, we disable accounts after a period of inactivity, so if you create an account here, it will remain on our server until:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You choose to delete it;<\/li>\n\n\n\n<li>You do not access the service for 770 days<\/li>\n\n\n\n<li>We delete the account manually;<\/li>\n\n\n\n<li>We delete the service;<\/li>\n\n\n\n<li>Something really bad happens (thermonuclear war, the heat death of the universe, etc.)<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\" start=\"12\">\n<li><strong>Exercising your rights<\/strong><\/li>\n<\/ol>\n\n\n\n<p>You have the right to request access to and rectification or erasure of personal data. You can also ask us to restrict processing or object to processing (to the extent that&#8217;s possible).<\/p>\n\n\n\n<p>In terms of the right of portability, you can request your data at any time.<\/p>\n\n\n\n<p>To contact us, including to exercise your rights, please<a href=\"https:\/\/vive.transitiontogether.org.uk\/s\/transition-together\/survey\/show\/single?id=11\"> <\/a>send an email to privacy@transitionnetwork.org<\/p>\n\n\n\n<p>\u200b\u200b\u200b\u200b\u200b\u200b\u200bYou also have the right to lodge a complaint with a Supervisory Authority. As a controller, the Lead Supervisory Authority for Transition Network is the information commissioner&#8217;s office in the UK. You can find more information about lodging a complaint with the ICO by going to<a href=\"https:\/\/ico.org.uk\/make-a-complaint\/\"> https:\/\/ico.org.uk\/make-a-complaint\/<\/a><\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"13\">\n<li><strong>Security<\/strong><\/li>\n<\/ol>\n\n\n\n<p>Except where you make data &#8216;manifestly public\u2019 (see point 9. above) Personal data processed by<a href=\"http:\/\/vive.transitiontogether.org.uk\"> https:\/\/ctrlshift.org.uk\/<\/a> is accessible only to the Transition Network admin team and those under contract to Transition Network. In addition to limited access, the following additional security measures are in place:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Strong, robust identity management &amp; authentication, including 2FA for our servers and email;<\/li>\n\n\n\n<li>reasonable security hardening of the server itself;<\/li>\n\n\n\n<li>Daily, redundant backups of instance data;<\/li>\n\n\n\n<li>encryption in transit (TLS 1.3, via LetsEncrypt);<\/li>\n\n\n\n<li>encryption at rest on Hetzner and Scaleaway;<\/li>\n\n\n\n<li>data processing agreements in place with our subprocessors.<\/li>\n<\/ul>\n\n\n\n<p>We rely on assurances provided by Hetzner, Netcup, Scaleaway and Mailgun regarding their own technical and organisational measures. Details on Sub-processor controls can be found below:<\/p>\n\n\n\n<p>HETZNER ONLINE GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (Server infrastructure)<a href=\"https:\/\/www.hetzner.com\/legal\/privacy-policy\"> https:\/\/www.hetzner.com\/legal\/privacy-policy<\/a><\/p>\n\n\n\n<p>SCALEWAY S.A.S, BP 438, F-75366 Paris Cedex 08 (Backup)<a href=\"https:\/\/www.scaleway.com\/en\/privacy-policy\/\"> https:\/\/www.scaleway.com\/en\/privacy-policy\/<\/a><\/p>\n\n\n\n<p>NETCUP GmbH Daimlerstra\u00dfe 25 76185 Karlsruhe (SSO system, ID system, Analytics) <a href=\"https:\/\/www.netcup.eu\/kontakt\/datenschutzerklaerung.php\">&nbsp;https:\/\/www.netcup.eu\/kontakt\/datenschutzerklaerung.php<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>https:\/\/ctrlshift.org.uk\/ is maintained by Transition Network. if you have any questions, need to submit a data subject request. Please email privacy@transitionnetwork.org We host our own analytics server using Matomo software. analytics.transition-space.org, This is hosted on Netcup.de under the terms detailed below 3. Helpdesk We use a helpdesk service to manage support tickets helpdesk.transition-space.org. This is &hellip;<\/p>\n","protected":false},"author":159,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_uag_custom_page_level_css":"","footnotes":""},"class_list":["post-1306","page","type-page","status-publish","hentry","post","without-featured-image"],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false,"homepage-thumb":false,"logo":false,"singlepost-thumb":false,"atomic-blocks-featured-image":false,"atomic-blocks-featured-image-wide":false,"atomic-blocks-logo":false},"uagb_author_info":{"display_name":"Ewan Findley","author_link":"https:\/\/ctrlshift.org.uk\/author\/ewan-pa\/"},"uagb_comment_info":0,"uagb_excerpt":"https:\/\/ctrlshift.org.uk\/ is maintained by Transition Network. if you have any questions, need to submit a data subject request. Please email privacy@transitionnetwork.org We host our own analytics server using Matomo software. analytics.transition-space.org, This is hosted on Netcup.de under the terms detailed below 3. Helpdesk We use a helpdesk service to manage support tickets helpdesk.transition-space.org. This is&hellip;","_links":{"self":[{"href":"https:\/\/ctrlshift.org.uk\/wp-json\/wp\/v2\/pages\/1306","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ctrlshift.org.uk\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/ctrlshift.org.uk\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/ctrlshift.org.uk\/wp-json\/wp\/v2\/users\/159"}],"replies":[{"embeddable":true,"href":"https:\/\/ctrlshift.org.uk\/wp-json\/wp\/v2\/comments?post=1306"}],"version-history":[{"count":4,"href":"https:\/\/ctrlshift.org.uk\/wp-json\/wp\/v2\/pages\/1306\/revisions"}],"predecessor-version":[{"id":2279,"href":"https:\/\/ctrlshift.org.uk\/wp-json\/wp\/v2\/pages\/1306\/revisions\/2279"}],"wp:attachment":[{"href":"https:\/\/ctrlshift.org.uk\/wp-json\/wp\/v2\/media?parent=1306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}