Jump to content

Privacy Policy

Privacy and GDPR Policy


Our privacy policy describes how we use and store the data that we gather from you in order to provide our products and services.

Millennium - This Is Who We Are, also known by domain names millennium-thisiswhoweare.net, tiwwa.info or m-tiwwa.net is a privately owned and responsible website. It is owned and operated within the United Kingdom (UK) and will comply in accordance with the General Data Protection Regulation (GDPR) and current legislation including the UK Data Protection Act.

You must be over 18 years old due to the sometimes sensitive and mature nature of our content.

Continued use of our website is deemed as acceptance of our policies, terms and guidelines.

 

Privacy and GDPR Policy - Changes and History

This is our updated Privacy Policy which commenced on May 25, 2018 and builds on the transparency of our previous privacy policy.
It was most recently reviewed and updated on July 14th, 2023.

Although most changes are likely to be minor, we may change our Privacy Policy from time to time, and at our sole discretion or as required by changing legislation. We will notify clients by email and website when making significant or major changes such as a change of website ownership.

  • July 14th, 2023. Minor revisions, typos and readability improvements.
  • June 18th 2023. Updated: Added information for new Request PII Data and Request Account Deletion functionality.
  • August 3rd, 2021. Minor updates.
  • Reviewed and updated 6th March 2020. CCPA information was added, referencing the CCPA page.
  • Reviewed and updated on April 29th, 2019. References to Gravatar and EmojiOne third-party services were removed as services were no longer utilised.

First Published: May 25, 2018

 

Our Commitment To Privacy

Data protection is of the utmost importance for the management of millennium-thisiswhoweare.net. The processing of personal data, such as the name, address, e-mail address, or IP address of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to millennium-thisiswhoweare.net. By means of this data protection declaration, we aim to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

 

Who we are

This is a privately owned UK-based and operated website called Millennium - This Is Who We Are We. are also known by the domain names millennium-thisiswhoweare.net, tiwwa.info, millenniumsecretsite.com and m-tiwwa.net.

Our website address is: https://millennium-thisiswhoweare.net

For any enquiries relating to privacy, DPA, CCPA or GDPR, please feel free to contact us via our Contact page or via:

privacy @ millennium-thisiswhoweare.net

The Data Controller and Data Processor for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is Mr Graham Smith:

M-TIWWA
c/o 76 The Meadows,
Prestatyn,
Denbighshire,
LL19 8HA,
UK

 

What personal data do we collect and why do we collect it

Lawfulness

We have identified an appropriate lawful basis (or bases) under GDPR for our processing, which primarily is Consent.

  • Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build trust and engagement, and enhance our reputation.
  • Consent requires a positive opt-in. We don’t use pre-ticked boxes or any other method of default consent.
  • Explicit consent requires a very clear and specific statement of consent.
  • We don’t do anything generally unlawful with personal data.
  • We make it easy for individuals to withdraw your consent at any time, and publicise how to do so.
  • We will act on withdrawals of consent as soon as we can.
  • We don’t penalise individuals who wish to withdraw consent.

 

Fairness

We have considered how the processing may affect the individuals concerned and can justify any adverse impact. We only handle people’s data in ways they would reasonably expect, or we can explain why any unexpected processing is justified. We do not deceive or mislead people when we collect their personal data.

Transparency

We are open and honest and comply with the transparency obligations of the right to be informed.
 

Collection of general data and information

This website collects general data and information when a data subject or automated system accesses the website. This general data and information is stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our systems and infrastructure.

When using this general data and information, millennium-thisiswhoweare.net does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimise the content of our website, (3) ensure the long-term viability of our systems and infrastructure and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. Therefore, millennium-thisiswhoweare.net analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our organisation, and to ensure an optimal level of protection for the personal data we process. The anonymous data within relevant server logs are stored separately from all personal data provided by a data subject.
 

Registration on our website

The data subject may opt to register on the controller's website with the indication of personal data. What personal data is transmitted to the controller is determined by the respective input mask used for the registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for our own purposes. The controller may request transfer to one or more processors or sub-processors that also use personal data for an internal purpose which is attributable to the controller.

By registering on the website of the controller, the IP address assigned by the Internet service provider (ISP) and used by the data subject-date, and the time of the registration is also stored. The storage of this data takes place in the background and is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate misuse of our systems and services. Insofar, as the storage of this data is necessary to secure the controller. This data is not passed on to third parties unless there is a statutory obligation to transmit the data, or if the transfer serves the aim of criminal prosecution.

The registration of the data subject, with the voluntary indication of personal data, is intended to enable the controller to offer the data subject contents or services that may only be offered to registered users due to the nature of the matter in question.

Automated checks will be conducted for security reasons to reduce unlawful, unsolicited post content and personal messages and e-mail, otherwise known as spam. Details including username, email address and IP address will be processed accordingly.

The data controller shall, at any time, provide information upon request to each data subject as to what personal data is stored about the data subject. In addition, the data controller shall correct or erase personal data at the request or indication of the data subject, insofar as there are no statutory storage obligations.

In the case of incomplete registrations, our community software deletes unvalidated users and incomplete users automatically for us after 7 days.
 

Public Content/Comments

When visitors leave public content such as comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

After approval of your comment, your profile picture is visible to the public in the context of your comment. Alternatively, you can upload your own image or avatar.
 

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. We will attempt to strip or not display image location data by default whenever possible. Visitors to the website can download and possibly extract any location data from images on the website. You also have the option to remove any image map displaying location information when uploading to our Gallery software.

 

Contact Forms

Our website contains functionality that enables quick electronic contact with our organisation, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address).

If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller is stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties, unless necessary to deliver further correspondence or for mandatory legal compliance.

Automated checks will be conducted for security reasons to reduce unlawful, unsolicited e-mails otherwise known as spam. Details including username, email address and IP address will be processed accordingly.

We will keep contact form submissions for a certain period for customer service purposes (no longer than 12 months) or as required for compliance with other legislation, but we do not use the information submitted through them for marketing purposes.

 

Cookies

This website uses cookies. Cookies are text files that are stored in a computer system via an Internet browser.

Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognised, identified and authenticated using the unique cookie ID.

Through the use of cookies, we can provide the users of this website with more user-friendly services that would not be possible without the use of cookies.

Cookies allow us, as previously mentioned, to recognise our website users. The purpose of this recognition is to make it easier for users to utilise our website. A visitor that uses cookies does not have to enter access data each time the website is accessed and website preferences are retained for visitor convenience. Our website utilises cookies to ensure a seamless experience.

The ICO states that session cookies stored for that session only (so they are deleted when the tab/window is closed) are OK as long as they are not used to profile users.

Cookies clearly exempt from consent according to the GDPR advisory body on data protection include:

  • user‑input cookies (session-id) such as first‑party cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session or persistent cookies limited to a few hours in some cases
  • authentication cookies, to identify the user once he has logged in, for the duration of a session
  • user‑centric security cookies, used to detect authentication abuses, for a limited persistent duration
  • multimedia content player cookies, used to store technical data to play back video or audio content, for the duration of a session
  • load‑balancing cookies, for the duration of session
  • user‑interface customisation cookies such as language or font preferences, for the duration of a session (or slightly longer)
  • third‑party social plug‑in content‑sharing cookies, for logged‑in members of a social network.

 

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. We utilise tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.

Further, existing cookies may be deleted at any time via an Internet browser or other appropriate software; a function that exists in all major Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website will be entirely usable.

 

Embedded content from other websites

Articles or user-submitted content on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Links to the privacy policies of the most common services have been included below. Where a general privacy policy is not available, the applicable country is indicated.

 

 

Who do we share your data with and why

Analytics

We use Google Analytics for anonymously tracking and aggregating information about the use and traffic levels and sources to our websites. It is NOT possible to identify individuals. We do not send personally-identifying information to Google.

The Google Analytics privacy policy can be found here:  https://policies.google.com/privacy. You can also learn more about how to opt out of tracking in Google Analytics here.

Cookie Consent Management

We use the services of third-party Data Processor CookieYes Limited to provide cookie management controls and consent which requires anonymous use of your IP Address. Privacy Policy. Data Processing Agreement.

Spam Prevention/Detection

Visitor content, comments, contact form submissions and account registrations will be checked through automated spam detection services. Data will include IP addresses, email addresses, and usernames as necessary.

 

How long we retain your data

If you leave public content, a comment, the content, comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue and to meet the legitimate aim of the website services.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username without permission). Website administrators can also see and edit that information.

 

Routine erasure and blocking of personal data

The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to such as the UK.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
If a statutory purpose for storing data no longer exists, all personal data and applicable purchase information is erased and purged from our system after a period of five (5) years.


What rights do you have over your data?

If you have an account on this site or have left content or comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

NOTICE TO CALIFORNIA CONSUMERS - AKA DO NOT SELL MY PERSONAL INFORMATION

Effective Date: January 1, 2020

Policy Page: https://millennium-thisiswhoweare.net/tiwwa/ccpa/

Pursuant to the California Consumer Privacy Act (CCPA), California consumers have the following rights:

  • The right to request that we disclose what personal information (as that term is defined in the CCPA) we collect, use, disclose, and sell.
  • The right to request the deletion of personal information that we hold about you.
  • The right to request a copy of the specific personal information we hold about you.
  • The right to opt out of the sale of your personal information.
  • The right not to be discriminated against for exercising any of your California privacy rights.

To submit a verifiable request, if you are a registered member please create a support ticket or use our contact form, link available from most pages.

For more information, including information about the categories of personal information we collect and the categories of third parties with whom we share, disclose or sell personal information, please see our comprehensive Privacy Policy.

 

Rights of the data subject

a) Right of confirmation / Right to be informed

Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her is being processed. If a data subject wishes to avail themselves of this right of confirmation, he or she may, at any time, contact the controller.

Our chosen community software has a built-in privacy policy system that is presented to new users, and existing users when it has been updated. When we edit our terms and conditions or privacy policy, all users are required to read it again and choose to opt in again.

 

b) Right of access

Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

  • the purposes of the processing
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
  • the existence of the right to lodge a complaint with a supervisory authority;
    where the personal data is not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Furthermore, the data subject shall have a right to obtain information as to whether personal data is transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

 

c) Right to rectification

Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.

 

d) Right to erasure (Right to be forgotten)

Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary (eg. in cases where a financial transaction has occurred):

  • The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing;
  • The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
  • The personal data have been unlawfully processed;
  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

Personal data is collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by us, he or she may, at any time contact the controller. millennium-thisiswhoweare.net shall promptly ensure that the erasure request is complied with in accordance with applicable UK laws and regulations.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, the personal data, as far as processing is not required. millennium-thisiswhoweare.net will arrange the necessary measures on an individual basis.

When deleting members, we can elect to remove their public content too. There is an option to keep it as Guest content, thus removing the author as identifiable.

Community members may request their accounts be deleted via their Account Settings area.

e) Right of restriction of processing

Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead;
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by millennium-thisiswhoweare.net, he or she may at any time contact any employee of the controller. The employee of millennium-thisiswhoweare.net will take the appropriate steps to restrict further processing.

 

f) Right to data portability

Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others. In order to assert the right to data portability, the data subject may at any time contact the site owner or website administrator staff.

Community Member Accounts - You can request a copy of all personal data that we have stored about you. We can provide your personal data in XML format upon receipt of suitable proof of identity. You can make the request by signing into your account and opening your account settings. Find Security and Privacy, then re-authenticate your sign-in (re-enter your password) and choose Request PII Data. 

Once the Request PII Data has been received, an Administrator will review the notification of the request and process the request. You will be notified when your download is ready.

 

g) Right to object

Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to the processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR.

This also applies to profiling based on these provisions. millennium-thisiswhoweare.net shall no longer process the personal data in the event of the objection unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to millennium-thisiswhoweare.net to the processing for direct marketing purposes, millennium-thisiswhoweare.net will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to the processing of personal data concerning him or her by millennium-thisiswhoweare.net for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may contact millennium-thisiswhoweare.net. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.

 

h) Automated individual decision-making, including profiling

Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is not based on the data subject's explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, millennium-thisiswhoweare.net shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact millennium-thisiswhoweare.net.

 

i) Right to withdraw data protection consent

Each data subject shall have the right granted by the European legislator to withdraw his or her consent to the processing of his or her personal data at any time.

If the data subject wishes to exercise the right to withdraw the consent, they may at any time, contact millennium-thisiswhoweare.net.

 

Where do we send your data?

We do not knowingly send data to any third country without GDPR-compliant, approved status and data protection. We utilise professional-grade, servers based in secure, USA-located data centres, governed at a minimum by the EU-US Privacy Shield and compliant with GDPR legislation.

We utilise Amazon S3 Cloud Storage and Cloudflare to store and distribute non-PPI static content such as images are often distributed via professional CDNs (content delivery networks) provided by Amazon Web Services Cloudfront and Cloudflare with various international End-points.
Your browser may connect to the endpoints to retrieve such static content and files from your nearest endpoint location, to improve performance, reduce download time, and for improved security such as Denial of Service or DDoS attacks.

https://aws.amazon.com/privacy/

https://www.cloudflare.com/privacypolicy/

 

Additional information

Email and Notifications

Any and all existing mailing lists will commence afresh on May 25th 2018.

We may in the future offer the opportunity to opt-in to receive occasional email marketing to communicate with customers and potential customers from time to time, such as a newsletter or content digest. Any current and future email lists and campaigns will be strictly and clearly “opt-in”, meaning we will not send you these sorts of emails unless you clearly indicate that you wish to receive them during signup or other interactions on our website, such as within your Account Settings dashboards.

Our software has the correct opt-in for bulk emails on registration that is not pre-checked. If the member checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

We may send you regular transactional or “system” emails, such as new content, daily or weekly content digests where you have opted to follow content of interest or that you have contributed, automated password reset requests or payment notifications/receipts, even if you have not opted-in to email marketing lists.

When registering for an account, your email address, user/display name and IP address will be automatically checked against known internal and external spam and malware blacklist services for the protection of our website and its users. Your email address will then be used to send a validation email, to help you prove your identity and ensure you have entered the correct details.

Registered members are always in full control of content notifications, whether they be browser-based or email-based. We conduct regular reviews to ensure any notification and contact emails are minimal and unobtrusive by default. You can tweak these settings to suit your preference at any time (via your account settings page).

All marketing and transactional emails sent by us will include an unsubscribe link in the footer of the email. Emails sent to you may include standard tracking, such as deliverability, and open and click activity rates.

We use either internal or external services for email transmission and statistical reporting via SparkPost, an email API and SMTP service located within the USA. SparkPost is compliant with the EU General Data Protection Regulation (GDPR) both as a data controller and data processor. SparkPost is also certified under the joint EU-U.S. Privacy Shield framework governing personal data transfer between the EU and U.S.


Sparkpost’s privacy policy is found here:

https://www.sparkpost.com/policies/privacy/

Sparkpost’s data protection policy is found here:

https://www.sparkpost.com/policies/dpa/

A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.

There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.


Social Media

We sometimes utilise social media for promotion. These service providers use cookies on our sites to serve ads across different platforms.


How we protect your data

We only use professional software to provide and safeguard our services. We only use secure website hosting, content delivery networks, cloud hosting, SSL encryption and software. We subject our website and its encryption to regular third-party security testing scans and audits. Further details are available upon request.

We provide and strongly recommend enabling the option to enable 2FA (Two Factor Authorisation) on your account and the use of a very strong and unique password for your account.

We make regular backups of databases and website files.

We will never knowingly sell your personal data to third parties and never without your prior consent.

 

What data breach procedures do we have in place?

We will make every reasonable and expected effort to safeguard your public and personal data from physical and online theft, accidental loss, illegal or otherwise unauthorised activity, malware or hacking attempts as required by the GDPR, but ultimately no service provider can ever claim to be fully and completely secure. Therefore we encourage you to always adopt a sensible, risk-based approach to your personal data sharing at all times, especially online and never share private or high-risk information.

For advice on staying safe online, these are some recommended websites:

https://www.saferinternet.org.uk

https://www.getsafeonline.org
https://www.gov.uk/guidance/think-before-you-share

Should a data breach occur we will follow industry best practice, take immediate action to secure the affected service, and will notify you if we believe your personal data may have been affected or compromised. We will report any breach to the relevant authorities, both law enforcement and governing as required, including the ICO (Information Commissioners Office) accordingly.

Third Parties

Google Analytics
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this website, to prepare reports on its activities and share them with other Google services.
Spam Defense
The IPS Spam Defense Service passes the email address and IP address of the registering member to the service to determine the likelihood a registering account is a spam source.
hCaptcha
We use the hCaptcha anti-bot service (hereinafter "hCaptcha") on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation ("IMI"). hCaptcha is used to check whether the data entered on our website (such as on a login page or contact form) has been entered by a human or by an automated program. To do this, hCaptcha analyzes the behavior of the website or mobile app visitor based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website or app with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website or app, or mouse movements made by the user). The data collected during the analysis will be forwarded to IMI. hCaptcha analysis in the "invisible mode" may take place completely in the background. Website or app visitors are not advised that such an analysis is taking place if the user is not shown a challenge. Data processing is based on Art. 6(1)(f) of the GDPR (DSGVO): the website or mobile app operator has a legitimate interest in protecting its site from abusive automated crawling and spam. IMI acts as a "data processor" acting on behalf of its customers as defined under the GDPR, and a "service provider" for the purposes of the California Consumer Privacy Act (CCPA). For more information about hCaptcha and IMI's privacy policy and terms of use, please visit the following links: https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms.
stopforumspam.com
The '(NE) 'Contact Us' enhancements' application passes the email address and/or IP address of the sender to the service to determine the likelihood the sender is a spam source.
mailcheck.ai
The '(NE) 'Contact Us' enhancements' application passes the email address of the sender to the service to determine the likelihood the sender is a spam source.
abuseipdb.com
The '(NE) 'Contact Us' enhancements' application passes the ip address of the sender to the service to determine the likelihood the sender is a spam source.
check-mail.org
The '(NE) 'Contact Us' enhancements' application passes the email domain of the sender to the service to determine the likelihood the sender is a spam source.
×
×
  • Create New...

Important Information

By using our website you consent to our Terms of Use of service and Guidelines. These are available at all times via the menu and footer including our Privacy Policy policy.