All organisations in the EU are obliged to process your personal data in certain ways and to ensure that you are given an appropriate amount of information about how they use it. Personal data is data that can identify a living human being. Personal data includes your name, contact details (e.g. postal or email address), and can also include your IP address.
You also have various rights to seek information from organisations about how they are using your data, and to prevent them from processing it unlawfully.
1. THE DATA WE COLLECT
Ship of Fools is not intended for children under 13 years old and we do not knowingly collect personal data from children under that age. You must be at least 16 years old to use the forums.
We only collect data about you if we have a reason to do so. For example: to provide our services, to communicate with you, to make our services better, and to gather statistics about how our site is used. We also gather data to monitor and prevent any problems with our services, protect the security of our services, and protect the rights and property of Ship of Fools and others.
We collect data in two ways:
> Data you provide to us
> Data we collect automatically
In the next two sections, we describe these different types of data collection in detail.
Data you provide to us
It should be no surprise that we collect personal data you provide us. In practical terms, this happens when you:
> Register on our forums
> Apply to become a Mystery Worshipper
> Comment on a Mystery Worshipper report
> Place an order for Ship of Fools products
> Support Ship of Fools through online giving
> Contact us by email
The amount and type of data depends on the context and how we use the data. Here are the different contexts:
Forum account data – In order to register a forum user account, you need to provide a username and email address. You may provide us with more data (such as your name) but we don’t require that data to create an account.
Mystery Worshipper account data – If you apply to become a Mystery Worshipper, we ask you to provide your real name, your email address, a username, your location, and the reasons why you want to become a Mystery Worshipper.
Public profile data – If you have a forum or a Mystery Worshipper user account with us, we collect the data you provide for your public profile. Your public profile data is just that – public. So please keep that in mind when deciding what data you would like to include.
Transaction and billing data – If you donate to Ship of Fools, or buy something from us, you will provide additional personal and payment data that is required to process the transaction and your payment, such as your name, credit card data, and contact details.
Content data – Depending on the services you use, you may also provide us with data about you in draft and published content. For example, if you write a forum or blog post that includes biographical data about you, we will have that data, and so will anyone with access to the Internet if you choose to make the post public. This might be obvious to you, but it’s not to everyone!
Communications with us – You may also provide us with data when you communicate about a support question, or make a general enquiry about Ship of Fools.
Data we collect automatically
We also collect some data automatically. This includes:
Log data – Like most online service providers, we collect data that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access and operating system. We collect log data whenever you use our services.
Usage data – If you have a user account, the application software collects some data about how you use that account – for example when you signed up, when you log in and out, when you were last active and relevant IP addresses.
Location data – We may determine the approximate location of your device from your IP address. We collect and use this data in aggregate form, for example to determine how many people visit our sites from different geographic regions.
2. DATA SHARING AND TRANSFERS
We do not sell your personal data.
We do not use third-party analytics. We avoid using third-party page resources. The exception is our registration pages, which use reCaptcha to establish that a real human being is filling in the form. This is a service provided by Google, which sets a persistent cookie. It can be deleted after registration.
We share data about you in the limited circumstances spelled out below, and with appropriate safeguards for your privacy:
Contractors – We disclose personal data to individuals and companies who help provide our services. This transfer is temporary, and the minimum necessary for us to maintain our services.
Third party vendors – If you pay for something on Ship of Fools, we share your data with PayPal, which processes all our online payments. This is in order to provide their services to us or to you.
Data you choose to make public – Please be careful about posting sensitive data about yourself. This includes data in your username, your public profile, in posts, and in other content you make public. Public data may also be indexed by search engines or used by third parties. Please keep all of this in mind when deciding what you would like to share.
3. DATA STORAGE AND SECURITY
While no online service is 100 percent secure, we work hard to protect data about you against unauthorized access, use, alteration or destruction.
All our data is stored in the UK. Our servers are located in the Rackspace UK and Memset data centres.
How long we keep data
We generally discard data about you when we no longer need the data for the purposes for which we collect and use it, and when we are not legally required to continue to keep it.
For example, we keep our web server logs for approximately three months. These logs record data such as visitor IP addresses, browser types, and operating systems. We retain the logs for this period of time to (for example) analyse traffic and investigate issues if something goes wrong.
Our server logs are used to generate website statistics, which contain aggregated and anonymised data only. We keep this data for longer than our web server logs (to analyse traffic patterns and bandwidth usage, for example) but the data is no longer personal at this point.
4. YOUR CHOICES ABOUT DATA
You have various choices available when it comes to data about you:
Limit the data you provide – If you have an account with us, you can choose not to provide optional account and profile data.
Close your account – If you no longer want to use our services, you can close your forum account by contacting the forum administrators. Please keep in mind that we may continue to retain your data after closing your account, as described in the ‘How long we keep your data’ section above. For example, we do this when the data is reasonably needed to comply with (or demonstrate our compliance with) legal obligations such as law enforcement requests, or is reasonably needed for our legitimate business interests.
Disable all cookies – You can configure your browser to disable cookies on all websites, with the not-surprising drawback that some features of the website may not function properly. You can also usually enable or disable (and delete) cookies on a site-by-site basis. For users of our forums, if you disable cookies, you will still be able to read the forums, but you won’t be able to sign in.
Disable third-party cookies – Until recently, our advice would be to do this for all websites, and only enable third-party cookies required for site functionality (e.g. rights-protected video streaming services). However, some website operators have responded to the recent changes in data protection by requiring third-party cookies to be enabled in order to save user choices about third-party cookies. Whether this frankly perverse practice persists remains to be seen.
Note that browser plugins that provide additional functionality may be available and that mobile devices generally provide less flexible settings than personal computers.
5. THE LAWFUL GROUNDS FOR PROCESSING DATA
If you live in the European Union (EU), our lawful grounds for processing (collecting, using and storing) data about you under EU data protection laws are:
The use is necessary in order to fulfill our obligations to you under our terms of service or other agreements with you, or is necessary to administer your account.
The use is necessary for compliance with a legal obligation.
We have a legitimate interest in using your data. For example: to provide and update our services; to improve our services; to safeguard our services; to communicate with you; to monitor and prevent any problems with our services.
6. YOUR DATA RIGHTS
If you are located in certain countries, including those that fall under the scope of the European General Data Protection Regulation (GDPR), data protection laws give you rights with respect to your personal data, subject to any exemptions provided by the law, including the right to:
> Request access to your personal data
> Request correction or deletion of your personal data
> Object to our use and processing of your personal data
> Request that we limit our processing of your personal data
> Request portability of your personal data
You can access, modify and delete the data in your forum profile using your account settings. If you wish your account to be deleted, you should contact one of the forum admins.
EU individuals also have the right to make a complaint to a government supervisory authority.
If you have a question about this privacy notice, or you would like to contact us about any of the rights mentioned above, please contact us.
Privacy notice changes
Although most changes are likely to be minor, we may change this privacy notice from time to time.
When we make changes, we will notify you by revising the change log. In some cases, we may provide additional notice, such as by adding a statement to our homepages. Your further use of the services after a change to our privacy notice will be subject to the updated policy.
That’s it! Thanks for reading.
This privacy notice was adapted from Automattic under a Creative Commons licence. Thanks to them for making it available.