Data Policy

DigiLocal® is a service from High Tech Bristol and Bath CIC.


This Data Policy sets out how High Tech Bristol and Bath CIC (referred to as ‘we’, ‘us’, or ‘HBB’) uses and protects any information that you give us when you use this website or access our services.We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this policy.We may change this policy from time to time by updating this page. If we are storing any personally identifying information about you, we will advise you of any changes the email address provided.


This policy is effective from 1 July 2018 in compliance of the General Data Protection Regulation (GDPR).

High Tech Bristol and Bath CIC (HBB)

HBB is a non-profit Community Interest Company, established for the benefit of the high tech community in the West of England Local Economic Partnership Area (Bath & North East Somerset, Bristol, North Somerset, and South Gloucestershire).

The Data Protection Officer is the CEO (Dr John Bradford). His contact information is at the bottom of any emails you receive from us and on our contact page.

1) Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

2) Data retention

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For people that register on our website (if any), we also store the personal information they provide in their profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

If you withdraw from DigiLocal we will contact you to see if you would like us to stay in touch. If we do not receive your explicit permission we will delete your personal data. We will also delete any data relating to your child / children (name, data of birth, any DigiLocal LINKS awards they may have received). We do not hold contact information for young people.

If you have not interacted with DigiLocal for over 6 months, we will contact you to opt-in to receiving further notices from us. If you do not consent, or withdraw consent, your data will be deleted. This does not include any data we are obliged to keep for legal, or security purposes.

You may request to have your personal data deleted at any time by contacting the Data Protection Officer. This does not include any data we are obliged to keep for legal, or security purposes.

For more information about this right see the Information Commissioner’s Office: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/

3) Personal data

There are three reasons we may hold personal data from you:

  1. You volunteer, organise, or in some other way help support a DigiLocal club, or
  2. You are the parent / guardian / responsible adult for a young person at a DigiLocal club, or
  3. You are a young person at a DigiLocal club.

If you are 1 or 2 in the list above, then the minimum data we ask from you is;

  • first name, last name;
  • email;
  • mobile phone number for contact in case of emergency,

To help understand our community we ask for, but do not require;

  • employer, and job title,
  • principle trading address for each organisation

Volunteers

  • to maintain a register of Disclosure and Barring Service (DBS) cleared volunteers in support of DigiLocal clubs we hold DBS certificate numbers and Date of Birth for all volunteers so that their status can be verified,

Parent / guardian

  • DigiLocal permission date is held for parents / guardians / responsible adults, registering the date at which they consented to their children attending a DigiLocal club,

Young people

No contact information is held for young people. Any contact will be through the appropriate parent / guardian / responsible adult.

When a parent / guardian / responsible adult contacts DigiLocal about places at a club, a note is made on their record of how many young people will be attending and ages (if given), but not names.

Young people are entered as individual records only when we receive a signed permission form from the parent / guardian / responsible adult.

  • Names of young people attending DigiLocal clubs (first name, last name – but no contact information) are held so that LINKS awards can be recorded to aid in progression monitoring and verifying which child has achieved which level
  • Date of birth is held so that we can evaluate how well DigiLocal is doing with different age groups.
  • An internal CRM link is maintained with the parent / guardians so that we can maintain an accurate record of emergency contact information.

What we do with the information we gather

We require this information to deliver DigiLocal, and in particular for the following reasons:

  • Internal record keeping;
  • We may use the information to improve DigiLocal;
  • We may contact you about specific club information e.g. cancellation due to bad weather;
  • We may contact you about DigiLocal events and updates.
  • We may use the information to customise the website according to your interests;

4) Website

Cookies

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.

Public data and publishing

Browsing this site doesn’t reveal your identity publicly, though see Private Logging later in this document for more information. Comments, trackbacks, and pingbacks are published, and except in very limited circumstances, will be a permanent part of this site. If you decide to comment, link, or pingback to a post, you must keep this in mind.

Author identification

When posting a comment, a name and email address are required. You do not have to select your real name. Your email address will not published. This will not create a record on our CRM and you will not be subsequently contacted (unless you already have a record on our CRM or subsequently request one).

Comments, trackbacks, and pingbacks will be identified by your IP address. These numbers could potentially be traceable to identifying information about you, whether it is your home ISP or the University or Work account where the IP address is registered. Your IP address could potentially be used in conjunction with other data to identify you.

If you are concerned about attempts to match your IP address to your identity, you may wish to use an anonymous browsing service or attempt some means to obfuscate your real IP address.
If so, you might like to try Tor, an anonymous browsing service. Please see https://tor.eff.org/ for more details.

Links to Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

What data security procedures we have in place

We have installed a Let’s EncryptTM certificate to validate the SSL credentials of our website.

An SSL Certificate is a small computer file that digitally combines a cryptographic key with an organization’s details. On a web server, for example, it allows secure connections to a web browser. Depending on the type of SSL Certificate being used by the organization, different levels of checks will be made by the Certificate Authority (CA) issuing the certificate. The CA itself holds a Root Certificate.

An SSL Certificate awarded to an organization is derived from the Root Certificate. The same Root Certificate must be present on the end user’s computer in order for the issued SSL Certificate to be trusted. Browser and operating system vendors work with Certificate Authorities, so the Root Certificate is embedded in their software.

The site is further protected by the G6 Firewall code. The 6G Firewall is a powerful, well-optimised blacklist that checks all URI requests against a set of carefully constructed .htaccess directives. This happens quietly behind the scenes at the server level, which is optimal for performance and resource conservation. Implementing an .htaccess solution such as the 6G Firewall, the code is executed without invoking the memory and resources required for PHP, MySQL, etc. That gives us better performance while saving server resources for legitimate traffic.