DigiLocal® is a service from High Tech Bristol and Bath CIC.
This Data Policy sets out how High Tech Bristol and Bath CIC (referred to as ‘we’, ‘us’, or ‘HBB’) uses and protects any information that you give us when you use this website or access our services.We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this policy.We may change this policy from time to time by updating this page. If we are storing any personally identifying information about you, we will advise you of any changes the email address provided.
This policy is effective from 1 July 2018 in compliance of the General Data Protection Regulation (GDPR).
High Tech Bristol and Bath CIC (HBB)
HBB is a non-profit Community Interest Company, established for the benefit of the high tech community in the West of England Local Economic Partnership Area (Bath & North East Somerset, Bristol, North Somerset, and South Gloucestershire).
The Data Protection Officer is the CEO (Dr John Bradford). His contact information is at the bottom of any emails you receive from us and on our contact page.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
2) Data retention
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For people that register on our website (if any), we also store the personal information they provide in their profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
If you withdraw from DigiLocal we will contact you to see if you would like us to stay in touch. If we do not receive your explicit permission we will delete your personal data. We will also delete any data relating to your child / children (name, data of birth, any DigiLocal LINKS awards they may have received). We do not hold contact information for young people.
If you have not interacted with DigiLocal for over 6 months, we will contact you to opt-in to receiving further notices from us. If you do not consent, or withdraw consent, your data will be deleted. This does not include any data we are obliged to keep for legal, or security purposes.
You may request to have your personal data deleted at any time by contacting the Data Protection Officer. This does not include any data we are obliged to keep for legal, or security purposes.
For more information about this right see the Information Commissioner’s Office: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/
3) Personal data
There are three reasons we may hold personal data from you:
If you are 1 or 2 in the list above, then the minimum data we ask from you is;
To help understand our community we ask for, but do not require;
Parent / guardian
No contact information is held for young people. Any contact will be through the appropriate parent / guardian / responsible adult.
When a parent / guardian / responsible adult contacts DigiLocal about places at a club, a note is made on their record of how many young people will be attending and ages (if given), but not names.
Young people are entered as individual records only when we receive a signed permission form from the parent / guardian / responsible adult.
What we do with the information we gather
We require this information to deliver DigiLocal, and in particular for the following reasons:
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.
Public data and publishing
Browsing this site doesn’t reveal your identity publicly, though see Private Logging later in this document for more information. Comments, trackbacks, and pingbacks are published, and except in very limited circumstances, will be a permanent part of this site. If you decide to comment, link, or pingback to a post, you must keep this in mind.
When posting a comment, a name and email address are required. You do not have to select your real name. Your email address will not published. This will not create a record on our CRM and you will not be subsequently contacted (unless you already have a record on our CRM or subsequently request one).
Comments, trackbacks, and pingbacks will be identified by your IP address. These numbers could potentially be traceable to identifying information about you, whether it is your home ISP or the University or Work account where the IP address is registered. Your IP address could potentially be used in conjunction with other data to identify you.
If you are concerned about attempts to match your IP address to your identity, you may wish to use an anonymous browsing service or attempt some means to obfuscate your real IP address.
Links to Other Websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
What data security procedures we have in place
We have installed a Let’s EncryptTM certificate to validate the SSL credentials of our website.
An SSL Certificate is a small computer file that digitally combines a cryptographic key with an organization’s details. On a web server, for example, it allows secure connections to a web browser. Depending on the type of SSL Certificate being used by the organization, different levels of checks will be made by the Certificate Authority (CA) issuing the certificate. The CA itself holds a Root Certificate.
An SSL Certificate awarded to an organization is derived from the Root Certificate. The same Root Certificate must be present on the end user’s computer in order for the issued SSL Certificate to be trusted. Browser and operating system vendors work with Certificate Authorities, so the Root Certificate is embedded in their software.
The site is further protected by the G6 Firewall code. The 6G Firewall is a powerful, well-optimised blacklist that checks all URI requests against a set of carefully constructed .htaccess directives. This happens quietly behind the scenes at the server level, which is optimal for performance and resource conservation. Implementing an .htaccess solution such as the 6G Firewall, the code is executed without invoking the memory and resources required for PHP, MySQL, etc. That gives us better performance while saving server resources for legitimate traffic.