The rules for how we handle your data are changing
The General Data Protection Regulation (GDPR) is a new, Europe-wide law that replaces the Data Protection Act 1998 in the UK. It is part of a package of reforms to the data protection landscape that includes the Data Protection Bill. The GDPR sets out requirements for how organisations will need to handle personal data from 25 May 2018.
UK Black Pride believes that you should always know what data we collect from you and how we use it, and that you should have meaningful control over both. As part of our commitment to transparency, and in preparation for new data protection laws that take effect from 25 May 2018, we commit to empowering you to make the best decisions about the information you share with us, and for UK Black Pride to serve the public interest, and keep our community safe and welcoming for all.
You are encouraged to read this blog post in its entirety.
Data Retention and access to Communications Data
Parliament enacted an Order which came into force on 5 December 2003, approving a voluntary code of practice in relation to Internet Service Provider (ISP) retention of and access to Communications Data — confidential user information. As a not-for-profit dedicated to supporting and promoting groups and individuals working for LGBT and racial equality, human rights, and social justice, UK Black Pride aims to realise the rights of all individuals in the UK to enjoy full access to information and communication services.
Why is information stored?
UK Black Pride holds user data for Billing and Support purposes. This allows us to fulfil various administrative functions such as issuing invoices, recording payments and answering user support queries. We may also use information when:
- informing users about new UK Black Pride services
- distributing newsletters and alerts which we feel would be of interest
- distributing announcements about training activities and new projects
These purposes are consistent with the 8 UK Data Protection Principles which state that:
- Processing of personal data must be done fairly and lawfully.
- Personal data should be obtained only for specified purposes and must be processed in a manner compatible with those purposes.
- Personal data must be adequate, relevant, and not excessive in relation to those purposes.
- Personal data must be accurate and, where necessary, kept up to date.
- Personal data should not be kept longer than necessary.
- Personal data must be processed in accordance with the rights of data subjects under the current Data Protection Act.
- Technical and organisational measures can be taken against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage to personal data.
- Personal data should not be transferred outside the European Economic Area unless to a country or territory that ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
What information is stored?
Information collected in relation to internet and internet support services can include:
- a ‘session identifier’ — a unique number that identifies your interaction with the ‘authentication server’
- access equipment port details
- the connection speed
- a pre-session duration (before the logging was invoked)
- the date and time of the start (or end) of the connection
- an account identifier or username
- the caller line identification (CLI) provided with the call
- the IP address used by the user
- the IP address of the network access server
- the first destination IP address (often a domain name (DNS) server)
- what caused the call to end
- the total traffic transferred in each direction
- information collected in relation to billing
- This information is captured in ‘logs’ and is a normal part of ISP operation. The logs UK Black Pride uses are commonly referred to as authentication, postfix, pop and web logs.
Information collected in relation to our billing/accounting system:
- Name (Individual and/or Organisation) of account holder
- Phone Number and Fax Number
- In some cases, credit card details
What do we do with this information?
Information collected in relation to internet and internet support services is used for:
- ‘Troubleshooting’. Information can be used in solving certain problems users might be having, for example, ‘lost mail’, ‘time-out’s’ during sessions’, bounced mail problems etc.
- Defining Usage patterns. Usage patterns in one period may be compared to other periods to examine what affects usage.
- Monitoring Leased Line usage to determine that UK Black Pride has sufficient bandwidth to accommodate our users needs.
Information collected in relation to billing:
- is used for delivery of invoices.
- situations where the user needs to be contacted in relation to billing matters.
How long do we keep this information?
Logs are kept no longer than necessary. That is, we keep logs as long as is necessary for our stated specific purposes of billing and support needs. Most information is kept for up to 12 months after which time it is deleted. Billing and accounting information is kept for the time stipulated by Companies House Legal requirements.
Is your information confidential?
All of your information is confidential including:
- The source and destination of all communications received and sent by the user.
- The content of all communications sent and received by the user.
- The name, address and other communication details of the user or others using the user’s account.
- Payment history and other matters relating to the operation of the user’s account.
- Information about the use made by the user of the services of UK Black Pride (web browsing etc)
Who can access your information?
UK Black Pride will not give user information to any agency, organisation or company for the purposes of direct marketing. UK Black Pride will not disclose confidential information to any third party without your implicit or explicit consent – [implicit authorisation could mean, for example, that the information requested is publicly available, e.g. on the user’s website, via a ‘Whois’ lookup, or other publicly published databases)] – unless compelled by law to do so. In this situation, we would only disclose such information if the following conditions exist:
- the law is compliant with existing Data Protection principles and Human Rights standards.
- we have received a court order
- UK Black Pride considers that there is a compelling justification for disclosure;
- In the absence of such conditions, UK Black Pride is principally bound to protect your confidential information and inform you if any third party tries to obtain your confidential information. UK Black Pride does not share personal data with third parties, except as described above. All UK Black Pride volunteers have clear guidelines to determine whether a user has identified themselves sufficiently for a change of account or disclosure of information and are aware that the unauthorised or illegal disclosure of personal details about users is not allowed. ‘Third Parties’ could include:
- Other network operators who may contact UK Black Pride when it is alleged that a UK Black Pride user has breached their Acceptable Use Policy (AUP) which may have affected the network integrity of a third party’s network
- Sales and marketing companies
- Law enforcement agencies and Government Departments
How can inaccurate data be corrected?
You can contact us to amend your details at any time by emailing email@example.com with the subject line: My Data.