Your privacy matters to us because we want you to feel safe when interacting with our services. When you register for an account we'll keep your name and email address in a secure database. We also use anonymous tracking cookies so we can test how well our website is working. This notice applies to all the services we offer, but in particular the teratree.org website.
Please do contact us if anything is unclear or you have any questions or concerns about our privacy practices.
Who we are?
James Gardner is the data controller. You can contact him at email@example.com.
What information do we collect?
Specify the types of personal information you collect, eg names, addresses, user names, etc. You should include specific details on:
- When a user registers we collect an email address
- When a user comments on a page we optionally collect a name and or email address
- When a user completes a questionnaire we collect their name, email address and answers
How do we use personal information?
We use your login to offer you different services. For example, site admins can edit pages so get access to extra information in the site.
We use your email address to send you information that we hope you will find interesting that will help you get involved in making sure trees are planted.
We carry out polls and surveys to test ideas to see what practices work best in which locations for planting trees.
What legal basis do we have for processing your personal data?
There are six possible legal grounds for processing conditions contained within the GDPR:
- legitimate interests
- vital interests
- public task
- legal obligation
We process personal information for the goal of helping you to help us plant 1,000,000,000,000 trees. If you ever want your personal data removed, just let us know at firstname.lastname@example.org.
When do we share personal data?
We don't currently share data with other organisations. If we did, it would be to help our goal of planting 1,000,000,000,000 trees.
Sometimes we explicitly ask if you would be willing to release all your personal data publicly under a CC Zero license so that your answers can help other people working in this field. Where you've agreed to this, we will publish your data so that it can have the benefit you intended.
Where do we store and process personal data?
Data is stored and processed on a platform called Heroku which iteself relies on a service called AWS. Where possible we store data on servers running in the EU, but occasionally we may store data on other servers too.
We always make sure your data is held in databases protected by long passwords and by companies which provide an appropriate level of data privacy protection.
How do we secure personal data?
To prevent unauthorised access, use, destruction or disclosure all our data is held secure and backed up regularly. The backups are stored on Heroku, or downloaded offline and encrypted.
We securely store and backup this data:
- to protect data against accidental loss
- to prevent unauthorised access, use, destruction or disclosure
- to ensure business continuity and disaster recovery
How long do we keep your personal data for?
We keep your name, email and comments for as long as the page you commented on exists so that people can read your comments and we so that we can delete your comments specifically if you request us to.
We keep your email and password for as long as your account is active to allow you to access the site.
We keep your survey responses until we decide the responses are no longer useful (unless you chose to make them available indefinitely under a CC zero license) so that researchers can use your answers to help plan how to plant more trees.
Once the data is no longer valuable to researchers it will be deleted from the main database.
Data backups are kept for a maximum of 6 months, so it will be removed from backups after that period too.
Your rights in relation to personal data
We respect your right to access and control your personal data. In particular your right to:
- access to personal information
- correction and deletion
- withdrawal of consent (if processing data on condition of consent)
- data portability
- restriction of processing and objection
- lodging a complaint with the Information Commissioner’s Office
Please get in touch via email@example.com to exercise your rights. We'll endeavour to reply to all subject access requests as quickly as possible, but sometimes such requests will require extra programming to be done to facilitate your request and will take slightly longer. We'll let you know via email within 14 days if your request requires this extra work.
Rights may be limited if for example fulfilling a data subject request may expose personal data about another person, or if you’re asked to delete data which you are required to keep by law.
Use of automated decision-making and profiling
We currently do not use automated decision-making or profiling tools.
We use them to discover if our website is easy to use so that we can make sure people can take the actions necessary to plant trees.
Linking to other websites / third party content
We link to external sites and resources from our website. This does not constitute endorsement, and we do not take any responsibility for the content (or information contained within) any linked website.
How to contact us?
You can get in touch at firstname.lastname@example.org or via any other method on our Contact Us Page if you have questions or concerns about our privacy practices, your personal information, or if they wish to file a complaint.