WHO ARE YOU?
We are SUPER RADICAL LTD, a company limited by shares registered in England under 08672828, whose registered address and main trading address is Two Vine Street, York, North Yorkshire, YO23 1BB. We are both the writers and the publishers of ZERO-FIFTY – an all-encompassing global solution to climate change. We also own and operate the website, www.zero-fifty.com.
25/05/2018 - GDPR UPDATE.
WHAT DATA DO YOU COLLECT?
Like most websites, when you visit our website, we collect the various interactions you have with the website. This includes data such as your geographical location, device, internet browser and operating system, however, none of this information personally identifies you to us. We use this data to analyse your use of our website so that we can continually improve your user experience.
If you choose to subscribe to our newsletter, we will collect a copy of your name and your email address. This so that we can supply you with the newsletter that you have subscribed to.
If you choose to send us a message using a contact form or an email, we will collect a copy of your name, email address, message and any other information you include about yourself or others within the message. This is so that we can respond to the message and undertake any actions required as a result of the message.
If you choose to phone us a message we may log your contact details including name, phone number and postal address, along with any message or instruction that you provide us with. This is so that we can respond to your phone call and undertake any actions required as a result of your phone call.
If you choose to add a comment to any posts that we have published on our blog, we will collect a copy of your name, email address and comment. This is so that we can display your name, comment and gravatar if you have one.
If you choose to make a donation, we will collect a copy of your name, email address, donation amount, payment information and message along with the time and date that you placed the donation. We may also keep a copy of your postal address. All of this information will be used to process your donation and, if an address has been provided, send you a personalised thank you message.
If you choose to order a copy of ZERO-FIFTY, we will collect a copy of your name, email address, postal address, payment information and message along with the time and date that you placed the order. This is so that we can process your order and provide you with updates about the products that you have purchased.
Please rest assured, we will never send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the UK Data Protection Act 1988 (DPA), the EU Data Protection Directive 1995 (DPD), the EU General Data Protection Regulation 2018 (GDPR) and the Australian Privacy Act 1988 (APA).
HOW LONG DO YOU STORE MY DATA?
Depending on what data you provide us with depends on how long we keep it.
For anonymous analytics data, we will hold it for a period of 50 months or until it no longer serves any purpose, at which point it will be deleted. Unfortunately, we are unable to delete any data related to a specific user because the data is anonymous.
For subscription data, we will hold it for as long as we continue to send newsletters, or until you specifically request that your subscription is cancelled. You can do this by selecting the links contained in any email newsletters that we send you or by making a request via email. When requesting via email, please send your email to us using the email account that you subscribed with.
For message and phone data, we will hold the data indefinitely for our records, unless, and where possible, you request that we remove data pertaining to you.
Lastly, for donation and order data, we are legally obliged to keep this data for a period of seven years. After this period, we will retain the data for our financial records, however, this data can be deleted at your request.
HOW DO YOU STORE MY DATA?
All data related to your interactions with this website are stored with Google Analytics, a third party data processor. All data accessible to us will be anonymised and will not include any personally identifying information. Please be aware, Google Analytics also records your computer’s IP address which could be used to personally identify you but Google does not grant us access to this.
If you choose to subscribe to our newsletter, your data will be stored within a database on our web servers and on our web backup servers.
If you choose to send us a message using the contact form or an email link, the data will be collated into an email and sent to us via Simple Mail Transfer Protocol (SMTP). A copy of the email will then be stored on our email servers, some local computers and our email backup servers. Your contact details may also be added to our contact server and our contact backup server.
If you choose to phone us your contact details might be added to our contact server and our contact backup server. Furthermore, we might add your message to our file server and our backup server.
If you choose to leave a comment, your data will be stored within a database on our web servers and on our web backup servers. Only your name will be shown on the public-facing website, although, if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed.
If you choose to make a donation, your name, email address, donation amount, payment information and message, along with the time and date that you placed the donation, will be collated into an email and sent to us via Simple Mail Transfer Protocol (SMTP). An encrypted copy of the email will then be stored on our email servers, some local computers and our email backup servers. Furthermore, your data will be stored in a database on our web server and an encrypted backup of your data will be stored on our web backup servers. Finally, your name, email address, donation amount and payment information will be sent to Stripe, a third party payment processor, using a secure connection to process your payment.
If you choose to make an order, your name, email address, postal address, order cost, payment information and message, along with the time and date that you placed the donation, will be collated into an email and sent to us via Simple Mail Transfer Protocol (SMTP). An encrypted copy of the email will then be stored on our email servers, some local computers and our email backup servers. Furthermore, your data will be stored in a database on our web server and an encrypted backup of your data will be stored on our web backup servers. Lastly, your name, email address, order cost and payment information will be sent to Stripe using a secure connection to process your payment.
WHO PROVIDES YOUR SERVERS?
Google provides our web, file, email contact and web backup server. Spanning Cloud Apps provide our file, contacts and email backup servers. Please be aware, this means some of your data may be transferred and stored outside of the European Economic Area. You are deemed to accept and agree to your data being stored in this manner by using our website and submitting information to us.
DO YOU SHARE MY DATA?
We may from time to time share the anonymised data that we collect with third parties such as prospective investors, affiliates and partners. Furthermore, in certain circumstances, we may be legally required to share some of your data held by us. Examples of this include court orders and government requests. Please be aware, in such circumstances, we will not require any further consent to share your data with the parties involved.
HOW DO YOU SECURE MY DATA?
Data security is of great importance to us, and to protect your data, we have put in place a variety of measures to safeguard the data we collect from you. This includes the following:
- Only keeping your data for as long as we need to and for as long as we have your permission to keep it.
- Password protecting all data that we hold about you.
- Using two-step authentication to access the backend data held on this website.
- Passcode protecting all mobiles devices.
- Password protecting all computers and laptops.
- Using two-step authentication on all mobile devices, computers and laptops.
- Adding the facility to remotely erase all content on a device in the event of a theft as soon as the device connects to the internet.
- Encrypting all data on our local devices.
- Encrypting all data on our file servers.
- Encrypting all backup data that we hold.
- Ensuring all data transferred between our server and your web browser is encrypted.
- Ensuring all emails are encrypted before being sent across the internet.
- Securing our website using established and highly reputable security software.
- Undertaking daily scans of our site to ensure no malware is present.
- Using a PCI Service Provider Level 1 payment gateway. This is the most stringent level of certification available in the payments industry.
Please be aware, like on most websites, the data stored on our web server is currently in an identifiable fashion, a limitation of the content management system that this website is built on. In the future, we aim to change the storage of this data to a pseudonymous fashion meaning that the data would require additional processing using a separately stored ‘key’ before it could be used to identify an individual. Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to keeping it as a high priority and will implement it on this website as soon as we are able to.
If you would like more information about the measures that we take to protect your data, please feel free to ask for a copy of our ‘Data Protection Policy’ by sending a message to email@example.com.
WHY DO YOU USE THIRD PARTIES?
We use some third parties because they are able to perform the services that we require more effectively and more securely than ourselves.
ARE THE THIRD PARTIES SECURE?
All of the third parties that we use have been carefully chosen and all of them are based in the USA and are EU-U.S Privacy Shield compliant. If you would like more details about our third parties security arrangements, you can review their privacy policies by pressing the links below.
CAN I SEE THE DATA YOU HOLD ABOUT ME?
You are welcome to request a copy of the personal data we hold about you. Please simply send us a request at firstname.lastname@example.org.
CAN YOU REMOVE THE DATA YOU HOLD ABOUT ME?
If you would like any of the data that we hold about you removed, please send us a message at email@example.com. Where ever possible, we will then delete the data from our servers.
Please note, we are unable to delete information from our backups because this is technically too difficult to accomplish. However, we keep a log of deletion requests so we can re-run any deletion requests in the event of needing to restore a backup.
CAN I WITHHOLD MY DATA?
DO YOU COMPLY WITH LEGISLATION OUTSIDE OF THE EU?
Our compliance with EU legislation, which is very stringent in nature, means that this website is likely to be compliant with the data protection and user privacy legislation set out by most other countries and territories. If you are unsure about whether this website is compliant with your own country of residences’ specific data protection and user privacy legislation, please send us a message at firstname.lastname@example.org.
WHAT HAPPENS IF YOU HAVE A SECURITY BREACH?
We will report any unlawful data breach of this website’s data or the data held at any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner could have been stolen.
WHO IS YOUR DATA PROTECTION OFFICER?
All public authorities and any organisation that processes personal data on a significant scale must appoint a Data Protection Officer responsible for monitoring internal compliance of the GDPR regulations within the organisation. While we do not process personal data on a significant scale, we have still opted to appoint a Data Protection Officer to further secure the data that you provide us. Our data protection officer is David James-Arnold, the founder and managing director of SUPER RADICAL LTD.
WHAT HAPPENS IF I WANT TO MAKE A COMPLAINT?
If you believe we are using your data unlawfully, or not protecting your data sufficiently, you can make a complaint to any of the supervisory authorities established to uphold information rights. Please press the link below for a list of the supervisory authorities within the EU.
Furthermore, please press the following link for UK’s supervisory authority.
DO YOU HAVE ANY OTHER TERMS OR POLICIES?
WHAT HAPPENS IF YOUR BUSINESS CHANGES HANDS?
WHERE CAN I GET FURTHER INFORMATION?