Data Protection, Privacy and IT Security Statement
Our NETpositive Software forms the basis of a range of Tools that are offered free at the point of use by Tool Providers (click here for a list of Supplier Engagement Tool providers) for their stakeholders (End Users). We take privacy concerns very seriously and are committed to protecting the data End Users share with us as they interact with our Tools.
This statement explains the Data Protection, Privacy and IT Security practices which apply to the NETpositive Software we operate; references to "we" or "us" are NETpositive Futures Ltd.
For the purposes of academic research, and software development, data will also be transferred to our project partners, the Stockholm Environment Institute (http://www,sei-international.org) who will treat this data in strict accordance with the terms of this privacy statement and UK Data Protection Legislation
Our aim is to safeguard End Users' privacy whilst providing a personalised and valuable service to the Tool Providers (e.g. Universities, Purchasing Consortia, Industry Groups, and Industry Clients) who have offered them for free to their stakeholders.
We want to be transparent about what happens to information provided to us and so here we explain how we collect information, what we do with it and what controls users have.
What information do we collect?
We collect two kinds of information about our users:
a. non-personal information such as IP address (the location of the computer on the internet), pages accessed and files downloaded using Google Analytics. This helps us to determine the number of individuals using the Tool, how many people visit on a regular basis, which pages are most popular, and which pages are least popular. This information doesn't tell us anything about who users are or where they live, it simply allows us to monitor and improve our service.
b. Organisational information provided freely by the tool user such as the business name, business email address, business/user type and other demographics, and through interactions with tool content including:
- selection, ranking and status of Issues and Actions;
- user-submitted content related to personalised Issues and Actions;
The information is needed to provide users with their personalised Action Plan and also enables us to conduct research. This both supports the provision of the tool (by providing stakeholder information to the tool provider) and also enables us to improve our Tool content in future.
The tool is hosted on Heroku servers (https://www.heroku.com/policy/tos) which are located in Ireland. The end user’s IP address is also stored on their servers for 7 days.
How is the information used?
We may disclose aggregate statistics about our site visitors, in order to describe our services to prospective partners, and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifying information.
We may disclose personal information if we receive a complaint about any content you have posted or transmitted to the Tool if required to do so by law or if we believe that such action is necessary to protect and defend the rights, property or personal safety of the project partners, and the tool.
We reserve the right to use aggregate, anonymised, data from the tool which may be used by us in project reports, promotional/marketing material, and other forms of dissemination.
Aside from provision of data to Tool Providers, as described above, no information containing personally identifying information will be sold or otherwise disclosed to external parties.
Our sites contain links to other sites. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links from our websites and recommend that you check the policy of each site you visit.
In addition, if you linked to our Tool from a third party website, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
We place great importance on the security of all personally identifiable information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to user information.
Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. Most web browsers automatically accept cookies, but if you prefer, you should be able to change your browser to prevent that. You should read the information that came with your browser software to see how you can set up your browser to notify you when you receive a cookie, this should then give you the opportunity to decide whether to accept it. However, you may not be able to take full advantage of the Tool if you do so. Cookies are specific to the server that created them and cannot be accessed by other servers, which means they cannot be used to track your movements around the web.
Further information about cookies can be found at the Interactive Advertising Bureau's website www.allaboutcookies.org.
The following cookies are used to ensure the functioning of the Tool:
From Google analytics:
__utma – (2 year expiry) This cookie keeps track of the number of times a visitor has been to the site pertaining to the cookie, when their first visit was, and when their last visit occurred.
__utmb – (refreshed on each page load) and __utmc – (expires end of session). Working together to calculate how long a visit takes.
__utmz – (6 months expiry) Keeps track of where the visitor came from.
see http://www.morevisibility.com/analyticsblog/from-__utma-to-__utmz-google-analytics-cookies.html for more info.
csrftoken – (1 year expiry) Refreshed for each form. Used to combat Cross Site Request Forgery - i.e. submitting bogus form data.
sessionid – (2 weeks expiry) This maintains the user's login.
Where is the information stored?
Information which you submit via our Tool is sent to servers hosted by Heroku https://www.heroku.com/policy/tos located in Ireland. This is necessary in order to process the information and to provide you with access to additional resources provided through the Tool.
We will periodically download user responses from the Tool for analysis and research purposes. These will be stored securely in accordance with the project partners’ Privacy Policies. Periodically data will be passed to Tool Providers to allow them to undertake research and help us improve the tool.
Information submitted by you may be communicated in anonymous aggregated form by us to the offices of our partner, the Stockholm Environment Institute and to other reputable third party organisations as referred to in this Policy, and these may be situated outside the European Economic Area.
Your acceptance of this Policy
Any personal information submitted via our websites or by text is treated in accordance with the Data Protection Act 1998. To find out more about your entitlements under this legislation, visit the Information Commissioner's website: www.dataprotection.gov.uk or read the Act online at: www.hmso.gov.uk/acts/acts1998/19980029.htm .
If you would like to review or revise information you have previously provided to us online, you may do so by emailing firstname.lastname@example.org
NETpositive Futures Ltd
31 Ings Lane
Last updated: October 2017