[LAST UPDATED 18th JUNE 2019]
This policy outlines how GABA Labs collects, uses and protects personal data and information in compliance with the General Data Protection Regulations (GDPR). This policy may be updated in line with new practices and new regulations, and we will make a prominent announcement on our Homepage if there are any substantial or material updates.
What personal data?
Personal data is information that can be used to help identify an individual, such as name, address, phone number or email address. GABA Labs holds three types of personal data which are stored and processed separately:
- Our stakeholder database
This dynamic dataset includes full names, email addresses and phone numbers. This information is supplied when stakeholders respond in GABA Labs forms on the website. GABA Labs will also update these details when notified of changes. The information is not disclosed to 3rd parties, unless there is a legal obligation under UK law to do so. The data is processed by GABA Labs in order to respond to enquiries, and to create anonymised datasets.
Our IT systems are protected by anti-virus and security software including automated file back-up. As additional security our stakeholder database is stored electronically off-line.
- Subscriptions to “Playback” reports and “Micropolls” notifications
We use an online service called Mailchimp to process our broadcast communications with stakeholders. It handles all of the data we need for this. Mailchimp is part of The EU-US data privacy shield agreement, and is fully compliant with the General Data Protection Regulation – you can read more in the Mailchimp Privacy Statement.
You can unsubscribe from our communications at any time and remove your data completely by notifying us at email@example.com – we’ll respond to your request in compliance with GDPR (see below).
- Website tracking
Like millions of other websites, we use Google Analytics. Google Analytics is a piece of software that gathers data about visitors to the GABA Labs website.
What data does Google Analytics record?
– what kind of computer you’re using
– which pages you visit
– which website you came from to get here
– how long you stay for
What do we do with your data?
We use a plugin ‘Google Analytics Dashboard for WordPress’, and have taken all the recommended steps to fully anonymise all of the data it uses as outlined in this excellent article.
The tracking information allows us to better understand the kind of people who come to the site, what computers they are using, and what content they’re reading. This allows us to make better decisions about design and writing.
Occasionally, we will compile aggregate statistics about the number of visitors this site receives and browsers being used. No personally identifying data is included in this type of reporting.
All of our activity falls within the bounds of the Google Analytics Terms of Service.
How do I prevent website tracking?
Our installation of Google Analytics supports and respects Do-Not-Track settings you might have set in your browser. If you have specified in your browser that you do not want to be tracked then we will not track you.
You can prevent this tracking as an anonymous user of the site. There are two primary ways to do this. Either set your browser up to send Do-Not-Track headers – see the Firefox, Safari and Internet Explorer instructions on this. Alternatively, install the Ghostery plugin, which is available for Firefox, Safari, Google Chrome and Internet Explorer and which has an option to block Google Analytics.
GABA Labs complies with the General Data Protection Regulations (GDPR) which came into effect from 25th May 2018.
The GDPR give you certain rights over your data and how we use it. These include:
- the right in certain circumstances to have your inaccurate personal data rectified, blocked, erased or destroyed
- the right to prevent your data from being used for direct marketing
- the right of access to a copy of the data we hold about you (known as a “subject access request”)
If you wish to exercise any of these rights, please contact us at firstname.lastname@example.org.
For more information about your rights under GDPR go to the website of the Information Commissioner’s Office.