Privacy

Data and privacy are issues that are really important for both The Democratic Society and mySociety. We are also both committed to explaining very clearly how we will use the personal data you provide.

We have set out how we will collect and use your data below. However, if you have any questions, please drop us an email and we’ll respond as soon as we can.

Who are we?

‘Public Square’ is a project funded by Luminate Group and run jointly by The Democratic Society and mySociety. The purpose of the project is found on our landing page.

The Democratic Society (‘Demsoc’) is a Brussels based charity, with a UK not-for-profit subsidiary which leads our work in Scotland, England, Northern Ireland and Wales. You can find out more about us on our website and how to get in touch with us here.

mySociety is a UK not-for-profit organisation. You can find our contact details here, and read more about our other work here.

What data we collect and how we use it

You may share information with the project in a number of ways, and we’ve detailed how we collect and process data, along with lawful basis under which we do this, below. More general information about the current laws and lawful bases for data collection can be found on the Information Commissioner’s website.

1. Signing up to our newsletter

If you subscribe to our newsletter, your name and email address will be added to the ‘Public Square’ mailing list, which is hosted with Mailchimp. Note that Mailchimp may transfer personal data outside the EU, and please contact Mailchimp with questions or concerns about this.

This mailing list will be kept separate from existing lists that either Demsoc or mySociety currently operate. Only the project team, consisting of a small number of individuals from mySociety and Demsoc, will have access to this mailing list, and we will only use this data for either a) sending newsletters to update you on the project b) internal and external reporting on how many people we’re reaching with the newsletter.

If you have stated you are happy to receive invitations to activities taking place in your local area, you may also receive infrequent emails inviting you to these. We will base this upon any postcode data you have provided.

In subscribing to the newsletter, you are consenting to the processes as described on this page. The lawful basis for this is termed ‘GDPR  6(1)(a) – Consent of the data subject’ and more information about this is found on the ICO website.

If you subscribe to our mailing list, we will retain your data until such a time as either the project winds down, you unsubscribe, or otherwise ask us to remove your details.

You can unsubscribe from our mailing list, and every newsletter contains a quick and easy unsubscribe link in its footer.

When you unsubscribe from a newsletter managed via Mailchimp, your details remain on the list of past recipients. This is a measure to prevent circumstances such as a member of staff accidentally manually re-adding you. Mailchimp states: “As a compliance measure, subscribers who unsubscribe themselves can’t be deleted from your list.”

However, provided you are still a subscriber at the point when you contact us, on request your details can be permanently removed from the list – please get in touch if you would like this to happen.

2. Signing up to an event

We will use Eventbrite to handle event attendance at some of our main events. In this instance we will ask for as little personal information as possible to support your attendance at this event, including name, email address, and whether you have any accessibility needs or dietary requirements. We will use this data to ensure we meet (wherever possible) any accessibility needs or dietary requirements, and to send reminders about the event, or to send a follow-up subsequently.

Note that Eventbrite transfers personal data outside the EU. For more information on this and to see their data retention policies, please see their privacy policy.

By signing up to our events, you consent to your data being used in the above ways, and the lawful basis for this is termed ‘‘GDPR  6(1)(a) – Consent of the data subject’.

3. Emails

A small number of people from Demsoc and mySociety have access to the team email address. This allows us to respond effectively and efficiently to any emails we receive. We may forward your email to others within the Public Square project team who are best placed to respond.

4. Events

When we attend other people’s events to talk about the project, we might ask people if they are interested in signing up to our newsletter. If people express interest, we will either use a paper form to capture their email address and add this manually to our mailing list, or we will support you to register digitally at that point. Where paper forms are used, they will be destroyed as soon as possible.

5. Research

This project has a number of activities in which we will be carrying out research. When carrying out research activities such as interviews and workshops, we will ask participants to read and sign a form that explains how we will use what is said in the space, how that data will be stored, retained, and ultimately deleted. We will post a copy of the form we will use to the website in due course, so that any potential workshop attendees or interviewees can see it before confirming attendance. Wherever possible in workshops, we will also provide a verbal explanation of what is contained within the consent form and provide opportunity for people to ask questions.

By signing the form you give your consent to your data being used in the way detailed in the form. You can withdraw your consent at any time by contacting either the researcher working with you, or emailing us.

When we will share your data

We will never share your data externally other than outlined above, other than when required to by law. In addition to this, your data will never be shared internally with Demsoc or mySociety staff outside of the team working on this project. While we fully trust our wider teams, we are committed to ensuring we limit the numbers of people who have access to your data.

Your rights

You have a number of legal rights regarding your data. For a detailed summary of your rights, please see the Information Commissioner’s website

Right of access: You have the right to access a copy of your personal data, to see what information we hold about you. Please contact us to request this or speak to us at one of our events. We will respond as quickly as we can, and certainly within a month.

Right to rectification of data: If you believe any personal data we hold about you is incorrect or incomplete, please contact us to request we rectify this or speak to us at one of our events. As above, we respond to this within a month of receiving your contact.

Right to revoke consent: You have the right to revoke consent at any point regarding activities detailed above. We have identified under each activity how to do this.

Right to erasure: You have the right to request that we delete the data we hold about you. There may be instances in which there are legitimate reasons for us to continue to hold this data, but wherever possible and wherever we are relying upon your consent to hold and process your data, we will delete what we hold. We have detailed above how to do this in relation to each activity, and in addition to this you can email us or speak to us at one of our events. We will respond as soon as we can and certainly within a month.

Right to object: You have the right to object or complain about how your personal data is processed. If you have any concerns about how we handle your data, please email us [link] or speak to us at one of our events, and we will respond in writing within a month. For the UK, the relevant supervisory body is the Information Commissioner’s Office.. You can report a concern to them here(but do contact us first, so that we can try and help.

Cookies and website analytics

Like many other websites, we sometimes use cookies and Google Analytics to help us make our websites better.

These tools are very common and widely used by other sites, but they do have privacy implications, and as organisations concerned with socially positive uses of the internet, we think it’s important to explain them in full.

When you visit sites that use these tools, you’re potentially telling companies such as Google that you visited, as well as some information about how your web browser is configured. Nothing more that that is communicated, and we don’t pass on personal information like your email address, home address or private mail. We’ve explained in more detail below how we use cookies and website analytics on this site.

If you don’t want to share your browsing activities on this site with other companies, you can install opt-out browser plugins. Here are links to more explanations:

Cookies

To make our service easier or more useful, we sometimes place small data files on your computer or mobile phone, known as cookies. Many websites do this.

This information can be useful for you, and useful for us. For example, if you leave a comment on the blog, cookies ensure that the next time you comment, you won’t have to re-enter your credentials.

Cookies can also help us measure how people use the website, so we can improve it and make sure it works properly.

Below, we list the cookies and services that this site may use.

Name Typical Content Expires
comment_author The name used to leave a comment 1 year
comment_author_email The email address used to leave a comment 1 year
comment_author_url The URL used to leave a comment 1 year

Measuring website usage (Google Analytics)

We are using Google Analytics to collect information about how people use this site. We do this to make sure it’s meeting its users’ needs and to understand how we could do it better.

Google Analytics stores information such as what pages you visit, how long you are on the site, how you got here, what you click on, and information about your web browser.

IP addresses are masked (only a portion is stored) and personal information is only reported in aggregate. We do not allow Google to use or share our analytics data for any purpose besides providing us with analytics information, and we recommend that any user of Google Analytics does the same.

The cookies set by Google Analytics are as follows:

Name Typical Content Expires
__utma Unique anonymous visitor ID 2 years
__utmb Unique anonymous session ID 30 minutes
__utmz Information on how the site was reached (e.g. direct or via a link/search/advertisement) 6 months
__utmx Which variation of a page you are seeing if we are testing different versions to see which is best 2 years

Google’s official statement about Analytics data

“This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.”

If you’re unhappy with the idea of sharing the fact you visited our sites (and any other sites) with Google, you can install the official browser plugin for blocking Google Analytics.