Data Protection, Privacy & IT Security

Data Protection, Privacy and IT Security Notice

Our NETpositive Software forms the basis of a range of Tools that are offered free at the point of use by Tool Providers (Universities and Public Sector bodies) for their stakeholders (Tool/End Users). We take privacy concerns very seriously and are committed to protecting the data End Users share with us as they interact with our Tools.

This statement explains the Data Protection, Privacy and IT Security practices which apply to the NETpositive Software we operate; references to "we" or "us" are NETpositive Futures Ltd.

For the purposes of academic research, and software development, data will also be securely transferred to our project partners, the Stockholm Environment Institute (http://www.sei.org) and Go4Growth Support Services Ltd (https://go4growth.co.uk/) who will treat this data in strict accordance with the terms of this privacy notice, UK Data Protection Legislation and the General Data Protection Regulation.

Our aim is to safeguard End Users' privacy whilst providing a personalised and valuable service to the Tool Providers (e.g. Universities, Local Authorities and Other Public Sector Partners) who have offered them for free to their stakeholders.

We want to be transparent about what happens to information provided to us and so here we explain how we collect information, what we do with it and what controls users have.

Your acceptance of this Policy

By using our Tool, you consent to the collection and use of information by us in accordance with our Privacy Notice. If you do not agree to this Notice, please do not use our Tool. We ask users to tick a box on registration to explicitly consent to this Notice.

If, at any time, you wish to know what information we hold about you, or your company, or wish to remove or modify the data we hold about you, please contact our data controller, Sandra Pickering at: admin@netpositivefutures.co.uk

If you believe at any time that we are in breach of any data protection laws or good practice, please contact us, which in no way affects your right to also raise your concerns with a supervisory authority.

What information do we collect?

We collect the information on the basis of informed consent, that you provided at the time of registration. We collect two kinds of information about our users that is necessary to achieve the ambition of the NETpositive Software– that of promoting sustainable development, social value and a response to climate change and carbon reduction/net zero:

a.   Personal Information which includes:

i.  the IP address of the computer used to access the Tool (the location of the computer on the internet), pages accessed, and files downloaded, analysed using Google Analytics. This helps us to determine the number of individuals using the Software, how many people visit on a regular basis, which pages are most popular, and which pages are least popular. This information doesn't tell us anything about who users are or where they live, it simply allows us to monitor and improve our service.

ii. your freely-provided business email address, as supplied by you at registration, which acts to identify the account you hold on our system and will be used to provide you with updates about the NETpositive Tool and its content, in order for us to stimulate the regular use of the Tool. Your email may be shared with the Tool Providers.

b. Organisational information provided freely by the End User and through interactions with Tool content such as name, business email address, business turnover, energy and fuel consumption data and:

- selection, ranking and status of Priorities and Actions;

- user-submitted content related to customised Priorities and Actions;

The information is needed to provide End Users with their customised Carbon Reduction Plan and carbon footprint and also enables us to conduct research on the actions being taken by End Users. This both supports the provision of the Tool (by providing stakeholder information to the Tool providers) and also enables us to improve our Tool content in future. We do not conduct profiling or automated decision making on the basis of supplied data.

How is the information used?

Any organisation data End Users provide will be used and recorded by us in accordance with current data protection legislation and this Privacy Policy. We use information provided by End Users in the following ways:

  • To fulfil requests made by End Users themselves (e.g. to modify or delete information about End Users)
  • To record any contact we have with End Users
  • To prevent or detect fraud or abuses of our Tool and enable third parties to carry out technical, logistical or other functions on our behalf
  • To provide the Tool Providers with information relating to how their stakeholders are interacting with Tool content. This is to help them gain a better understanding of their stakeholder’s activity (in relation to Tool content). Occasionally, and only where the purpose is to prompt users to update information or to raise awareness of activity relevant to the purpose of the Software, email addresses may be used by Tool Providers to provide information to End Users e.g. notification of events and activities hosted by Tool Providers or prompts to update Action Plans in line with contract management arrangements
  • Universities and Public Sector Partners will be using the scope 1 and 2 carbon emissions and turnover data submitted by End Users to calculate their aggregated scope 3 carbon emissions for annual public reporting purposes
  • Project Partners and Tool Providers may download user responses from the Tool for analysis and research purposes.
  • Universities and Public Sector Partners will not provide access to the data to any third parties for any purposes

NETpositive Futures Ltd, project partners and Tool Providers will not use email addresses for any marketing purposes and will not use this information for the purposes of ‘spam’.

Aside from provision of data as described above, no information containing personally identifying information will be sold or otherwise disclosed to external parties by either NETpositive Futures, SEI, Go4Growth, Universities and our Public Sector Partners.

We may disclose aggregate statistics about our site visitors, in order to describe our services to prospective partners, and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifying information.

We may disclose personal information if we receive a complaint about any content you have posted or transmitted to the Tool if required to do so by law.

We reserve the right to use aggregate, anonymised, data from the Tool, which may be used by us in project reports, promotional/marketing material, and other forms of dissemination.

Retention Period for Data

Any data you provide will be retained by us for a period of 7 years following the date of your last log-in. This allows us to fulfil our role of providing longitudinal analysis of the activities of organisations in delivering sustainable development and social value. After this period, your data will be removed from our databases.

Links

Our sites contain links to other sites. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links from our websites and recommend that you check the policy of each site you visit.

In addition, if you linked to our Tool from a third-party website, we cannot be responsible for the privacy policies and practices of the owners or operators of that third-party site and recommend that you check the policy of that third-party site and contact its owner or operator if you have any concerns or questions.

Security

We place great importance on the security of all personally identifiable information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal data under our control. Our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to user information.

Use of cookies

In simple terms a cookie is a small piece of information sent from our website to your computer to help us to identify you quickly. Any information gathered by the use of cookies is compiled on an aggregate, anonymous basis.

Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. Most web browsers automatically accept cookies, but if you prefer, you should be able to change your browser to prevent that. You should read the information that came with your browser software to see how you can set up your browser to notify you when you receive a cookie, this should then give you the opportunity to decide whether to accept it. However, you may not be able to take full advantage of the Tool if you do so. Cookies are specific to the server that created them and cannot be accessed by other servers, which means they cannot be used to track your movements around the web.

Further information about cookies can be found at the Interactive Advertising Bureau's website www.allaboutcookies.org.

The following cookies are used to ensure the functioning of the Tool:

From Google analytics:

 

Domain

Cookie

Purpose

Term

net-positive.org

_ga

Used to monitor number of Google Analytics server requests when using Google Tag Manager

Session

net-positive.org

_gid

ID used to identify users for 24 hours after last activity

1 day

recaptcha.net

_grecaptcha

to provide spam/bot protection.

6 months

google.com

__Secure-BUCKET

Google security cookie used to confirm visitor authenticity, protect visitor data and prevent fraudulent use of credentials

180 days

google.com

AEC

used to detect spam, fraud, and abuse

6 months

google.com

NID

used to remember your preferences and other information

6 months

google.com

SOCS

store a user’s state regarding their cookies choices

13 months

From django:

csrftoken – (1 year expiry) Refreshed for each form. Used to combat Cross Site Request Forgery - i.e. submitting bogus form data.
sessionid – (2 weeks expiry) This maintains the user's login.

Where is the information stored?

The tool is hosted on AWS (Amazon Web Services) servers, which are located in its London data centre. Any personal information collected by the Tool (as identified above) is stored on these servers. Additional services are offered by AWS in conjunction with the hosting of data. You can read about their data processing compliance status with respect to the GDPR here: https://aws.amazon.com/compliance/gdpr-center/ and https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

We take back-ups of the data hosted on these servers, which is also forwarded to our research and software development partner, the Stockholm Environment Institute. All back-ups are securely stored on password protected and encrypted machines.

Changes

We may make changes to this Policy from time to time. If we change our Privacy Policy, we will post the changes on this page. If the change in our Privacy Policy affects the use of your personal information we contact you by email to seek your consent to the use.

Your rights

Any personal information submitted via our websites or by text is treated in accordance with the Data Protection Act 1998 and the GDPR. To find out more about your entitlements under this legislation, visit: https://www.gov.uk/data-protection and  https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

If you would like to review or revise information you have previously provided to us online, you may do so by emailing info@net-positive.org

You may request details of personal information which we hold about you under the Data Protection Act 1998 and GDPR. If you would like a copy of the information held on you or if you have any questions relating to this Privacy Policy or how we use the personal information we have about you, please write to:

NETpositive Futures Ltd

31 Ings Lane

Brompton-by-Sawdon

Scarborough

YO13 9DR

Last updated: 14 November 2024