PRIVACY / DATA POLICY

Who we are

This site is operated by Autonomous Media Ltd on behalf of The Autonomous Party, a political party registered in Great Britain.

The relevant website is located at: https://autonomousparty.org/media

What personal data we collect and why we collect it

Personal data is also generated from technical processes such as contact forms, comments, cookies, analytics, and third party embeds.

Web server log information

We and our third party hosting provider collect(s) and store(s) server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks and other cyber attacks, by detecting unusual or suspicious activity.

Unless we are investigating suspicious or potential criminal activity, we do not make, nor do we allow our hosting provider to make, any attempt to identify you from the information collected via server logs.

Comments

When comments are permitted on the website we collect the data provided by users in the comments form, and also the visitor’s IP address and browser user agent string, to facilitate spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment, if you have uploaded one.

Media

If you upload images or videos to to our website, we recommend that you avoid uploading images with embedded location data (EXIF GPS) included, or remove such data before uploading.

Contact forms

Personal data is captured when site users submit a contact form or application form to provide content or apply for membership etc. The data will be used in accordance with the scope of the contact form and is not shared with third parties, except for  as noted below under Third Parties. The data collected is kept indefinitely, however it will be removed from the database, following a specific request.

Cookies

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in to make comments only, we will set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish a comment or post, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the item you just edited. It expires after 1 day.

You can also control what cookies you accept through your internet browser. For details on how to do this, and to learn more about how you can control what cookies you allow, please visit aboutcookies.org.

Please be aware, that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our website.

Cookies are a technology we use to provide you with a tailored experience on our website, as well as on other online platforms that we operate on.

A cookie is a piece of code that is sent to your internet browser and is stored on your system.

From time to time, we may test and experiment with new technologies to improve your online experience.  You can control what cookies are used, by editing the settings in your web browser.

Please see below a list of the main cookies this website currently uses.  Any cookies that are currently being tested will not be documented in this list, until we decide to permanently implement them.  All cookies will be visible to you through your web browser’s settings, or using third party tools depending on your web browser.

‍Facebook cookies

We use Facebook ‘Like’ buttons to share site feedback. For further information, see Facebook’s cookie policy page.

Twitter cookies

We use Twitter ‘Tweet’ buttons to share site feedback. For further information, see Twitter’s privacy statement.

YouTube cookies

We embed videos from our official YouTube channel together with additional videos at YouTube. YouTube uses cookies to help maintain the integrity of video statistics, prevent fraud and to improve their site experience. If you view a video, YouTube may set cookies on your computer, once you click on the video player.

‍Cookies pop-up

When you close the cookies pop-up box by clicking “Accept Cookies”, permanent cookies will be set on your machine. This will remember your preference so that the pop-up doesn’t display across any pages whenever you visit our website.

‍Opting out/removing cookies

To opt out of Google Analytics cookies, please visit Google’s website.

You can also control what cookies you accept through your internet browser. For details on how to do this, please visit aboutcookies.org. Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our website.

Embedded content from other websites

Some articles on our site may include embedded content (eg videos, images, articles, etc). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Our web hosting provider collects some anonymous analytics data. Our site will also maintains a connection with Google Analytics – which collects data such as your IP- address, screen resolution, operating system and geographical location. Please refer to: https://analytics.withgoogle.com

The Privacy Policy for Google Anyaltics can be viewed at: https://policies.google.com/privacy?hl=en-GB

Third Parties

Who we share your data with:

Your data is shared by Autonomous Media Ltd with The Autonomous Party UK.

We also share your data with payment processors such as Paypal for donations and member subscriptions, Dropbox, for data storage and Mailchimp, for our mailing list. Please see these companies privacy policies at:

Paypal: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

Dropbox: https://www.dropbox.com/en_GB/privacy

Mailchimp: https://mailchimp.com/legal/privacy/

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

We keep and comments that you submit to us indefinitely

For users that register on our website to comment, provide media or apply for party membership, we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you create an account on this site, have left comments, submit media or apply for party membership or are a party member you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you (however this may entail your party membership being revoked). This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data and how we protect it

Your data is held on our hosting platform at A2hosting.co.uk/.com and their security systems comply with the EU and US Privacy Shield Framework – for details see: https://www.a2hosting.co.uk/about/website-privacy

We also collect information about visitors who comment on our site, via Akismet anti-spam service. The data collected includes the commenter’s IP address, user agent, referrer, and site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself). Akismet’s data privacy and protection policy can be viewed at: https://akismet.com/privacy/ 

Data Breaches

Executive and non-executive members of The Autonomous Party plus directors, employees and sub-contractors of Autonomous Media Ltd  and members of the general public may report a data breach to the Data Controller.

The Data Controller must ensure that the breach reporting mechanism is widely publicised amongst staff, members of the party and the general public.

Autonomous Media Ltd consider a data breach to be a breach of security which has led to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. A data breach can be categorised in following forms:

• “Confidentiality breach” – where there is an unauthorised or accidental disclosure of, or access to, personal data.
• “Integrity breach” – where there is an unauthorised or accidental alteration of personal data.
• “Availability breach” – where there is an accidental or unauthorised loss of access to, or destruction of, personal data.

The Data Controller, must assess if the potential breach is likely to result in a risk to the rights and freedoms of data subjects. If such a result is likely, the Data Controller must report the potential breach to the UK Information Commissioners Office within 72 hours of the Data Controller being made aware of the breach.

Where a breach is deemed reportable, Autonomous Media Ltd will provide the Information Commissioner’s Office with all the necessary details of the breach. However, a lack of detail should not delay the reporting of such breaches. Where a breach has been reported to the Information Commissioner’s Office, the Data Controller will take immediate to minimise the breach’s impact or damage on the rights of the data subjects concerned. These actions will be recorded. Where there has been a serious breach (in that there is a high risk to a Data Subject) the Data Controller will contact the Data Subjects concerned informing them of, as a minimum:

• a description of the nature of the breach;
• the name and contact details of the data protection officer or other contact point;
• a description of the likely consequences of the breach; and
• a description of the measures taken or proposed to be taken by the Data Controller to address the breach, including, where appropriate, measures to mitigate its possible adverse effects.

The Data Controller, will assist the Information Commissioner’s Office in the exercise of its statutory powers concerning reportable data breaches and will consider any advice given by them around the management of the data breach.

Where the breach is not reportable, it should be classified as a ‘near miss breach’.

A log of all potential breaches, reportable as well as near misses, must be maintained by the Data Controller as well as a record of all actions and decisions made by the Data Controller.

Autonomous Media Ltd will have a procedure in place to record, report and robustly investigate data breaches in accordance with this policy and any best practice as issued by the Information Commissioner’s Office.

The Data Controller will investigate all breaches and provide a report. This report will detail any data protection risks identified and make recommendations on any remedial work around the mitigation of these risks through internal controls.

If during the course of their investigations, the Data Controller uncovers further information that changes the nature of a near miss breach so that the breach becomes reportable, they must inform the Information Commissioners Office of the breach without delay.

Where a data breach is the result of a cyberattack, the Autonomous Media Ltd’s Cyber Security Incident Plan will be implemented as the first act of risk mitigation and the Data Controller informed accordingly.