As our service provider is based in the US and we serve individuals within the European Union, we will, from 25 May 2018, be bound by the General Data Protection Regulations (GDPR, Regulation (EU) 2016/679). The GDPR will apply to this website as a Data Controller.
Our lawful basis for processing data is consent. All users are required to agree to terms and conditions prior to registering for the forum, and we provide an EU cookie notice at the first contact. Our terms and conditions will be updated in due course to fully comply with GDPR requirements.
Following the GDPR, each individual has the right to: be informed, access, rectification, erasure, restricted processing, data portability and object. This article will outline how we intend to allow members to exercise their rights under this Regulation.
Quote from: Your rights
The right to be informed
- The right to be informed encompasses our obligation to provide ‘fair processing information’, typically through a privacy notice. It emphasises the need for transparency over how we use personal data.
- Any formal requests should be made to firstname.lastname@example.org. All emails must come from the email associated with your account.
The right of access
- The right of access means you have the right to: confirmation that their data is being processed and access to your personal data.
- Your data is being processed. All data we have is accessible via your profile. If you want us to provide you with additional information (such as your IP address), then please use the contact email above.
The right to rectification
- This gives you the right to have your personal data rectified. Personal data can be rectified if it is inaccurate or incomplete.
The right to erase
- The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable you to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
- On the forum, this can be dealt with by requesting to delete your account. A deletion will have to be approved by an administrator (to protect against accounts being deleted maliciously). Posts can be individually deleted, and can be deleted en masse. A full deletion requires a request being sent to the email above.
The right to restrict processing
- You have a right to ‘block’ or suppress processing of personal data. When processing is restricted, we are permitted to store the personal data, but not further process it.
- Our data processing is as restricted as possible. Processing generally requires you to act on our website, therefore not using the website will cease such processing.
The right to data portability
- This allows you to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
- Ultimately all posts you make, unless made in a restricted forum where you have lost access, and other information you provide are all accessible. If you wish for us to send you the data we hold, a request should be made to the email above.
The right to object
- You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling), and processing for purposes of scientific/historical research and statistics.
- We do not generally process data for these purposes.
More information on your rights can be found here. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
- In accordance with GDPR, if we become aware of a data breach, we are obliged, within 72 hours, to notify any users involved. As we do not believe such a breach would result in a risk to the rights and freedoms of individuals, breaches will not be reported to the supervisory authority.
- The GDPR contains new provisions intended to enhance the protection of children’s personal data. After consultations we will consider our approach to these provisions.
- At present there is no community rule to deal with Data Protection, we will consider our approach and determine whether such legislation needs to be made.
- As our data processing does not possess a high risk to the rights and freedoms of individuals, we are not required to undertake a Data Protection Impact Assessment (DPIA), nor are we required to appoint a Data Protection Officer (DPO). We will consider on an ongoing basis all other requirements.
Edited by Orioni (show revisions)