Privacy Policy

Introduction

The All Party Parliamentary Group on Digital Regulation & Responsibility (APPG) (“we”, “us”, “our”) respects your right to privacy.

This Privacy Policy (“Policy”) outlines the personal data processing we undertake in connection with our website, including the mobile-dedicated website (the “Website”). It will also apply, and be updated accordingly, to all future online offerings operated by or on behalf of the APPG.

This Policy is subject to regular review. Subsequent updates and amendments, including any that may be required by law, will be documented below and communicated to data subjects where necessary.

Data controller

The data controller for data collected and processed in accordance with this Policy is Reset. Reset is a project of Luminate Projects Limited, a private limited company registered with Companies House in the United Kingdom (#12433857) and a part of the Luminate Group of companies, including Luminate US Services LLC, Luminate Holdings LLC, and Luminate UK Services Limited (Companies House number 11125848) (“Luminate Group”).

Reset acts as secretariat for the APPG, providing technical infrastructure and managing data processing for the APPG including through the website and mailing list.

Reset also manages APPG’s compliance with applicable data protection laws and regulation. Reset will respond to any inquiries or requests from data subjects and data protection supervisory authorities made to APPG.

Any questions regarding this Policy or any other data protection issue related to the APPG should be submitted to our Data Protection focal point via email to [email protected] or by post to:

APPG on Digital Regulation & Responsibility
36-38 Hatton Garden, Holborn
London EC1N 8EB
United Kingdom

Guiding principles

The APPG brings together parliamentarians from all parties and both Houses as well as leading voices from industry and civil society to explore how the UK can deliver a robust, effective and world-leading digital regulatory regime.

The APPG explores what robust and effective digital regulation looks like, and how the UK can continue to develop and enact a public policy agenda that regulates the digital marketplace to align its interests with those of democratic and social integrity.

APPG will run a series of activities covering a wide range of topics related to digital regulation and responsibilities, including online harms, child online protection, digital rights, ethical design and much more.

We apply our secretariat’s guiding principles to our work - instituting appropriate technical and organisational measures and striving to provide a high level of protection against unauthorised access to, and potential misuse of, the personal data we process.

What we process and why

In accordance with our guiding principles, we have followed a privacy-by-design and data minimisation approach in the design and build of our website.

The personal data that we collect from persons (or data subjects) who visit our website is accordingly limited to the Internet protocol (IP) address of the computer accessing the site; the browser software and operating system that the computer uses; and the Internet address (URL) of the outside website from which visitor came.

This information is processed for technical purposes on the basis of our legitimate interests. Specifically, we process personal data for the purposes of (i) providing basic statistical information about the use of our website; and (ii) assisting in diagnosing technical problems and defending attacks against it. We collect this information using cookies and the Tracking & cookies section below provides more information about how we deploy cookies and the legal basis for this.

If you choose to sign up to our mailing list, we collect the information you provide – your name, email address and (optionally) your organisation name – in order to send you email updates about our work. The legal basis for this processing is your consent, which you may withdraw at any time by unsubscribing to our emails.

Data retention

In general, we retain personal data only for as long as is necessary to carry out the purpose it was collected for.

Personal data processed for technical purposes is deleted or anonymised after 48 hours. Anonymisation is achieved through the aggregation of statistical data that prevents the re-identification of individual users.

On occasion, we may need to retain personal data for longer than 48 hours. This includes for the purposes of conducting tests, diagnosing technical problems and defending against attacks on our website. In these situations, we will delete personal data as soon as it is no longer needed for the purpose for which it was kept.

Personal data you provide when signing up to our mailing list is retained as long as you remain subscribed to that mailing list.

Sensitive data

We do not collect any sensitive data (or “special category data” as defined in EU law) through our website.

All internet usage generates additional “metadata” that is collected and retained by internet service providers. This data can be accessed by law enforcement and intelligence agencies, who may extrapolate upon it to build up detailed “pictures” of specific individuals and communities. Individuals concerned about this kind of surveillance are encouraged to take measures to protect their privacy, for example by using the Tor browser or a VPN.

Tracking & cookies

Our website uses “cookies” and other technical measures to monitor and protect the website against malicious traffic and to collect limited analytical data in order to understand how users engage the information we provide.

In accordance with our guiding principles, our website deploys non-essential cookies on the basis of consent, honours browser “Do Not Track” requests and has limited the cookies it deploys to the following:

  • Strictly necessary Cloudflare cookies to protect the Website against DDoS attacks
  • Matomo performance cookies to provide us with analytical information about the use of the website, which is only deployed with visitors’ consent (see further below)

Opting in and out of cookies

If you accepted the Matomo cookies through the consent management window displayed when you first visit our site, these will have been deployed with your consent. If you declined the cookies, they will not have been deployed.

The Cloudflare cookies perform essential Website security functions and as such it is not possible to opt-out of these.

On our website, browser settings can also be used to manage cookie preferences. Each browser is different, so check the Help or Settings menu of your particular browser to learn how to change your cookie preferences.

Information security

We take all reasonable steps to ensure that personal data is processed securely and treated in accordance with this Policy. The technical and organisational measures to prevent unauthorised access to personal data include limiting staff and sub-processor access to personal data in accordance with specific job responsibilities or contractual obligations, the encryption of data where possible, the institution of security protocols and staff training.

Although we do our best to protect personal data, information transmitted over the internet remains vulnerable to interception – for this reason, the transmission of any personal data to our websites or via email to us is therefore at the data subjects’ own risk.

Data sharing and sub-processors

Subprocessors

We work with carefully selected third-party service providers who perform certain data processing tasks in order to maintain this Website. These third parties – Mailchimp, Matomo, Heroku and Cloudflare - are engaged by Reset on terms which ensure confidentiality and compliance with data protection laws.

International transfers of data

Where we transfer your data outside of the European Union or the European Economic Area, for example where we engage a subprocessor based outside the European Union, we will ensure that your data is appropriately protected by requiring the recipient to respect and uphold your rights as a data subject under all applicable laws and by making the transfer subject to an international transfer safeguard, for example, the Standard Contractual Clauses issued by the European Commission.

External websites

The Website includes links to external websites, which may process your data or use cookies - for example links to news sources, other organisations’ websites, external resources and social media platforms. You can find out more about these services and their use of cookies through their respective websites and privacy policies. Please remember we cannot control the way those external websites collect and retain your personal data, so you use those external services at your own risk.

Your rights

Individuals whose personal data is processed by the APPG have the following rights:

  • The right to be informed as to whether the APPG holds data about them;
  • The right of access to that information;
  • The right to have inaccurate data corrected;
  • The right to have their data deleted;
  • The right to opt-out of particular data processing operations;
  • The right to receive their data in a form that makes it “portable”;
  • The right to object to data processing;
  • The right to receive an explanation about any automated decision making and/or profiling, and to challenge those decisions where appropriate.

To make a subject access request or complaint related to the processing of your personal data contact [email protected] or write to:

APPG on Digital Regulation & Responsibility
36-38 Hatton Garden, Holborn
London EC1N 8EB
United Kingdom

You also have the right to bring concerns to your national data protection regulator if you feel that your personal data has been unlawfully processed. For example, data subjects covered by EU law may also be entitled to lodge complaints in regard to data processing or the handling of subject access requests with data protection supervisory authority in their country of residence. Relevant supervisory authority names and contact details are listed here. The Data Protection Authority in the United Kingdom is the Information Commissioner’s Office (ICO). If you need any further information about your rights or want to lodge a concern or complaint, you may contact the ICO here.

Changes & revisions

In the event of any updates to this Policy, the date and nature of the change will be listed below. Should a change to the Policy result in a material impact on the handling of any personal data provided by consent, the APPG will contact the data subjects to inform them of the changes and seek their consent as appropriate.

Policy published 11th December 2020