Enformant Privacy Policy: For website visitors
Summary
- This privacy notice sets out what information we process when you visit this website
- There’s not much here, as we collect very little data
What data we hold
We generate log files from our web servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
If you do not want us to see your actual IP address, feel free to visit us via Tor or other VPN
Using your information
References to the basis of processing (e.g. “(Basis: Art. 6(f).)") are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.
Serve you web pages
Well, you want to access the site, don’t you?
(Basis: Art. 6(b): this is necessary to deliver the service to you.)
Securing our services
We use the information we hold about you to defend our networks and services from attacks.
(Basis: Art. 6(c): we have to do this to comply with legal and regulatory obligations.)
Responding to binding requests from courts, law enforcement and other agencies, or regulators
If we are served with a binding order (for example, a court order, a notice under the investigatory powers framework, or a notice from the Information Commissioner’s Office) which includes you, we will be required to process your personal data to be able to comply with it.
(Basis: Art. 6(c): we have to do this to comply with legal and regulatory obligations.)
Technical data
We may use the logs from our servers to assist with network security, as well as to determine visitor behaviour and help us plan our business strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).
(Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate, indeed sensible, thing for a business to do.)
Securing our premises
Our servers are operated offsite by approved service providers in secure hosting facilities in the UK (where possible).
Mailing lists
We run some mailing lists, to which you can subscribe if you wish.
(Basis: Art. 6(a): you consent to being on the mailing list for as long as you choose to remain a subscriber.)
Your data and the EEA
We do not transfer or process data outside the European Economic Area unless the processing requires it (for example, where you are corresponding with us from outside the EEA and we reply to you).
Your rights
Since all we will hold on you is, at most, an IP address and some browser information (and you can use Tor if you do not want to reveal your actual IP address), few of the rights in the GDPR will apply to you as a website visitor:
- the right to information about our processing of your data, as set out in this notice
- the right of access to personal data we hold about you, and the right to data portability. There is nothing to port, and we only see what you have set your browser to send
- the right to erasure of your data, the right to restrict processing, and the right to object to processing, in some situations. Please check Articles 17 and 18 of the GDPR to make sure the rights apply to what you are wanting to do before contacting us.
- the right to complain to a supervisory authority, although we will obviously try to put right anything we have got wrong long before you need to do that
Third parties
As a general principle, we will not transfer your personal data to third parties without your permission.
There are two exceptions to this:
- It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate. Similarly, if we end up in litigation or ADR with you, we will need to disclose information to the court or the ADR provider.
- We have a small number of companies providing services to us, such as accountants and lawyers. We do not share personal information with them unless we need to do so to use the service in question.