Privacy Policy

Who we are

Our website address is: https://get-the-point.co.uk. Our commercial and pro bono services are promoted through the trading name of projectspoint.co.uk.

We operate a small range of thematic networks of websites for a small number of friends and family (sketchery.uk and archaeo.org.uk) and for local communities and small businesses (ourlocality.org). The former have policies set by projectspoint.co.uk and the latter has it’s own unique policies, as it belongs to Sustaining Dunbar.

WHAT PERSONAL DATA WE COLLECT AND WHY WE COLLECT IT

IF COMMENTS ARE ENABLED

When visitors leave comments on our sites, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string, to help spam detection.

If you use Gravatars and have it activated, an anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it.

The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

IF USER GENERATED MEDIA ARE ALLOWED

If you upload images to the website, you may wish to avoid uploading images with embedded location data (EXIF GPS) included.

Visitors to the website can download and extract any location data from images on the website, so we discourage that.

IF CONTACT FORMS ARE USED

If you use a contact form on one of our websites, the data will be stored transiently on the site owner’s website, until such time as they delete the feedback form information. It is their responsibility to set a short retention period. We would encourage deletion of general enquiries after a period of a month, mainly as a backup record, lest the email fails to arrive in the site owners mailbox, after which it is stored in the owners email database.

Contact forms are filtered for spam detection purposes.

Typically a contact form will contain personal information such as an email address, name and surname, and the contents of the request form and an IP address, though for many users this will be generic and there potentially identifiable.

COOKIES

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

If you use a third party service, like jetpack or Google analytics, these will leave cookies. Website owners can install a cookie tracking extension to audit the cookies created on their website.

EMBEDDED CONTENT FROM OTHER WEBSITES, INCLUDING SOCIAL MEDIA

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites, including social media, may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that particular website (e.g. facebook).

If our users have a newsletter sign up form embedded, the privacy notice should reflect that.

We do not operate a newsletter / contacts database or share our contacts knowingly with any party.

ANALYTICS

WHO WE SHARE YOUR DATA WITH

We use Google Analytics and WordPress.com to gather statistics on a number of our properties. These services collect data which are depersonalised / anonymised.

Projects Point has set the retention policy to 38 months.

Our website owners can opt out of these services selectively, so if you are a re JetPack user you can turn statistics off.

Plugins are offered at our discretion, from third parties. These should all offer opt outs, though mostly plugin developers are interested in gathering basic performance statistics to help understand product usage, not visitor usage.

HOW LONG WE RETAIN YOUR DATA

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our websites (if any), we also store the personal information they provide in their user personal profile.

All users can see, edit, or delete their own personal information at any time (but they cannot change their username).

Website administrators can also see and edit that information, as can the superadmin (but they cannot change their username).

WHAT RIGHTS YOU HAVE OVER YOUR DATA

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.

You can also request that we erase any personal data we hold about you.

This does not include any data we are obliged to keep for administrative (e.g. bookings), legal, or security purposes.

WHERE WE SEND YOUR DATA

Visitor comments MAY be checked through an automated spam detection service, Akismet, which is operated by the good folks at WordPress, but only if activated.

OUR CONTACT INFORMATION

If you have a question that cannot be addressed by the individual site owner, please contact philip@projectspoint.co.uk

ADDITIONAL INFORMATION

HOW WE PROTECT YOUR DATA

We encourage our website owners use unique passwords, and encourage them to employ 2 factor authentication with associated services e.g. wordpress.com, google etc.

Our websites are secured by SSL security certificates issued by LetsEncrypt.

Our servers are run on a cloud platform in the United Kingdom, by a very professional and dedicated tech company called Bytemark with data centres in Manchester and York.

The operating system processes keep an eye on most things, including connections and will blacklist suspicious traffic.

We monitor system performance (such as memory usage, incoming and outgoing connections and CPU, which can alert us within minutes of abnormalities. We avail ourselves of the free services of Pingdom and TrueSight.

We use a number of tools to keep our sites protected from hackers, that automatically throttle or ban bad IP addresses, bots testing our security and fraudulent attempts to login.

We also restrict outgoing connections to trusted sites, using a firewall, which can be helpful in the event of one our sites being compromised.

We keep all our plugins up to date, and at intervals run software audits to identify known problems.

We employ trusted software that is actively developed and supported in the Open Source community as well as licenced products.

We operate a triple backup regime, whereby a snapshot of the server is taken daily. This retained for 4 days. We also take daily and weekly snapshots of the files and databases, with data retained over a period 10 weeks. Finally we run an incremental backup daily, which is auto pruned over a period of around 3-4 months.

WHAT DATA BREACH PROCEDURES WE HAVE IN PLACE

We assess the risk of the incident and put in place a plan to first protect user data, which in extremis may mean suspending the public facing website.

Having established the risk (likelihood of harm X magnitude of impact), we will endeavour to fix the immediate problem, via an update, patch, removal of offending code, suspending the compromised function while assessing the impact on user’s personal data.

If a personal data breach should occur, we would inform website owners first and discuss plans to inform their users of the breach. We might need to share salient details of the breach with the software community, but not the personal data itself. We would assess the need to share details of the breach with the relevant authorities(but they cannot change their username)

WHAT THIRD PARTIES WE RECEIVE DATA FROM

See Analytics section above.

WHAT AUTOMATED DECISION MAKING AND/OR PROFILING WE DO WITH USER DATA

Spam detection, using Akismet.

INDUSTRY REGULATORY DISCLOSURE REQUIREMENTS

Get the Point Ltd is registered with the ICO.