This notice applies if you:
- Make use of our website
- Contact us via email, telephone, messaging or social media
- Do business with us
- Wish to ask us about the personal data we may hold about you
It explains how we manage your privacy.
Definition of Privacy
Although there is no generally accepted definition of privacy, Secure Active considers three main aspects of your privacy in its operations.
- Privacy as control of personal information
The rights of each individual to have meaningful control of their personal information, in terms of its collection, use, retention, disclosure and disposal. This includes both communications and data about people.
- Privacy as control of access to the person
The right of each individual to control access to their person: physically, mentally and socially. This with the understanding that this also implies restrictions on access to places and things, as well as to communications and information.
- Privacy as human dignity
The right of individuals to maintain their human dignity and that of others, and preserve their identity and autonomy. This with the understanding that in society where ableism, classism, homophobia, racism, sexism and other forms of discrimination are prevalent, that demands to surrender human dignity, identity and autonomy fall more heavily on discriminated-against groups and individuals.
Your Expectation of Privacy
You have the right to expect the highest levels of privacy when you work with us.
We consider your personal data belongs to you, and we will not do anything with it unless you know what is being done and you explicitly give your say so.
As an organisation working in the information security field, we will support your efforts to control access to yourself, and to the places and things associated with you.
As an organisation working for positive change, we will work to protect your human dignity, autonomy and the right to maintain a personal identity.
Our policies, procedures and use of technology reflect the above values.
Note that you should not have an expectation of privacy when:
- you attempt to subvert the security mechanisms on this website or other Secure Active system
- you attempt to obtain access to data, resources, or money controlled by Secure Active through fraud or deception
How We Use Your Information
When you make use of our website
We track usage of our website only to maintain service availability and integrity and to improve usability. We do not collect personal data in this way.
We use a third party service, 1&1 UK, to publish our website, our blog and some microsites. They may collect information as part of their activities. For more information about how 1 and 1 process data, please see their privacy notice: https://www.1and1.co.uk/terms-gtc/fileadmin/Terms/PDF_UK/2017_UK_Privacy_policy.pdf
When you contact us via email, telephone or social media
Where you have contacted us via email, messages sent to us end to end encrypted will be stored in encrypted form at all times when they are not being actively read. Where emails have been sent in clear text, we cannot ensure they have not been intercepted in transit.
Where we have spoken with you via agreed mutually agreed encrypted telephone services, any written notes of the call will be maintained by us only on secured storage, and such written notes will be kept to the minimum necessary. We do not record telephone or VoIP calls. Where calls have been made in clear, using ordinary landline or mobile telephone lines, note that records and metadata about these calls and their content may be held by the carriers concerned.
Where we have exchanged messages via agreed encrypted messaging services, any record of these will be maintained by us only on encrypted storage, and such records will be kept to the minimum necessary. Where messages have been sent in clear text via mobile telephones, e.g. SMS note that records of these and their content may be held by the carriers concerned.
Where you have contacted us via social media, the content may be accessible to the social media provider concerned and the network providers they use. They may make this data available to other users of the service and their business partners. We will not do so.
We do not use use third party services to manage our social media: this means your information may be held in the app provided by the social media provider concerned, as this is needed to access the service.
When You Do Business with us
We have to hold the details of the people who have requested a service from us in order to provide it. However, we only use these details to provide the service the person or company has requested and for other closely related purposes, for example a follow up satisfaction survey.
Where we discuss personal details internally relevant to your business via email, telephone or if we store this information, this will always be encrypted using recognised, strong encryption methods.
As part of any service contract, we will agree with you how your data will be managed. Where this may be sensitive, we may carry out a risk assessment in partnership with you in advance of working with the data concerned. This may involve establishing secure methods of communication between you and us. For more details of what this might involve, please contact us.
Contacting us regarding your personal data
If you have any queries regarding how we manage your personal data, please write to us via email at info [at] secactive [dot] io or by post to:
Director of Information
Secure Active C.I.C.
62 Beechwood Rd
We are as open we can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:
give you a description of it;
tell you why we are holding it;
tell you who it could be disclosed to; and
let you have a copy of the information in an intelligible form, which would ordinarily be electronic.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by, once again, writing to us: we are very keen to make sure all data is accurate.
You may at any time ask us to delete the data we hold about you.
We may charge you up to £10 per request, but would not normally seek to do so.
If you are not happy with the way we have handled your personal data, or if you have any queries on this issue, we would refer you (in the UK) to the Information Commissioner’s Office https://ico.org.uk/ or to your national regulatory body outside the UK.
Data sharing with other organisations
Any warrant or attempts by government agencies or private sector organisations to gain access to any information that you give us will be vigorously challenged.
We do not share even anonymised raw data for research purposes.
We do not sell, rent or lease your personal data. We will not transfer your data to other organisations for marketing purposes.
These definitions explain some of the more technical terms used in this document.
Anonymisation: changing data so that it can not be determined which individual person relates to which piece of data.
Communication: information exchanged between persons or systems, whether by physical means or electronically.
Data: individual facts, figures, variables, or codes, which when structured are used to create information.
Encryption: this is the process of converting data or information into coded form. When data is encrypted, only those who are allowed to, can read it.
Information: data which has been structured, organised, analysed, presented or aggregated to make it meaningful or useful
Metadata: data about data (e.g. the date and time of a telephone call).
Personal data: data pertaining to a living natural person. Note that in the UK, “data” and “personal data” have specific legal meanings under the Data Protection Act.
Secure Active C.I.C.
Information security services for the non-profit sector by the sector.
Secure Active C.I.C. is a Community Interest Company limited by guarantee registered in England and Wales (no. 10746897) at 62 Beechwood Road, London. E8 3DY