Privacy policy

The Open Knowledge Foundation is a not-for-profit organisation. It is incorporated in England & Wales as a company limited by guarantee, with company number 05133759. VAT Registration № GB 984404989. Registered office address: Open Knowledge Foundation, 86-90 Paul Street, London, EC2A 4NE, United Kingdom.

This policy describes our approach to your personal data. Contact details can be found on the contact page. This privacy policy will be reviewed, and may be revised, from time to time. You may wish to revisit it regularly. This policy becomes active on the 25th May 2018, in line with the new General Data Protection Regulation (GDPR) of 25th May 2018.

User tracking

We collect anonymised tracking data to gather statistical data to help us report on growth of our organisation’s followers to our funders. We are currently using Plausible for this, which doesn't collect any Personal Identifiable Information (PII). For more information you can check Plausible's privacy policy. In the past we have used Google Analytics to track visits to our sites. If you find a site still using Google Analytics please let us know at admin [at] okfn.org. In that case you will be prompted to either accept or reject cookies that might contain PII.

Cookies

Cookies are small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences and store information for things like pages visited on a website, search history and language preferences.

Some cookies are needed to allow our websites to function correctly, improve performance and provide security to our sites. Without the installation of these cookies, our sites may either not run at all, or give very poor performance. Therefore these cookies are installed automatically on your computer. We cannot turn these cookies off, as they provide basic site functionality and security. To do so will prevent access to our service. We use:

  • __cfuid - From Cloudflare
    Cloudflare speeds up and protects millions of websites, APIs, SaaS services, and other properties connected to the Internet. The Cloudflare __cfduid cookie is used for two purposes
    • To speed up page load times
    • To apply security settings on a per-client basis. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

How to manually change your cookie preferences

If you wish to change your cookie preferences after the initial GDPR consent request has been completed, you will need to do this manually in your browser settings by either enabling or disabling the cookies. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

Supporter information

If you have joined our network, we will use the information you have given us to try to connect you with the right parts of our network.

If you have signed up as a community member, thank you for doing so, we appreciate your support. As a community member you will be able to be more involved in our activities. We will use information you supply us to help you to be more involved. We may use your contact details to get in touch as part of that involvement.

Donations

If you make donations to our organisation via PayPal, please be aware that PayPal passes your name and email address to us. We need this information for our Finance system and in case we need to respond to a query. We may also write to you to thank you for your donation. We will not use it for anything else.

Public data and publishing

If you are uploading datasets for one of our surveys or to one of our database services, we request that you check the data and ensure full anonymisation, so that we remain GDPR compliant. We do not wish to restrict a user's ability to provide datasets for public use, so please upload data responsibly. If in any doubt, please contact us via the contact page.

Author identification

When posting a comment on one of our blogs, a name and email address may be required. You do not have to select your real name or use your regular email address. Your email address will not be published. If you decide to comment, link, or pingback to a post, you must keep this in mind. If you are concerned, you may wish to get a free email account or attempt to use a remail service.

Page edits, comments, trackbacks, and pingbacks and other activity on our websites may be identified by your IP address.

If you are concerned about attempts to match your IP address to your identity, you may wish to use an anonymous browsing service or attempt some means to obfuscate your real IP address. If so, you might like to try Tor, an anonymous browsing service. Please see Tor for more details: https://www.torproject.org.

Email

If you have given us your email address through general correspondence, or have signed up to receive our newsletter, you agree to allow us to send email to that address in order to deliver our services to you. In practice this will usually involve emails about project updates or important changes to services to which you subscribe.

In addition to necessary emails, we will also occasionally use the email to contact you for our own purposes. For example we might want to tell you about new services we are offering or we might be seeking volunteers for one of our many activities. We will only do so sparingly. We understand how annoying it can be to receive large quantities of unsolicited mail. We will do our best to ensure that anything we do send to you will be relevant and unobtrusive.

Server Logging

Any time you visit a page on the internet, you send quite a bit of information to the server. The web servers that host this site maintain access logs with the information that you send. This information is used to provide site statistics and to get an idea of popular pages and what sites link here. We do not intend to use these logs to identify legitimate users. The data logged may be used by us to solve technical problems with the site and, in cases of abuse of this site, to investigate the abuse.

Data release policy

Our policy is only to release the data we collect in the following circumstances:

  • As required by law, such as in response to a valid request from law enforcement.
  • To designated third parties to resolve or investigate abuse complaints.
  • When the information is related to spiders or bots, usually when investigating technical issues.
  • For abusive users, we may release information to assist in attempting to block the abusive user or to complain to that user’s Internet Service Provider.
  • If necessary to defend legal claims against us by third parties.
  • When we deem it necessary to protect the property or rights of the user community, or this website.
  • When you have given consent for data to be used, such as completing a survey. As an organisation that promotes the use of freely accessible data, we cannot be held responsible for the usage of any data supplied.

No selling of information

We will not sell information collected via this site, such as your email address, to third parties.

Information security

We aim to make our sites secure, and that any data you do provide, such as login information, is kept securely. Unfortunately we cannot guarantee this, though will notify you (if we have the information to do so) should there be any breach of security, as per GDPR guidelines.

Data subject request

You have the right to request information from us about data we may hold on you. There rights are enshrined in the GDPR regulation. In order for us to ensure we are providing this information to the correct individual, we will need to verify that we are releasing this information to the correct natural person, and not someone trying to steal your identity. Therefore we ask that you help us to resolve your identity as quickly as possible. Failure to provide sufficient verification details (i.e. you might need to tell us your IP number in order for us to find a match and confirm your identity) may delay our ability to provide this information within the 30 days required of the GDPR Regulation. If you would like to submit a Data Subject request please email admin [at] okfn.org

Right to be forgotten and Data Deletion Requests

Also enshrined in GDPR law is your right to be forgotten. There is another conundrum here, as we need to keep a record of anyone who has asked to be forgotten, so that we can provide proof to the ICO that we are compliant. This is the hardest part of GDPR, as it’s almost impossible to remove one person’s details from a backup we may have of data, for instance. However, we will be keeping ourselves up-to-date with industry fixes and changes, and will do our very best to ensure you can be forgotten. Of course, your right to be forgotten will need to reviewed against the organisations need to keep information on you to satisfy other regulatory bodies.

If you wish to act on this section of the law to request the deletion of your data, please send an email to admin [at] okfn.org with the Subject matter “GDPR - Right to be forgotten”.