- Under UK GDPR legislation, we have identified 'Legitimate Interests' as the reasonable basis by which we log connections to our websites, and have applied a 'Legitimate Interests Assessment' to come to this conclusion. Our purpose for collecting such data is to maintain the website and its computer security. We also use anonymised data for general statistical reporting, though this should be out of scope of the UK GDPR.
- Information that we record is as follows: IP address; the name of our website that is being visited; the web page requested; the time and date of the request; and any web-browser header, which typically includes Operating System name and its version, the browser client publisher name and its software version, language settings and acceptable computer-server-response types.
- Information collected that is deemed to be personal data under UK GDPR legislation is not sold or supplied to third parties, with the exception that IP numbers will be subject to reverse DNS look-up in order to detect illicit use of our website(s), along with geo-location when tracing suspicious requests (geo-location can be helpful to determine cyber-attacks because certain countries are both unlikely to be using our services and further have a reputation for cyber-criminality.) All information that we log may, however, be made available to authorities in the case of criminal, suspected, or suspicious activity.
- Logged information is encrypted to prevent access to the data in the event of a compromised computer system. Further, information is deleted after a period of 1 year.
- Personal data may be removed from our systems on request by emailing your request to firstname.lastname@example.org.