We have prepared this document to: further explain your relationship with us, your supplier; let you know what information about you is stored, how it is stored, for how long it is stored; and explain our policy for ensuring that your data protection needs are treated with the utmost seriousness. GreenNet recognises that the relationship between GreenNet and our users is a confidential one. GreenNet is a 'Registered Data Controller'. Our entry can be checked on the Data Protection Register under Registration Number: K0657188 or Z6068077 at http://www.ico.gov.uk/ESDWebPages/search.asp This document is updated as and when is necessary, and at least in accordance with Oftel/Ofcom requirements. Any questions about this document or GreenNet services, please email: email@example.com
Our code or procedure concerning user complaints is available separately, here.
Data Retention of and access to 'Communications Data'
Why information is stored?
What information is stored?
What do we do with this information?
How long we keep this information?
Is your information confidential?
Who can access your information?
How can inaccurate information be corrected?
GreenNet supports a progressive community working for Peace, the Environment, Gender Equality and Social Justice, through the use of Information Communication Technologies (ICTs). GreenNet services are specifically tailored to meet the needs of civil society organisations and include: email, webhosting, dynamic website development and consultancy, training. GreenNet is a member of ISPA (Internet Service Providers Association) and is registered with CISAS (Communications and Internet Services Adjudication Scheme). GreenNet is an ethical not-for-profit collective and as such has a non-hierarchial structure with any profits going to its parent charity, GET (GreenNet Educational Trust). GreenNet is an equal opportunities employer and our approach to all areas of our work embraces the principle of equality and equity for all. GreenNet has an environmental policy which covers all aspects of GreenNet's operations (available on request).
Parliament enacted an Order which came into force on December 5th 2003, approving a voluntary code of practice in relation to ISP retention of and access to 'Communications Data' - confidential user information. As a not-for-profit ISP dedicated to supporting and promoting groups and individuals working for peace, human rights, gender equality, social justice and the environment through the use of ICTs, we aim to realise the rights of all individuals in the UK to enjoy full access to information and communication services. GreenNet has participated in good faith in various consultations throughout this process, outlining its concerns with respect proposals for retention of data, whether voluntary or mandatory. We remain deeply concerned that the voluntary code is not compliant with data protection principles and Human Rights standards.
To this end, GreenNet will not participate in the voluntary retention scheme and is principally bound to retain its current data retention policy, outlined below, in the interest of defending the rights of our user community.
Our responses to the consultation and further justification of our position can be found here (voluntary retention of data) and here (access to communications data).
In making this submission, GreenNet Limited alludes not only to those who are privileged to make use of communication services at present, but also takes into consideration the potential of a free and open communication network to benefit the realisation of social, political, economic and human rights for all in the UK. General information about these issues can be found here.
GreenNet holds user data for Billing and Support purposes. This allows us to fulfill various administrative functions such as issuing invoices, recording payments and answering user support queries. We may also use information when:
These purposes are consistent with the 8 UK Data Protection Principles which state that:
1. Processing of personal data must be done fairly and lawfully.
2. Personal data should be obtained only for specified purposes and must be processed in a manner compatible with those purposes.
3. Personal data must be adequate, relevant, and not excessive in relation to those purposes.
4. Personal data must be accurate and, where necessary, kept up to date. 5.
Personal data should not be kept longer than necessary.
6. Personal data must be processed in accordance with the rights of data subjects under the current Data Protection Act.
7. Technical and organisational measures can be taken against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage to personal data.
8. Personal data should not be transferred outside the European Economic Area unless to a country or territory that ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Information collected in relation to internet and internet support services
This information is captured in 'logs', and is a normal part of ISP operation. The logs GreenNet uses are commonly referred to as authentication, postfix, pop and web logs.
For a visual presentation of the information generally logged by ISPs, please click here or here, to view the information specifically held by GreenNet (html)
Information collected in relation to our billing/accounting system.
Information collected in relation to internet and internet support services is used for:
Information collected in relation to billing:
How long we keep this information
Logs are kept no longer than necessary. That is, we keep logs as long as is necessary for our stated specific purposes of billing and support needs. Most information logged in relation to Internet and Internet support services is kept for 7 days, whilst some may be kept for up to 1 month after which time it is deleted. Billing and accounting information is kept for the time stipulated by Companies House Legal requirements.
All of your information is confidential including:
GreenNet will not give user information to ANY agency, organisation or company for the purposes of direct marketing. GreenNet will not disclose confidential information to any third party without your implicit or explicit consent - [implicit authorisation could mean, for example, that the information requested is publicly available, eg on the user's Website, via a 'Whois' lookup, or other publicly published databases)] - unless compelled by law to do so. In this situation, we would only disclose such information if the following conditions exist:
In the absence of such conditions, GreenNet is principally bound to protect your confidential information and inform you if any third party tries to obtain your confidential information.
GreenNet does not share personal data with third parties, except as described above. All staff have clear guidelines to determine whether a user has identified themselves sufficiently for a change of account or disclosure of information and are aware that the unauthorised or illegal disclosure of personal details about users is not allowed.
'Third Parties' could include:
There is an annual mail out for users to correct their data or, you can contact us to amend your details at any time.