GreenNet's Code of Practice

About GreenNet
Purpose of this document
Data Retention of and access to 'Communications Data'
Why information is stored?
What information is stored?
What do we do with this information?
How long we keep this information?
Is your information confidential?
Who can access your information?
How can inaccurate information be corrected?

About GreenNet
GreenNet supports a progressive community working for Peace, the Environment, Gender Equality and Social Justice, through the use of Information Communication Technologies (ICTs). GreenNet services are specifically tailored to meet the needs of civil society organisations and include: email, webhosting, dynamic website development and consultancy, training. GreenNet is a member of ISPA (Internet Service Providers Association) and is registered with CISAS (Communications and Internet Services Adjudication Scheme). GreenNet is an ethical not-for-profit collective and as such has a non-hierarchial structure with any profits going to its parent charity, GET (GreenNet Educational Trust). GreenNet is an equal opportunities employer and our approach to all areas of our work embraces the principle of equality and equity for all. GreenNet has an environmental policy which covers all aspects of GreenNet's operations (available on request).

Purpose of this document
We have prepared this document to: further explain your relationship with us, your supplier; let you know what information about you is stored, how it is stored, for how long it is stored; and explain our policy for ensuring that your data protection needs are treated with the utmost seriousness. GreenNet recognises that the relationship between GreenNet and our users is a confidential one. GreenNet is a 'Registered Data Controller'. Our entry can be checked on the Data Protection Register under Registration Number: K0657188 at http://www.dpr.gov.uk/search.html
This document is updated as and when is necessary, and at least in accordance with Oftel/Ofcom requirements. Any questions about this document or GreenNet services, please email: support@gn.apc.org.

  Data Retention of and access to Communications data
Parliament enacted an Order which came into force on December 5th 2003, approving a voluntary code of practice in relation to ISP retention of and access to 'Communications Data' - confidential user information.

As a not-for-profit ISP dedicated to supporting and promoting groups and individuals working for peace, human rights, gender equality, social justice and the environment through the use of ICTs, we aim to realise the rights of all individuals in the UK to enjoy full access to information and communication services.

GreenNet has participated in good faith in various consultations throughout this process, outlining its concerns with respect proposals for retention of data, whether voluntary or mandatory. We remain deeply concerned that the voluntary code is not compliant with data protection principles and Human Rights standards.

To this end, GreenNet will not participate in the voluntary retention scheme and is principally bound to retain its current data retention policy, outlined below, in the interest of defending the rights of our user community.

Our responses to the consultation and further justification of our position can be found here (voluntary retention of data) and here (access to communications data). In making this submission, GreenNet Limited alludes not only to those who are privileged to make use of communication services at present, but also takes into consideration the potential of a free and open communication network to benefit the realisation of social, political, economic and human rights for all in the UK.

General information about these issues can be found here.

Why is information stored?
GreenNet holds user data for Billing and Support purposes. This allows us to fulfill various administrative functions such as issuing invoices, recording payments and answering user support queries. We may also use information when:

informing users about new GreenNet services

distributing newsletters and alerts which we feel would be of interest

distributing announcements about training activities and new projects

These purposes are consistent with the 8 UK Data Protection Principles which state that:

1. Processing of personal data must be done fairly and lawfully.

2. Personal data should be obtained only for specified purposes and must be processed in a manner compatible with those purposes.

3. Personal data must be adequate, relevant, and not excessive in relation to those purposes.

4. Personal data must be accurate and, where necessary, kept up to date.

5. Personal data should not be kept longer than necessary.

6. Personal data must be processed in accordance with the rights of data subjects under the current Data Protection Act.

7. Technical and organisational measures can be taken against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage to personal data.

8. Personal data should not be transferred outside the European Economic Area unless to a country or territory that ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

What information is stored?

Information collected in relation to internet and internet support services

a 'session identifier' a unique number that identifies your interaction with the 'authentication server'

access equipment port details

the connection speed

a pre-session duration (before the logging was invoked)

the date and time of the start (or end) of the connection

an account identifier or username

the caller line identification (CLI) provided with the call

the IP address used by the user

the IP address of the network access server

the first destination IP address (often a domain name (DNS) server)

what caused the call to end

the total traffic transferred in each direction

information collected in relation to billing

This information is captured in 'logs', and is a normal part of ISP operation. The logs GreenNet uses are commonly referred to as authentication, postfix, pop and web logs.

For a visual presentation of the information generally logged by ISPs, please click here

or here, to view the information specifically held by GreenNet (html).

Information collected in relation to our billing/accounting system.

Name (Individual and/or Organisation) of account holder

Address

Phone Number and Fax Number

In some cases, credit card details

What do we do with this information?

Information collected in relation to internet and internet support services if used for:

'Trouble shooting'. Information can be used in solving certain problems users might be having, for example, 'lost mail', 'time-out's' during sessions', bounced mail problems etc.

Defining Usage patterns. Usage patterns in one period may be compared to other periods to examine what affects usage.

Monitoring Leased Line usage to determine that GreenNet has sufficient bandwidth to accommodate our users needs.

Information collected in relation to billing:

is used for delivery of invoices;

situations where the user needs to be contacted in relation to billing matters.

How long we keep this information
Logs are kept no longer than necessary. That is, we keep logs as long as is necessary for our stated specific purposes of billing and support needs.

Most information logged in relation to Internet and Internet support services is kept for 7 days, whilst some may be kept for up to 1 month after which time it is deleted.

Billing and accounting information is kept for the time stipulated by Companies House Legal requirements.

Is your information confidential?

All of your information is confidential including:

The source and destination of all communications received and sent by the user.

The content of all communications sent and received by the user.

The name, address and other communication details of the user or others using the user's account.

Payment history and other matters relating to the operation of the user's account.

Information about the use made by the user of the services of GreenNet (Web browsing etc)

Who can access your information?

GreenNet will not give user information to ANY agency, organisation or company for the purposes of direct marketing.

GreenNet will not disclose confidential information to any third party without your implicit or explicit consent - [implicit authorisation could mean, for example, that the information requested is publicly available, eg on the user's Website, via a 'Whois' lookup, or other publicly published databases)] - unless compelled by law to do so.

In this situation, we would only disclose such information if the following conditions exist:

the law is compliant with existing Data Protection principles and Human Rights standards.

we have received a court order

GreenNet considers that there is a compelling justification for disclosure;

In the absence of such conditions, GreenNet is principally bound to protect your confidential information and inform you if any third party tries to obtain your confidential information.

GreenNet does not share personal data with third parties, except as described above. All staff have clear guidelines to determine whether a user has identified themselves sufficiently for a change of account or disclosure of information and are aware that the unauthorised or illegal disclosure of personal details about users is not allowed.

'Third Parties' could include:

Other network operators who may contact GreenNet when it is alleged that a GreenNet user has breached their Acceptable Use Policy (AUP) which may have affected the network integrity of a third party's network

Sales and marketing companies

Law enforcement agencies and Government Departments

How can inaccurate data be corrected?
There is an annual mail out for users to correct their data or, you can contact us to amend your details at any time.