1.0 The Action Against Allergy (AAA) overview of privacy and data protection
- At AAA we believe that privacy and data protection are human rights
- We believe that data is a liability and should only be collected and used when absolutely necessary
- We hate spam as much as you do and endeavour to prevent spam at every opportunity
- We will never sell, mis-use, make public, or distribute your personal information.
2.0 We cover ALL the relevant legislation and laws
2.1 Legislation and Laws
This website is designed to comply with all the relevant and current legislation on data protection and privacy. Links to the relevant legislative websites can be found below:
The UK Data Protection Act 1988 (DPA)
The EU Data Protection Directive 1995 (DPD)
The EU General Data Protection Regulation (GDPR)
Our internal computer systems are also compliant with this legislation, for example we do not keep lists of clients for promotional purposes. All our data is password protected and physically stored on separate archive devices for no longer than one year.
2.2 Website Statement
Whilst the information provided on this website is given in good faith by AAA, no warranty or representation is given concerning such information which must not be taken as establishing any contractual or other commitment binding upon AAA. Furthermore, whilst AAA uses reasonable efforts to include accurate and up-to-date information on the website, to the extent permitted by law, AAA make no warranties or representations as to its accuracy. To the extent permitted by law, AAA excludes all liability to third parties arising directly or indirectly from their use of or reliance on information or materials contained in this website.
The Web site may contain references or links to other websites on the Internet which are owned and operated by third parties. Those references or links are not an endorsement of those third parties or their products or services. AAA reserves the right to revise this website at any time.
3.0 Personal information collection by our websites
3.1 Tracking visitors to our website and cookies
At AAA we attempt to use Google Analytics (GA) to track users interaction with our website. We use this data to find out what number of people are using our site and what journey they take through it from page to page. This is useful because we can then adjust our site to make it a better user experience.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information will ever personally identify you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant access to this. We consider Google to be a third party data processor (see section 6.0 below).
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
Like most operations, we only rarely use Google Analytics to track visitors to our website. We do not use any other analytics program, display advertisements or have affiliate links. For our day to day work, we do not require persistent cookies which would require us to show the cookies popup (EU Cookie Directive 2011). However, all websites use session cookies (tiny pieces of information which speed up loading, or assist with other functionality). These are created automatically through your browser when you visit our websites but only exist during a session. However, because we have GA working, we need your permission with regard to cookies because that free system uses persistent cookies. We have therefore included the EU Directive ‘cookies popup’ statement with a link to this page.
3.2 The AAA website blog/news
Even though our website has a live blog, we have not activated the comment field on this system. This means we are not collecting any personal information about you through comments. Should we start using this facility, then these guidelines will change and we shall include a section whereby you can request the disclosure of any personal information held by the website database and associated systems. You will also be able to request that any personal information be deleted.
3.3 Email and contact forms / application forms
We use a simple code on our website to encrypt email links. This means that spam bots are unable to harvest our email and subsequently spam us or use our email to spam others. This system is not 100% proof, but we do our best to prevent spam at every opportunity. If you use a contact form on our website, then none of the data you supply is stored on our websites or passed to or processed by any third party. The data collected is collated into an email and sent in a standard way using the SMTP (Simple Mail Transfer Protocol). All email addresses and mail servers are protected by our UK based hosting company using TLS (sometimes known as SSL). This simply means that your details sent are encrypted before being sent across the internet. On arrival, the content is decrypted by local devices at the AAA office.
Contact information from the contact email is used to respond to enquiry or send information as appropriate. The individual’s contact information is also used to get in touch with the individual when necessary. Such Contact information is never disclosed to a third party. Your contact information is only stored on secure mail software, e.g. Mac Mail or Outlook when we are required to maintain a business relationship with you, e.g. you provide us with a service or your enquiry remains active.
4.0 How we store your personal information
(Also see section 3.3 regarding emails and contact forms) At this time, none of your personal information is stored inside a database on the server for our website. This is because we are not using the blog functionality of the website with the comment field turned on.
At this time GDPR requires pseudonymisation. Put simply, this means that an identifier (code) is added to sections of personal information which links this information together. The pieces of information are then separated. Without the code, your personal information and identity cannot be linked together. As stated, we do not at this time collect or store any of your personal information through our websites. Almost all web applications using a Content Management System (CMS), e.g. WordPress (this site), Joomla, Drupal, Wix, Weebly etc do not yet comply with this part of the legislation. For example, as of 2018, there are nearly 500 million WordPress sites on the web and none of them yet meet this requirement. It will take some time for this change to be developed by the application developers. As soon as it is available, then we shall implement it on all our websites.
5.0 Our hosting company is as secure as it can be
For our website we use a reputable UK hosting company 34sp. The hosting company industry is largely unregulated and many of the largest companies do not use sufficient levels of diligence to prevent hacking or other data breaches. The company we use complies with the Data Protection Act 1998 and has numerous measures to prevent compromise of websites and data. Our sites are secured in a ‘container’ that includes round the clock protection from hackers using their customised WAF (Web Application Firewall). They also maintain up to date software and have closed the main routes often used by hackers. All traffic to/from our sites use encryption via https: (SSL – security certification). No website is 100% secure, but at AAA we endeavour to ensure that everything we do online is as secure as it can be.
6.0 Third part data processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0. Both of these third parties are based in the USA and are EU-U.S Privacy Shield compliant.
We also include a link and stream posts from ‘Talk Heatlh‘ on our website which is a forum for discussion of health matters. We do not share any personal data with Talk Health. You can view their guidelines on cookies on this link.
7.0 Data breaches
We undertake to report any unlawful data breach relating to our websites or their databases, and any other source from hardware and software used at AAA. We will report this breach to all the required authorities within 72 hours as is the requirement under the GDPR legislation.
8.0 Who to contact
If you have an questions or concerns with regard to data or this policy, then please contact:
Director, Action Against Allergy
t: +44(0)20 8892 4949