Who we are
Our website address is: https://www.hernehill.org.uk and this website is run by the Herne Hill Forum: https://www.hernehillforum.org.uk. The data controller of this website is: firstname.lastname@example.org.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address, which could be used to personally identify you, but Google does not grant us access to this. We consider Google to be a third party data processor (see below).
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
Embedded content from other websites
News articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Third party processors
We use the following third parties to process personal data on our behalf. These third parties are based in the United States and are committed to complying with the EU General Data Protection Regulation 2018 (GDPR) when it comes into force on 25 May 2018. They are already EU-U.S Privacy Shield compliant.
If you create, submit, import, save, or publish Event, Venue, or Organizer information, such information is retained in the local database:
- Venue information: name, address, city, country, province, postal code, phone, website, geographical coordinates (latitude and longitude)
- Organiser information: name, phone, website, email
- Event information: website, cost, description, date, time, image
- ip address (see below)
The calendar makes use of certain APIs, in order to provide specific features.
These APIs may include the following third party services: Google Maps (API key), Meetup (OAuth token), PayPal (email, Client ID, Client Secret), Eventbrite (API key, auth URL, Client Secret), and Zoom (email, Client ID, Client Secret).
IP adresses and security
We use a plugin called Stop Spammers to prevent spambots registering user accounts and publishing spurious content. In order to work, when you register for an account this plugin checks your ip address against a list of known spam ip addresses and either allows or rejects your registration. Once you have been granted a user account and login to this website, the administrator of this website can see your ip address. This ip address, particularly static ip addresses, are deemed “personal data” by the GDPR gods and so we need to tell you that we are able to see it. As we do this in order to keep the site secure, it is covered by Article 6.1 of the GDPR legislation which states that it is legal to process personal data if “processing is necessary for the purposes of the legitimate interests pursued by the controller”. Therefore we do not need your permission for this use of your ip address but we do want to be completely transparent about it so you can decide whether you want to register an account with this website or not. In all honesty, we wouldn’t know how to identify you from an ip address as we’re not clever enough, but there are some folks out there who could, if they tried hard enough.
Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
Modern Tribe, the makers of the Events Calendar, does not send any user data outside of this website by default.
How long we retain your data
For users that register on our website, we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
All information (data) is retained in the local database indefinitely, unless otherwise deleted.
What rights you have over your data
We do our best to keep your data accurate and up to date, assuming you provide us with the information we need to do so. If your data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes.
Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. We will retain your information for as long as your account is active or as long as needed to provide you with our services. Unless it is prohibited by law, we will remove any personal information about you from our records at your request. This does not include any data we are obliged to keep for administrative, legal, or security purposes.