Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact us at email@example.com for clarification.
This application collects and uses personal information for the following reasons:
We use a service called MixPanel to track interactions and journeys through this website. This simply tells us how many people are using the system at any time so we can tune our resources to match. It also tells us what functions are being used most often so we can concentrate our resources on these functions, or improve other less well used functions.
We also record your approximate location (Town), browser type and version, and IP address. This helps us understand where people are using our systems from, and which browsers we need to support.
We consider MixPanel to be a third party data processor (see section below).
We send information to MixPanel via another service called Segment.io. This simply allows us to log generic packets of information and direct them to other services. It does not store the information, just acting as a conduit. The services it sends data to are MixPanal, Google Analytics and Google BigQuery.
BigQuery is a cloud-based database which can store structured data. It stores the same data as MixPanel but over a longer period of time. We store this data for a period of 5 years and it helps us understand trends in usage of the system.
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this.
We consider Google to be a third party data processor (see section below).
We store a reference to the last image you viewed in a cookie. This enables the system to open back at that location so you do not need to find it again.
We also store a login token which expires after 60 days, which means you will not need to log in with a user name and password (unless you choose the Log Out option in the system) each time you use the system. If you are using a shared computer we recommend Logging Out of
the system when you are finished with it, which will clear the login token cookie.
We store your user account name (usually an email address), password, and organisation name in our central accounts database server. We use this to authenticate access to the system and provide you with a means to change your password from time to time. Your passwords are encrypted one-way i.e. once encrypted there is no way to un-encrypt them. To check passwords for logins, we compare the encrypted password and an encrypted version of what you enter in the password box. This is why we cannot tell you what your password is (we have no way of finding out), but we provide a function for you to change it.
We store your Organisation as that enables us to provide access to certain projects based on membership at an organisation level. Your Organisation is usually the company you work for but it can be any arbitrary grouping e.g. A Project Name.
If you click on the Request an invite button on the login page, you will be asked to enter some information about how we can contact you, and what industry sector you are in. We use this information to better respond
to your request, linking you with the most appropriate contact to help you sign up for an account.
If you are successful in getting an account, your contact information (Name, Email) will be transferred to User Accounts database (see above), and any ancillary information such as industry sector will be deleted.
If you are unsuccessful, or it's taking a while to convert your request, we will keep the request information for up to 12 months to enable us to follow up if necessary. After 12 months, this information will be deleted
from our servers.
Under the GDPR, from the 25th May 2018, you have several rights:
If you wish to exercise any of these rights please contact us on firstname.lastname@example.org.
The applications are hosted on servers in our Co-Location suite of Zen Internet in Rochdale, with additional processing served from Digital Ocean servers hosted in London.
Depending on the project, the Image data and some Mapping Data is stored in Rochdale, or Google Cloud Storage based on servers in London or Paris. In either case, the data is stored in encrypted form on the servers. It is decrypted when served to your browser (also via
encrypted http protocols).
All traffic (transferral of files) between our applications and your browser is encrypted and delivered over HTTPS.
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out above. Depending on the application in use, only some of the following may be used.
All of these third parties are based in the USA and are EU-U.S Privacy Shield compliant. Although these are US companies, we make use of their storage facilities based in the UK where available.
Heroku, Used for hosting applications, ["Security and Privacy":https://devcenter.heroku.com/articles/security-privacy-compliance], ["Privacy Shield":https://help.heroku.com/BET88NAL/does-heroku-comply-with-the-eu-data-protection-directive-on-personal-data]
Google Cloud Storage, Used for Storage of Aerial Images, ["Google's EU Data Protection Compliance":https://cloud.google.com/security/compliance/eu-data-protection/],
["Google Cloud Storage Security":https://cloud.google.com/security/compliance/eu-data-protection/], ["EU Model Contract Clauses":https://cloud.google.com/terms/eu-model-contract-clause?_ga=2.266279887.-1350660364.1518097336]
Google Analytics, ["Google Analytics Privacy and Security Policy":https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008]. We set a retention policy of 14 months for this data, and do not enable its User-ID feature.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen, and there is a high likelihood or severity of the resulting risk to people’s rights and freedoms.
The data controller of this website is: RSK Orbital limited, a UK Private limited Company
with company number: 3686187
Whose registered office is:
2 Old bath Road
And whose operating office is:
Contact us for more information at email@example.com
26 Feb 2018 V2.0 Rewritten in compliance with GDPR regulations
10 Jan 2020 V2.1 Added references to Heroku, DataDog and AWS