Privacy Policy

TL;DR: We don't sell your data, we're working hard to ensure it's safe and protected, and we're open to feedback.

RadHR strongly believes that you have the right to control the use of your personal information, and that your privacy must be respected. We will not use personal data that you provide to us in a manner inconsistent with the purposes for which you provided it to us.

This privacy policy describes how we will process any personal information that we may collect about you as a member, as a visitor to our website. We do not and will not sell, rent or lease personal data, nor send marketing on behalf of third parties.

If you have any questions about this policy, our data processing practices, or your rights, you can contact us (details below).

What information do we collect?

RadHR collects information from you when visit our website, correspond with us, and participate in the community forum.

The information we collect, and the legal basis for doing so, includes:

If you visit our website

We collect some analytics data about the way you access and interact with our website using the free, self-hosted and open source Matomo analytics software. Any data collected through the Matomo software is carried out by computer systems which we operate and is never transferred to any third party. The legal basis of this processing is our legitimate interest in providing you with a functional website, gauging unique site views and understanding the geographical reach of our content. More information is provided about this processing below.

The data collected may include information about your operating system and version, your web browser version, your system language, your screen size and resolution, and some other metadata which allows us to optimise your browsing experience. The data collected to Matomo is never associated with you directly, and is only associated with a partially-anonymised representation of your IP address.

Web server access logs containing full IP addresses are stored for 90 days and are used solely for performance and security purposes. This information is not shared with third parties.

We use Matomo to effectively deliver our website to visitors and to understand the usage and reach of our website. We make a conscious choice to avoid web analytics tools such as Google Analytics as part of our commitment to protecting your privacy. If your web browser is configured to request that websites do not track you by sending a “Do Not Track” (DNT) request when loading webpages, Matomo will not collect any information from your system. More information about cookies is provided below.

If you create an account with us

You are asked to enter a name and email address. Your email address will be verified by an email containing a unique link. If that link is visited, we know that you control the email address, and you information is stored on our servers. At the same time, we will also send you an email asking you to confirm subscription to our newsletter, which is entirely optional. We retain this information for as long as your account is open. The legal basis for this processing is your consent.

If you add information to your profile

We record the personal information you provide. All users can see, edit, or delete their personal information at any time. Website administrators can also see and edit that information. We retain this information for as long as your account is open. The legal basis for this processing is your consent.

If you add content to the community forum

We record your name, username, email address and the IP address that the post originated from. We also keep server logs which include the IP address of every request to our server. We retain this information for at least as long as the content is accessible online. These details will not be shared with third parties, except where legally required such as to provide a defence from defamation claims and to facilitate resolution of copyright disputes. The legal basis for this processing is your consent and we retain this data on the basis of our legitimate interest in maintaining our website.

If you upload a policy to the library

When you upload a policy or process to the RadHR Library, we record all the information in the associated form and your IP address. The legal basis for this processing is your consent, as outlined in the policy upload form.

When you upload a policy or process, you consent to sharing it on the RadHR website with a Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) licence. You have the right to amend and update the policy or process, as well as to ask us to remove it from the RadHR Library.

However, by publishing the policy or process with a Creative Commons licence, you are allowing third parties to copy, redistribute, remix and build upon the policy process. As the licensor, you cannot revoke these rights, as long as the third party follows the terms of the licence. Specifically, these are to attribute you with appropriate credit, indicate whether any changes have been made, and to ShareAlike the new policy, under the same licence as the original. This means, that while RadHR will remove the policy from the Library at your request, we cannot enforce the removal any derivatives or adaptations of the policy. We will, however, ask the relevant groups to remove any reference to the original policy and to stop sharing it with others.

If you respond to a survey from us

Sometimes we offer the option to engage in surveys to do with our work. We generally anonymise answers so that they cannot be linked back to individual respondents. An information notice is provided when you begin a survey and before your consent to engage in it is collected.

If you subscribe to our newsletter

We collect the information you provide—your name and email address—in order to send you updates about our work, when you sign-up online to receiving emails from us. The legal basis for this processing is your consent, which you may withdraw at any time by unsubscribing to our emails, at which point we will delete your data.

If you contact us by phone, email or in writing

If you exchange emails, telephone conversations or other electronic communications with our staff members, our systems will record details of those conversations, sometimes including their content. When you contact us, we may keep a record of the communication we have with you. The legal basis for this processing is our legitimate interests in operating, managing and developing our organisation and our work. 

Work-related contacts

In the course of our work, we collect information such as the names, contact details and work-related information about individuals and organisations we work with and who contact us. We keep this information in order to invite you to collaborate on and participate in relevant activities. We collect this information through business cards, personal contact or occasionally recommendations from partners. The legal basis for this processing is our legitimate interests in operating, managing and developing our organisation and our work.

What do we use your information for?

Any of the information that RadHR collects from you may be used in one of the following ways:

  • To improve your experience—your information helps us to respond to your needs.
  • To improve the site—we continually strive to improve the site based on the information and feedback we receive from you.
  • To send you emails—the email address you provide may be used to send you information, notifications that you request about changes to topics and policies/guides or in response to your username, respond to inquiries, and/or other requests or questions.

How do we protect your information?

We take the security of your information very seriously. We employ physical, electronic and organisational security measures to protect the information that we collect about you from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. 

Some of the measures include:

  • Using SSL certificates across our site, including sub-domains;
  • Using encrypted disks for the community forum (data and backups);
  • Using open source forum software that is peer-reviewed. It also stores passwords with PBKDF2 encryption, uses various methods to prevent XSS attacks, as well as CSRF and DDOS protection, read more;
  • End-to-end encrypting private messages between members (and any associated uploads); though metadata about these messages is not encrypted, which is not something we can currently change, read about why;
  • Supporting the use of anonymising names and email addresses.

Although we do our best to protect personal data, information transmitted over the internet remains vulnerable to unauthorised access—for this reason the transmission of any personal data to our websites or via email to us is therefor at the data subjects’ own risk. 

We are working to add additional features and security protocols, if you have any feedback or requests, please contact us.

What is our data retention policy?

We keep your data as long as is necessary in connection with the purpose it is collected for. We do not keep data longer than required in connection with that purpose. We will delete the information we hold about you as soon as we no longer need it or, where actionable, at your request (see “Your rights” section below). 

Specifically, RadHR will make a good faith effort to:

  • Retain server logs containing the IP address of all requests to this server no more than 90 days.
  • Retain the IP addresses associated with registered users and their posts no more than 5 years.

What are your rights?

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are: (a) Your consent. You are able to remove your consent at any time. You can do this by contacting us.

Under the UK GDPR, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information.

Your right to object to processing – You have the the right to object to the processing of your personal information.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us if you wish to make a request.

Do we use cookies?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow). These cookies enable the site to recognise your browser and, if you have a registered account, associate it with your registered account.

RadHR uses cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

Do we disclose any information to outside parties?

RadHR will not sell, trade, or otherwise transfer to outside parties your personally identifiable information.

We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers will only receive anonymised data and are not permitted to use the information collected on our behalf except to help us conduct and improve the site.

We include third party links on our site. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

By using our site, you consent to this privacy policy and our terms of service.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at: hello@radhr.org.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Contact us

If you have a query regarding this Policy, or if you would like to exercise your rights, please contact us:

hello@radhr.org
24 Southfield Road, First Floor Flat, Bristol, BS6 6AY

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page.

This document is CC-BY-SA.

It was last updated May 31st, 2023.

Attribution

Thank you to the Open Rights Group for significant parts of this policy and related privacy practices. You can view their Privacy & Cookie policy in the RadHR Library or the Open Rights Group website.