Privacy Policy Overview (GDPR Compliant)
1. Purpose and Scope
Why We Have a Policy: This Privacy Policy outlines how the Pirate Party UK collects, uses, and protects your personal information in compliance with the General Data Protection Regulation (GDPR). It applies to information gathered through the website, membership forms, and any other interactions with the Party.
Changes to the Policy: The policy may be updated periodically. Significant changes will be communicated via mandatory notifications, as GDPR does not allow users to opt out of communications necessary for legal compliance or significant updates.
2. Contact Information
Data Protection Officer (DPO): For GDPR-specific inquiries, please contact our Data Protection Officer through the contact options available on our website.
3. Information Collection
Direct Information: The Party collects information you provide directly, such as during registration, membership processes, or forum participation.
Indirect Information: Data about your website usage, including page visits and resources accessed, is collected. This data is anonymized and aggregated for statistical purposes and is collected under the Party’s legitimate interest to improve services.
Data Processing on this Website: Various data is transmitted to us from your computer, depending on the browser and operating system type, version, and settings. Some of the data that may be collected include:
- Browser type/version
- Operating system used
- Referrer URL (the previously visited page)
- Host name of the accessing computer (IP address)
- Time of the server request
The Pirate Party strictly rejects the storage of such data. However, in cases where our systems are misused for criminal offences, we may be obligated to store this and other data and hand it over to investigating authorities. If allowed, we will inform you in such cases. In the event of an ongoing procedure, this data may be released to participating authorities or private individuals.
Third-Party Data Transmission: If it becomes necessary to pass on your data to third parties, we will ask for your permission in advance for each transmission individually. The following declaration gives you an overview of how we ensure this protection and what kind of data is collected for what purpose.
4. Use of Information
Legal Basis: Your personal data is processed based on your consent, compliance with legal obligations, or the Party’s legitimate interests.
Third-Party Sharing: The Party will not share your information with third parties without your explicit consent unless required by law. If it becomes necessary to share your data with third parties, we will seek your permission for each instance.
Purpose: Collected data is used to improve services, fulfill commitments, and communicate about campaigns and services. Users can manage their communication preferences but cannot opt out of essential notifications required by law or necessary for significant updates.
5. Data Security
Security Measures: Personal information is stored on secure servers, and any data transfer is encrypted. Although complete security cannot be guaranteed, the Party commits to doing its best to protect user data. Access to your data is restricted to authorized personnel only.
Data Breach Protocol: In the event of a data breach, affected individuals will be notified within 72 hours in compliance with GDPR requirements.
6. User Rights Under GDPR
- Access: You have the right to request access to your personal data at any time.
- Rectification: You have the right to request correction of any inaccurate or incomplete personal data.
- Erasure: You have the right to request the deletion of your personal data under certain circumstances (right to be forgotten).
- Restriction of Processing: You can request the restriction of processing your data in certain situations.
- Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
- Objection: You have the right to object to the processing of your personal data based on legitimate interests.
- Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, unless necessary for contractual reasons.
- Withdraw Consent: You can withdraw your consent to data processing at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Requests can be made to the Data Protection Officer through the contact options available on our website. The Party will respond to such requests within one month as required by GDPR.
7. Donations and PPERA Compliance
Donation Rules: Under the Political Parties, Elections and Referendums Act 2000 (PPERA), the Party is required to report:
- All permissible benefits that add up to over £11,180 from the same source in the same calendar year, including benefits received by different sections of the Party.
- All impermissible donations, which are those that come from a source not permitted under the law.
- All permissible donations over £11,180 from a single source.
Data Retention: The Party will retain all relevant donation and loan information as long as required to fulfill its reporting obligations to the correct authorities.
8. Membership Portal Collaboration
Co-Management: The membership portal is co-managed with Pirate Party Austria and the Pirate Party International IT group, which provides server space for free. The portal is partially controlled by the Austrian Pirate Party working group. You can review their privacy policy here.
9. Website Hosting and External Links
Website Hosting: The static website is hosted on GitHub via GitHub Pages and utilizes Cloudflare for content delivery and security services. This hosting arrangement helps ensure the website’s availability and protection against various online threats.
External Links: This policy applies only to the Pirate Party UK’s services and websites. It does not cover external sites linked from the Party’s website.