Privacy Policy

HeatHack is an informally constituted volunteer group that is affiliated with the Surefoot Effect CIC.   This privacy policy explains how we use data we obtain from individuals in communication with us. 

Date of this version: 20220711

Our contact details

Name:  HeatHack

E-mail: info@heathack.org

The type of personal information we collect

We currently collect and process the following information:

Participants in our structured programme for community groups

Under the UK General Data Protection Regulation (UK GDPR), our legal basis for processing this data is legitimate interest.

  • The name, email address, and phone number of at least one person per participating community building. 
  • The postal address of at least one person per participating community building. 
  • The post codes for where our programme participants live.  You may refuse to provide this information and you will still be able to participate in the programme. 
  • For anyone where we hold a name and contact details, which programme group they are in; that is, which community building they are associated with.  This is personal information because it reveals some kind of relationship involving the building, even if that is just that they live nearby.
  • For our participating engineers, what kind of engineering qualification they hold.

Event Attendees

Our legal basis for processing this data is legitimate interest.

  • Name and email address; postcode; sometimes, photographs.

Website visitors, including use of our online forum

Our legal basis for processing this data is consent. What information we collect depends on how you use our website.

Google Analytics.

Like most other organisations we use Google Analytics on our websites.  This software captures data about website visitors in a form of an advanced web server log.  It records what website you came from; how long you stay for; and the kind of computer used.

This helps us to understand the kind of people who come to our sites and what content they’re reading and enables us to make better decisions about design and writing.

We occasionally compile aggregate statistics about numbers of site visitors and browsers being used.  No personal data is included in this type of reporting and all this activity falls within the bounds of the Google Analytics Terms of Service.

Comments.

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Contact Forms.

Our contact form stores the information you enter. The information is sent as email messages that only the project team are allowed to access. The information is also stored in the database on our hosting server as a temporary backup.

Cookies.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Media.

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Website registration and forum.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Embedded content from other websites.

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Mailing list subscribers

Our legal basis for processing this data is consent.

  • Name and email address

How we get the personal information and why we have it

Apart from any photographs we may take, we obtain your personal information in one of following ways.  Either you send it to us by email or via a social media platform, or you fill out a Google Form with the information, or you pass your personal information to the member of your group that is designated as our primary contact for them to send on to us, or you place it on our website.

Where our legal basis is “consent”, we collect the personal information so we can contact you, because it helps us to demonstrate our activities to current and future funders, or because you choose to share the information with the rest of our user community.

Where our legal basis is “legitimate interest”, we collect the personal information because it is necessary for us to run our programme.  We use names and contact details in order to contact you.  If we hold your postal address, this includes your postcode. 

If we do not have your full postal address, but you have provided your postcode, we have collected this information because our funder, the Royal Academy of Engineering, requires us to.  This is because they are required to evaluate how well the set of projects they have funded reaches the more deprived areas of the UK.  We use the Scottish Index of Multiple Deprivation, or its equivalent if you are from other parts of the UK, to profile the entire set of postcodes we collect, without identifying who lives at each post code or which group (community building) they are from.  We then send this information to the RAE to combine across all of the funded projects. 

In our structured programme, we collect information about engineering qualifications because we are required to include a set number of qualified engineers in our programme; we use the information to understand which applicants will enable us to justify our spending to the funders.

If we have taken photographs, it is to document our activities or in order to use them in our publicity materials.  We will always make this clear at the time and allow you the opportunity to refuse permission.

How we store your personal information and how long we retain it

Your information is securely stored, password-protected on Google Drive.  Only project staff have the password. Email addresses may be held on The Surefoot Effect’s Mailchimp account to enable us to circulate HeatHack newsletters to contacts, although some mailing lists will be handled by Ionos.

We may keep your personal details until September 2024, one year after the end of the project, to allow us sufficient time for reporting our results.  We will then dispose your information by deleting it from our cloud drive.  If after the project you wish to keep in touch with us, you may decide to opt in to having us keep your contact details to send you updates about our work.

Who we share your personal information with

We may share full postcode information, without names attached, with the Royal Academy of Engineering, if they require this for their reporting. They in turn add these postcodes to those for participants across all of their public engagement projects, without attributing them to a single project or group. 

Engineers without Borders will help us find engineers for groups that do not have one already.  We may share the contact details for those groups with them so that they can arrange an introduction with engineers from their community.

Third party suppliers with access to your personal data

We may use third party suppliers to provide services. These suppliers may process personal data on our behalf as “processors” and are subject to contractual conditions to only process that personal information under our instructions and to protect it.

In the event that we share personal information with external third parties, we only share such information strictly required for the specific purposes and take reasonable steps to ensure recipients shall only process the disclosed personal information in accordance with those purposes.

  • The Triodos Bank process payment transactions securely on our behalf.
  • Our Google Workspace, including our email services and Google Chat services, are hosted by Google. Their privacy policy can be found here: Privacy Policy – Privacy & Terms – Google.
  • Zoom is used to host remote group meetings, their privacy policy can be found here: https://explore.zoom.us/en/privacy/
  • Mailchimp distribute some of our email communications. Their privacy policy can be found here: https://www.intuit.com/privacy/statement/.
  • Our website is hosted by Ionos.  Their privacy policy can be found here:  Privacy policy – IONOS T&C.
  • Visitor comments on the website may be checked through a third party automated spam detection service for the purposes of spam detection only.
  • We use Eventbrite’s ticketing service for some of our events. They comply with GDPR, see their privacy policy here.
  • Instructors, coaches and event organisers receive details of training participants.
  • Adobe Express is used to generate QR codes and may be able to see who accesses the website through them. Their privacy policy can be found here.
  • We use Google Groups internally as mailing lists, for example, to send email to all engineers involved in the programme or all community groups that have registered interest. Only HeatHack staff and lead volunteers have access to the full list. Google’s privacy policy can be found here.

We do not pass any data to other parties for marketing, or to other parties without your permission.

Your data protection rights

Under data protection law, where our legal basis for processing is legitimate interest you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.  This right does not apply where our legal basis for processing is consent, but you do have the right to withdraw consent.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.  This right does not apply where our legal basis for processing is legitimate interest.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at info@heathack.org if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at info@heathack.org.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk