1. Overview
practise.transitionmovement.org is maintained by Transition Network on behalf of the Transition Movement.
If you have any questions, or wish to submit a data subject request, please email privacy@transitionnetwork.org
2. Analytics
We host our own analytics server using Matomo software. analytics.transition-space.org, This is hosted on Netcup.de under the terms detailed below.
3. Helpdesk
We use a helpdesk service to manage support tickets helpdesk.transition-space.org. This is hosted on Netcup.de under the terms detailed below.
4. Events
We use an events site https://events.transitionmovement.org/practise/ to manage attendance at events. This is hosted on Elest.io under the terms detailed below.
5.Cookies
Effective Date: 24-Jan-2024
Last Updated: 24-Jan-2024
What are cookies?
How do we use cookies?
Types of Cookies we use
Manage cookie preferences
Cookie SettingsYou can change your cookie preferences any time by clicking the above button. This will let you revisit the cookie consent banner and change your preferences or withdraw your consent right away.
6. Transition Network as a Controller
Transition Network is the controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection:
Transition Network, c/o Darnells 30 Fore Street Totnes, TQ9 5RP Totnes, UK
The data protection officer is Sam Rossiter
Phone: +44 (0)1803 865 669
Email: privacy@transitionnetwork.org
Website: https://transitionnetwork.org/
Under the General Data Protection Regulation (GDPR), Transition Network acts as a controller of your personal data in the following cases:
- if you visit the practise.transitionmovement.org website
- if you register or sign up for an account on practise.transitionmovement.org and use the service (registered users)
- You use https://events.transitionmovement.org/practise/ to order a ticket for an event
- if you email privacy@transitionnetwork.org
7. What types of personal data are processed?
We process the following types of personal data:
- Website Visitors: IP address, metadata.
- Metadata: Information about the terminal or machine used to connect to practise.transitionmovement.org, your machine's operating system, display resolution, web browser and browser version, date of access to the website, and details your logged-in sessions. If you email us, we may also see email header information.
- Registered user information: email address, userid, password, IP address, metadata, subscriptions, and server preferences.
- Profile information: profile picture, bio, profile metadata (which may infer details about our users).
- Data added for the purposes of events which may include accessibility or other data as entered by you.
8. Purposes for processing data
Personal data noted above is processed because otherwise the service doesn't really work.
- Registered user information is necessary to provision and administer accounts.
- Profile information is provided by you and can be as much or as little as you desire. If you include special category data in your profile information, such as details about your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or health information, or details about your sexual orientation or sex life, you are, legally-speaking, making this information ‘manifestly public’, which is a very lawyerly way of saying “it’s on you.”
- IP address and other machine identifiers are collected by default in inner.transitionmovement.org for the purposes of allowing us block/disable access to problematic users or bots, to render the site properly on different devices, and because that is how the internet generally works.
Some information (such as user access, registration, errors, etc.) are also stored in separate Linux system logs (SystemD), which are also maintained on netcup.de. These logs serve the purpose of maintenance and security of the server, and are rotated every 14 days.
Backups are further retained for 90 days on Scaleaway
9. Legal basis for processing data
Transition Network relies on consent for processing your data.
We rely on your consent if you create an account, update your profile, contact us via the privacy@transitionnetwork.org email address, or open a support ticket at helpdesk.transition-space.org
In the unlikely event that you do something dodgy on the site, Transition Network relies on legitimate interests for subsequent processing (i.e., account suspension, deletion, or if necessary, reporting to authorities). If we are served with a legal order requiring us to provide information relating to you in connection with suspected or alleged misuse of the service, and we comply with that order, the lawful basis will be necessity to comply with a legal obligation. Please don't let it come to that.
Transition Network rely on contractual necessity and legitimate interests to host this website and deal with emails. Transition Network have agreements in place with Netcup.de for hosting, based in Germany. We backup data to Scaleaway. We have agreements with Mailgun for delivery of email.
10. Retaining your data
By emailing privacy@transitionnetwork.org you can request deletion of your account and data. The practise.transitionmovement.org server attempts to delete content stored in logs automatically after 14 days, to make optimal use of server space. If you create an account here, it will remain on our server until:
- You choose to delete it;
- We delete the account manually;
- We delete the service;
- Something really bad happens (thermonuclear war, the heat death of the universe, etc.).
11. Exercising your rights
You have the right to request access to and rectification or erasure of personal data. You can also ask us to restrict processing or object to processing (to the extent that's possible).
To contact us, including to exercise your rights, please email to privacy@transitionnetwork.org
You also have the right to lodge a complaint with a Supervisory Authority. As a controller, the Lead Supervisory Authority for Transition Network is the information commissioner's office in the UK. You can find more information about lodging a complaint with the ICO by going to https://ico.org.uk/make-a-complaint/
12. Security
Except where you make data 'manifestly public’ (see point 9. above) Personal data processed by practise.transitionmovement.org is accessible only to the Transition Network admin team and those under contract to Transition Network. In addition to limited access, the following additional security measures are in place:
- Strong, robust identity management & authentication, including 2FA for our servers and email;
- reasonable security hardening of the server itself;
- Daily, redundant backups of instance data;
- encryption in transit (TLS 1.3, via LetsEncrypt);
- encryption at rest on Netcup and Scaleaway;
- data processing agreements in place with our subprocessors.
We rely on assurances provided by Hetzner, Netcup, Scaleaway and SINCH AB/Mailgun regarding their own technical and organisational measures. Details on Sub-processor controls can be found below:
HETZNER ONLINE GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (Server infrastructure) https://www.hetzner.com/legal/privacy-policy
SCALEWAY S.A.S, BP 438, F-75366 Paris Cedex 08 (Backup) https://www.scaleway.com/en/privacy-policy/
NETCUP GmbH Daimlerstraße 25 76185 Karlsruhe (SSO system, ID system, Analytics) https://www.netcup.eu/kontakt/datenschutzerklaerung.php
SINCH AB Lindhagensgatan 74 Stockholm, 112 18 Sweden (email delivery) https://www.mailgun.com/legal/dpa/
Elest.io 66 Fitzwilliam Square Dublin, 2 D02 AT27 Ireland, Europe (events.transition-space.org hosting) https://docs.elest.io/books/legal-compliance/page/privacy-policies
13. Transfers Outside of the EU
Transition network uses hosting based in the EU & relies on sub-processors considered adequate by the EU.
Of course, by posting, your profile information and your content is available globally, so please think twice before posting anything personal, and do not post the personal data of others.
14. Content Delivery
We use third-party Service Providers to serve some traffic under the domain cdn.jsdelivr.net. This means all of these providers have access to your IP address and other information sent by your web browser. This information is used for analytics and security purposes. We have assurances from these providers they do not track any individual user.
Cloudflare
For more information on the privacy practices of Cloudflare, please visit the following web page:
https://www.cloudflare.com/security-policy/
Fastly
For more information on the privacy practices of Fastly, please visit the following web page:
https://www.fastly.com/privacy
Gcore
For more information on the privacy practices of Gcore, please visit the following web page:
https://gcore.com/legal