Open PHACTS Foundation

Privacy Policy

Home »  Privacy Policy

Last updated May 2018

This Privacy Policy applies to websites and services that are operated by The Open PHACTS Foundation. The Open PHACTS Foundation is not responsible or liable for the content or the privacy policies of other websites to which it may link.

The Open PHACTS Foundation is both a Processor and Controller of personal data. This document explains what personal data we collect, how we use it, and how we protect it. You can always contact us if you would like to see what personal data we have about you, correct or delete any of your personal data, restrict processing of your personal data, or object to what we do with your data.

How do you collect and use my personal data?

The Open PHACTS Foundation offers a number of services that do not require you to provide any personal information to us. However in order to provide some of our services, we will need to collect personal information from you.

API Users:

When you register as an Open PHACTS API user, we ask you to fill in a form on our website providing personal information such as your name, email address, organisation, and account password. We use this data to associate your individual API keys with your account.

In order to monitor performance and service levels, our API service logs information such as the number of times each API operation or call is accessed. In some cases these raw logs will include personal data such as the IP addresses that API calls originate from. Access to raw logs is strictly controlled to senior operatives of the API service-providing organisation and the Open PHACTS Foundation. We will never release usage data identifying individuals or organisations to other Members of the Foundation.

We may, in some cases, anonymise and aggregate data about API performance and usage in order to plan future changes and investments to the API based on usage metrics. We may share these anonymised, aggregated data with authorised representatives of the Open PHACTS Foundation for service management and support.

User Communications:

When you send email or other communications to the Open PHACTS Foundation, we may retain those communications in order to process your enquiries, respond to your requests, and improve our services.


If you sign up to receive the Open PHACTS Foundation newsletter, you will need to provide us with at least an email address so that we can send it to you.

We use MailChimp as our marketing automation platform for newsletters. MailChimp’s servers are located in the USA, but MailChimp certifies to the US-EU Privacy Shield Framework, an agreement which means their data protection standards are considered high enough to safely process personal data about EU citizens. You can read more about MailChimp’s use of personal data in their Privacy Policy and Terms.


When you visit the Open PHACTS Foundation’s website, we send one or more cookies – small files containing a string of characters – to your computer. These files uniquely identify your browser, and we use them to improve the quality of our service by storing your user preferences and tracking trends such as how people search our website. We may also use cookies to display customised content to you.

Most browsers are set up to accept cookies by default, but you can change your browser settings to refuse all cookies, or notify you when a cookie is being sent. However, please note that some features and services of the Open PHACTS Foundation may not function properly if you disable cookies in your browser.

Embedded URLs:

Some functionality of our website may use embedded URLs to facilitate use of the site without cookies. Embedded URLs make use of plain text or encoded URL extensions to the URL that appears in your browser address or location bar. This method allows some limited information to follow you as you navigate the site, but does not reveal any personal data and is not retained after your browser session. Embedded URLs increase your ability to browse our site, but have limited functionality compared to the use of cookies.

Web Logs:

Our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, IP address, browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your browser. Access to web logs is strictly controlled to senior operatives of the Open PHACTS Foundation.

How do you protect my personal data?

To prevent unauthorised access, maintain data accuracy and ensure the appropriate use of information, we have put in place appropriate physical, electronic, and managerial procedures to protect the personal data we collect. Our hosting services have implemented generally accepted standards of technology and operational security in order to protect your personal data from loss, misuse, alteration, or destruction.

Communications across the API are all performed through the HTTP/SSL protocol, so that all communications are secure when using the production Open PHACTS API.

Do you share my personal data with anyone?

In the case of raw logs of API usage, these may be made available to trusted operatives of the API host and service provider. No usage data identifying any individual or organisation will ever be released to other Members of the Foundation.

The Foundation may use analytics services provided by third parties to analyse how visitors use our website. Information generated by cookies about your use of our website, including your IP address, may be transmitted to and stored by third parties. Third parties may use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website activity and usage. Analytics service providers may also transfer this information to third parties where required to do so by law, or where those third parties process the information on the services’ behalf.

Is my personal data sent to other countries?

The data that we collect from you may be transferred to a country outside the European Union, to be processed by Open PHACTS Foundation staff operating outside the EU. In such cases we will take all steps reasonably necessary to ensure that our collection, storage and use of your personal data will always be in accordance with this Privacy Policy and EU law.


Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to our website; any transmission is at your own risk.

Changes to our Privacy Policy

Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email.


Questions, comments and requests regarding this Privacy Statement are welcomed and should be addressed to