Last updated May 2018
The Open PHACTS Foundation is both a Processor and Controller of personal data. This document explains what personal data we collect, how we use it, and how we protect it. You can always contact us if you would like to see what personal data we have about you, correct or delete any of your personal data, restrict processing of your personal data, or object to what we do with your data.
How do you collect and use my personal data?
The Open PHACTS Foundation offers a number of services that do not require you to provide any personal information to us. However in order to provide some of our services, we will need to collect personal information from you.
When you register as an Open PHACTS API user, we ask you to fill in a form on our website providing personal information such as your name, email address, organisation, and account password. We use this data to associate your individual API keys with your account.
In order to monitor performance and service levels, our API service logs information such as the number of times each API operation or call is accessed. In some cases these raw logs will include personal data such as the IP addresses that API calls originate from. Access to raw logs is strictly controlled to senior operatives of the API service-providing organisation and the Open PHACTS Foundation. We will never release usage data identifying individuals or organisations to other Members of the Foundation.
We may, in some cases, anonymise and aggregate data about API performance and usage in order to plan future changes and investments to the API based on usage metrics. We may share these anonymised, aggregated data with authorised representatives of the Open PHACTS Foundation for service management and support.
When you send email or other communications to the Open PHACTS Foundation, we may retain those communications in order to process your enquiries, respond to your requests, and improve our services.
If you sign up to receive the Open PHACTS Foundation newsletter, you will need to provide us with at least an email address so that we can send it to you.
Most browsers are set up to accept cookies by default, but you can change your browser settings to refuse all cookies, or notify you when a cookie is being sent. However, please note that some features and services of the Open PHACTS Foundation may not function properly if you disable cookies in your browser.
Our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, IP address, browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your browser. Access to web logs is strictly controlled to senior operatives of the Open PHACTS Foundation.
How do you protect my personal data?
To prevent unauthorised access, maintain data accuracy and ensure the appropriate use of information, we have put in place appropriate physical, electronic, and managerial procedures to protect the personal data we collect. Our hosting services have implemented generally accepted standards of technology and operational security in order to protect your personal data from loss, misuse, alteration, or destruction.
Communications across the API are all performed through the HTTP/SSL protocol, so that all communications are secure when using the production Open PHACTS API.
Do you share my personal data with anyone?
In the case of raw logs of API usage, these may be made available to trusted operatives of the API host and service provider. No usage data identifying any individual or organisation will ever be released to other Members of the Foundation.
The Foundation may use analytics services provided by third parties to analyse how visitors use our website. Information generated by cookies about your use of our website, including your IP address, may be transmitted to and stored by third parties. Third parties may use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website activity and usage. Analytics service providers may also transfer this information to third parties where required to do so by law, or where those third parties process the information on the services’ behalf.
Is my personal data sent to other countries?
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to our website; any transmission is at your own risk.
Questions, comments and requests regarding this Privacy Statement are welcomed and should be addressed to firstname.lastname@example.org.