We have prepared this document to: further explain your relationship with us, your supplier; let you know what information about you is stored, how it is stored, for how long it is stored; and explain our policy for ensuring that your data protection needs are treated with the utmost seriousness. GreenNet recognises that the relationship between GreenNet and our users is a confidential one. GreenNet is a 'Registered Data Controller'. Our entry can be checked on the Data Protection Register under Registration Number: K0657188 or Z6068077 at http://www.ico.org.uk/ESDWebPages/search.asp This document is updated as and when is necessary, and at least in accordance with Oftel/Ofcom requirements. Any questions about this document or GreenNet services, please email: support@gn.apc.org Our code or procedure concerning user complaints is available separately, here.
GreenNet acts as data processor on behalf of our customers, when processing data controlled by them.
Data Retention of and access to 'Communications Data'
What do we do with this information?
How long we keep this information?
Is your information confidential?
Who can access your information?
How can inaccurate information be corrected?
About GreenNet
GreenNet supports a progressive community working for Peace, the Environment, Gender Equality and Social Justice, through the use of Information Communication Technologies (ICTs). GreenNet services are specifically tailored to meet the needs of civil society organisations and include: email, webhosting, dynamic website development and consultancy, training. GreenNet is a member of ISPA (Internet Service Providers Association) and is registered with CISAS (Communications and Internet Services Adjudication Scheme). GreenNet is an ethical not-for-profit collective and as such has a non-hierarchial structure with any profits going to its parent charity, GET (GreenNet Educational Trust). GreenNet is an equal opportunities employer and our approach to all areas of our work embraces the principle of equality and equity for all. GreenNet has an environmental policy which covers all aspects of GreenNet's operations (available on request).
Data Retention of and access to Communications data
Parliament enacted an Order which came into force on December 5th 2003, approving a voluntary code of practice in relation to ISP retention of and access to 'Communications Data' - confidential user information. As a not-for-profit ISP dedicated to supporting and promoting groups and individuals working for peace, human rights, gender equality, social justice and the environment through the use of ICTs, we aim to realise the rights of all individuals in the UK to enjoy full access to information and communication services. GreenNet has participated in good faith in various consultations throughout this process, outlining its concerns with respect proposals for retention of data, whether voluntary or mandatory. We remain deeply concerned that the voluntary code is not compliant with data protection principles and Human Rights standards. To this end, GreenNet will not participate in the voluntary retention scheme and is principally bound to retain its current data retention policy, outlined below, in the interest of defending the rights of our user community. Our responses to the consultation and further justification of our position can be found here (voluntary retention of data) and here (access to communications data). In making this submission, GreenNet Limited alludes not only to those who are privileged to make use of communication services at present, but also takes into consideration the potential of a free and open communication network to benefit the realisation of social, political, economic and human rights for all in the UK. General information about these issues can be found here.
Data Protection Act 1998, General Data Protection Regulation (GDPR) and UK Data Protection Bill 2018
Why is information stored?
GreenNet holds user data for Billing and Support purposes. This allows us to fulfill various administrative functions such as issuing invoices, recording payments and answering user support queries. We may also use information when:
- informing users about new GreenNet services
- distributing newsletters and alerts which we feel would be of interest
- distributing announcements about training activities and new projects
- These purposes are consistent with the 8 UK Data Protection Principles which state that:
- Processing of personal data must be done fairly and lawfully.
- Personal data should be obtained only for specified purposes and must be processed in a manner compatible with those purposes.
- Personal data must be adequate, relevant, and not excessive in relation to those purposes.
- Personal data must be accurate and, where necessary, kept up to date.
- Personal data should not be kept longer than necessary.
- Personal data must be processed in accordance with the rights of data subjects under the current Data Protection Act.
- Technical and organisational measures can be taken against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage to personal data.
- Personal data should not be transferred outside the European Economic Area unless to a country or territory that ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
What information is stored?
Information collected in relation to internet and internet support services
- a 'session identifier' a unique number that identifies your interaction with the 'authentication server'
- access equipment port details
- the connection speed
- a pre-session duration (before the logging was invoked)
- the date and time of the start (or end) of the connection
- an account identifier or username
- the caller line identification (CLI) provided with the call
- the IP address used by the user
- the IP address of the network access server
- the first destination IP address (often a domain name (DNS) server)
- what caused the call to end
- the total traffic transferred in each direction
- information collected in relation to billing
- This information is captured in 'logs', and is a normal part of ISP operation. The logs GreenNet uses are commonly referred to as authentication, postfix, pop and web logs. For a visual presentation of the information generally logged by ISPs, please click here or here, to view the information specifically held by GreenNet (html)
Information collected in relation to our billing/accounting system.
- Name (Individual and/or Organisation) of account holder
- Address
- Phone Number and Fax Number
- In some cases, credit card details
What do we do with this information?
Information collected in relation to internet and internet support services is used for:
- 'Trouble shooting'. Information can be used in solving certain problems users might be having, for example, 'lost mail', 'time-out's' during sessions', bounced mail problems etc.
- Defining Usage patterns. Usage patterns in one period may be compared to other periods to examine what affects usage.
- Monitoring Leased Line usage to determine that GreenNet has sufficient bandwidth to accommodate our users needs.
Information collected in relation to billing:
- is used for delivery of invoices;
- situations where the user needs to be contacted in relation to billing matters.
How long we keep this information
Logs are kept no longer than necessary. That is, we keep logs as long as is necessary for our stated specific purposes of billing and support needs. Most information logged in relation to Internet and Internet support services is kept for 7 days, whilst some may be kept for up to 1 month after which time it is deleted. Billing and accounting information is kept for the time stipulated by Companies House Legal requirements.
Is your information confidential?
All of your information is confidential including:
- The source and destination of all communications received and sent by the user.
- The content of all communications sent and received by the user.
- The name, address and other communication details of the user or others using the user's account.
- Payment history and other matters relating to the operation of the user's account.
- Information about the use made by the user of the services of GreenNet (Web browsing etc)
Who can access your information?
GreenNet will not give user information to ANY agency, organisation or company for the purposes of direct marketing. GreenNet will not disclose confidential information to any third party without your implicit or explicit consent - [implicit authorisation could mean, for example, that the information requested is publicly available, eg on the user's Website, via a 'Whois' lookup, or other publicly published databases)] - unless compelled by law to do so. In this situation, we would only disclose such information if the following conditions exist:
- the law is compliant with existing Data Protection principles and Human Rights standards.
- we have received a court order
- GreenNet considers that there is a compelling justification for disclosure;
- In the absence of such conditions, GreenNet is principally bound to protect your confidential information and inform you if any third party tries to obtain your confidential information. GreenNet does not share personal data with third parties, except as described above. All staff have clear guidelines to determine whether a user has identified themselves sufficiently for a change of account or disclosure of information and are aware that the unauthorised or illegal disclosure of personal details about users is not allowed. 'Third Parties' could include:
- Other network operators who may contact GreenNet when it is alleged that a GreenNet user has breached their Acceptable Use Policy (AUP) which may have affected the network integrity of a third party's network
- Sales and marketing companies
- Law enforcement agencies and Government Departments
How can i access my data ?
There is an annual mail out for users to correct their data or, you can contact us to amend your details at any time.
GreenNet's Data Protection Officer can be contacted confidentially by email at dpo@gn.apc.org If we hold any personal data about you, you may request a full copy of your file from the Data Protection Officer.
Our European Representative
Our representative in the European Union ('EU') for any queries related to the processing of Personal Data or EU GDPR compliance is Ian Macdonald, with registered address in València, 46006, Spain. Our EU representative can be contacted directly by phone on +34 961 111 654 or email at euprivacy@gn.apc.org.