We care a lot about our users’ privacy.

Running websites like ours means that your data will inevitably be in our care for a limited period of time.

We put a lot of thought into managing that data in ways that will not compromise your privacy. Below, you can read about the decisions we’ve made.

We hope it covers everything you need to know, but if you still have any questions please feel free to contact us.

Who we are

mySociety is a UK not-for-profit organisation. You can find our contact details here, and read more about what we do here.

Our services

Our services will generally have their own, specific, privacy policies, see for example the WhatDoTheyKnow.com privacy policy, WriteToThem privacy policy and FixMyStreet privacy policy.

What information we collect and how we use it

If you subscribe to our newsletter We add your name and email address to mySociety’s newsletter mailing list, which is managed via Mailchimp. In March 2020 we made a decision to no longer use tracking in our newsletters, which means that we can’t identify how many or which users have opened mailouts or followed links.

Subscribers receive one general mySociety newsletter monthly; if you have selected to receive one or more of our special interest newsletters, you’ll receive an extra monthly bulletin for each. Rarely, we send an extra mailout to impart news or announce events.

Note that Mailchimp may transfer personal data outside the EU. Please contact Mailchimp with questions or concerns about this.

If you make a donation Your name, payment and security details are held by the payment processor (Stripe, GoCardless or Paypal). Your name, email address, postal address (the billing address of your card and/or your home address — if applicable —  to claim Gift Aid), the last few digits of your card or bank account number, and the donation amount are then made available to us. We do not use this data for purposes other than processing your donation, and company accounting — which may involve sharing data with our accountant or HMRC.

If you contact us via email Your email address and message will be accessible to our small team of support staff and may be forwarded to the person or people in the organisation best equipped to respond. We adhere to strict internal privacy policies which comply with the GDPR.

If you sign up to our events Your name, email address, organisation, country of residence and event preferences (different for each event, but including e.g. dietary requirements, session ideas, consent to be photographed and name put on public guest list, newsletter preferences, attendance preferences, accessibility needs etc) are often collected via Google forms and stored on Google sheets. mySociety pays for Google’s G Suite. Therefore, according to Google’s G Suite Privacy policy, the data collected through Google forms is not owned by Google and they thus will not share it with third parties or use it for advertising. This data will be used only by mySociety staff for event communications and logistics and will not be shared with third parties. Our retention policy for this data can be found here. For some events including our TICTeC conferences, data is collected and stored via the third-party site Eventbrite. See the TICTeC privacy policy for more details.

Your personal information is never shared externally, or used for purposes other than the above.

Legal basis for processing

In subscribing to the newsletter or contacting us, you are consenting to the processes as described on this page. The legal basis is GDPR  6(1)(a) – Consent of the data subject.

In making a donation you consent to the processing of your data on the legal basis of GDPR 6(1)(c) – Processing is necessary for compliance with a legal obligation. We need to process and retain your data in order to comply with the law regarding company and charity accounting.

Retention periods

In all cases listed above, we retain your personal data until such a time as you unsubscribe or ask us to remove your details.

If you contact mySociety via our contact form, we reserve the right to keep your message indefinitely. This is to aid continuity and so that we can view any historic context which may have bearing on subsequent support mail, even if members of the support staff change. Support staff adhere to strict internal privacy and security policies.

We are obliged to keep records relating to financial transactions for at least six years following the end of the accounting period in which the transaction took place. We destroy our records after this point; if you require information on payment processors’ policies, please contact them directly.

How to unsubscribe from the newsletter

Every newsletter contains a quick and easy unsubscribe link in its footer.

When you unsubscribe from a newsletter managed via Mailchimp, your details remain on the list of past recipients. This is a measure to prevent circumstances such as a member of staff accidentally manually re-adding you. Mailchimp states: “As a compliance measure, subscribers who unsubscribe themselves can’t be deleted from your list.”

However, provided you are still a subscriber at the point when you contact us, on request your details can be permanently removed from the list – please get in touch if you would like this to happen.

Your right to access

You may contact us at any time to ask to see what personal data we hold about you. Please contact us to request this.

Your right to erasure

You may request that we destroy the personal data that we hold about you, provided that there is no legitimate reason for us continuing to hold it, that is to say if it does not relate to financial transactions or is unlikely to be of any legal or practical purpose in the future. Please contact us to request this.

Your right to complain

If you believe that we have mishandled your data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can report a concern here (but do contact us first, so that we can try and help).

Security

Cyber Essentials certified

mySociety is Cyber Essentials certified, as a verification that we guard against the most common cyber threats and to demonstrate our commitment to cyber security.

 

Data, cookies, and external services

Like many other websites, we sometimes use cookies, Facebook buttons and Google Analytics to help us make our websites better.

These tools are very common and widely used by other sites, but they do have privacy implications, and as a charity concerned with socially positive uses of the internet, we think it’s important to explain them in full.

When you visit sites that use these tools, you’re potentially telling companies such as Facebook and Google that you visited, as well as some information about how your web browser is configured. Nothing more that that – we don’t give out personal information like your email address, home address or private mail.

If you don’t want to share your browsing activities on mySociety’s sites with other companies, you can install opt-out browser plugins. Here are links to more explanations:

 Cookies

To make our service easier or more useful, we sometimes place small data files on your computer or mobile phone, known as cookies. Many websites do this.

This information can be useful for you, and useful for us. For example, if you leave a comment on the blog, cookies ensure that the next time you comment, you won’t have to re-enter your credentials.

Cookies can also help us measure how people use the website, so we can improve it and make sure it works properly.

Below, we list the cookies and services that this site may use.

Name

Typical Content

Expires

comment_author

The name used to leave a comment

1 year

comment_author_email

The email address used to leave a comment

1 year

comment_author_url

The URL used to leave a comment

1 year

Measuring website usage (Google Analytics)

We use Google Analytics to collect information about how people use this site. We do this to make sure it’s meeting its users’ needs and to understand how we could do it better.

Google Analytics stores information such as what pages you visit, how you got here, what you click on, and information about your web browser.

IP addresses are masked (only a portion is stored) and personal information is only reported in aggregate. We do not allow Google to use or share our analytics data for any purpose besides providing us with analytics information, and we recommend that any user of Google Analytics does the same. We do not allow Google Analytics to set cookies on your computer.

Google’s official statement about Analytics data

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). The information generated about your use of the website will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

 If you’re unhappy with the idea of sharing the fact you visited our sites (and any other sites) with Google, you can install the official browser plugin for blocking Google Analytics.

Facebook

We use Facebook on some of our sites to make it quicker and easier for you to log in to the site and to share information with your friends.

If you’re unhappy with data about your visit being used in this way it just requires you to make some changes to your browser. Here is one tool you could use: Disconnect.

Even more detail

mySociety cares a lot about our users’ privacy. We have carefully written privacy policies, and we try our hardest to look after private data that we hold.

However, in the modern world, more often than not users’ privacy is put most at risk not from hacking or data theft, but by people inadvertently giving data about themselves away as they surf around the internet.

One of the most common ways in which this happens is that people visit Website A without realising that by visiting it they are telling Website B which pages on Website A they have visited, as well as information about the set up of the web browser being used.  The reason this happens is that the people who run Website A add elements to their webpages, such as adverts, which are run by Website B.

When a user visits Website A, their browser loads content both from Website A and from Website B. The side effect is that Website B knows that you visited Website A.

Normally this is not a problem at all, but if Website A is a website about a private medical condition, or contains help with filing for a divorce, or advice on how to come out to your parents, then you might not be happy that Website B gets to know about your surfing activities.

mySociety is starting to make greater use of tools like Google Analytics, and Facebook’s ‘Like’ buttons, on our sites. These represent different kinds of Website B.

We believe that adding elements supplied by these companies to our sites help us to help our users. However, because we have a wider public service remit we want our users to be aware that this means that these companies do get to know that you visited our websites. And not just our websites, of course, but the millions of other sites that contain elements supplied by these groups.

Many if not most people simply won’t care about the fact that their information is being sent to third parties. But some people will, and we consider that it is our duty to explain what is happening, and to link to sources that will explain what you can do to protect yourself further.

Lastly, if you are looking specifically to block external cookies that mySociety uses, please be aware that as of today Facebook and Google Analytics are all we use – we have no advertising on our sites.

Parts of this text originated on the gov.uk cookies page and have been re-used under the Open Government Licence.

Last updated: March 2021