WHO WE ARE
The Share Shed is a library of things originally set up by the Network of Wellbeing.
This privacy notice tells you how we collect and process your personal data when you use our site: https://shareshed.org.uk.
You have the right to request:
Transfer of your data.
You also have the right to:
Object to processing;
Port your data; and
Withdraw consent (where the lawful ground of processing is consent).
You can learn more about your rights at: ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights
To exercise any of the rights set out above, please email us at firstname.lastname@example.org.
We won’t ask you to pay a fee to access your personal data (or to exercise any of the other rights).
However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. In those circumstances, we may refuse to comply with your request.
We may need to request specific information from you to help us confirm it’s you and make sure you have the right to access the personal data (or to exercise any of your other rights). This is a security measure, so we don’t share that personal data to anyone who has no right to get it. We may also contact you to ask you for more information about your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In that case, we’ll let you know.
If you aren’t happy with any aspect of how we collect and use your data, you have the right to complain.
WHAT PERSONAL DATA WE COLLECT AND WHY WE COLLECT IT
We use personal data where it is necessary to provide the services you request as a member of the Share Shed.
To provide loan reminder services, we use the identification and contact information of account holders. We use transaction information to deliver key features of the services, such as displaying loan history.
We use personal data to communicate with you, like sending payment notifications and reminders, alerting you to changes in the service, or providing customer support.
We share personal data with financial merchants in a transaction to provide our payment services.
USING PERSONAL DATA FOR OUR LEGITIMATE INTERESTS
We use personal data for our legitimate business interests. When we do, we make sure we understand and work to minimise its privacy impact. For example, we limit the data to what is necessary, control access to the data, and where we can, aggregate or de-identify the data.
We use personal data to develop and improve our products and services. For example, we might use data to:
Analyse how people engage with our products and services so that we can develop new products or features.
We use personal data to promote our services, communicate news, updates and events.
We do not share your personal data with anyone else.
When visitors use contact forms on the site to request tool kits or to be added to our mailing list, we collect the data shown in the contact forms, and also the visitor’s IP address and browser user agent string to help spam detection.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after one day.
EMBEDDED CONTENT FROM OTHER WEBSITES
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automatic for 28 days and are used for the sole purpose of powering this feature.
This feature only records activities of a site’s registered users, and the retention duration of activity data will depend on the site’s plan and activity type.
Data Used: To deliver this functionality and record activities around site management, the following information is captured: user email address, user role, user login, user display name, WordPress.com and local user IDs, the activity to be recorded, the WordPress.com-connected site ID of the site on which the activity takes place, the site’s Jetpack version, and the timestamp of the activity. Some activities may also include the actor’s IP address (login attempts, for example) and user agent.
Activity Tracked: Login attempts/actions, post and page update and publish actions, comment/pingback submission and management actions, plugin and theme management actions, widget updates, user management actions, and the modification of other various site settings and options. Retention duration of activity data depends on the site’s plan and activity type. See the complete list of currently-recorded activities (along with retention information).
Data Synced (?): Successful and failed login attempts, which will include the actor’s IP address and user agent.
Data Used: If Akismet is enabled on the site, the contact form submission data — IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (also owned by Automattic) for the sole purpose of spam checking. The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the owner of the form (i.e. the site author who published the page on which the contact form resides). This email will include the submitter’s IP address, timestamp, name, email address, website, and message.
Data Synced (?): Post and post meta data associated with a user’s contact form submission. If Akismet is enabled on the site, the IP address and user agent originally submitted with the comment are synced, as well, as they are stored in post meta.
Data Used: A visitor’s preference on viewing the mobile version of a site.
Activity Tracked: A cookie (akm_mobile) is stored for 3.5 days to remember whether or not a visitor of the site wishes to view its mobile version. Learn more about this cookie.
Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.
Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.
WORDPRESS.COM SECURE SIGN ON
This feature is only accessible to registered users of the site with WordPress.com accounts.
Data Used: User ID (local site and WordPress.com), role (e.g. administrator), email address, username and display name. Additionally, for activity tracking (see below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.
Activity Tracked: The following usage events are recorded: starting the login process, completing the login process, failing the login process, successfully being redirected after login, and failing to be redirected after login. Several functionality cookies are also set, and these are detailed explicitly in our Cookie documentation.
Data Synced (?): The user ID and role of any user who successfully signed in via this feature.
This feature is only accessible to registered users of the site who are also logged in to WordPress.com.
Data Used: Gravatar image URL of the logged-in user in order to display it in the toolbar and the WordPress.com user ID of the logged-in user. Additionally, for activity tracking (detailed below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.
Activity Tracked: Click actions within the toolbar.
WHO WE SHARE YOUR DATA WITH
We will never share your personal data with any third party for their own marketing purposes without your express consent.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you from us, or by emailing us at email@example.com.
We may have to share your personal data with the following parties:
IT and system administration service providers;
Professional advisers including lawyers, bankers, accountants and insurers;
Government bodies that require us to report processing activities;
Third parties to whom we sell, transfer or merge parts of our business or our assets.