Privacy

The Ferret is committed to maintaining your privacy and collects only the minimum information we need about you to provide our services effectively. 

We will collect and use individual user details only if we have your permission or we have sensible business reasons for doing so.

For example, we need to process personal information to manage subscriptions and memberships, for marketing our content,events and products, or for providing statutory services to our members.

We do not sell, trade, or rent personal identification information to others. We can access and release personal information to keep to relevant laws and government requests, to operate our systems properly and to protect both us and our members.

Any organisations who access your information in the course of providing services on our behalf will be governed by strict contractual restrictions to make sure that they protect your information and keep to data-protection and privacy laws which apply.

Some of our webpages use plug-ins or code provided by other organisations. For example, this could include embedded media from Facebook or Twitter. If you browse our website, whilst also being logged into an account with these companies they may be able to link your use of The Ferret website to your account with them.

On our website, all registered users are provided with an “account” page. If you register for a community membership, or a paid subscription, you can manage and edit key personal information we hold about you.

If you do not update this information you may not receive important communications from us.

Journalism

Our journalists may gather, or be passed, personal information in the course of writing, producing and researching stories for this website.

The law sets out the basis on which we may do this. More information on regulations that apply are available on the Information Commissioners website.

We only keep material held for this purpose for as long as we require it, and we work to ensure that it is stored securely.

The Ferret is regulated by Impress and therefore required to comply with the Impress Standards Code. It has a specific section on privacy and related guidance materials.

Data retention

The Ferret will only store your personal data for as long as it is necessary to provide you with a service or to comply with applicable laws and standards set-out by any relevant regulatory bodies.

In most circumstances we will not retain data for longer than three years from the date of last contact.

Use of Cookies and tracking ‘Tags’

The Ferret uses cookies and tracking ‘tags’ for a number of different reasons.

A cookie is a small file that stores information in your browser.

A tracking ‘tag’ is a piece of code that may gather information about your browser, and the way you use our website.

Our paywall is essential to the functioning of our service. When you visit our site we add a cookie to your browser that monitors how many restricted pages you have viewed in the current month. It does not pass any information to other third parties. If you wish to opt-out of this cookie from our site you should alter the settings in your browser.

Our security software also uses a cookie to keep our users safe and protect our site against unauthorised use.

Google Analytics is used to track visitors to our website. We use Google Analytics for statistical reasons. For example, it tells us how many users we have and how often they visit our websites. We collect information listing which of our pages are most frequently visited, and by which types of users and from which countries.

We aim to make sure that no personal information is sent to Google Analytics. We ensure that the IP addresses of all our users are anonymised before they are processed by Google. You can also click here to Disable Google Analytics completely.

From time to time we may also use trackers provided by some third party organisations, in order to better understand the demographics of our audience and make the most efficient use of our digital marketing budget.

We may use Google, Facebook and Twitter tracking pixels on some pages. These help us to understand more about our audience and make the most of our online marketing budget.

The Ferret honours the Do Not Track standard which is supported by all modern browsers. Therefore, if you do not want these companies to access any information about your browsing on theferret.scot you can activate this setting in your browser. Find out how here: http://donottrack.us/

If you have an account with Google, Facebook or Twitter you can also manage how they treat the information they derive from tracking technologies on their sites.

Data Collected to Manage Your Membership

At checkout, we will collect your name, email address, username, and password. This information is used to setup your account for our site.

At checkout, we may also collect your phone number. This information may be used to contact you about our work and your membership. The phone number is saved by our site and it may also be passed to a third party text message service to allow us to contact you this way.

Any services we use for this purpose will never pass your phone number on to other organisations or use it for any purpose other than that set out in this policy. You will always be able to opt-out of receiving communications from us by text message by sending a message from your phone.

At checkout, we may also collect your credit card number, expiration date, and security code. This information is passed to our payment gateway to process your purchase. The last 4 digits of your credit card number and the expiration date are saved by our site to use for reference and to send you an email if your credit card will expire before the next recurring payment.

When logged in, we use cookies to track some of your activity on our site including logins, visits, and page views.

Comments

If you comment on a story or a forum post you should be aware that anything you write or link to will be publicly available.

We may use automated third-party services such as Akismet to check comments for spam or prevent abuse. Comments we judge to be “missed spam” may be retained by these services in order to help them improve.

You can only comment if you are registered with the site. We may set additional cookies to make it easier for you to add a comment.

Email

Email is a vital tool for us to communicate with our members and supporters.

A link will be included in the footer of all of our emails, allowing you to opt-out of receiving communications from us in this way.

If you unsubscribe you should be aware that you may not receive some important member communications.

We use a service provided by Mailchimp to deliver some of our email alerts and manage our email lists. You can find the Mailchimp privacy policy here: http://mailchimp.com/legal/privacy/

Additionally, you may also receive occasional automated email alerts from our community forum. These may be about new posts, or private messages sent to you.

You can manage the frequency and type of email alerts your receive from our community forum on your account page at community.theferret.scot

Push notifications

We use a service provided by OneSignal to provide optional browser based push-notifications.

We use a paid version of their service to ensure that data from our browsers is not shared by OneSignal with other advertising companies.

If you opt-in to receive these notifications, some information about your browser and your responses to push notifications will be passed to OneSignal. You can find the OneSignal privacy policy here: https://onesignal.com/privacy_policy

You can opt-out of OneSignal related data collection by revoking push notification permissions on your browser.

Text Messages

We also work with a company called GroundSource in order to involve our members and supporters in our work using text messages.

We will only send text messages to people who opt-in to receive them, and you can opt-out at any time by sending us a text message to let us know.

Payments and subscriptions

When you subscribe to The Ferret, online payments are managed on our behalf by Stripe.

Although Stripe do make some of your personal details available to us, they do not share your payment card details with us. You can find the Stripe privacy policy here: https://stripe.com/gb/privacy

We may also use GoCardless and Paypal to handle payments on our behalf. They also make some of your personal details available to us, but they do not share details of your payment card or bank account with us.

We use a service called Baremetrics to help us manage our subscriptions. If you are a paying subscriber, some personal information about you, such as your name, and payment history, will be passed to Baremetrics.

Events

We may use third-party services to help us promote and manage events.

For example, we have used Eventbrite to help us sell tickets and promote our events. Therefore when you buy a ticket for one of our events you may share some personal information with these services.

We will use the information shared to us by these third-party services to contact you in connection with the event and also, if you agree, other subsequent Ferret initiatives you may be interested in.

If you attend an event organised through these services you will always be able to opt-out of any direct communications from us although this may mean that you do not receive important information relating to the event. You will also be able to contact the third party service provider to manage any data they may hold about you.

Hosting

The main Ferret website is hosted via Cloudways on servers hosted by Digital Ocean in London. Our community forum is hosted and managed by Discourse Hosting. 

Productivity tools

We use a number of third-party productivity tools to manage our activities. These include Slack, Trello, Google G-Suite, and Loomio.

We audit these tools regularly to ensure that only appropriate people have access and that any personal data is not retained for longer than necessary.

Automated decision making

Sometimes we may perform automated analysis on the personal data that we hold in order to ensure the communications we send are as useful as possible.

For example, we may analyse the responses we get to messages we send to identify people who frequently reply and people who rarely reply. Similarly, we may send automated messages to people whose subscription is due to end in order to remind them that they need to renew their membership.

We do not sell the results of these analyses to any third-party organisations.

Your right of access

You may, at any time ask us to confirm whether or not we are processing Personal Data about you and, if we are, you shall have the right to access that personal data and to the following information:

  • What personal data we have,
  • Why we process them,
  • Who we disclose them to,
  • How long we intend on keeping them for (where possible),
  • Whether we transfer them abroad and the safeguards we take to protect them,
  • What your rights are,
  • How you can make a complaint,
  • Where we got your personal data from and
  • Whether we have carried out any automated decision-making (including profiling) as well as related information.

Upon request, we shall (without adversely affecting the rights and freedoms of others including our own) provide you with a copy of the personal data undergoing processing within one month of receipt of the request, which period may be extended by two months where necessary, taking into account the complexity and number of the requests.

We shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

Downloading and deleting your personal data

You can download all your messages and public comments on our community forum at any time. This will include public comments made on our published stories.

You also have the option to cancel your forum account and anonymise all your previous public messages on the forum. To delete your forum account entirely, you must delete all your comments and messages first.

You can cancel your membership, or downgrade it to a free tier, or cancel your account entirely on the “My Account” page.

If you delete your account completely then you will not be able to access your account or your forum posts, comments and messages in the future.

Whilst this process will delete the majority of the data we hold about you, if you would like us to send you a copy or delete absolutely all the personal data we hold about you, including any private emails you may have sent us please get in touch. 

This policy was last updated on 07/07/2018.