User Tools

Site Tools


oarc-privacy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
oarc-privacy [2025/05/09 20:03] – created m0lteoarc-privacy [2026/06/07 14:22] (current) 2m0iig
Line 1: Line 1:
-====== OARC GDPR / Privacy Policy ======+====== OARC Privacy Policy ======
  
-StatusDRAFT+//Last updated2026-06-07 · Version 0.1 (draft) //
  
-At OARC, we take your privacy seriously. We aim to collect as little personal data as possible and keep it only for as long as necessary. This policy applies to our main website and any affiliated projects or initiatives.+The Online Amateur Radio Community ("OARC""we", "us") is a volunteer-run 
 +amateur radio community operating primarily online using various services and 
 +platforms. We aim to be open, transparent, and respectful of our members' 
 +privacy.
  
-===== 1What We Collect =====+This Privacy Policy explains what personal data we collect, how and why we use 
 +it, how it is stored and shared, and the rights you have under UK data 
 +protection law.
  
-We only collect personal data when it's essential—for example:+This is a **general policy covering OARC as a whole**. Some services we run 
 +have additional, service-specific notes, listed at the end of this document.
  
-Contact information (like name or email) if you contact us or sign up for a service.+Contact email: privacy@oarc.uk
  
-Technical data (like IP addresses or browser type) for security or basic analytics.+===== 1Who We Are =====
  
-===== 2Why We Collect It =====+OARC is an amateur radio online club run by volunteers. It is an informal, 
 +unincorporated collective — not a registered company or charity. We use 
 +external platforms to connect our community, and we operate some services 
 +directly while others are run by individual members associated with OARC.
  
-We collect data only to:+Where a service is **not owned or directly operated by OARC**, this is stated 
 +in the service-specific section.
  
-Operate our websites or projects safely.+For data protection purposes, OARC acts as the **data controller** for services 
 +it operates directly. In practice this responsibility is held by the volunteers 
 +who administer those services.
  
-Communicate with participants when needed.+===== 2What Data We Collect =====
  
-Fulfill any legal or regulatory obligations (e.g.licensing-related matters).+Depending on how you interact with OARCwe may collect:
  
-===== 3. How Long We Keep It =====+==== a) Basic user information ====
  
-We delete or anonymize personal data as soon as it's no longer needed for its original purpose. This could be immediately, or after a short period (like project completion or inactivity).+  * Username or display name 
 +  * Email address 
 +  * Callsign (if provided) 
 +  * Discord user ID
  
-===== 4. Who We Share It With =====+==== b) Training and licensing activities ====
  
-We don’t sell your personal data. We don't share your personal data unless:+When you register for training classes or licence-related activities:
  
-It’s required by law.+  * Full name 
 +  * Email address 
 +  * Callsign (if applicable) 
 +  * Training progress, attendance, and assessment results
  
-It’s necessary to operate a service (e.g., a trusted hosting provider under contract).+==== cTechnical and usage data ====
  
-===== 5. Your Rights =====+  * IP address 
 +  * Browser or client information 
 +  * Log files for security, diagnostics, and abuse prevention
  
-Under the GDPR, you have the right to:+==== d) Community-contributed data ====
  
-Access your data.+See the service-specific sections below.
  
-Correct inaccuracies.+===== 3How We Use Your Data =====
  
-Ask us to delete your data.+We use personal data only where necessary, including to:
  
-Object to or restrict how we use your data.+  * operate and moderate our community platforms (e.g. Discord, forums, websites) 
 +  * archive and analyse community activity (see the Discord section) 
 +  * deliver training courses and related communications 
 +  * manage access to services such as OARC Compute or the OARC Wiki 
 +  * maintain the security and reliability of our systems 
 +  * comply with legal or regulatory obligations
  
-To exercise your rights, contact the community leads via the Discord server.+We do **not** use your data for advertising or sell it to third parties.
  
-===== 6Data for Specific Projects =====+===== 4Legal Basis for Processing =====
  
-Some projects or initiatives may collect slightly different databut always follow the same principles of:+Under UK GDPRwe process personal data using one or more of:
  
-Minimal data collection.+  * **Consent** — where you explicitly provide information (e.g. signing up for training) 
 +  * **Legitimate interests** — for running, analysing and securing community services 
 +  * **Legal obligation** — where required by law
  
-No unnecessary retention.+Where we rely on legitimate interests, we have judged that our use is 
 +proportionate and does not override your rights. You can object at any time 
 +(section 8).
  
-Clear purpose for all data use.+===== 5Data Sharing =====
  
-Each project will provide any necessary additional information when relevant.+We only share personal data when necessary: 
 + 
 +  * with service providers (e.g. hosting providers) who help us operate our services 
 +  * with instructors or volunteers involved in training activities 
 +  * with third-party AI providers, where we use AI tools (see the Discord section) 
 +  * if required by law or a lawful request from authorities 
 + 
 +All third parties are expected to handle data responsibly and securely. 
 + 
 +===== 6. International Services and Platforms ===== 
 + 
 +Some third-party services we use (such as Discord or Zoom) process data outside 
 +the UK under their own privacy policies, which we encourage you to review. 
 + 
 +Where **we** transfer data abroad ourselves — for example via hosting or AI 
 +providers — we rely on appropriate safeguards, such as UK adequacy regulations 
 +or standard contractual clauses. 
 + 
 +===== 7. Data Retention ===== 
 + 
 +We keep personal data only as long as necessary, then delete or anonymise it: 
 + 
 +  * Community account data is retained while you remain active 
 +  * Training records are retained for administrative and regulatory reasons [period] 
 +  * Logs are retained for security and operational purposes, then deleted [period] 
 +  * Archived community activity is retained for [period] 
 + 
 +You may request deletion of your data where appropriate. 
 + 
 +===== 8. Your Rights ===== 
 + 
 +Under UK data protection law, you have the right to: 
 + 
 +  * access your personal data 
 +  * request correction of inaccurate data 
 +  * request deletion of your data 
 +  * restrict or object to processing 
 +  * request portability of your data 
 +  * withdraw consent where consent is the legal basis 
 + 
 +We do not carry out automated decision-making with legal or similarly 
 +significant effects. To exercise any right, contact us using the details at the 
 +top of this document. 
 + 
 +===== 9. Children ===== 
 + 
 +OARC is intended for users aged 13 and over. We do not knowingly collect data 
 +from children under 13. Some training activities may involve under-18s; where 
 +they do, we take their needs into account and collect only what is necessary
 +If you believe we hold data on a child under 13, contact us and we will delete 
 +it. 
 + 
 +===== 10. Cookies ===== 
 + 
 +Our website and wiki use only essential cookies needed to operate the site 
 +[adjust if you use analytics or other non-essential cookies, which require consent]. 
 + 
 +===== 11. Security ===== 
 + 
 +We take reasonable technical and organisational measures to protect personal 
 +data against loss, misuse, or unauthorised access. However, no system can be 
 +guaranteed completely secure. Where a security incident has occurred we will 
 +let our community know about it, and its impacts, as soon as we can. 
 + 
 +===== 12. Complaints ===== 
 + 
 +If you have a concern about how we use your data, please contact us first at 
 +[email protected] and we will respond. You also have the right to complain to the 
 +Information Commissioner's Office (ICO) at 
 +[[https://ico.org.uk/make-a-complaint/|ico.org.uk]] or by calling 0303 123 1113. 
 + 
 +===== 13. Changes to This Policy ===== 
 + 
 +We may update this policy from time to time. The latest version, with its 
 +revision date, will always be available on our website. 
 + 
 +====== Service-specific Notes ====== 
 + 
 +The following provide additional detail for specific OARC-related services. For 
 +questions about this policy or any service, contact us using the details at the 
 +top of the document. 
 + 
 +===== Discord Community ===== 
 + 
 +  * Discord is operated by a third party; your data is also subject to 
 +    [[https://discord.com/privacy|Discord's own privacy policy]]. 
 +  * OARC moderators may access messages and logs for moderation and safety. 
 +  * We also operate bots and tooling that retain and analyse server activity - for example message archives, per-user posting statistics, activity timelines, and linking activity across username changes - to run the community, support moderation, and produce community summaries. We rely on legitimate interests and retain this data for [period]. 
 +  * Server activity, including messages, may be processed by AI tools and language models (including third-party providers, possibly outside the UK) to generate summaries and analysis. If you do not want your activity used for AI processing, you can opt out by [opt-out mechanism — e.g. messaging an admin / requesting a role]; we will then exclude your data from these features. You may also object or request erasure under section 8. 
 + 
 +===== Zoom Calls ===== 
 + 
 +  * Zoom is used occasionally for meetings and training. 
 +  * Attendance and display names may be visible to other participants. 
 + 
 +===== ADS-B and AIS Tracking Services ===== 
 + 
 +  * These services collect and redistribute radio signal data. 
 +  * Contributed data is provided freely and not sold. 
 +  * Personal data is not intentionally collected. 
 + 
 +===== OARC Compute ===== 
 + 
 +  * Account information is used to provide access to computing resources. 
 +  * Activity may be logged for security, abuse prevention, and capacity planning.
oarc-privacy.1746821033.txt.gz · Last modified: by m0lte