User Tools

Site Tools


oarc-privacy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
oarc-privacy [2026/06/07 14:15] m0lteoarc-privacy [2026/06/07 14:22] (current) 2m0iig
Line 3: Line 3:
 //Last updated: 2026-06-07 · Version 0.1 (draft) // //Last updated: 2026-06-07 · Version 0.1 (draft) //
  
-OARC (the Online Amateur Radio Community, "we") is committed to handling your +The Online Amateur Radio Community ("OARC", "we", "us") is a volunteer-run 
-personal data lawfully and transparently. This notice explains what we collect, +amateur radio community operating primarily online using various services and 
-why, and your rights under UK GDPR and the Data Protection Act 2018.+platformsWe aim to be open, transparent, and respectful of our members' 
 +privacy. 
 + 
 +This Privacy Policy explains what personal data we collect, how and why we use 
 +ithow it is stored and shared, and the rights you have under UK data 
 +protection law. 
 + 
 +This is a **general policy covering OARC as a whole**. Some services we run 
 +have additional, service-specific notes, listed at the end of this document. 
 + 
 +Contact email: privacy@oarc.uk
  
 ===== 1. Who We Are ===== ===== 1. Who We Are =====
  
-OARC (the Online Amateur Radio Community) is an informal, unincorporated +OARC is an amateur radio online club run by volunteers. It is an informal, 
-collective of amateur radio enthusiasts running a Discord server and website. +unincorporated collective — not a registered company or charity. We use 
-It is not a registered company or charity, but it acts as the **data +external platforms to connect our community, and we operate some services 
-controller** for the processing described in this noticeIn practice this +directly while others are run by individual members associated with OARC.
-responsibility is held by the volunteers who administer the server and its +
-services.+
  
-  * Contact: [contact email — monitored address, not just Discord] +Where service is **not owned or directly operated by OARC**, this is stated 
-  For data Discord holds about you as a platformsee section 5.+in the service-specific section.
  
-===== 2What We Collect =====+For data protection purposes, OARC acts as the **data controller** for services 
 +it operates directly. In practice this responsibility is held by the volunteers 
 +who administer those services.
  
-  * **Discord data** — your Discord username/ID, server roles, messages, and +===== 2What Data We Collect =====
-    activity within the OARC server. +
-  * **Contact data** — name and email, if you email us or sign up for a service. +
-  * **Technical data** — IP address, browser type, and logs from our website and +
-    wiki, for security and basic analytics.+
  
-===== 3. Why We Collect Itand Our Lawful Basis =====+Depending on how you interact with OARCwe may collect:
  
-^ Purpose ^ Lawful basis (UK GDPR Art. 6^ +==== a) Basic user information ==== 
-| Running the communitymembershiprolesmoderation | Legitimate interests | + 
-| Operating and securing our websitewiki and services | Legitimate interests | +  * Username or display name 
-| Archiving and analysing server activity (see section 4| Legitimate interests | +  * Email address 
-| Optional emails / announcements you opt into | Consent | +  * Callsign (if provided
-| Meeting legal or regulatory obligations Legal obligation |+  * Discord user ID 
 + 
 +==== b) Training and licensing activities ==== 
 + 
 +When you register for training classes or licence-related activities: 
 + 
 +  * Full name 
 +  * Email address 
 +  * Callsign (if applicable) 
 +  * Training progressattendanceand assessment results 
 + 
 +==== c) Technical and usage data ==== 
 + 
 +  * IP address 
 +  * Browser or client information 
 +  * Log files for securitydiagnostics, and abuse prevention 
 + 
 +==== d) Community-contributed data ==== 
 + 
 +See the service-specific sections below. 
 + 
 +===== 3. How We Use Your Data ===== 
 + 
 +We use personal data only where necessary, including to: 
 + 
 +  * operate and moderate our community platforms (e.g. Discordforums, websites) 
 +  * archive and analyse community activity (see the Discord section) 
 +  * deliver training courses and related communications 
 +  * manage access to services such as OARC Compute or the OARC Wiki 
 +  * maintain the security and reliability of our systems 
 +  * comply with legal or regulatory obligations 
 + 
 +We do **not** use your data for advertising or sell it to third parties. 
 + 
 +===== 4. Legal Basis for Processing ===== 
 + 
 +Under UK GDPR, we process personal data using one or more of: 
 + 
 +  * **Consent** — where you explicitly provide information (e.g. signing up for training) 
 +  * **Legitimate interests** — for running, analysing and securing community services 
 +  * **Legal obligation** — where required by law
  
 Where we rely on legitimate interests, we have judged that our use is Where we rely on legitimate interests, we have judged that our use is
 proportionate and does not override your rights. You can object at any time proportionate and does not override your rights. You can object at any time
-(section 7).+(section 8).
  
-===== 4Discord, Bots and Analytics =====+===== 5Data Sharing =====
  
-The OARC server runs on Discord. **Discord is the controller for the platform +We only share personal data when necessary:
-itself** — see [[https://discord.com/privacy|Discord's Privacy Policy]].+
  
-Separately, **we** operate bots and tooling that retain and analyse server +  with service providers (e.g. hosting providers) who help us operate our services 
-activity — for example message archives, per-user posting statisticsactivity +  with instructors or volunteers involved in training activities 
-timelines, and linking activity across username changes. This is our own +  with third-party AI providerswhere we use AI tools (see the Discord section) 
-processing, used to run the community, support moderation, and produce +  * if required by law or a lawful request from authorities
-community summaries. We rely on legitimate interests, retain this data for +
-[retention period], and you may object or request erasure (section 7).+
  
-Server activity, including messages, may also be processed by AI tools and +All third parties are expected to handle data responsibly and securely.
-language models — including third-party AI providers, which may be outside the +
-UK — to generate summaries, analysis and similar features. If you do not want +
-your activity used for AI processing, you can opt out by [opt-out mechanism — +
-e.g. messaging an admin / requesting a role]; we will then exclude your data +
-from these features.+
  
-===== 5How Long We Keep It =====+===== 6International Services and Platforms =====
  
-We keep personal data only as long as needed for its purpose, then delete or +Some third-party services we use (such as Discord or Zoom) process data outside 
-anonymise it. Indicative periods: contact data [period]; website/security logs +the UK under their own privacy policies, which we encourage you to review.
-[period]; archived server activity [period].+
  
-===== 6Who We Share It With =====+Where **we** transfer data abroad ourselves — for example via hosting or AI 
 +providers — we rely on appropriate safeguards, such as UK adequacy regulations 
 +or standard contractual clauses.
  
-We do not sell your data. We share it only where required by law, or with +===== 7Data Retention =====
-trusted service providers under contract (e.g. hosting). Some providers, +
-including Discord, are based outside the UK; such transfers rely on appropriate +
-safeguards (e.g. UK adequacy regulations or standard contractual clauses).+
  
-===== 7. Your Rights =====+We keep personal data only as long as necessary, then delete or anonymise it:
  
-Under UK GDPR you have the right to access your data, correct it, request +  * Community account data is retained while you remain active 
-erasure, object to or restrict processing, request portability, and — where we +  * Training records are retained for administrative and regulatory reasons [period] 
-rely on consent — withdraw it at any time. We do not carry out automated +  * Logs are retained for security and operational purposes, then deleted [period] 
-decision-making with legal or similarly significant effects.+  * Archived community activity is retained for [period]
  
-To exercise any right, contact us at [contact email].+You may request deletion of your data where appropriate.
  
-===== 8. Cookies =====+===== 8. Your Rights =====
  
-Our website and wiki use only essential cookies needed to operate the site +Under UK data protection law, you have the right to
-[adjust if you use analytics/non-essential cookieswhich require consent].+ 
 +  * access your personal data 
 +  * request correction of inaccurate data 
 +  * request deletion of your data 
 +  * restrict or object to processing 
 +  * request portability of your data 
 +  * withdraw consent where consent is the legal basis 
 + 
 +We do not carry out automated decision-making with legal or similarly 
 +significant effects. To exercise any rightcontact us using the details at the 
 +top of this document.
  
 ===== 9. Children ===== ===== 9. Children =====
  
 OARC is intended for users aged 13 and over. We do not knowingly collect data OARC is intended for users aged 13 and over. We do not knowingly collect data
-from children under 13.+from children under 13. Some training activities may involve under-18s; where 
 +they do, we take their needs into account and collect only what is necessary. 
 +If you believe we hold data on a child under 13, contact us and we will delete 
 +it. 
 + 
 +===== 10. Cookies ===== 
 + 
 +Our website and wiki use only essential cookies needed to operate the site 
 +[adjust if you use analytics or other non-essential cookies, which require consent]. 
 + 
 +===== 11. Security ===== 
 + 
 +We take reasonable technical and organisational measures to protect personal 
 +data against loss, misuse, or unauthorised access. However, no system can be 
 +guaranteed completely secure. Where a security incident has occurred we will 
 +let our community know about it, and its impacts, as soon as we can. 
 + 
 +===== 12. Complaints ===== 
 + 
 +If you have a concern about how we use your data, please contact us first at 
 +[email protected] and we will respond. You also have the right to complain to the 
 +Information Commissioner's Office (ICO) at 
 +[[https://ico.org.uk/make-a-complaint/|ico.org.uk]] or by calling 0303 123 1113. 
 + 
 +===== 13. Changes to This Policy ===== 
 + 
 +We may update this policy from time to time. The latest version, with its 
 +revision date, will always be available on our website. 
 + 
 +====== Service-specific Notes ====== 
 + 
 +The following provide additional detail for specific OARC-related services. For 
 +questions about this policy or any service, contact us using the details at the 
 +top of the document. 
 + 
 +===== Discord Community ===== 
 + 
 +  * Discord is operated by a third party; your data is also subject to 
 +    [[https://discord.com/privacy|Discord's own privacy policy]]. 
 +  * OARC moderators may access messages and logs for moderation and safety. 
 +  * We also operate bots and tooling that retain and analyse server activity - for example message archives, per-user posting statistics, activity timelines, and linking activity across username changes - to run the community, support moderation, and produce community summaries. We rely on legitimate interests and retain this data for [period]. 
 +  * Server activity, including messages, may be processed by AI tools and language models (including third-party providers, possibly outside the UK) to generate summaries and analysis. If you do not want your activity used for AI processing, you can opt out by [opt-out mechanism — e.g. messaging an admin / requesting a role]; we will then exclude your data from these features. You may also object or request erasure under section 8. 
 + 
 +===== Zoom Calls ===== 
 + 
 +  * Zoom is used occasionally for meetings and training. 
 +  * Attendance and display names may be visible to other participants. 
 + 
 +===== ADS-B and AIS Tracking Services ===== 
 + 
 +  * These services collect and redistribute radio signal data. 
 +  * Contributed data is provided freely and not sold. 
 +  * Personal data is not intentionally collected. 
 + 
 +===== OARC Compute ===== 
 + 
 +  * Account information is used to provide access to computing resources. 
 +  * Activity may be logged for security, abuse prevention, and capacity planning.
oarc-privacy.1780841700.txt.gz · Last modified: by m0lte