Privacy Policy
Definitions
We or us refers to Carnstone. Web application or application refers to the code, resources and database providing the functionality of this web site at motorsportcarbontool.org. A visitor is someone who browses the publicly available area of the application. A registered user is someone who has a registered account with which to log in to the application.
Scope
This privacy policy explains what information we collect, how it is used, and for how long it is stored. It does not apply to pages hosted by other organisations linked to from this application.
Motorsport UK
Relevant Motorsport UK colleagues, suppliers and subcontractors will have access to your personal data for the purpose it was collected. When suppliers and subcontractors have access to your personal data, Motorsport UK will be responsible for decisions about how your personal data is used.
In some cases, where there is a lawful reason for them to do so, Motorsport UK may share personal data with third parties such as the Department for Digital Culture Media Sport, external auditors, the Information Commissioner’s Office, the Parliamentary and Health Service Ombudsman or other trusted partners, including NGBs and funded organisations. Where possible and practical to do so, Motorsport UK will tell you if your personal data will be shared, and the third parties the data be shared with, at the time we collect your personal data.
You can make a subject access request to Motorsport UK by contacting their Information Governance Manager at privacy@motorsportuk.org.
Data Collection & Use
User Accounts
We need to collect and process certain elements of your personal data when you register as a user so that the services we provide can function.
The application stores a forename, surname and email address along with a password in order to identify registered users. It may also store the organisation a user is affiliated with and contact details such as job title and phone number. If you are a registered user, you can access and edit this information within the application. Some users from your organisation may have permission to create and edit accounts for you and other employees. In addition to logging in, email addresses are used for sending password resets, notifications that you request and correspondence related to the services we provide.
As part of the service we provide, the application may share your contact information with other registered users. Occasionally, some of your information may also be shared on publicly viewable pages of the application but we will advise you in advance of this happening.
User Logs
The application logs certain actions performed by registered users in their use of the application. This data is used as an audit trail, to improve security, to diagnose and fix bugs and to analyse trends amongst users.
Server Logs
The server software running the application logs requests from visitors when they view pages or download documents from the application. This information includes basic technical information such as your web browser, operating system and your IP address. It may also include referral information if you followed a link to get here. This information is used to improve the application, diagnose and fix bugs and analyse trends amongst visitors and registered users.
Use Of Cookies
A session cookie is created and used to keep registered users logged in and to remember some of the actions visitors perform for the duration of their visit. This cookie contains only an ID which is used to maintain a persistent session and it is necessary for the proper functioning of the application. The cookie expires after 60 minutes of inactivity.
Sharing Information With Third Parties
We do not sell any personal information to third parties for marketing purposes.
Data Retention
Retention Period
We retain information that we collect from you only for as long as we need it for legal or business purposes. When your information is no longer needed, we will destroy, delete, or erase it.
Backups
Regular backups are created and transferred to secure off-site servers to allow recovery of accidentally deleted data through user actions or software or hardware failure and to aid application development. Backups are retained for up to 31 days. Deleted information may remain in these backups for this period.
Security Policy
This application is built using industry-standard security measures. All communication with the application requires HTTPS. Passwords are salted and hashed before storage. Our server software is regularly updated with the latest security patches. We and the third parties who provide services for us, also maintain technical and physical safeguards on the data we store. We restrict access to personal information to employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations.
If you are a registered user, we strongly urge you to protect your password, never share it, avoid reusing it for other services, and to log out of the application when you finish using it, especially if you are sharing or using a computer in a public place.
Changes To This Policy
We keep our privacy policy under regular review and make sure this document is up to date and accurate.