Data Protection

EU GPDRThere have been many abuses of personal data, such as impossible-to-stop spam from legitimate organisations, analysing your personal data for dubious reasons, and using it for illegal purposes such as attempting to empty your bank account or sell your house. Some organisations legitimately holding key information on you (such as your name, address, and bank account details) have taken inadequate care of that information and it has ended up in the hands of criminals, with devastating consequences for the individuals targeted this way. Some cases have been very high profile, such as the harvesting of the personal data from Facebook by Cambridge Analytica. EU countries have agreed to increase your legal protection from May 2018, with the General Data Protection Regulation (GPDR). The GPDR will be part of British law because as of May 2018 we are a member of the EU. After brexit the government may choose to keep that law, or they may scrap much or all your protection in the belief that it will help foster economic dynamism (ie selling your personal information to the highest bidder). Ahead of the introduction of the GPDR, Facebook transferred user data from the Republic of Ireland to the US, where there is a lower level of protection for you than there will be in the EU, but the Push Bikes servers are in the EU, and there are no plans to move them.

Your Data With Push Bikes

Whilst data protection is a Good Thing, for small organisations like Push Bikes, the GPDR is undoubtedly a headache. We require user data to function as a campaigning and social group, but we have extremely limited resources (all the Push Bikes officers are unpaid volunteers). So this page is here to help you if we have overlooked something and you are worried, or that oversight is causing you a problem.

We do not sell your data, or intentionally share it with it with others without your express consent. We will endeavour to make sure the personal data we hold is up-to-date and you are agreeable to it being held. We keep the data held on individuals to an absolute minimum. For example, you'll notice that contributions to the website are typically not published in the author's full name. That is to limit the amount of information that can be harvested from the website; both criminals and some legitimate organisations compile harvested data from multiple sources until they have enough to use for their purposes.

If you think we may hold data on you, you can contact us to ask if we do and what is the nature of that data. You do not have to suffer in silence if we are accidentally sending you emails or letters you do not want. If you wish, we can destroy the data we have on you, but that may be disadvantageous to you. For example, if you want to be removed from the membership database, you will no longer be a member, which means you will lose membership benefits. The most detailed information we may have on you will be in the membership database, which is not online. The data in it is only shared with Push Bikes officers that need the information for Push Bikes business. We also have user data on the web server, and on databases associated with email lists. In the case of the email lists managed by the Push Bikes email server, you should have an account which you can log into to edit your data, or delete it entirely. We will not sign you up to these lists. If you express an interest in being on one, you will be sent an invite, and if you accept that invite you will be sent an email that tells you how to access your account. If you are volunteering information that is held on any online database, ask yourself if you really need to provide that level of detail. For example, on the Push Bikes email lists, you do not need to provide your full name, your real name, or indeed any name, just an email address. If your real name is stolen or harvested (email is readable by anyone), it may be used against you, but if you don't provide any means of identification other than your email address, and we cannot work out who you are from the email address, we will be unable to re-establish contact via another channel if that email address stops working. Data can be both used, and abused.