Privacy Policy

This Privacy Notice was last revised on: 2023-05-15

Autonomic Co-Operative Limited is committed to protecting the confidentiality and integrity of your personal data and will process all data in accordance with our responsibilities under the UK General Data Protection Regulation (UK GDPR), Data Protection Act (DPA) 2018, Privacy and Electronic Communications Regulations (PECR) 2003 and all other applicable laws.

In this Privacy Notice, Autonomic Co-operative Limited may also be referred to as “Autonomic”, “we”, “our” or “us”.

This Privacy Notice explains who we are, the types of personal information we hold, how we collect, use and store it, who we share it with and how long we keep it. It also informs you of certain rights you have regarding your personal information under current data protection law.

By using our websites, online platforms, web services, and social media pages, or by providing your personal information, you consent to our collection of and use of the information you provide in the ways set out in this policy. If you do not agree to our policy, please do not use our websites, or associated services, nor those of the Data Processors we engage with in respect to the provision of our services.

We may make changes to this policy from time to time. If we do, we will post the changes on this page and they will apply from the time we post them.

#What is personal data?

‘Personal data’, or ‘personal information’, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

‘Data Processing’ or ‘processing’ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, as defined in Data Protection Legislation.

#The policy in brief

It’s important that you read the full policy to understand what information we hold, how we may use it and what your rights are. Here is a summary of the policy if you don’t have time to read it fully now:

  • We collect data that is either personal data (as described above) or non-personal data, such as website pages that have been accessed.
  • We collect information about people who visit our websites, or who use our services or have expressed an interest in our services.
  • We only collect information that we need to provide our services, to provide information, for administration, research, analysis and to improve our services.
  • We will keep your personal data securely at all times.
  • We will never sell your data and we never share it with a third party to use for their own purposes.
  • We may share your data with carefully selected third parties which undertake work on our behalf, or where we are required to share your data by Law.

#About Autonomic

Autonomic Co-Operative Limited is a cooperative society registered with the FCA (registration number 4597) whose registered office is at 986 Pershore Road, Birmingham, B29 7PX.

Autonomic’s purpose is to provide secure cloud infrastructure services for socially responsible and progressive groups and individuals.

Services provided by Autonomic include, but are not limited to:

  • Website development and management: WordPress and static sites; either managed or unmanaged with frictionless tools for editing and publishing that empower users; including Matomo open source ethical hosted on our infrastructure analytics to measure impact.
  • Team chat: Mobile friendly multi-channel team chat using Rocket.Chat.
  • Virtual Private Server hosting solutions.
  • Cloud storage and collaboration: Nextcloud for file-storage, collaborative document editing, calendars. We also host CodiMD, Etherpad, Gitea and Wekan instances.
  • Forum and mailing lists: modern and responsive forums with Discourse, an accessible replacement for traditional mailing lists.
  • Cybersecurity training: Providing a grounded and principled understanding of the cybersecurity domain to help our clients safeguard themselves against unwanted security threats. We provide structured training tailored to our clients’ threat model.

Bespoke Development: Autonomic can guide its clients through the full development cycle to deliver bespoke solutions where there may not be a pre-existing solution.

#Our Data Protection Manager and contact details

For general enquiries, the Autonomic Co-Operative can be contacted:

  • By email: helo@autonomic.zone
  • By post at the following address:

Autonomic Co-operative Limited

986 Pershore Road

Birmingham

B29 7PX

England

United Kingdom

#Autonomic’s Data Protection Manager is: Leo Copplestone

Our Data Protection Manager oversees our compliance with data protection laws and Autonomic’s own internal policies governing how we process data.

In such cases where Autonomic has an obligation under the applicable laws to formally appoint a Data Protection Officer, that role will be held by the Society’s Data Protection Manager.

Autonomic’s Data Protection Manager is not personally liable for data protection compliance. Autonomic Co-Operative Limited as an organisation remains responsible for complying with data protection laws.

For enquiries regarding the processing of personal data, data protection, and data security, Autonomic’s Data Protection Manager can be contacted:

  • By email: helo@autonomic.zone
  • By post at the following address:

Autonomic Co-operative Limited

986 Pershore Road

Birmingham

B29 7PX

England

United Kingdom

#Our responsibilities regarding personal data

Autonomic Co-Operative can be responsible for the personal data we process in two different ways under the General Data Protection Regulation (GDPR): as a Data Controller or as a Data Processor.

#As a Data Controller

When Autonomic is solely responsible for deciding what personal data is collected, how it is collected, how it is processed, and for what purposes, then Autonomic Co-Operative Limited is the Data Controller.

When Autonomic is the Data Controller, it means we are ultimately responsible for ensuring that your personal data is processed in compliance with data protection laws, making sure that we (and any other processor we may entrust with your data) respect all your data protection rights.

As the Data Controller, we are directly answerable to you and to the UK Information Commissioner’s Office for how we process your data. As a Data Controller we have a set of specific responsibilities towards you, your Data, and the supervisory authorities, that we spell out in this Privacy Notice.

In general, Autonomic will be the Data Controller when we collect and process personal data for the direct purposes of administering our business, pursuing our legitimate interests as a business, and meeting our legal requirements as a business.

This will usually be the case (but is not limited to cases) when:

  • We collect and process personal data about our current or potential direct customers and service users. These may be individual persons, or persons representing organisations, with whom we have service agreements, or are negotiating agreements, or with whom we may potentially do business. Customers and service users may also be users of websites and web services controlled by Autonomic for our business purposes (for example, https://autonomic.zone, and the online tools used internally by Autonomic to manage its work and business).
  • We collect personal data from persons who work for us or may potentially work for us as Autonomic contractors or service providers. These may be individual persons, or persons representing organisations, with whom we have contracts, are negotiating contracts, or are considering contracting.
  • We collect personal data in the course of interacting with public or supervisory authorities in order to fulfill our legal and statutory obligations (for example: the Information Commissioner’s Office; Her Majesty’s Revenue and Customs).

#As a Data Processor

As a cloud service provider, most of Autonomic’s business consists of building and maintaining websites and online platforms for our customers and service users. This often involves processing personal data on their behalf. In this context, our customer or service user may already have your personal data and share it with us, or we may collect it on their behalf via the online platforms we build and maintain for them, so that we can process your data according to their instructions, for the purpose of fulfilling our service agreement with them.

In such cases where our customer or service user is the party solely responsible for deciding what personal data is collected, how it is collected, how it is processed and for what purposes, then they are the Data Controller and Autonomic Co-Operative Limited is the Data Processor.

Similarly, there may be situations where your personal data is under the responsibility of a Data Controller (other than Autonomic), and Autonomic receives your data via the intermediary of another Data Processor working for that Data Controller and for whom Autonomic in turn works as a Sub-Processor; or Autonomic may build and manage online platforms that collect your data on their behalf, with the authorisation of the Data Controller.

Where Autonomic is not the Data Controller and acts as a Data Processor (or Sub-Processor), it is the Data Controller’s responsibility to set the terms, purposes and Privacy Policy that determine how your personal data is collected and processed. It is also the Data Controller’s responsibility to clearly inform you about those terms, your data protection rights, and to ensure that they obtain your consent where applicable. Furthermore, it is the Data Controller who is directly answerable to you and the Information Commissioner’s Office for how your data is processed, and ultimately responsible for ensuring that your data is processed in compliance with data protection laws.

As a Data Processor (or Sub-Processor), Autonomic’s responsibility is to only process your personal data following the Data Controller’s instructions, according to the purposes and conditions set out in our service agreement and data processor agreement with the Data Controller, and of course following the applicable laws.

Our service agreement and data processor agreement with the Data Controller must comply with any additional data protection policy, service agreement and terms of service between you and the Data Controller, and it is the Data Controller’s responsibility to ensure this.

As a Data Processor, we have a set of specific responsibilities towards you, your Data, and the supervisory authorities that we spell out in this Privacy Notice.

#How we collect personal information

We may collect or gain access to your personal information in the following ways:

  • Via cookies, analytics tools, site logs, server logs or other similar methods on websites and platforms we maintain for our own purposes or for our service users (see ‘Cookies’ section below).
  • Via online contact forms for submitting queries or complaints.
  • Via post, email, SMS, mobile/online instant messaging, phone/voice-call, video/voice teleconferencing, online file sharing, or any other communications you have with us and our staff, contractors, or data processors who work for us.
  • Via meetings or training sessions we may have with you, whether face to face or via video/voice-teleconference.
  • Via surveys, questionnaires, petitions, or other types of data-collection forms (filled online, digitally, on paper, or via voice-calls).
  • Via any form of communication and documentation relating to payment processing for sending or receiving payments (for example, invoices, online payment forms, or phone calls where we collect payment details or bank account information), and via any online or offline payment platforms or payment methods, including third-party financial institutions such as banks and payment processors.
  • If you are an Autonomic Co-operative Limited member or contractor, or if you work for us in any other capacity, we may collect and process your relevant personal information as part of the normal purposes of administering our business and managing your work for us.

This data collection may take place via contracts, contract or job applications, contract or job negotiations, correspondence, meetings, online platforms we use to manage our work, or other communications we have with you for those purposes.

  • From Data Controllers (other than Autonomic), or by Autonomic on their behalf, when Autonomic provides services to them as a Data Processor (or Sub-Processor): the Data Controller responsible for your personal data (or an intermediary Data Processor) may share your personal data with us or instruct us to collect and process your personal data on their behalf.
  • From other potential third-party sources such as:
    • your current or past employer (for persons who work for Autonomic or may potentially work for us; or for persons who work for organisations with which we do business, as clients or service providers).
    • your current or past clients if you are a contractor or service provider.
    • referees (for persons who work for Autonomic or may potentially work for us).
    • public authorities.
    • credit reference agencies.
    • banks and other financial institutions, including payment processing services.
    • publicly available sources.
    • other people you do business with.
    • your agent or representative.
  • When you log into and use the functionalities of the websites or online platforms that we build and/or maintain for our own business purposes or for our service users, and when you view, search, alter, post, send, save, or upload content containing personal or personally identifying information on/via those platforms.

This may include but is not limited to usage logs, analytics data, or any messages or content that you post, upload, send, or edit on/via:

  • static sites or dynamic websites based on any content management system platform, such as WordPress or Drupal.
  • team chat sites like Rocket.Chat or Matrix.
  • virtual private servers.
  • email accounts, email clients, and email server management platforms like SOGo and Mailcow.
  • mailing list platforms such as Mailman.
  • database management systems.
  • customer relationship management platforms such as MySQL servers or CiviCRM.
  • analytics tools such as Matomo.
  • cloud file storage platforms like Nextcloud.
  • collaborative document editing platforms like CodiMD, Etherpad, Gitea and Kanboard instances.
  • online forum platforms like Discourse.
  • when we, or Data Processors who work for us, or service users to whom we provide our services, collect or input your personal data onto any data processing platforms that we manage or access as part of providing our services.

This may apply, but is not limited to, the contexts of developing and managing the online services listed in the further details section under the previous bullet point.

This will always be done in conformity with the present Privacy Notice, any applicable service agreements and data processor agreements, and in conformity with any additional privacy policy, service agreement and terms of service between you and the Data Controller of your personal data.

#Cookies

The websites and online platforms we build and maintain may store data in a ‘cookie’. This is a tiny element of data that our sites can send to your browser, which is then stored on your hard drive for a limited duration before being automatically deleted.

We use cookies in websites and web services to improve users’ experience, present customised information to fit each user’s needs, and enable the platform’s features and services to function properly. 

All cookies we use will be implemented in a manner that complies with data protection law.

Where we use cookies, they will be for the following purposes:

  • Strictly necessary cookies – meaning that they are strictly necessary for the platform’s functionality and security.
  • Functionality cookies / session cookies — these cookies allow a website to remember your past user settings and preferences (e.g., language and display preferences), or to allow you to automatically log in to a website that is secured by a username and password, after an initial successfully authenticated login. These almost always also count as strictly necessary cookies, as they enable website functionality and a smooth and convenient browsing experience.
  • Statistics / analytics / performance cookies — these cookies collect information about how you use a website, like which pages you visit and which links you click on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. Their sole purpose is to improve website functions. 

We normally use Matomo-powered ethical analytics for analytics and performance purposes, which means that:

  • visitors can’t be tracked across different days within the same website.
  • user profiles cannot be generated when cookies are disabled.
  • the data is not used for any other purpose than analytics.
  • we don’t track any personal data and have enabled cookie-less tracking.

As a default policy, we will strive to only use essential cookies. We understand essential here as meaning that a cookie is either strictly necessary for the platform’s functionality and security, or for the Data Controller to fulfill their legal or contractual obligations or to pursue their legitimate interests in processing your data (please see the section titled Why we collect and process your personal data for further details about legal and contractual obligations or legitimate interests as legal bases for processing personal data.)

Where we use analytics, performance or tracking cookies or systems, we will only ever use cookies/systems controlled directly by us or the Data Controller for whom we work as a Data Processor, for the exclusive use of the Data Controller.

As a default policy, the cookies we use do not track your web browsing outside the websites and web services we build and maintain for our own purposes or for our customers and service users. Likewise, as a default policy we do not use marketing or ad-serving cookies.

Our cookies will not usually contain the substantive contents of personal information that you give us (or that has been shared with us by a Data Controller or any third-party), unless this is strictly necessary to ensure the platform’s functionality or for the Data Controller to fulfill their legal or contractual obligations or pursue their legitimate interests in processing your data.

Our cookies will not read, collect, or store any of your private information contained in files that you may have stored on your devices, nor any personal information that you may have posted or uploaded on the web.

Where strictly necessary, our cookies may contain identification labels that can be used indirectly to personally identify you, so our web services recognise you as a unique user.

Some of the websites or web services we maintain may collect technical information about the type of browser and device you are using, and store that information in the website’s server or in cookies on your device, so that the site can function and display properly for you. Some of our platforms’ cookies may also contain personally identifiable information in an indirect way, by storing a unique identification label that allows the website to indirectly identify you as an individual user by cross-reference with labelled data we hold about you in the website server, thus allowing the website to function properly by presenting the correct information to you. This type of cookie is usually necessary for platforms where users need to login with a password to access the platform’s services.

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality, and sometimes disable certain features, of the websites we maintain, and many other websites that you visit. Therefore, it is recommended that you do not disable cookies.

Our separate [hyperlink/] General Cookies Policy [/hyperlink] lists all the cookies we use on the websites and online platforms that we directly operate for Autonomic’s own business purposes, listed by website URL or by platform type, including each cookie’s name, purpose and duration. Our General Cookies Policy also lists the cookies used in each type of online platform we build and maintain for service users, listed by platform type.

Each individual website or web service we build and maintain for our own business purposes or for our service users will also have a link to our General Cookies Policy, or to a specific Cookies Policy listing the cookies used on that particular platform.

On websites where we use no cookies, or only use essential cookies, by default we will not use a website pop-up to notify users about the cookies used nor seek the user’s consent.

In rare cases where we use non-essential cookies on our websites, or where our customer requests that we build/maintain a website for them using non-essential cookies, we will implement a website pop-up notifying the user about those cookies and to obtain their consent, giving them the opportunity to opt-in or otherwise be opted-out by default. We will never consider cookies used for marketing / direct marketing purposes as essential, even if direct marketing can reasonably be considered as falling under the Data Controller’s legitimate interests or contractual obligations.

#What personal information we collect

Autonomic as a Data Controller, and data Processors working for Autonomic, may collect and process data about:

  • visitors to our websites and users/account-holders on our online platforms.
  • customers, clients and direct service users.
  • businesses and organisations with which we do business.
  • suppliers and service providers.
  • advisers, consultants and other professional experts.
  • complainants and enquirers.
  • agents and representatives.
  • our members, contractors, sub-contractors or any other category of person who works for us.

Autonomic as a Data Controller, and data Processors working for Autonomic, may collect and process the following categories of personal information:

  • IP addresses of visitors and users/account-holders on our websites and online platforms. We may also retain server logs that include the IP address of every request to our servers.
  • information about your use of our information and communications systems and the websites and web services we maintain, including but not limited to: cookies, usage logs, analytics logs, and any messages and other content and media that you post, upload, send or edit on/via our communications systems, websites or web services.
  • The contents of any personal information you provide us via our information and communications systems.

This may include but is not limited to:

  • Information sent through your correspondence and communications with us, via post, email, SMS, mobile/online instant messaging, phone/voice-call, video/voice teleconferencing, online file sharing, or any other communications you have with us and our staff, contractors, or data processors who work for us.
  • By posting, sending, or uploading information on/via/to any of the websites, communications systems, or online web services that we maintain.
  • Via meetings or training sessions we may have with you, whether face to face or via video/voice-teleconference.
  • Via online contact forms for submitting queries or complaints.
  • Via surveys, questionnaires, petitions, or other types of data-collection forms (filled online, digitally, on paper, or via voice-calls).
  • Via any form of communication and documentation relating to payment processing.
  • personal contact details for example: name, title, addresses, telephone numbers, and personal or work email addresses.
  • dates of birth
  • gender
  • marital status and dependents
  • next of kin and emergency contact
  • national Insurance number
  • bank account details
  • Debit card, credit card, or other details about means of payment
  • information about income, salary or payments for services, payroll/invoice records, tax status information, annual leave, pension and benefits information.
  • start date and leaving date as Autonomic staff, contractor, service provider or data processor.
  • location of employment or workplace
  • copy of driving licence, passport, birth and marriage certificates.
  • recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application/negotiation process).
  • compensation history
  • performance and appraisal information
  • disciplinary and grievance information
  • secondary employment and volunteering information
  • immigration status
  • family, lifestyle and social circumstances
  • financial status
  • goods or services provided
  • information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
  • trade union membership.
  • information about your health, including any medical condition, health and sickness records, disability or accessibility requirements, accident book, first aid records, injury at work and third-party accident information.
  • information about criminal convictions/allegations and offenses.

Most of the personal data listed above will only be collected from persons who work for/with Autonomic or with whom we do business, as part of the normal processes of administering our work and business, and only if strictly necessary.

Autonomic and our data processors will only collect and process any of the personal information listed above if it is strictly necessary, especially for sensitive categories of personal data.

This means that Autonomic will only collect or process if one or more of the following apply:

  • it is necessary to administer our business and fulfill our legitimate interests as a business
  • we are required to do so by law
  • it is necessary to comply with our contractual obligations
  • we have your explicit consent to do so
  • we have taken reasonable steps to make you aware of this Privacy Notice and you willingly provide the information to us, for example, through your correspondence and communications with us, or by transmitting, posting, sending, or uploading it on/via/to any of the websites, communications systems, or online web services that we maintain.
  • it is necessary to protect someone’s life

We provide more detailed explanations of our purposes and legal bases for collecting and processing your personal information further below in the section titled Why we collect and process your personal information.

When Autonomic is not the Data Controller and acts as a Data Processor, the categories of personal information we may receive about you from the Data Controller, or collect and process on behalf of the Data Controller, will be determined by the Data Controller and laid out in their Privacy Policy. As a Data Processor, Autonomic will process the personal data following the Data Controller’s instructions, according to the conditions set out in our service agreement and data processor agreement with the Data Controller, and in compliance with the applicable laws. When this is the case, the data collection and processing performed by Autonomic as a Data Processor on behalf of the Data Controller is performed on the lawful basis of fulfilling our contractual obligations.

#Why we collect and process your personal data

All personal data we collect or receive via our websites or via any other online or offline method will only be used for the stated purposes (or closely related purposes) for which it was collected. All personal data under our care will be processed in compliance with this Privacy Notice and any relevant service agreement and data processor agreement we have with the Data Controller of your personal data (where Autonomic is the Data Processor and not the Data Controller).

Depending on the category of personal data and the purpose for which we process it, under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing your personal information are:

(a) Your consent: we will rely on your consent whenever we seek to collect and process data specifically for marketing purposes or for the use of non-essential cookies.

(b) We have a contractual obligation: If we need your information to make or perform a contract with you or the Data Controller responsible for your personal data.

(c) We have a legal obligation: because we need to process the information to comply with the law.

(d) We have a vital interest: this is in the unlikely case where processing (e.g., sharing) personal information that we hold could save someone’s life.

(e) We have a legitimate interest: where we process data (but only if strictly necessary) for the purposes ofensuring the good operation and success of our business and of the services we provide as a business.

Most of the personal information we process as a Data Controller is provided to us directly by you for one of the following reasons and is processed based on the following lawful bases:

  • To administer and enable the functionalities available on the information technology systems, websites and web services we build, use and maintain for our own business purposes or as services we provide to our customers and service users. (Lawful bases: legitimate interests and/or contractual obligation, except when this is done via non-essential cookies which will only process data based on consent).
  • To prevent or detect any abuses of our websites and data processing systems, ensure data security, and to enable third parties to carry out technical or other functions on our behalf. (Lawful bases: legitimate interests and/or legal obligation and/or contractual obligation).
  • To fulfill your requests as a user of our services or the requests of the Data Controller in charge of your data and for whom we work as a Data Processor. (Lawful basis: contractual obligation).
  • To improve your browsing experience on the websites and web services we build and maintain. (Lawful bases: legitimate interests and/or contractual obligation, except when this is done via non-essential cookies which will only process data based on consent).
  • To administer and manage the work we conduct as a business, and to administer and manage your work for us, and our business with you, if you are an Autonomic staff member or if you work for us in any other capacity, including as a third-party contractor or service provider. (Lawful bases: legitimate interests and/or legal obligation and/or contractual obligation).
  • To administer business we conduct with you as a current or potential client or service user, and to fulfill our contracts and service agreements with you as a direct client or service user. (Lawful basis: contractual obligation and/or legitimate interest).
  • To fulfill our legal and contractual obligations towards you as an indirect user of our services where we process your data as a Data Processor on behalf of a Data Controller. (Lawful bases: legitimate interests and/or legal obligation and/or contractual obligation).
  • To serve or support the legitimate interests, legal obligations, contractual obligations, or legal rights of all our service users and all persons whose personal data we process. (Lawful bases: legitimate interests and/or legal obligation and/or contractual obligation).
  • To make and receive payments. (Lawful basis: contractual obligation).
  • To communicate with our staff, service providers, clients, service users, and all other categories of person whose personal data we process. (Lawful bases: legitimate interests and/or legal obligation and/or contractual obligation).
  • To record any contact we have with you. (Lawful bases: legitimate interests and/or legal obligation and/or contractual obligation; except when this is done for marketing purposes, or via non-essential cookies, where it will be based on consent).
  • To help us to gain a better understanding of our customers and users to enable us to improve our services. (Lawful bases depends on source of data. Where the data used is collected from forms or questionnaires for the purpose of market research or marketing, the lawful basis will be consent. Where the data is collected from publicly available sources, legitimate interest will apply. Where the data is collected in the process of fulfilling other primary purposes justified by other lawful bases, those lawful bases and/or legitimate interest will apply.)
  • To deal with inquiries and complaints made by you. (Lawful bases: legal obligation and/or contractual obligation).
  • If you have agreed to it, to provide information that we think may be of interest to you. (Lawful basis: consent).
  • To take any action where we have collected your explicit and informed consent to do so. (Lawful basis: consent).
  • To fulfill our legal obligations. (Lawful basis: legal obligation).
  • When we believe it is necessary to protect or defend our rights, property or the personal safety of our personnel, contractors, service providers, clients, service users, or visitors to our premises or websites; (Lawful bases: Legitimate interests and/or legal obligation and/or contractual obligation).
  • When we believe it is necessary to protect someone’s life. (Lawful basis: vital interests).

Whenever you proactively transmit or submit your personal information to us via any of our information and communications systems or any website or web service we maintain, we will assume that you consent to us collecting and processing your personal information according to this Privacy Notice, on the lawful basis of Autonomic pursuing its legitimate interests.

All emails sent by Autonomic staff or persons contacting you on our behalf will contain a footer with a link clearly referring to our Privacy Notice.

Whenever we solicit personal data from you via forms, surveys, questionnaires, or other similar methods, we will always clearly and explicitly explain the purposes for which we wish to collect the data and explain the lawful basis for the processing.

When Autonomic is not the Data Controller and acts as a Data Processor, the purposes for which we collect and process your personal data on behalf of the Data Controller, and legal bases used by the Data Controller to justify their collection and processing, will be determined by the Data Controller and laid out in their Privacy Policy.

As a Data Processor, Autonomic will process the personal data following the Data Controller’s instructions, according to the conditions set out in our service agreement and data processor agreement with the Data Controller, and in compliance with the applicable laws.

When this is the case, the data collection and processing performed by Autonomic as a Data Processor on behalf of the Data Controller is performed on the lawful basis of fulfilling our contractual obligations.

#Automated processing, profiling and decision-making

#Definitions:

‘Automated processing’ means any operation performed on Personal Data by automated means, such as collection, organisation, storage, alteration, retrieval, use, disclosure by transmission, dissemination, combination, restriction, erasure or destruction.

‘Profiling’ consists of any form of automated processing of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

‘Automated decision-making’ iswhen a decision is made which is based solely on Automated Processing (including profiling) which produces legal effects or significantly affects an individual.

As a Data Controller, Autonomic may implement various limited forms of automated processing. This may involve automations for the purpose of:

  • Statistically analysing work performed by Autonomic staff, contractors, service providers or data processors. Such analyses will not be done for the purposes of assessing personal work performance, predicting future performance, or profiling persons in a manner that impacts them personally.
  • Automations and automated analytics to organise, structure, manage and analyse various forms of personally identifiable and non-personal data, to save time on manual data processing, improve our own performance as a business and cloud service provider, or to enable and improve the functionalities and security of the information technology tools we use or the web services we build and manage.
  • We may employ automation to delete/destroy personal data that we no longer need to retain, after the data retention period expires.

None of the automated processing currently employed by Autonomic involves profiling in a manner that could result in legal effects or consequences that significantly affect any individual. The automations we employ are performed on the lawful basis of our legitimate interests as a business.

As a Data Controller, Autonomic does not perform any automated decision-making, nor any form of human decision making based on automated processing or profiling that may result in legal effects or consequences that significantly affect any individual.

Should we decide to implement any form of automated processing, profiling, or decision making that has legal or significant impacts on persons, we will amend this Privacy Notice to reflect this and always make sure to explicitly inform the individuals concerned and give them the opportunity to object or opt-out of such forms of processing. We will furthermore ensure that any such processing shall only be done on the following lawful bases:

  • It is necessary for the performance of or entering into a contract;
  • It is authorised by law; or
  • It is based on the explicit consent of the person whose data is processed.

Where Autonomic is not the Data Controller and acts as a Data Processor, the terms, methods and purposes of any automated processing and automated decision-making applied to the processing of personal data will be determined by the Data Controller and laid out in their Privacy Policy.

As a Data Processor, Autonomic may facilitate the Data Controller’s automated processing and automated decision-making practices following the Data Controller’s instructions, according to the conditions set out in our service agreement and data processor agreement with the Data Controller, and in compliance with the applicable laws.

When this is the case, the automated processing, profiling, and decision-making performed by Autonomic as a Data Processor on behalf of the Data Controller are performed on the lawful basis of fulfilling our contractual obligations.

#Marketing research

We may occasionally conduct survey/questionnaire-based research for our own marketing purposes. Whenever we solicit personal data from you for marketing research purposes we will always clearly and explicitly explain the purposes for which we wish to process the data and only do so with your explicit consent. As such, this form of data will be processed on the lawful basis of consent only.

Where Autonomic is not the Data Controller and acts as a Data Processor, the terms, methods and purposes of any data processing for the purpose of marketing research will be determined by the Data Controller and laid out in their Privacy Policy.

As a Data Processor, Autonomic may collect and process data on the Data Controller’s behalf for these purposes, following the Data Controller’s instructions, according to the conditions set out in our service agreement and data processor agreement with the Data Controller, and in compliance with the applicable laws.

When this is the case, the processing performed by Autonomic as a Data Processor on behalf of the Data Controller are performed on the lawful basis of fulfilling our contractual obligations.

#Direct Marketing

Direct marketing covers the promotion and marketing of our business and services to current and potential direct clients and service users.

This does not include critical communications we have with current clients and service users regarding the negotiation, preparation and implementation of our service agreements with them, or regarding the ongoing development and maintenance of the functionalities and security of the web services we develop and maintain for them.

Our direct marketing may take the form of occasional emails or (more rarely) voice-calls, or regular email-based newsletters providing information about Autonomic’s activities, updates, products and services, offers and promotions, events, seminars, etc.

We will strive to keep direct marketing to a reasonable minimum.

When we do engage in direct marketing on our own behalf, it will only target:

  • Past and current clients and service users whose contact details we have obtained in the course of doing business with them.
  • Potential clients and service users who have contacted us in the past to enquire about our services.
  • Persons or organisations who subscribe to our direct marketing updates, via a direct marketing / newsletter subscription form on our website or by lodging a request to subscribe via any other mode of communication.

We will never contact for direct marketing purposes any persons whose personal contact details and data we have obtained indirectly via a Data Controller as their Data Processor, unless we have also collected the person’s data separately and in another context as a Data Controller.

We will only address direct marketing materials to these recipients if we are offering similar products or services as those that the recipients were provided or enquired about in the past.

We will never pass on the details of our direct marketing recipients to third parties for marketing or advertising purposes, including to any of our third-party service providers or data processors.

We will always explicitly state whether we may use your details for direct marketing when we first collect your contact details. We will always explicitly offer the right to object to direct marketing and give you the opportunity to opt out of direct marketing when first collecting the details and in every subsequent message.

Recipients of our direct marketing emails may opt out of these communications at any time by clicking the “unsubscribe” link at the bottom of any email received.

You may also manually unsubscribe by responding to the marketing email, or by emailing helo@autonomic.zone, with the subject line “UNSUBSCRIBE”.

Alternatively you can contact us to opt out by phone on the following number: +1-669-699-0692.

We will honour any objection to direct marketing immediately and will only retain enough information to ensure that marketing preferences are respected in the future.

Where Autonomic is not the Data Controller and acts as a Data Processor, the terms, methods and recipients of the Data Controller’s direct marketing practices will be determined by the Data Controller and laid out in their Privacy Policy.

As a Data Processor, Autonomic may facilitate the Data Controller’s direct marketing practices following the Data Controller’s instructions, according to the conditions set out in our service agreement and data processor agreement with the Data Controller, and in compliance with the applicable laws.

When this is the case, the direct marketing facilitation implemented by Autonomic as a Data Processor on behalf of the Data Controller is performed on the lawful basis of fulfilling our contractual obligations.

#Social media

Autonomic may use social media websites such as Twitter and Fediverse to promote or facilitate our business.

We do not collect any personal data from social media profiles. We do not use any of the personal data we hold about you to target our social media posts or any social media advertising. We do not provide or sell any of the personal data we collect to third parties for the purposes of social media marketing or any other form of marketing or analytics.

Occasionally, posts (by us or by other users) on our social media accounts, on our own online platforms, or on the web services we maintain for our clients or service users, may contain social media buttons or links to social media sites. When you click on these buttons or links, these sites will be registering that action and may use your information according to their respective privacy policies.

Please consult these social media services’ respective privacy policies to understand how they may use your personal information and what steps you can take to limit this, opt-out, or have them delete the personal data they collect.

#How we share your personal information

We may share your personal information with our staff and personnel, including third-party contractors, service providers, consultants, experts and data processors who work for us.

We work with carefully selected partners that carry out work on our behalf. We may ask our partners to store your data or send emails. We use web services provided by, and servers hosted by Webarchitects, Hetzner, Digital Ocean and Gandi for Domain names, DNS, data storage, Virtual Private Servers, and Email.

Where payments need to be processed, we may need to share your payment details with our bank, Co-op Bank or Wise , or our chosen third-party payment processor, Stripe, Wise or Open Collective.

We do not share data with commercial or non-profit third-party organisations unless this is required for the implementation of a specific service that is necessary for us to fulfil our service contract with you or your Data Controller, or is strictly necessary for us to fulfil our legitimate interests as a business, or is necessary to meet our legal obligations; for example: to a Domain Name Registrar to complete the whois information for a domain name.

We may also need to share certain categories of personal data with relevant public or supervisory authorities to fulfil our tax, legal and statutory obligations (for example: the Information Commissioner’s Office; Her Majesty’s Revenue and Customs). Fulfilling these legal obligations may also require us to share certain categories of personal data with third-party legal and accountancy experts.

All Autonomic personnel, and all third-party service providers and data processors who we engage to work on Autonomic’s behalf will only process your personal information according to our instructions and where they have signed a contractual data processor agreement with us, that requires them to:

  • Comply with all applicable data protection regulation.
  • Treat your information as carefully and securely as we would.
  • Only use the information for the specific purposes for which it was supplied (and not for their own purposes or for the purposes of any other organisation).
  • Allow us to carry out checks to ensure they are continuing to do all these things.

We do not provide or sell any of the personal data we collect to third parties for the purposes of social media marketing or any other form of marketing or analytics.

We will not share any of your personally identifiable information to any other third party unless:

  • it is necessary to administer our business and fulfil our legitimate interests as a business; or
  • it is necessary to fulfil our contract with you or with your Data Controller; or
  • we are required to do so by law; or
  • we believe it is necessary to protect or defend our rights, property or the personal safety of our personnel, contractors, service providers, clients, service users, or visitors to our premises or websites;
  • or we have your explicit consent to do so;
  • or it is necessary to protect someone’s life.

Where Autonomic is not the Data Controller and acts as a Data Processor, the terms of personal data sharing will be determined by the Data Controller and laid out in their Privacy Policy.

As a Data Processor, Autonomic may share personal data provided to us by the Data Controller with further sub-processors when instructed or authorised to do so by the Data Controller, according to the conditions set out in our service agreement and data processor agreement with the Data Controller, and in compliance with the applicable laws.

When this is the case, the data sharing performed by Autonomic as a Data Processor is performed on the lawful basis of fulfilling our contractual obligations with the Data Controller.

Transfers overseas

All data that we handle is primarily processed and stored within the European Economic Area.

We may transfer your data outside of the UK or the European Economic Area as necessary to support our global workforce. In such cases, your data would only reside securely on Autonomic member’s computers (not on public servers). We ensure that appropriate data protection measures are in place and that we meet our obligations under the General Data Protection Regulation (GDPR) and all applicable laws.

How we store and secure your personal information

Autonomic Co-operative Limited is committed to protecting the confidentiality and integrity of your personal data.

All personal information that we hold as a Data Controller or Data Processor is securely stored at the following locations:

Type of dataPlatformHosting Service Provider & Server location
Personal contact and billing information related to clients and private data as part of our business with them.Various secure web services managed by our infrastructure team.Hetzner (data center located in Germany)

We keep all personal data confidential and have put in place appropriate security measures to safeguard your privacy and protect against unlawful destruction, loss, theft, misuse, alteration, disclosure, and access of all personal information under our responsibility both as a Data Controller and Data Processor.

Autonomic uses industry standard efforts to safeguard the confidentiality and integrity of your personally identifiable information, such as password-protected access, Two-factor Authentication methods, Encrypted communications channels, firewalls, and SSL (secure socket layers).

Your information is password protected so that only you, the Data Controller and authorised Data Processors can access it. Autonomic will make every effort to ensure that we, our staff, our contractors and service providers, and all authorised data processors who work for us comply with data protection laws and follow data security best practices.

Third parties, including all data processors who work on Autonomic’s behalf, will only store your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure, in a contractual arrangement.

However, data transmission over the internet always involves some level of risk and depends on good operational security practices not just on Autonomic’s part, but also on the part of all users of the online platforms we maintain, including you. You are responsible for maintaining the secrecy of your passwords.

We have put in place procedures to deal with any suspected data security breach and will notify you and the Information Commissioner’s Office (ICO) of a suspected breach where we are legally required to do so.

Where Autonomic is not the Data Controller and acts as a Data Processor, the terms and conditions of the storage of personal data will be determined by the Data Controller and laid out in their Privacy Policy.

As a Data Processor, Autonomic may store personal under the responsibility of the Data Controller, following the Data Controller’s instructions, according to the conditions set out in our service agreement and data processor agreement with the Data Controller, and in compliance with the applicable laws.

When this is the case, the data storage implemented by Autonomic as a Data Processor on behalf of the Data Controller is performed on the lawful basis of fulfilling our contractual obligations.

How long we store your personal information

We will keep your personal data only for the period necessary to enable us to fulfill the purposes for which we collected it, to comply with our legal and contractual obligations and/or whilst we maintain a legitimate interest in retaining it.

The following table lists the time period during which we keep each type of personal information we store as a Data Controller:

Note: ‘Personnel’ here refers to persons who work for Autonomic in any capacity, including third party contractors, service providers, data processors, consultants, experts, etc.

Type of personal informationData retention period
All data relating to personnel and applicants6 years after contract expiration/termination
Email messages:6 years
User activity logs, user/member account records, and user-posted content (e.g., chat or forum posts, or comments) on all online platforms we maintain as a Data Controller, excluding email records.Retained for 6 years after:user access is terminated; orfor Autonomic Personnel after contract expiration/termination; orfor direct clients/service-users, after termination or expiration of the user agreements, only if Autonomic is the Data Controller.Upon expiration of the data retention period, the data is by default anonymised.

[insert other categories of data, e.g., relating to clients/service-users, service agreements, etc.]

All other personal data not belonging to the categories listed above

6 years

Once the time period for retaining data expires, we will dispose of this information by either:

  • Permanently destroying the data in such a way that it can no longer be recovered using secure deletion technologies against at rest data and any backups.
  • Anonymising the data in such a way that it is no longer personally identifiable. In some cases, it may be in Autonomic’s legitimate interest, or contractually or legally necessary to pseudonymise or anonymise the data rather than destroy it. This, for example will usually apply to chat and forum posts, or their equivalents, to preserve the coherence of chat threads and retain clear records of technical work processes performed by Autonomic personnel. Under UK General Data Protection Regulation (GDPR), fully anonymised data is not considered personal data.

Anonymisation applies to the name of the user who authored a post. In some cases, the contents of some anonymised posts may retain personally identifiable references to the author or other persons in the body of the text. We consider this as falling under the category of free expression by the author, as defined by UK General Data Protection Regulation (GDPR) and therefore the right to erasure does not reasonably apply in terms of our obligations regarding data retention expiry. However, the persons concerned may actively request erasure of these elements of data at any time after expiry of the retention period and we will do our best to fulfil these requests where possible.

By default, after the relevant data retention period expires, we will anonymise rather than delete logs of your activities on web services we operate as a Data Controller, as well as any contents that you have sent, posted or uploaded via these platforms. We retain this data in a personally identifiable format for a set period even after you no longer have direct access to the data as a user, and only anonymise the data after that period expires.

For certain sets of this data, you may be able to delete or anonymise the contents yourself directly, while you still have user access, or at any time ask Autonomic to delete/anonymise the data for you. Please see the sections titled User-posted content and media and Your data protection rights for further details about this, including possible limitations to your right to erasure.

Where Autonomic is not the Data Controller and acts as a Data Processor, the terms and conditions of the retention periods and disposal of personal data will be determined by the Data Controller and laid out in their Privacy Policy.

As a Data Processor, Autonomic may facilitate the Data Controller’s data retention and disposal practices following the Data Controller’s instructions, according to the conditions set out in our service agreement and data processor agreement with the Data Controller, and in compliance with the applicable laws.

When this is the case, the data retention and disposal implemented by Autonomic as a Data Processor on behalf of the Data Controller is performed on the lawful basis of fulfilling our contractual obligations.

#Your data protection rights

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information.
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

The lawful basis for processing the personal data will affect which of the above data protection rights are available to you.

The right to erasure does not apply if we need to process the data to fulfil our legal obligations. In some cases where it may be in Autonomic’s legitimate interest, or contractually or legally necessary, we may only be able to pseudonymise or anonymise the data so that it is no longer personally identifiable and thus qualifies as data erasure. We also provide anonymisation as an option when users might prefer this over full erasure in certain contexts (e.g., chat or forum message threads), even if full erasure is possible.

The right to object to processing does not apply when the data is processed on the lawful basis of consent, to fulfil a contract, to fulfil our legal obligations, or on the basis of vital interests (i.e., to protect someone’s life). However, when the data is processed on the basis of consent you have the right to withdraw consent, and you always have the right to object to processing for the purposes of direct marketing, whatever lawful basis applies.

If we are processing the data on the basis of a contract with you, your right to object and right not to be subject to a decision based solely on automated processing will not apply.

We are not obligated to comply with requests for data portability if we process the data on the basis of legal obligation, vital interest, or legitimate interest. However, in many cases, the platforms we build and maintain allow users to download some of their personal data in portable formats even when we process that data on the basis of legitimate interest.

In addition to the above restrictions on data protection rights according to the lawful basis of the processing, other limitations and exemptions may also apply, as spelled out by applicable data protection laws.

Namely, we may refuse to comply with some requests if we can reasonably demonstrate that they are manifestly unfounded, or excessive, i.e., when:

  • the individual clearly has no intention to exercise their right to restriction. For example an individual makes a request, but then offers to withdraw it in return for some form of benefit from the organisation.
  • the request is malicious in intent and is being used to harass Autonomic with no real purposes other than to cause disruption.
  • it repeats the substance of previous requests.
  • it overlaps with other requests.

You are not required to pay any charge for exercising your rights.

If you make a request, the Data Controller responsible will have one month to respond to you.

For sites and platforms that Autonomic manages as the Data Controller, you can contact our Data Protection Manager to make any request relating to your data protection rights listed above. Otherwise you can submit a request to the relevant Data Controller, whose details will be provided in the Privacy Notice provided on the specific website.

In cases where we receive a request relating to a platform that we manage as a Data Processor and not as the Data Controller, we will immediately forward the request to the Data Controller, as they are responsible for dealing with requests relating to data protection rights.

Many of the websites and web services we build and maintain allow users themselves to directly download copies, amend, or delete their personal data and any content they have posted/uploaded. Guidance on how to do this will usually be included in the user documentation available on each platform. For sites directly controlled by Autonomic, users can also contact our Data Protection Manager to request guidance or implement your requests. Otherwise, you can send requests to the relevant Data Controller responsible for the site.

Please note, however, that:

  • on most of the platforms, you will need an active user-account and valid login credentials to access these personal data management options.
  • direct user access for such operations is not usually possible for user logs, change logs, server logs or analytics logs, but can be done for you by Autonomic staff or the relevant Data Controller or other Data Processors acting on their behalf.
  • it may not be technically possible to remove emails from email list archives (depending on the platform).
  • emails already sent, and the contents of messages sent/forwarded via emails already sent cannot be removed from recipients’ inboxes.
  • limitations may apply to requests for erasure, restrictions to processing, objections to processing, and downloads of portable copies of personal data, depending on the circumstances, type of data, purposes for the processing, and legal basis for the processing, according to data protection law. In certain circumstances we may have legal grounds to refuse to fulfil such requests.

If you wish to make a request, you can contact Autonomic’s Data Protection Manager in the following ways:

  • By email: boop@autonomic.zone
  • By post at the following address:

Autonomic Co-operative Limited

986 Pershore Road

Birmingham

B29 7PX

England

United Kingdom

User-posted content and media

Autonomic builds and maintains websites and cloud services (both as a Data Controller and on behalf of other Data Controllers) where you as a user may be able to send, post, upload, or edit content and media containing your personal data.

Autonomic may operate these online services directly, for our own business purposes (and thus act as a Data Controller), or we may build and maintain them on behalf of our clients and service users (where Autonomic thus acts as a Data Processor, on behalf of a Data Controller).

Users of these web services may include (but are not limited to):

  • Autonomic staff
  • Third-party service providers, contractors, advisers, consultants, experts, and data processors working on Autonomic’s behalf
  • Autonomic’s direct customers and service users, and more generally, businesses and organisations with which we do business
  • Staff, third-party service providers, contractors, advisers, consultants, experts, data processors, agents and representatives working on behalf of the direct client or service user for whom Autonomic has built and/or maintains the platform.
  • Members of the general public, for publicly available website content.
  • The user account holders, members, subscribers, service users or customers of the direct client or service user for whom Autonomic has built and/or maintains the platform.
  • Public authorities when legally entitled to gain access

Other users will usually be able to see and download content that you post, upload or edit on these platforms. Please only post content you are comfortable sharing with these audiences.

These audiences may be limited only to other account users, or subscribers, or specific message recipients in the case of platforms accessible only to password-protected user accounts, or online messaging tools, emails or email lists. However, keep in mind that there always exists a risk that other users’ accounts or emails could be hacked when users don’t practice good operational security, thus allowing unauthorised third parties to see the content that you post, upload or edit on a platform. In the case of posts or comments you make on publicly accessible websites, the audience could be anyone on the internet.

If you upload images to the websites and web-services we maintain, you should avoid uploading images with embedded location data (EXIF GPS) included. Other users can download and extract any location data contained in image files.

Please note that once you have sent an email, message, or post via any of these platforms, the recipient(s) of that message/post, including the subscribers of any email list(s) you post to, will be able to read that message/post and download its contents. In the case of emails sent via email clients or email lists, this cannot be undone and it may not be technically possible to delete emails from an email list’s message archive.

By default, after the relevant data retention period expires, we will anonymise rather than delete logs of your activities on web services we operate as a Data Controller, as well as any contents that you have sent, posted or uploaded via these platforms.

We retain this data in a personally identifiable format for a set period even after you no longer have direct access to the data as a user, and only anonymise the data after that period expires. Please see the section titled How long we store your personal information for further details about our data retention policy.

For certain sets of this data, you may be able to delete or anonymise the contents yourself directly, while you still have user access, or at any time ask Autonomic to delete/anonymise the data for you. Please see the section titled Your data protection rights for further details about this, including possible limitations to your right to erasure.

Where Autonomic is not the Data Controller and acts as a Data Processor, the terms and conditions applying to user-posted content and media will be determined by the Data Controller and laid out in their Privacy Policy.

As a Data Processor, Autonomic may facilitate the Data Controller’s policy on user-posted content and media, following the Data Controller’s instructions, according to the conditions set out in our service agreement and data processor agreement with the Data Controller, and in compliance with the applicable laws.

When this is the case, actions implemented by Autonomic as a Data Processor on behalf of the Data Controller are performed on the lawful basis of fulfilling our contractual obligations.

#Users’ responsibilities.

All users of online platforms and web services directly controlled by Autonomic will be expected to abide by the terms of this Privacy Notice where it outlines or implies responsibilities incumbent upon users, as well as all other applicable Terms of Service / Terms of Use.

Likewise, all users of platforms and services built and/or maintained by Autonomic but controlled by another Data Controller will be expected to abide by the terms of the Privacy Notices and all other Terms Of Service / Terms Of Use applicable to those services.

Links to the applicable Privacy Notice and Terms Of Service / Terms Of Use will be made available on each site.

In particular, the following will be expected of users:

  • That they shall not post content revealing someone else’s personal data without their prior consent.
  • That they will respect other users’ privacy rights and legal rights and not use the platforms in ways that breach anyone’s privacy and legal rights or breaks data protection laws or any other laws.

Additionally, when using a platform built and/or maintained by Autonomic, all staff and data processors working on behalf of the Data Controller responsible for a platform will be expected to abide by the terms of relevant Data Processor Agreements with the Data Controller, as well as all other applicable Data Processor Agreements, service agreements, contracts and Data Controller policies.

The Data Controller responsible for an online platform will retain the right to revoke a user’s or data processor’s access to the platform if a breach of terms is suspected or it is deemed necessary to ensure data security or protect personal data.

#How to complain

If you have any concerns about our use of your personal information, you can contact Autonomic’s Data Protection Manager if you have any questions or wish to make a complaint:

  • By email: boop@autonomic.zone
  • By post at the following address:

Autonomic Co-operative Limited

986 Pershore Road

Birmingham

B29 7PX

England

United Kingdom

You can also complain to the UK Information Commissioner’s Office (ICO) if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

#Amendments to this policy

We may amend this policy at any time by posting a revised version on the website at https://autonomic.zone/