Privacy

1.0 OUR CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION

  • User privacy and data protection are core principals
  • We have a duty of care to the people within our data
  • We loathe spam as much as you do!
  • We will never sell, rent or otherwise distribute or make public your personal information
  • 2.0 RELEVANT LEGISLATION

    Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:

  • UK Data Protection Act 1988 (DPA)
  • EU Data Protection Directive 1995 (DPD)
  • EU General Data Protection Regulation 2018 (GDPR)
  • This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact us at privacy@the-scan-station.com for clarification.

    3.0 PERSONAL INFORMATION THAT THIS WEBSITE COLLECTS AND WHY WE COLLECT IT

    This website collects and uses personal information for the following reasons:

    3.1 Site visitation tracking

    We use a service called MixPanel to track interactions and journeys through this website. This simply tells us how many people are using the system at any time so we can tune our resources to match. It also tells us what functions are being used most often so we can concentrate our resources on these functions, or improve other less well used functions.

    We also record your approximate location (Town), browser type and version, and IP address. This helps us understand where people are using our systems from, and which browsers we need to support.

    We consider MixPanel to be a third party data processor (see section 5.0 below).

    MixPanel makes use of cookies. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.

    We send information to MixPanel via another service called Segment.io. This simply allows us to log generic packets of information and direct them to other services. It does not store the information, just acting as a conduit. The services it sends data to are MixPanal, Google Analytics and Google BigQuery.

    BigQuery is a cloud-based database which can store structured data. It stores the same data as MixPanel but over a longer period of time. We store this data for a period of 5 years and it helps us understand trends in usage of the system.

    Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.

    Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this.

    GA makes use of cookies, details of which can be found on Google’s developer guides. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.

    We consider Google to be a third party data processor (see section 5.0 below).

    We store a reference to the last image you viewed in a cookie. This enables the system to open back at that location so you do not need to find it again.

    We also store a login token which expires after 60 days, which means you will not need to log in with a user name and password (unless you choose the Log Out option in the system) each time you use the system. If you are using a shared computer we recommend Logging Out of the system when you are finished with it, which will clear the login token cookie.

    3.2 User Accounts

    We store your user account name (usually an email address), password, and organisation name in our central accounts database server. We use this to authenticate access to the system and provide you with a means to change your password from time to time. Your passwords are encrypted one-way i.e. once encrypted there is no way to un-encrypt them. To check passwords for logins, we compare the encrypted password and an encrypted version of what you enter in the password box. This is why we cannot tell you what your password is (we have no way of finding out), but we provide a function for you to change it.

    We store your Organisation as that enables us to provide access to certain projects based on membership at an organisation level. Your Organisation is usually the company you work for but it can be any arbitrary grouping e.g. A Project Name.

    3.3 Access Requests

    If you click on the *Request an invite* button on the login page, you will be asked to enter some information about how we can contact you, and what industry sector you are in. We use this information to better respond to your request, linking you with the most appropriate contact to help you sign up for an account.

    If you are successful in getting an account, your contact information (Name, Email) will be transferred to User Accounts database (see above), and any ancillary information such as industry sector will be deleted.

    If you are unsucessful, or it's taking a while to convert your request, we will keep the request information for up to 12 months to enable us to follow up if necessary. After 12 months, this information will be deleted from our servers.

    4.0 Your Rights

    Under the GDPR, from the 25th May 2018, you have several rights:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review: in the event that Organisation Name refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 3.6 below.
  • If you wish to exercise any of these rights please contact us on privacy@the-scan-station.com.

    5.0 ABOUT THIS WEBSITE’S SERVER

    The applications are hosted on servers in our Co-Location suite of Zen Internet in Rochdale, with additional processing served from Digital Ocean servers hosted in London.

    Depending on the project, the Image data and some Mapping Data is stored in Rochdale, or Google Cloud Storage based on servers in London or Paris. In either case, the data is stored in encrypted form on the servers. It is decrypted when served to your browser (also via encrypted http protocols).

    All traffic (transferral of files) between our applications and your browser is encrypted and delivered over HTTPS.

    6.0 OUR THIRD PARTY DATA PROCESSORS

    We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0.

    All of these third parties are based in the USA and are EU-U.S Privacy Shield compliant. Although these are US companies, we make use of their storage facilities based in the UK where available.

  • Heroku, GDPR Policy Privacy Shield Registered
  • DropBox, Privacy Policy Privacy Shield Registered

    7.0 DATA BREACHES

    We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen, and there is a high likelihood or severity of the resulting risk to people’s rights and freedoms.

    8.0 DATA CONTROLLER

    The data controller of this website is: RSK Orbital limited, a UK Private limited Company with company number: 3686187

    Whose registered office is:

    2 Old bath Road
    Newbury
    RG14 1QL
    Berkshire

    And whose operating office is:

    Barbour Square
    High Street
    Tattenhall
    CH3 9RF

    8.1 Contact

    Contact us for more information at privacy@the-scan-station.com

    9.0 CHANGES TO OUR PRIVACY POLICY

    This privacy policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates are mentioned in the change log below.

    9.1 Change log
  • 26 Feb 2018 V2.0 Rewritten in compliance with GDPR regulations