Managing your Privacy and handling your Data
Version OT1, 21/03/18, S.Sass Oregon Technology Ltd.
PostMood.com is owned and managed by Oregon Technology Ltd.
Here at Oregon Technology we have always been the “good geeks” in terms of how we approach your personal data and profile. After all, providing you with a snapshot of how you come across online and a personalised privacy score was our first web release back in 2016. It’s important to us that the public gain a full understanding of the data required to produce an online profile (a happiness guide for instance) and what we do with the related data during and after that profile has been given to those who sign up to our website. We hope this document make’s everything clear. We’ve won lots of awards for playing our little part in global happiness.
Here are links to the sections of this document...
- Questions we ask ourselves at Oregon Technology
- Do I really need this information about an individual?
- Do I know what I’m going to use it for?
- Do the people whose information I hold know that I’ve got it, and are they likely to understand what it will be used for?
- Am I satisfied the information is being held securely, whether it’s on paper or on computer
- Am I sure the personal information is accurate and up to date?
- Do I delete/destroy personal information as soon as I have no more need for it?
- Is access to personal information limited only to those with a strict need to know?
- If I want to put staff details on our website, have I consulted with them about this?
- If I use CCTV, is it covered by the Act? If so, am I displaying notices telling people why I have CCTV? Are the cameras in the right place, or do they intrude on anyone’s privacy?
- If I’m asked to pass on personal information, am I and my staff clear when the Act allows me to do so?
- Would I know what to do if one of my employees or individual customers asks for a copy of information I hold about them?
- Who are we?
- What about that scary company that got loads of data from everyone
- Data storage
- Your rights as a data subject
- You can request the following information:
- To access what personal data is held, identification will be required
- Complaints / Requests
Setting the standard for the sector
We encourage all developers in the social psychometrics sector to follow certain guidelines that go above and beyond the requirements of legal data protection and administration. To this extent, although we are not required by law to comply with some regulations designed for big companies, as we employ only a small number of people, we follow the same process and publish the same documentation anyway, voluntarily. To make things even clearer for users, we follow a checklist provided by the ICO (Information Commissioner’s Office) - the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Our team loves simplicity. We dislike complex forms and conditions lists. It’s our opinion that they are hard to understand for general users. So, although those are also available and published in accordance with GDPR (General Data Protection Regulation), we also present you with this checklist below, which we hope is amongst the most transparent and fair of any company operating online:
When providing PostMood.com, the ‘happiness tracker’, a website owned by Oregon Technology Ltd (based in Cheltenham, UK) we ask ourselves the following:
Questions we ask ourselves at Oregon Technology..
Do I really need this information about an individual?
The goal of the website is to provide the user with two things. The first is an ongoing diary of their personal happiness, as measured according to their Facebook posts and voluntarily marked by users on a diary that we provide. The second goal is to provide the user with their online personality profile. This is made by studying the user’s Facebook posts. To access these posts we comply with the Facebook API terms and conditions and study them as soon as you authenticate< our access at login. We don’t need or want access to your Friend list or Like’s list (unlike some other naughty projects) so we simply don’t request them. Our homepage accurately describes that we will base our ‘happiness’ and ‘personality’ report on your Facebook posts. And once we churn through the posts, we turn them into numbers (such as “50% happy”) and then we discard them. Simples!
Of course we also need to access your profile- your name and login, so that you can join. Again we ask for the minimum data required by the Facebook API. When you’re logged in, the only ongoing storage of this information is a user token/cookie to make sure you are you! When we store data ongoing, personal identifiers are removed. For example, our boss is not known as Alex in the database, he becomes a random spill of numbers User: iwjhw7. His posts are discarded and we can’t re-gain them unless he was to rejoin the project again and get a new personality & happiness report for himself. We don’t track his emotions, or yours, or anyone’s into the future, only when you join or login-again voluntarily. That’s what you should ask every website to do, really. Compile whatever it is you’ve asked or paid for and then delete what they don’t need or never request it in the first place. It’s just common sense.
Do I know what I’m going to use it for?
Yes, on PostMood.com it’s clear what we’re going to do with the data we collect and analyse. On the homepage the headline states “Analyse your personality and track your mood with PostMood”. We also state on the homepage and on every page “We want to study global happiness and personality. To do that we’re going to be looking at regional scores across all members! We won’t be able to see your personal posts, social media timeline or even your name when we do that but we think it’s worth it for the sake of mankind.”
It’s clear and transparent that what we’re going to do with the data is construct a mood profile and a personality score, give it to the user, anonymize it completely and then store some average numbers for loads and loads of bigger happiness and personality studies. Yes it’s true that at some point those studies (be it the happiness level of the whole world or the personality of one particular group) might be valuable and that’s how we’ll cover our costs. Again though, the studies can’t identify you. You’re just numbers and averages within your sector or region. And those who read the studies cannot send you any direct marketing material, it’s simply impossible as we have no way to store your identity. The processing of the posts to turn them into personality and happiness scores is handled by IBM Bluemix, a very powerful Artificial Intelligence system that is secure in its own right and has its own GDPR / data privacy policies- some of the strongest available of course.
We’re confident that the user understands what we’re using the data for and why we offer to publish it to both them and bigger happiness reports.
Once you log-out, that’s it. The user’s social media posts are non longer in our hands and are not recorded beyond the analysis point. You’ve pretty much quit the system, save for some cookies like those from Google Analytics (which tracks numbers for our web people, like how many visits we’ve had). You don’t even need to tell us to delete your data if you no longer want a profile. If you don’t log in again, we simply don’t have it. And every time after that, we delete your personal identification too. Neat, huh.
Do the people whose information I hold know that I’ve got it, and are they likely to understand what it will be used for?
Yes, we’re confident that our homepage fully explains that they will get a personality and happiness report and that average sums will be recorded for use in bigger happiness and personality studies. In fact, we’ve made the science of personality studies really simple for the first time. We’ve invested many months of work into making sure the personality report you get is easy to understand and actually valuable to every user. You can see every result of our study- every score. It’s for you to use in the search for a happiness balance for everyone.
Am I satisfied the information is being held securely, whether it’s on paper or on computer?
Yes, we’re very proud of our security systems. It’s all stored on Amazon servers (some of the most secure in the world) and we have really good firewalls in place (tech to stop naughty people doing naughty things). Plus, our team have special keys to login to the “back end”, so even that is very tightly controlled.
Am I sure the personal information is accurate and up to date?
Well, we don’t store personal information. We don’t keep your email on a marketing list for example. We wanted to, to inform you of updates on the website but on reflection we thought that sort of thing might get annoying. The screenshot of your happiness scores and personality (the pure numbers, not any posts or names) is accurate at the time we do it for you and record it to the global studies. It isn’t tracked forward from there. It’s not “up to date” because when you log-out, we stop looking.
Do I delete/destroy personal information as soon as I have no more need for it?
Yes, we do. It’s essential and the safest way to operate any website. We only store numbers. The results of math.
Is access to personal information limited only to those with a strict need to know?
There’s nothing scary to share but even so, yes, even the code that makes our website work is controlled by a strong level of security. Deletion of back-ups is also documented. Only our Data Officer controls your login.
If I want to put staff details on our website, have I consulted with them about this?
Yes, we sure have. As our team is tiny, it’s not a hard process. The project is controlled by Alex Sass and coded by Harry Spink (who is also our data officer). Their personal phone numbers or emails are not published of course. However, if you want to chat to them, you can do so our Facebook Page!
If I use CCTV, is it covered by the Act? If so, am I displaying notices telling people why I have CCTV? Are the cameras in the right place, or do they intrude on anyone’s privacy?
We don’t use CCTV at our offices. We have it in our homes but that’s just because we love gadgets. Have you checked out the Arlo system? It’s brilliant! However, it’s mainly used to keep an eye on the dog. Sorry to be flippant but this one isn’t a worry.
If I’m asked to pass on personal information, am I and my staff clear when the Act allows me to do so?
Yes. Although we don’t store anything that would be useful to them, we know that we would have to hand over the random data we have to the police if formally asked to do so. Or to Facebook if they wanted to check that we are still being as clear and transparent as we say we are. Happiness and Personality scores are passed on to our studies with no personal identifiers. They are just our interpretation of the world.
Would I know what to do if one of my employees or individual customers asks for a copy of information I hold about them?
Yes, we would. We don’t hold personal information in the traditional sense. A customer could ask for their profile (but it’s displayed on screen to them and only them so there’s not really any other way to show it to them besides inviting them to log-in again). The rest of our data is just random words and numbers with no personal ID, so we couldn’t share “one person’s data” back to them in any meaningful way apart from what they see on screen, which is more than we store.
Who are we?
PostMood.com is owned by Oregon Technology Ltd, a company registered in the UK. It was named after the Oregon Studies- a library of free info on psychology. Oregon Technology Ltd is owned by two people, both of whom reside in the UK.
Oregon Technology Ltd provides average regional or topic based personality and happiness studies to interested parties worldwide. They are mainly used to see the differences in personality or happiness between two regions or sectors. We sometimes charge for our reports and hope to make a profit doing so, eventually. We have one full time employee and one freelancer.
What about that scary company that got loads of data from everyone?
We are not them but we know who you mean. They were accused of scraping data from the friends of Facebook profiles and taking lists of their likes. We think this is the problem- they appear not to have asked or made it clear they wanted to poll all your mates. We don’t do that. It wasn’t even possible anymore when we launched. We believe that seeing how you come across online and seeing how your emotions shift over time is useful to you and a beneficial part of holistic happiness. The stuff we keep after we’ve provided that to you is just numbers for the sake of comparisons of regions and sectors. Hopefully there is a commercial need for studies on regional and topic based happiness / personality but we are not in the business of making you vote Trump. We are good geeks.
Data is held using different (multiple) servers, usually at the Amazon facility.
Amazon Web Services is a subsidiary of Amazon.com that provides on-demand cloud computing platforms to individuals, companies and governments, on a paid are testing new website systems (and in full accordance with the same data protection policies).
Your rights as a data subject
At any point whilst Oregon Technology is in possession of or processing your personal data, all data subjects have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you. Remember that this is very minimal. Once your profile is subscription basis. It is also held in the UK on local development machines when we produced, your personal ID is discarded. What you see on screen will be all that is personally linked to you. Beyond your log-out, only averages are stored and these cannot be traced to an individual user.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete. Such as updating your login email by changing it on Facebook (we use FB login).
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. Again, we automatically discard user identifiable data, so you are also in control of this by simply not visiting the site.
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing. We don’t do anything you’d object to (as our core mission is displayed on the homepage and no commercial decisions are ever made about an individual). However, the right is yours!
- Right of portability – you have the right to have the data we hold about you transferred to another organisation. However we use FB login, so it is already transportable.
- Right to object – you have the right to object to certain types of processing such as direct marketing. We will not use direct marketing as a general rule but if we did in the future, we’d ask your permission first.
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling. We generate a profile of your happiness and personality as the core offering. To object to this, do not login to the website (in the first instance or again). The profile is of course automated, using classifiers described in this document. Beyond this, your ID is not kept—you are math.
In the event that Oregon Technology refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
Oregon Technology at your request can confirm what information it holds about you and how it is processed.
You can request the following information:
- Identity us and how we have determined how and why to process your data.
- Contact details of the data protection officer, where applicable (on this document).
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of Oregon Technology or a third party such as one of its clients, information about those interests. Again displayed here- we do wish to study the happiness and personality of the world on a regional or sector basis. Our findings do not identify individual users and our reports are interpretations / math.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to. Again user data will not be shared or disclosed as per our policy.
- How long the data will be stored. Again, only for the time it takes to process.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority (Data Protection Regulator)
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
To access what personal data is held, identification will be required
Oregon Technology will accept the following forms of ID when information on your personal data is requested: a copy of your national ID card, driving license, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If Oregon Technology is dissatisfied with the quality, further information may be sought before personal data can be released. We are a very small company do will do our best to respond in timely manner.
Complaints / Requests
In the event that you wish to make a compliant about how your personal data is being processed by Oregon Technology or its partners, or have a request, you have the right to send this to Alex Sass, CEO. If you do not get a response within 30 days you can complain to the Data Protection Regulator.
The details for each of these contacts are:
Oregon Technology, attention of the CEO
c/o Harbour Key Limited, Midway House Herrick Way, Staverton Technology Park, Staverton, Cheltenham, Gloucestershire, England, GL51 6TQ
Data Protection Regulator
Harry Spink, lead coder, Oregon Technology Ltd [email protected]
Thank you for joining PostMood.com. If we can make the world just 1% happier through self awareness, we’ve done a very noble job.
Mr. S.A. Sass
Direct line- 0750 2345676 (always happy to waffle during working hours!)