This policy in 6 points:
- We collect a variety of personal data as part of the census, including sensitive special category data like ethnicity and sexual orientation. We do this as part of research about the space sector and how it can be improved.
- We also record anonymous information about you when you visit our website to assess visitor numbers. This information is not linked to your survey response. We do not use tracking or analytics software.
- We share some data with our partners and some data publicly, but never in a way that makes any individual identifiable.
- We take data security very seriously and do everything in our power to keep your personal information secure. We limit access to the people in our team who need it, we keep the amount we hold to a minimum, we try not to hold on to it for longer than is necessary, and we protect it with passwords and other security measures.
- You have the right to access and correct the personal data we store about you, to restrict what we do with it, and to ask us to remove it entirely.
This document may be updated from time to time by agreement of the Directors. We will notify you by email if we store your personal information and you will be affected by the changes.
Who is running this survey
The Space Skills Alliance
In this document 'The Space Skills Alliance', ‘SSA’, ‘the Alliance’, ‘we’, and ‘us’ refers to Space Skills Ltd, registered company number 12209851, represented by its Directors and employees.
We are the data owners and controllers. Our Data Protection Officer is Joseph Dudley.
If you would like to see this policy include something else, or have any questions, please email us at firstname.lastname@example.org. You can also raise data privacy concerns directly with the Information Commissioner’s Office.
The survey is being carried out in partnership with a number of organisations. We share some data collected in the survey with them, but never in a way that makes any individual identifiable.
What we collect
Requesting a reminder
When you request a reminder, we ask for your email address so that we can send you that reminder. We collect and use it under the legal basis of legitimate interest, and only in order to send you that reminder. Reminder emails aren’t linked in any way to census responses.
Completing the survey
The survey collects a variety of personal data about you and your job.
Some of the data is classified as ‘special category’ data under GDPR. Special category data is personal data that needs more protection because it is sensitive. The special category data we are collecting includes:
- personal data revealing racial or ethnic origin;
- personal data revealing religious or philosophical beliefs;
- data concerning health;
- data concerning sexual orientation.
As a result, we ask for your explicit consent to store and process your personal data.
This survey is anonymous, but your combination of responses might accidentally make you identifiable. For example if you are the only woman in your company, then if you tell us your gender and your company’s name then we might be able to identify you.
We will make no attempt to identify you unless you provide your email address for follow-up research.
You have the option of providing your email address in order to take part in follow-up research. As with all the questions in the survey, this is optional.
The exact follow-up research will depend on the results of the survey. If, for example, we found that Muslim men were reporting experiencing a lot of prejudice within the space sector, then we might want to interview some of them in order better understand this problem and how it might be addressed.
If you provide your email address, then your survey responses will no longer be anonymous, and we will look at your responses to understand what follow-up questions we might ask you.
We will use your email address only for contacting you about this survey. We won’t share your email address with anyone, add you to any mailing list, or retain your email address for longer than we need to.
After the research is done, we will destroy your email address, making the rest of your responses anonymous.
If you change your mind at any time about participating in the follow-up research, you can email us and we will delete your email address.
Accessing the website
We store up to two distinct kinds of records, explained below, when you access the survey website. The data is processed to compile statistical reports on website activity. It is not linked in any way to your survey response.
Our web server automatically logs all requests for webpages. This is standard procedure for most websites.
This means that whenever anyone or anything loads one of our webpages or submits data, the action will be logged. Each log entry contains the requester’s IP address (a kind of name computers use to identify each other), some details about the browser they are using, and the name of the page that has been requested (more information can be found here). All such logs are anonymous.
Server logs are stored by our web host on their servers. We rarely use full server logs, but from time to time they are analysed by our team to troubleshoot problems, particularly spam attacks.
Additionally we run our own logging system that operates in a similar way but only logs the visitor’s IP address and the details of the page they are visiting. All such logs are anonymous, and are stored in our database indefinitely.
We store a cookie on your computer when you complete the Census. This cookie does not identify you, and only serves to prevent you from resubmitting the Census form.
Tracking and analytics
We do not use Google Analytics or any other tracking software on the survey website, but we do on our main website.
How we store and protect the data
When you submit the survey, the data is stored securely in a password-protected database. Only we have access to this database.
We take data security very seriously and do everything in our power to keep your personal information secure.
- We audit our data to ensure we are keeping only information we need
- We carefully limit what can be accessed publicly, and protect the rest with passwords
- We use protocols such as HTTPS, Single Sign On, and Two Factor Authentication to minimise the chances of someone intercepting data or one of our passwords
- We monitor our servers and databases for suspicious activity
The webpages and databases are hosted on web servers owned and operated on our behalf by our hosting provider Heroku, a subsidiary of Salesforce. These servers store the files and database for our websites and provide them to website visitors and our team.
We may also transfer some or all of the data to Google Drive, a cloud storage service provided by Google.
We have a comprehensive action plan and checklist for data breach incidents. If we identify that personal data has been exposed, we will make this news public and notify any affected individuals. We will also act to identify the cause of the breach and take steps to prevent it from happening again.
How we use and share the data
When you provide your email address for a reminder, we keep it for the duration you specify and then send you a reminder email. Once that email is sent, we delete your email address.
Reminder emails aren’t linked in any way to survey responses.
Once the survey is completed, we will analyse the data to look for trends and test some hypotheses. The results of this analysis will be published in one or more reports, alongside recommendations for actions that the sector can take to make it a better place to work.
For example, if we find that most people enter the space sector because of an outreach interaction they had at school, we might recommend that more funding be put towards this kind of outreach.
Some reports will be public, others may only be shared with our partners. The survey data will also be published publicly, but it will first be processed in order to ensure that no individual is identifiable.
Your rights relating to your data are written into law under the Data Protection Act, and the General Data Protection Regulation. These are:
- The right to be informed – You have a right to be informed about how we collect, process, and store your personal data. This information is provided in this document.
- The right of access – You have a right to access the personal data we store about you.
- The right to rectification – You have a right to have inaccurate details corrected.
- The right to erasure – You have a right to have personal data erased.
- The right to restrict processing – You have a right to restrict the way in which we process your personal data.
- The right to data portability – You have the right to obtain the personal data we store about you in a structured machine readable format.
- The right to object – You have the right to object to the way in which we process your personal data.
- Rights in relation to automated decision making and profiling – This right does not apply as we do not engage in automated decision making or profiling.
To exercise any of the rights listed above, please email us including your name and outlining the ways in which you have interacted with us. You must also provide proof of identity, which can include sending the email from an address we have on record.