These policies cover the website platform policies.
The platform hosts multiple sites.
Our platform & website address is: https://sketchery.uk.
Projects Point is wholly owned and operated by Get the Point Ltd, which is registered with the UK’s data protection body: ICO.
Please note website owners may have their own detailed website policies, depending on which tools they deploy, which may run alongside any organisational policies they may operate governing information security, data protection, and direct marketing, as well as privacy.
We do not have control over site owners individual policies, which may allow them under a range of circumstances, to collect additional personally identifiable information both within and outside of their website and our platform.
We just ask our site owners to adopt our policies and overlay them with their own.
What personal data we collect and why we collect it
If Comments are Enabled
When visitors leave comments on our sites, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string, to help spam detection.
If you use Gravatars and have it activated, an anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it.
If User Generated Media are Allowed
If you upload images to the website, you may wish to avoid uploading images with embedded location data (EXIF GPS) included.
Visitors to the website can download and extract any location data from images on the website.
If Contact Forms are Used
If you use a contact form, the data will be stored transiently on the site owner’s website, until such time as they delete the feedback form information.
We would encourage deletion of general enquiries after a period of a month, mainly as a backup record as an email should be fired to the site owner and stored in their email database.
Contact forms are filtered for spam detection purposes.
Typically a contact form will contain personal information such as an email address, name and surname, and the contents of the request form and an IP address, though for many users this will be generic.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites, including social media
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Some of our websites may use email newsletter services, such as mailchimp, which from 25th May should contain additional consent options for direct marketing purposes.
Third Party Software
If you’d like to use third party plugins, extensions, themes that enable services provided by third parties, or other third party software, please keep in mind that when you interact with them you may provide information about yourself (or your site visitors) to those third parties.
We don’t own or control these third parties and they have their own rules about collection, use and sharing of information, which you should review.
Visitors to Our Users’ Websites
We also process information about visitors to our users’ websites, on behalf of our users and in accordance with our user agreements.
If you’d like, you can also read more about the data we collect on behalf of our users in our Privacy Notice.
Who we share your data with
We use Google Analytics and WordPress.com to gather statistics, which are depersonalised / anonymised.
Projects Point has set the retention policy to 38 months.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our websites (if any), we also store the personal information they provide in their user personal profile.
All users can see, edit, or delete their own personal information at any time (but they cannot change their username).
Website administrators can also see and edit that information, as can the superadmin.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you.
This does not include any data we are obliged to keep for administrative (e.g. bookings), legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service, Akismet, which is operated by the good folks at WordPress.
Your contact information
If you have a question that cannot be addressed by the individual site owner, please contact email@example.com
How we protect your data & information management
Like many small businesses, we use secure gmail for email communications, which is linked to our network of computers and to phone apps (see also what we have said about Whatsapp). We use 2-factor authentication to login to business accounts.
We use a variety of cloud based storage solutions, including dropbox, Google Drive and Bt Cloud and take the utmost care to protect these devices from misuse or abuse, to always share business documents between such devices responsibly and discriminately and understand the consequences of sharing carelessly.
We do not use facebook or twitter to login to any other accounts, but our instagram automatically posts to twitter.com, but as we have indicated we do not share any customer information via these platforms.
We encourage our website owners to use unique passwords, and encourage them to employ 2 factor authentication with associated services e.g. wordpress.com, google etc.
Our websites are secured by SSL security certificates issued by LetsEncrypt.
Our servers are run on a cloud platform in the United Kingdom, by a very professional and dedicated tech company called Bytemark with data centres in Manchester and York.
The operating system processes keep an eye on most things, including connections and will blacklist suspicious traffic.
We monitor system performance (such as memory usage, incoming and outgoing connections and CPU, which can alert us within minutes of abnormalities. We avail ourselves of the free services of Pingdom and TrueSight.
We use a number of tools to keep our sites protected from hackers, that automatically throttle or ban bad IP addresses, bots testing our security and fraudulent attempts to login.
We also restrict outgoing connections to trusted sites, using a firewall, which can be helpful in the event of one our sites being compromised.
We keep all our plugins up to date, and at intervals run software audits to identify known problems.
We employ trusted software that is actively developed and supported in the Open Source community.
We operate a triple backup regime, whereby a snapshot of the server is taken daily. This retained for 4 days. We also take daily and weekly snapshots of the files and databases, with data retained over a period 10 weeks. Finally we run an incremental backup daily, which is auto pruned over a period of around 3-4 months.
What data breach procedures we have in place
We will assess the risk of the incident and put in place a plan to first protect user data, which in extremis may mean suspending the public facing website.
Having established the risk (likelihood of harm X magnitude of impact), we will endeavour to fix the immediate problem, via an update, patch, removal of offending code, suspending the compromised function while assessing the impact on user’s personal data.
If a personal data breach should occur, we would inform website owners first and discuss plans to inform their users of the breach. We might need to share salient details of the breach with the software community, but not the personal data itself. We would assess the need to share details of the breach with the relevant authorities.
What third parties we receive data from
See Analytics section above.
What automated decision making and/or profiling we do with user data
Spam detection, using Akismet.
Industry regulatory disclosure requirements
Get the Point Ltd is registered with the ICO.