Privacy Policy

This document is intended to provide information to participants whose personal data is being collected, used and shared by the project. Participants are people who have signed up to the air quality project and have agreed to use an air quality sensor. This information should help participants make a more informed choice as to whether to participate or not, and answer questions they may have about the project.

 

What is the purpose of this document?

This document is intended to provide information to participants about Bristol Approach to Citizen Sensing’s approach to collecting, using and sharing personal data about them, as part of the Air Quality project, so that they can make more informed decisions about data.

 

 

Table of Contents

Goals

Data terms

Data collection

Data use by project partners

Data sharing beyond project partners

Publishing open data

Reporting concerns

Your rights

Responsibilities

Other information

 

 

 

 

Goals

The goal of this project is to provide citizens with the tools and information to monitor air quality using accessible technology.

By collecting data about participants, we will be able to monitor levels of air pollution in Bristol.
By sharing some data about participants, we’ll be able to do comparisons about air quality levels more effectively than just using individual data.

By publishing some anonymised data as open data, we will show other citizens the extent of air quality problems in Bristol, whilst protecting the privacy of participants.

Roles of project organisations
The Bristol Approach to Citizen Sensing Air Quality project is carried out by a group of organisations working together.

Knowle West Media Centre is responsible for coordinating the project, ensuring the right participants are recruited and to help them understand the data.

Data Unity provides the platform on which collects and processes sensor data and displays results in data visualisations. Data Unity acts as a data processor under GDPR.

University of the West of England provides the sensors which collect the air quality data.

 

 

Data terms

This section lays out the data terms used in the document in clear and simple language to help readers understand these terms.

Terms defined here are used in this document to explain the different types of data and the types of access that is given to data. Common definitions have been taken from the ODI’s data lexicon.

 

 

Access to data

Data can be defined by the level of access, the ODI has created the Data Spectrum to explain these different levels of access.

Personal data is data from which a person can be identified is personal data.

If data can be combined with other information to identify a person, that data will still be “personal data”.

Closed data is data that is only accessible to one person or organisation.
Shared data can take multiple forms, three are:
Named access – “data that is shared only with named people or organisations”
Group-based access – “data that available to specific groups who meet certain criteria”
Public access – “data that is available to anyone under terms and conditions that are not ‘open’”
Open data is data that anyone can access, use and share.
A fuller and more precise definition is maintained by the Open Definition project.

 

 

Data processes

Data anonymisation is the process of turning data into a form which does not identify individuals and where identification is not likely to take place.

Data aggregation is the combination of individual data records into groups to avoid individuals’ data being identified.

 

 

Data categories

Registration information is the data participants provide when registering, which is necessary to take part in the project (e.g. name, email, address, etc.).

Self-reported information is data participants provide to the Knowle West Media Centre which is useful to the goals of the project but not necessary for taking part in the project (e.g. marital status, etc.).

Sensitive information is data participants provide to the Knowle West Media Centre which is considered ‘sensitive’ under GDPR, this data can be collected under either registration or self-reported category (e.g. ethnicity.).

Project generated data is data that is generated by participants through the project (e.g. sensor data, behavioural data, etc.).

Contextual data is data used by the project, from sources outside the project, which could be used alongside other categories of data to identify participants or their behaviour (e.g. geographic data, demographic data, etc.).

 

 

Data collection

This section lays out what personal data is being collected by the project and why.

Registration Information: Email addresses and names are collected once by Knowle West Media Centre as part of the registration process. This data is necessary for taking part in the project.

Self-reported information / Sensitive information: Information like marital status, age and ethnicity is collected by Knowle West Media Centre when participants sign up. This data is optional/required for the purpose of research.

Sensor data: Air quality readings (NO2), location (latitude and longitude) and time readings are collected by the UWE-Sense device. This data is required for the purpose of the project and research.

Log in data: We retain a reference to the participants log in account to allow secure communication between the UWE-Sense phone app and the server (Data Unity). The type of account reference will change depending on which log in provider is used, for example it could be a username or an email address.

 

 

 

Data use by project partners

This section lays out how the personal data being collected is going to be used to achieve the project goals.

Registration information is used so KWMC can identify potential participants. It is stored securely.

Self-reported information will only be used anonymously to show the impact Knowle West Media Centre projects are having on different groups.

Sensor data gathered as part of Bristol Approach to Citizen Sensing will be anonymised and aggregated by the data processors to provide a picture of air quality in locations across Bristol. The analysis will be done by members of the Bristol Approach to Citizen Sensing group using data analysis code to sum up the sensor readings.This will let us get a better picture of air quality in Bristol by providing readings in areas where there isn’t already coverage. This information will inform citizens so they can make better choices about the routes they travel along and how they can contribute to lowering air pollution.

 

 

Data sharing beyond project partners

The data wont be shared other than with the project partners.

 

 

Publishing open data

Currently we are not sharing the data with any other partners or platforms. If we share the data in the future it would not contain personally identifiable information, it will be aggregated and anonymised. We would release the data under a suitable Open Data license, like Open Government Licence.

 

 

 

Reporting concerns

This section lays out how participants can get in contact with the organisation to report concerns. It should also indicate how the organisation will alert participants to potential problems relating to personal data about them or system security.

If you have concern about how the data is being used, or have concerns about data breaches, please contact KWMC via this email form: https://www.bristolapproach.org/get-in-touch/

In the event of any problems around personal data or system security we will contact you using the email address provided during registration.

 

 

Your rights

Under the General Data Protection Regulation, you have explicit rights around data about you. To exercise these rights, you can follow the processes laid out here.

 

 

 

The right to be informed

You have the right to be informed about how personal data about you is being collected, used and shared. This document aims to provide much of the information you might want however if you have any specific questions you can use the contact form as described in the ‘Reporting concerns’ section above.

 

 

 

 

The right of access

You have the right to access the personal data about you held by the organisation.

Participants can access sensor data by logging into Data Unity and viewing the Device Dashboard. This will show the sensor data collected by their UWE-Sense device. Please see ‘The right to data portability’ below for more details about how to access the data.

Please use the contact form as described in the ‘Reporting concerns’ section above to access sensitive data held by KWMC.

 

 

The right to rectification

You have the right to rectify or correct personal data about you which the organisation holds if it is inaccurate or incomplete.

To rectify sensitive personal data, please use the contact form as described in the ‘Reporting concerns’ section above.

 

 

 

The right to erasure

You have the right to erase or remove data we hold about you.

Sensor data held on the Data Unity system can be deleted through your Data Unity user account. Backups may contain the data, but they will not be accessible to the software anymore (except in a case of needing to restore data if the system fails shortly after the participant deletes the data).

 

 

 

The right to restrict processing

You have the right to restrict or ‘block’ processing of personal data about you that the organisation holds.

Participants can remove themselves from sensor data processing by leaving the project.

To remove sensitive data from data processing, please use the contact form as described in the ‘Reporting Concerns’ section above.

 

 

 

The right to data portability

You have the right to port or transfer the personal data about you that the organisation holds.

You can download your sensor data from the Data Unity system and send it on to third parties. Please see the download links connected to your data sets.

Please use the contact form as described in the ‘Reporting concerns’ section to access any other data (like sensitive data).

 

 

 

The right to object

You have the right to object to the use of personal data about you that the organisation holds for specific purposes, including direct marketing.

To stop the use of personal data please use the contact form as described in the ‘Reporting concerns’ section.

 

 

 

Rights in relation to automated decision making and profiling.

You have a set of rights around automated decision making involving the use of personal data about you that the organisation holds.

Currently we don’t use your data for automated decision making or profiling.

 

 

 

Responsibilities

The Data Controller is Knowle West Media Centre, they can be contacted by using the contact form as described in the ‘Reporting concerns’ section above.

Knowle West Media Centre will act as a Data Processor for personal information to make sure the project is reaching the right people and to enable effective communication with participants. Knowle West Media Centre will take care to keep the data private.

Data Unity acts as a Data Processor to store and process sensor data. Data Unity will ensure the personal data about participants is secure by keeping it on a locked down server and carrying out data communication out over secure SSL connections.

 

 

 

Your responsibilities

Take care to keep any passwords safe. Use strong passwords that include a mix of letters, numbers and symbols. Don’t leave passwords in obvious places.

Ensure any devices you use to interact with Bristol Approach to Citizen Sensing systems are secure.

Only access the data on trusted, secure devices.

Keep antivirus software up to date and install the latest security updates for your operating system.

Follow guidance from security experts, like the National Cyber Security Centre – https://www.ncsc.gov.uk/guidance

and 1Password –

https://blog.1password.com

 

 

Our responsibilities

We take data management seriously and endeavor to keep your data as secure as possible.

Data Unity will keep sensor data behind password protected areas online on a secure server and use https to encrypt data when it’s transferred from our systems to you.

 

 

 

Third party responsibilities

The data wont be shared other than with the project partners.

 

 

 

Other information

In regards to contextual data, we will be using data from Bristol’s Open Data Platform.

 

 

 

Data retention policy

Anonymised data will be stored indefinitely after the end of the project to keep a historical record of air quality in Bristol.

Sensor data will be stored in protected Amazon S3 buckets and on a secure Data Unity server.

Sensitive information (such as gender and ethnicity) will be kept securely at Knowle West Media Centre indefinitely.

 

 

Related documents

No other data policies at present.

 

 

 

Data impact assessment

No privacy impact assessments published yet.

 

 

Updates to this policy

We will review the policy on each new phase of the project when new data might be added, or the data used in new ways.

Legal changes in data protection might cause us to adapt our data policy to comply with new rules.
We will review our procedures in the event of a data breach to work out the best way to protect data going forward.

We will contact the participants in the event of any of the above.

Share This

Enter your keyword