Privacy Policy

Top View of an Old Boat Sunk in the Sea

This privacy policy sets out how the Cultural Heritage Framework Programme uses and protects any information that you give, or information we collect when you use this website.

Cultural Heritage Framework Programme is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, share information or when you correspond with us, then you can be assured that it will only be used in accordance with this privacy statement.

Cultural Heritage Framework Programme may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

You can revisit and change your current cookie settings here:

If you have any questions about this policy please contact Cultural Heritage Framework Programme contact by email at Georgia.holly@ed.ac.uk 


Who are we?

Throughout the site, the terms “Cultural Heritage Framework Programme ”, “CHFP ”, “we”, “us” and “our” refer to Cultural Heritage Framework Programme  (www.oceandecadechfp.org).

Cultural Heritage Framework Programme is cis coordinated by the University of Edinburgh on behalf of the Ocean Decade Heritage Network (ODHN-UK). ODHN-UK is a registered Scottish Charitable Incorporated Organisation (SC052384).

Address:
University of Edinburgh
Old College
Edinburgh
EH8 9YL

CHFP is an official action of the United Nations Decade of Ocean Science (2020-2030), and aims to integrate cultural heritage into the ocean decade, and beyond.


What is a data controller?

‘Data controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by law.

Our data controller is the University of Edinburgh’s Data Protection Officer – Email: dpo@ed.ac.uk

Governance and Strategic Planning
University of Edinburgh
Old College
Edinburgh
EH8 9YL

https://www.ed.ac.uk/data-protection/notice


What is a data processor?

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.


Personal data we collect

What is personal data?

Personal data’ means any data that may identify you. Different pieces of information, which when collected together can lead to the identification of an individual, is also personal data. We collect the personal data that is needed for us to carry out the services requested, improve our services, maintain our accounts and where we are required by law.

You may provide personal data to us when use our online contact form,, register as a user on our site and enter details into your profile, or when you engage in our services. This personal data may include name, age, phone number, address, gender and any correspondence when you contact us.

Personal Data may also include Imagery, photographs, design files, trade secrets, documents, spreadsheets and sensitive data such as usernames, passwords and financial information. If you have hired us to provide services, or when we have been hired to work together with other service providers, we will need to collect personal data from you in order to carry out these services.

We know that our users care about how their personal information is used and shared, and we take your privacy seriously. We want you to know that we do not sell, rent, or trade our email lists or information with other companies and/or businesses for marketing purposes.


Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

Visitor comments may be checked through an automated spam detection service.


Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


Registered users

If you request a password reset, your IP address will be included in the reset email.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.


Cookies

As most of the online services, our website uses first-party and third-party cookies for several purposes. First-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.

The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.

To learn more about cookies and the ones we set on our website, please visit our cookie policy here


How do we use your personal information?

  • We use personal data provided to us for the purposes of carrying out our business and services, and to keep our clients up to date with important information related to these services.
  • We will use this data in a transparent manner, using a common sense approach and only on lawful grounds.
  • Internal record keeping.
  • We may use the information to improve our products and services.
  • To make suggestions and recommendations to you about goods or services that may be of interest to you.
  • On occasion, we may send marketing communications related to the services we provide.
  • Where we are required by law to keep accurate and up to date records of our business accounts and transactions. When you work with us, you may be added to our accounting system.
  • As required by any other applicable laws or legal requirements in connection with records retention or for internal administrative purposes.
  • We use Google Analytics data to measure website traffic and the success of the website.
  • Third party suppliers – In order to carry out the daily running and operations of our business, we may need to disclose your personal data to other businesses or third party suppliers. For example, these may be other sub contractors, online systems and software applications.
  • Visitor comments may be checked through an automated spam detection service.

Accuracy & relevance

We will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.


Security

We take the security of your personal information seriously and will endeavour to keep your personal details safe at all times. We have put in place suitable physical, electronic and managerial procedures in an attempt to safeguard and secure the information we collect online.

All traffic between this website and your browser is encrypted and delivered over HTTPS.

There may be instances where data is transferred outside the UK. For example, Some of the third party vendors we use to supply us with services, use servers outside of the UK and EU. These are respected vendors who have been chosen carefully and uphold rigorous privacy laws.

There may also be occasions where we will travel outside of the United Kingdom and work whilst doing so. Regardless of location, the security of your personal information will always be taken seriously and will only be accessed by us. Regardless of location, the data will only be collected and processed as outlined in this policy.


Your rights

Where we are using your data under consent, you have the right to withdraw that consent at any time. You also have the right to ask us to stop using your personal data for marketing purposes. You are entitled to view, amend or delete the personal information we hold on you. Please contact us by email at dpo@ed.ac.uk  if you would like to do this.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.


Data retention

Personal Data collected shall be processed and stored for as long as required by the purpose it has been collected for.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Funded by

Partners