Information Security Policy
(link to Polish version here)
Pedestrian Space (also Urban Transit Lab) recognizes that the management of personal data has important implications for individuals and other organizations. Pedestrian Space believes that security is an integral part of the information sharing which is essential to our work and the policies outlined below are intended to support information security as laid out under the EU General Data Protection Regulation / UK Data Protection Act and Privacy of Electronic Communication Regulation.
Information security is defined as the preservation of confidentiality, protecting information from unauthorized access and disclosure, integrity, safeguarding the accuracy and completeness of information and processing methods, and making sure that information and associated services are available to authorized users when required.
Information exists in many forms. It may be printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films, or spoken in conversation. Appropriate protection is required for all forms of information for business continuity and to avoid breaches of the law and statutory, regulatory or contractual obligations
Protection of Personal Data
Pedestrian Space holds and processes information about survey and form respondents for academic, administrative and commercial purposes. When handling such information, Pedestrian Space or others who process or use any personal information, must comply with the Data Protection Principles which are set out in the Data Protection Act 1998 (the 1998 Act). Responsibilities under the 1998 Act are that personal data shall:
• be processed fairly and lawfully,
• be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with the purpose,
• be adequate, relevant and not excessive for the purpose
• be accurate and up-to-date,
• not be kept for longer than necessary for the purpose,
• be processed in accordance with the data subject’s rights,
• be kept safe from unauthorized processing, and accidental loss, damage or destruction
• not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data, except in specified circumstances.
Information Security Responsibilities
Pedestrian Space believes that information security is the responsibility of all members. Every person handling information or using information systems is expected to observe the information security policies and procedures, both during and, where appropriate, after his or her time with TSC.
This Policy is the responsibility of the Founder; supervision of the Policy will be undertaken by the Founder.
Pedestrian Space is committed to reviewing its policy and good practice annually. General Data Protection Regulations
Pedestrian Space is both a Data Controller and Data Processor.
It has appointed Annika Lundkvist as the Data Protection Officer (3rd December 2022).
Personal data records – audit
Pedestrian Space holds personal data on survey respondents, volunteers, staff and general contacts. These people may be located anywhere in the world including the EU.
We are committed to protecting your privacy and do not pass on any information to other parties. For the purpose of the EU General Data Protection Regulation, the data controller is Pedestrian Space, Cybernetyki 13/65, 02-677, Warsaw, Poland
General statement on use and storage of information
• We will only collect and retain relevant and essential data.
• We will store your information safely and securely, protecting it from loss, misuse, unauthorized access and disclosure.
• We will ensure that appropriate technical measures are in place to protect personal data.
• We will destroy your information securely when requested.
• We will work hard to keep your personal data up to date.
• We will comply fully with our obligations under the General Data Protection Regulation (GDPR).
What data do we collect?
The type of information that we collect and use is such as name, telephone numbers, email addresses and voluntary survey responses.
Why do we maintain this information?
We maintain this data because without it we would not be able to carry out the activities and programming that Pedestrian Space provides for its partners, collaborators and the public.
We’ll only use your personal data on lawful grounds as permitted by the EU General Data Protection Regulation.
We do not share data with third parties. We do not sell, trade or rent your personal information to others.
Your privacy is important to us, we keep your details secure. Should you wish for us to cease to hold your personal information, you have the right to instruct us accordingly and we will delete your information.
Newsletter and notice – platform
When subscribing to our mailing list, we ask you to provide your name and email address.
We use this information to tell you about our news notifications of programming and events.
We may also use your personal information to inform you by email of other events or activities or which we are facilitating or supporting or otherwise involved.
We do not pass on your personal information to third-party companies.
You will be given an opportunity to unsubscribe in every marketing email we send.
Website data collection
If you visit the website but do not provide your details by subscribing to our news service then, we do not collect any personal information about you through the website, although we may track your use of the website using cookies.
Cookies are small anonymous text files that are placed on your computer by websites that you visit. We use Google Analytics cookies to track anonymous usage statistics and do not collect any personal information that can be used to identify you. This helps us analyze data about webpage usage and improve our website in order to tailor it to user needs.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit www.tools.google.com/dlpage/gaoptout.
Our website may contain links to external websites managed and maintained by external companies. We are not responsible for the privacy practices, cookie policies or the content of such websites or of other third parties.
How Long Do We Keep Your Personal Information?
We keep your personal information for as long as we need to for the purposes for which it was collected or (if longer) for any period for which we are required to keep personal information to comply with our legal and regulatory requirements or until you ask us to delete your personal data, in accordance with your rights below.
We will regularly assess the personal data that we hold to determine its relevance and destroy your personal data if we no longer require it or no longer provide any services to you.
You have a number of rights in relation to your personal data. These include the right to:
• find out how we process your personal data
• request that your personal data is corrected if you believe it is incorrect or inaccurate
• obtain restriction on our, or object to, processing of your personal data
• ask us not to process your personal data for our own marketing purposes • withdraw your consent to our processing of your personal data
• obtain a copy of your personal information which we hold about you. We will take steps to verify your identity before responding to your request and will respond as soon as possible and in any event within a month.
If you would like to exercise any of your rights outlined in this policy or have any questions about the way in which we handle your personal data, please contact Annika Lundkvist, who is responsible for data protection, at firstname.lastname@example.org
December 3rd, 2022
Next review: 3rd December 2023
Signed: Annika Lundkvist
Founder Pedestrian Space, Co-founder Urban Transit Lab