Recoding Tech is working to curate and synthesize knowledge, research, and ideas to help better understand the harms resulting from Big Tech’s code and business models, as well as what types of oversight, regulations, and laws can create better outcomes for our democracies and societies.
This Policy does not address our other personal data processing operations. Additional policies and procedures addressing these processes are or will be put in place and we will provide relevant information to data subjects at the point of data collection, or subsequently, as required by law.
This Policy is subject to regular review. Subsequent updates and amendments will be documented below and communicated to data subjects where necessary.
The data controller for data collected and processed in accordance with this Policy are Recoding Tech and Reset acting as joint controllers. More information about the organisations can be found on their websites.
Recoding Tech is the project manager of the Website, conducting research, creating emails and content and making day to day decisions in order to run the project. Reset provides the technical infrastructure to run the Website and mailing list and reviews audience engagement data to inform and support project decision making. Both organisations contribute to decision making about the purposes and means of data processing in accordance with this Policy.
Recoding Tech and Reset have entered into an agreement supporting their relationship that sets out how they will manage their obligations under data protection laws as joint controllers, including in relation to responding to data subject requests.
Any questions regarding this Policy or other data protection issues related to the Website should be submitted to:
Recoding Tech and Reset are committed to informing on the power and abuses of Big Tech together with you. We are guided by the princples outlined in the People’s Declaration and held accountable by a network of groups around the world striving to increase public and political support for Big Tech accountability.
All internet usage generates additional “metadata” that is collected and retained by internet service providers. This data can be accessed by law enforcement and intelligence agencies, who may extrapolate upon it to build up detailed “pictures” of specific individuals and communities. Individuals concerned about this kind of surveillance are encouraged to take measures to protect their privacy, for example by using the Tor browser or a VPN.
What we process, why and the legal basis for this
Mailing list If you choose to sign up for more information or updates, we will collect the information you provide – your name, country, and email address – in order to send you those updates via emails. The legal basis for this processing is your consent, which you may withdraw at any time by unsubscribing to our emails or contacting us above.
Website data The personal data that we collect from Website visitors is limited to the Internet protocol (IP) address of the computer accessing the site; the browser software and operating system that the computer uses; and the Internet address (URL) of the outside website from which visitor came.
This information is processed for technical purposes on the basis of our legitimate interests in obtaining basic, aggregated statistical information about the use of our website; and assisting in diagnosing technical problems and defending against attacks.
This information is collected using cookies, which are deployed on the basis of Website visitor consent. More information about this can be found in the Cookies section below.
Mailing list If you subscribe to our mailing list, we retain your name and email address for as long as you remain subscribed.
Website data After 48 hours, we delete or anonymise all personal data processed for technical purposes. We anonymise any statistical or analytical data through aggregation that prevents the re-identification of individual users.
On occasion, we may need to retain personal data for longer than 48 hours. This includes the purposes of conducting tests, diagnosing technical problems and defending against attacks on our Website. In these situations, we will delete personal data as soon as it is no longer needed for the purpose for which it was kept.
Sensitive data We do not collect or process any sensitive data, or “special category data” as defined in UK and EU data protection laws.
Tracking and cookies
We have limited the cookies deployed to the following:
- Strictly necessary Cloudflare cookies to protect the Website against DDoS attacks
- Strictly necessary application cookies to facilitate user logins and protect the Website against attempts to inject malicious code into registration forms
- Matomo performance cookies to provide Reset with analytical information about the use of the website, which is only deployed with visitors’ consent (see further below)
- Opting in and out of cookies
If you accepted the Matomo cookies, these will have been deployed with your consent. Matomo cookies collect analytical data about your use of the Website. If you declined the cookies, they will not have been deployed.
The Cloudflare and application cookies perform essential Website security functions and as such, it is not possible to opt-out.
Browser settings can also be used to manage cookie preferences. Each browser is different, so check the Help or Settings menu of your particular browser to learn how to change your cookie preferences.
We take all reasonable steps to ensure that personal data is processed securely and treated in accordance with this Policy. The technical and organisational measures to prevent unauthorised access to personal data include limiting staff and processor access to personal data in accordance with specific job responsibilities or contractual obligations, the encryption of data where possible, the institution of security protocols and staff training.
Although we do our best to protect personal data, information transmitted over the internet remains vulnerable to interception – for this reason, the transmission of any personal data to our websites or via email to us is therefore at the data subjects’ own risk.
Data sharing and processors
We engage third-party service providers to perform certain data processing tasks that enable us to run the Website and mailing list, these include:
Sanity Cloudflare Matomo
These third parties are engaged on terms that ensure the confidentiality of data and compliance with applicable data protection laws.
No personal data will be shared with any parties outside of Reset and Recoding Tech.
International transfers of data
Where we transfer your data outside of the European Union or the European Economic Area, we will ensure that your data is appropriately protected by requiring the recipient to respect and uphold your rights as a data subject under all applicable laws and by making the transfer subject to an international transfer safeguard, for example, the Standard Contractual Clauses issued by the European Commission.
Individuals whose personal data is processed in accordance with this Policy may have the following rights available:
The right to be informed as to whether we hold data about them; The right of access to that information; The right to have inaccurate data corrected; The right to have their data deleted; The right to opt-out of particular data processing operations; The right to receive their data in a form that makes it “portable”; The right to object to data processing; The right to receive an explanation about any automated decision making and/or profiling, and to challenge those decisions where appropriate. To make a subject access request or complaint related to the processing of your personal data under this Policy contact firstname.lastname@example.org.
You also have the right to bring concerns to your national data protection regulator if you feel that your personal data has been unlawfully processed. For example, data subjects covered by EU law may also be entitled to lodge complaints in regard to data processing or the handling of subject access requests with data protection supervisory authority in their country of residence. Relevant supervisory authority names and contact details are listed here.
Changes and revisions
If we make changes to this Policy, the date and nature of the change will be listed below. Should a change to the Policy result in a material impact on the handling of any personal data, we will contact the impacted data subjects to inform them directly.