Volunteer Hub > Index > Data Protection Policy
Volunteer Hub
Data Protection Policy
1 Scope
The Inland Waterways Association, here after referred to as ‘the organisation’, or with the abbreviation IWA, charity registration number 212342, with a registered address at Unit 16B, Chiltern Court, Asheridge Road, Chesham, HP5 2PX, is committed to being fully compliant with all applicable UK and EU data protection legislation in respect of personal data, as well as safeguarding the rights and freedoms of persons whose information The Inland Waterways Association may process pursuant to the UK General Data Protection Regulation 2020 (UK GDPR), the Data Protection Act 2018 and any other applicable legislation. In this document, all such legislation is collectively referred to as ‘data protection legislation’.
This policy applies to all employees and volunteers of the organisation including contractors and subcontractors, and any other persons that are authorised to access the data for which the organisation is the controller.
This policy should be read in conjunction with the following IWA policies:
- Subject Access Request Policy
- Social Media Guidance
- Breach Management Policy
- Privacy Notice
2 Definitions used in this policy
Data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
Data processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
Data Protection Lead/accountable person: is the member of the organisation’s staff who oversees data protection obligations and procedures
Data subject: refers to any living person who is the subject of personal data (see below for the definition of ‘personal data’) held by the organisation. A data subject must be identifiable by name, an identification reference, address, online identifiers or other factors such as physical, physiological, genetic, mental, economic or social factors
Information Commissioner’s Office (ICO): the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals
Personal data: means any information that identifies, directly or indirectly, a data subject
Processing: refers to any action taken in relation to personal data including, but not limited to, collection, adaptation, alteration, recording, storage, retrieval, consultation, use, disclosure, dissemination, combination or deletion, whether by automated means or otherwise
Special categories of data: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, biometric data (where used for identification purposes), data concerning health, data concerning a person’s sex life or sexual orientation
3 The appointment of a Data Protection Lead/accountable person
The organisation has assessed the need for Data Protection Officer and has decided that this role is not currently required. This decision is reviewed on an annual basis and its findings are recorded. The Data Protection Lead is Tracy Higgin. The lead trustee for data protection is Peter Marlow.
4 The seven principles of data protection
The Inland Waterways Association is committed to adhere to Article 5 of the UK GDPR which lists the seven principles of data protection:
- Lawfulness, fairness and transparency: the organisation is committed to process data lawfully, fairly and in a transparent manner
- Purpose limitation: the organisation collects personal data for specified, explicit and legitimate purposes. The organisation doesn’t further process data in a manner that is incompatible with those purposes
- Data minimisation: the organisation is committed to process data that is adequate, relevant and limited to what is necessary
- Accuracy: personal data is kept accurate and up to date
- Storage limitation: the organisation is committed to keeping personal data for no longer than necessary
- Integrity and confidentiality: the organisation processes data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage
- Accountability: the organisation can demonstrate compliance
4.1 Lawfulness, fairness and transparency
The Inland Waterways Association identifies a lawful basis every time it starts processing personal data. Please see section 5 for more information on the six lawful bases of processing data.
The Inland Waterways Association is committed to informing all data subjects about the processing of their data beforehand, so that they can make an informed decision about whether to provide that data. A general privacy notice is made available to anyone who wants to know more about how the organisation processes data of the data subjects. Shorter privacy notices are made available when the organisation collects data for specific purposes.
The Inland Waterways Association has complied with Article 13 and 14 of the UK GDPR which lists the content that needs to be included in the privacy notice and shorter statement.
Unless it would involve disproportionate effort, the organisation will provide the data subject with the privacy notice within a reasonable period, but no more than a month from when the data has been obtained. If the data is to be used for communicating with the data subject, the data subject must be informed within the first communication. The organisation may not actively provide the data subjects with a privacy notice if the data subject already has already received such information by the source of the data.
The Inland Waterways Association may periodically change how personal data is processed. The organisation will inform data subjects accordingly, as required by the data protection legislation.
4.2 Purpose limitation
The Inland Waterways Association collects personal data for specified, explicit and legitimate purposes, and the data is not further processed in a manner that is incompatible with those purposes.
The organisation may extend a purpose to cover new processing, if the new purpose is compatible with the old. Compatibility is measured according to ‘reasonable expectation’ the data subject may have. The organisation needs to process information to carry out its work, meet objectives and comply with its contractual obligations. The organisation will only ever collect information that is needed to carry out its work, improve its services, report to funders, contract holders and partners, fulfil any request that data subjects make, personalise services to best meet data subjects’ needs and keep track of the impact and quality of the organisation’s work.
The purpose of the data processing is included in the Privacy notices and in the Record of Processing Activities spreadsheet which is maintained and reviewed regularly.
4.3 Data minimisation and accuracy
The Inland Waterways Association is committed to the quality of the data that it collects and processes. This means that the data must be:
- adequate
- relevant
- limited to what’s necessary
- accurate
- kept up to date
To guarantee data quality, employees and relevant volunteers receive clear guidance and training, refresher training and briefings during meetings in reference to personal data collection and processing.
Managers monitor the quality of the data that employees or relevant volunteers record and take appropriate action if standards show any sign of slipping.
The Record of Processing Activities spreadsheet keeps a log of the personal data processed for each type of data subject and where that data is stored. This helps to identify the employees and relevant volunteers who are responsible for updating or deleting data from the different sources of storage.
The organisation carries out annual reviews of all methods of data collection, checking that they are still appropriate, relevant, and not excessive.
The organisation is aware of the importance of collecting and maintaining accurate personal data. The organisation will assume that information submitted by data subjects is accurate at the date of submission. Data subjects are promptly informed via the privacy notice that they are responsible for ensuring that the personal data held by the organisation is accurate and up to date.
All employees and volunteers are required to update the organisation as soon as reasonably possible of any changes to their personal information to ensure records are always up to date.
The organisation shall, on an annual basis, carry out a review of all personal data controlled by the organisation and decide whether any data is no longer required to be held for the stated purposes, and where required arrange for that data to be deleted or destroyed in accordance with the requirements of the Data Protection Legislation.
4.4 Storage limitation
The Inland Waterways Association will not keep data subjects’ data longer than is necessary. When the organisation no longer needs it, it will dispose of the information securely and may, in rare cases, use specialist external companies to do this.
In some cases, retention will be based on legal consideration. In other cases, the reason may be more practical or based on organisational decisions. The retention schedule is logged in the Record of Processing Activities spreadsheet and data subjects are informed via the privacy notice. Personal data is retained according to the retention schedule, logged in the spreadsheet and destroyed or deleted in a secure manner as soon as the retention date has passed.
Data, other than in historic archives, that is kept for long periods of time is examined and amended, if necessary.
Should any personal data be required to be retained beyond the retention period set out in the Record of Processing Activities, this may only be done with the express written approval of the Data Protection lead and must be in line with data protection requirements.
4.5 Integrity and Confidentiality
The Inland Waterways Association maintains appropriate, technical and organisational security to protect personal data from unauthorised access or intrusion.
The organisation limits access to the data only to those employees, trustees, relevant volunteers, contractors and agents who need such access to provide products or services to data subjects, or for other legitimate purposes.
The organisation will strive to train its employees and relevant volunteers about its data protection practices.
All employees and relevant volunteers of the organisation are responsible for keeping secure any personal data controlled by the organisation. Under no circumstances may any personal data be disclosed to any third party unless the organisation has provided express authorisation, or has entered into a confidentiality agreement, a data processor agreement, or a data sharing agreement with the third party.
There are also several physical security measures that The Inland Waterways Association puts in place, including (but not limited to):
- clear desk policy to avoid people leaving confidential data on their desk
- locked filing cabinets, drawers or lockers for confidential paperwork
- automatic computer screen shut down when employees or relevant volunteers are away from their desk
- shredding and disposing of manual records which have passed their retention as ‘confidential waste’
The Inland Waterways Association operates under a policy of confidentiality. It is committed to providing confidential services to its stakeholders and ensuring that all personal data about employees, trustees, volunteers and other stakeholders is treated as confidential and is collected, processed and retained in line with the data protection law. In certain situations, information may need to be shared with third parties, for example for distribution of magazines to members.
4.6 Accountability – demonstrating Compliance
In accordance with legal requirements, the organisation keeps records so that they can demonstrate the steps taken to comply with the UK GDPR:
- Record of Processing Activities spreadsheet identifies information such as the category of personal data processed for each type of data subject, the lawful basis of the processing, data retention, data storage, who is responsible for the data and who has access to the data
- The Activity, Incident and Risk Log keeps a log of key information such as discussions and decisions about data protection, identified risks, any personal data breaches and response, training of employees and relevant volunteers, requests to exercise any rights by data subjects and management of those requests, notifications to the ICO
- Legitimate Interests’ Assessments (LIA) that have been carried out
- Data Protection Impact Assessments (DPIA) that have been carried out to justify the approach where processing poses particular risks (such as processing of special category of data)
- Data Protection Policy which includes most procedures relating to data protection
- Privacy Notice for data subjects
- Appropriate Policy Document which may be completed in some circumstances outlined by the Data Protection Act (2018) when processing special category of data or criminal records
5 The six lawful bases for processing personal data (including special category of data)
The Inland Waterways Association processes personal data by identifying a lawful basis chosen from the six possibilities set out in Article 6 of the UK GDPR:
- with the consent of the data subject
- for a contract involving the data subject
- to meet a legal obligation
- to protect any personal vital interests
- for government and judicial functions
- in the organisation’s legitimate interests provided the data subject’s interests are respected
The most common lawful bases that the organisation identifies are consent, contract, legal obligation and legitimate interest. The lawful bases for the different processing activities are recorded in the Record of Processing Activities spreadsheet which is maintained and reviewed regularly.
When data processing poses particular risks, such as the processing of special category data, the organisation will complete a Data Protection Impact Assessment to justify their data protection approach.
When processing special category data or criminal records without the consent of the data subject, data protection law requires controllers to identify another lawful basis under Article 6 of the UK GDPR other than consent, supported by one of the exemptions of Article 9 (2) which might need to be further supported by the Data Protection Act 2018. When processing criminal records, the lawful basis identified in Article 6 needs to be additionally supported by the Act
The organisation may complete an Appropriate Policy document for the processing of special category data and criminal data without consent of the data subjects as required by law.
5.1 Consent
If The Inland Waterways Association chooses consent as its ‘lawful basis’, it means that the data subject has given their consent to the processing of their personal data for one or more specific purposes. The organisation will gather proof of that consent to demonstrate that the data subject has consented to processing of their personal data (as per Article 7.1 of the UK GDPR). The data subject has the right to withdraw their consent at any time (as per Article 7.3 of the UK GDPR).
Consent to the processing of personal data by the data subject must be:
- Explicit i.e. demonstrated by active communication between the data controller and the data subject and must not be inferred or implied by omission or a lack of response.
- Freely given and should never be given under duress, when the data subject is in an unfit state of mind or provided because of misleading or false information
- Specific and informed, it should cover the controller’s (i.e. IWA’s) name, the purposes of the processing and the types of processing activities
- A clear and unambiguous indication of the wishes of the data subject
- In relation to sensitive data, consent may be provided in writing. If given verbally, this must be acknowledged in writing.
The organisation understands that Consent is for the time being and may review and refresh consent as appropriate.
Consent will not be the condition for processing data where a service or product is purchased.
5.2 Contract
The organisation identifies contract as its lawful basis when processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering a contract.
5.3 Legal obligation
The organisation identifies legal obligation as a lawful basis when processing is necessary for compliance with a legal obligation to which the controller is subject.
5.4 Legitimate interest
If the organisation chooses legitimate interest as its lawful basis, a Legitimate Interest Assessment may be completed in order to show what The Inland Waterways Association’s interest is and that it is legitimate, to show why the processing is necessary in pursuing this interest, to consider potential impact on any data subjects’ rights and freedoms and to measure whether the data subject might reasonably expect IWA to process their data. An opt-out option may be made available to the data subject. Data subjects always have a right to object to the processing of their data.
6 Data subjects and data specifications
The organisation collects personal information from different groups of data subjects, including:
- Members
- Volunteers
- Job applicants
- Donors
- Employees
- Contractors
Our privacy notices and Record of Processing Activities will explain the different kinds of data we collect and the lawful basis for processing them. We process normal category data, and we may also collect special category data and criminal data.
Criminal record data is not formally special category data; however, under the Data Protection Act 2018, criminal record data receives the same additional protection as special category data.
The Record of Processing Activities spreadsheet keeps a record of the data specifications that the organisation collects for each type of data subject.
7 Additional compliance obligations
The Inland Waterways Association is committed to comply with additional obligations in reference to the UK GDPR and the Data Protection Act 2018. These include:
- Breach notification
- Data subject’s rights
- Risk assessment
- By design and by default
- Fees
7.1 Breach notification procedures
Article 4.12 of the UK GDPR defines a personal data breach as ‘a breach of security leading to the accidental or unlawful destruction, loss, authorisation, and authorised disclosure of, or access to, personal data transmitted, stored or otherwise processed’.
These are the steps taken by the organisation in case of a data breach. Please refer to the Breach Management Policy, Procedure and Form [link to form on Volunteer Hub of website]
7.2 Data subjects’ rights
The Inland Waterways Association is fully aware of the data subject rights described in Articles 15 – 22 of the UK GDPR, and these are listed in the privacy notice.
The data subjects’ rights include:
- The right to be informed
- The right of access
- The right of rectification
- The right to be forgotten (erasure)
- The right to restrict processing
- The right to data portability
- The right to object processing
- Rights in relation to automated decision making and profiling
Additional rights of data subjects include:
- The right not to receive direct marketing
- The right to claim damages should they suffer any loss because of a breach
- The right to complain and the right to request that the ICO carry out an assessment
If data subjects wish to exercise any rights, they can contact the organisation at:
The Inland Waterways Association, Unit 16B, Chiltern Court, Asheridge Road, Chesham, HP5 2PX
Tel: 01494 786453
E-mail: [email protected]
Data subjects are reminded of their rights and how to exercise them in the privacy notice they receive.
All employees and relevant volunteers are trained to recognise an incoming request to exercise any right, to understand when the right applies and to pass it on without delay to the designated person.
All requests from data subjects to exercise any rights are recorded into the ‘Activity, Incident and Risk reporting spreadsheet’.
Under certain circumstances, mostly described in Schedules 2-4 of the Data Protection Act (2018), the organisation may not need to comply with the request by a data subject to exercise one of their rights. Those circumstances will be assessed on a case-by-case basis.
7.2.1 The right to be informed
Data subjects have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the UK GDPR. The organisation is committed to comply with this right and they do so via the privacy notice.
7.2.2 The right of access and Subject Access Rights procedure
A data subject has the right to make access requests in respect of personal data that is held and disclosed. To understand how we deal with Subject Access Requests, please view our Subject Access Rights policy.
7.2.3 The right of rectification
The Inland Waterways Association is aware of the provisions in Article 16 of the UK GDPR – if the data subject becomes aware that the organisation is holding incorrect information about them, they have the right for it to be corrected, and if their information is incomplete, they can also submit additional information to be added.
7.2.4 The right to be forgotten (erasure)
If a data subject asks the organisation to delete their information, as stated in Article 17 the organisation will do so without undue delay when:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
- the data subject withdraws consent (if that is the basis on which the processing is taking place), and where there is no other legal ground for the processing
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing
- the personal data has been unlawfully processed
- the personal data must be erased for compliance with a legal obligation
- the personal data has been collected in relation to the offer of online services to a child
In addition, if the organisation has made the information public, the organisation will try to have it erased in other locations as well. In conjunction with Article 19 of the UK GDPR, the organisation informs anyone to whom data has been disclosed, unless this ‘proves impossible or involves disproportionate effort’. The organisation will also inform the data subject which recipients their data has been disclosed to, if they ask.
There are exceptions to the ‘right to be forgotten’ for reasons relating to freedom of expression, public health, archiving, research and statistics, legal claims and legal obligation.
Where personal data has been published, with the data subject’s permission at the time, and is now in the public domain (e.g. in magazines and local branch journals), it is not possible to unpublish and remove such data.
There may also be circumstances where the organisation has no choice but to retain data, for example to mark a record for suppression to ensure that no direct marketing is sent to that individual in the future.
The organisation will process a request for erasure without undue delay, and within one month of receipt. The organisation gives particular weight to any request of erasure if the request relates to data collected from children.
7.2.5 The right to restrict processing
The data subject shall have the right to restriction of processing of their personal data where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
- the processing is unlawful, and the data subject opposes the erasure of the personal data, requesting the restriction of its use instead
- the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims
- the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject
7.2.6 The right to data portability
This right applies when processing is based on consent or a contract between the organisation and the data subject, and the processing is taking place ‘by automated means’. It allows data subjects to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
Data subjects are entitled to receive from the organisation a copy of any personal data they have provided in a ‘structured, commonly used and machine-readable format’, so that they can provide the data to a different controller.
7.2.7 The right to object processing
Data subjects can object to any processing of their data that organisation is carrying out on the lawful basis of legitimate interests. The organisation will stop processing if not able to demonstrate ‘compelling legitimate grounds’.
7.2.8 Rights in relation to automated decision making and profiling
Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention. Profiling refers to any form of personal data processing that is automated, with the intention of assessing personal aspects of a data subject or analysing a data subject’s employment performance, economic status, whereabouts, health, personal preferences and behaviour.
The data subject has the right to object to profiling and a right to be informed of the fact that profiling is taking place, as well as the intended outcome(s) of the profiling. The data subject has the right not to have decisions made about them solely by automated processing if this has a significant effect on them, unless the decision is necessary in conjunction with a contract between the data subject and the controller, or the data subject has provided explicit consent.
7.2.9 The right not to receive direct marketing
Every data subject has the right not to receive direct marketing if that is their choice.
7.2.10 The right to claim damages in case of data breach
If a data subject has been harmed by a breach of data protection legislation, they can take the controller (i.e. IWA) to court for compensation.
If data subjects wish to make a complaint or share concerns, they should be firstly encouraged to liaise directly with the organisation. They can make a complaint or send an email to the Data Protection Lead at
The Inland Waterways Association, Unit 16B, Chiltern Court, Asheridge Road, Chesham, HP5 2PX
Tel: 01494 786453
E-mail: [email protected]
The Data Protection Lead will respond within 5 working days and lead on the resolution of the complaint within 28 days.
As stated in the privacy notice, we inform the data subject that they can also make a complaint to the ICO and request that the ICO carries out an assessment as to whether any of the provisions of the UK GDPR have been breached. Data subjects can remain anonymous if they wish.
7.3 Risk Assessment
Risk Assessment is an important part of the accountability of an organisation. It is vital that the organisation is aware of all risks associated with personal data processing and it is via its risk assessment process that the organisation can assess the level of risk.
It is the policy of the organisation not to transfer or share data into an environment that is not considered compliant with UK data protection law.
Where personal data processing is carried out using new technologies, or when a high risk is identified in relation to the rights and freedoms of natural persons, the organisation is required to engage in a risk assessment of the potential impact, also known as a ‘Data Protection Impact Assessment’. More than one risk may be addressed in a single Assessment. The organisation has developed and agreed upon a procedure for completing such as Assessment. This procedure is always followed where there is a need to measure risk. The procedure is completed by the Data Protection Lead and, if necessary, the opinion of a professional Data Protection Practitioner is considered.
In addition to this, and if the outcome of a Data Protection Impact Assessment points to a higher risk than the organisation intended and personal data processing could result in distress and/or may cause ‘damage’ to the data subjects, it is for the Data Protection Lead to decide whether the organisation ought to proceed, and the matter should be escalated. In turn, the accountable person may escalate the matter to the regulatory authority if significant concerns have been identified.
7.4 By design and by default
This policy includes procedures in relation to data protection across the organisation, involving different employees, relevant volunteers and means of delivery. These procedures include adherence to use of e-mail and data storage policies, which require all employees and volunteers to only store personal data in authorised e-mail accounts, server files and other media, and not to use personal or other employer e-mail accounts or data storage facilities for such purposes.
As the organisation aims towards full compliance, and therefore also towards a data protection “by design and by default”, these procedures will be embedded into operating guidance as appropriate.
The goal of this principle would mean that in the organisation, everyone who starts a new project or sets up a system or process must ensure that they incorporate data protection as a matter of course, consulting the Data Protection Lead. Consideration of the data protection implications should be a standard check point before any project or system is signed off.
7.5 Registration to the ICO and fees
The organisation has registered with the Information Commissioner as it engages in the processing of personal information identifying data subjects directly or indirectly.
The organisation pays an annual fee to the ICO, as required by law. The Registration Reference is Z5840005.
8 Data sharing – working with other organisations
As with any other organisation, The Inland Waterways Association may collaborate with:
- data processors
- joint controllers
- separate controllers
All third parties we work with who have or may have access to personal data of our data subjects will either comply with this policy, or we will ensure that their data protection policy aligns with this policy.
8.1 Data Processors
A data processor is a company, organisation or individual who is not an employee or volunteer, that processes data on behalf of the data controller (The Inland Waterways Association in this policy).
Before deciding to use a particular service, the organisation would check the terms and conditions and decide whether it is compliant before deciding to use that service.
With freelancers, external researchers and IT companies, the organisation stipulates a Processing Agreement, or a contract including data protection provisions, as outlined by Article 28.3 of the UK GDPR.
The Inland Waterways Association remains responsible for what happens to the data and remains liable for any mistakes of the data processors. In the contract with the data processor, The Inland Waterways Association may include a provision that requires the data processor to indemnify The Inland Waterways Association for any losses incurred.
8.2 Joint Controllers
Article 26 of the UK GDPR defines joint controllers as ‘two or more data controllers which jointly determine the purpose and means of processing’. When The Inland Waterways Association collaborates with a data controller, the parties must agree to a Joint Controller Agreement which could include the following:
- who it applies to
- general data protection principles, including the basic principle of confidentiality
- the purposes for which information will be shared
- the lawful basis on which sharing will take place
- how each partner will discharge their transparency obligations, and whether all parties will use the same form of words to ensure consistency
- procedures for sharing information, and in particular for obtaining and recording consent from the data subject (if this is the lawful basis)
- procedures to ensure that all parties have the same understanding of how to comply with the data protection principles regarding data quality and retention
- access and security procedures
- procedures for ensuring that the handling of data subjects’ rights is consistent and fully compliant
- procedures for raising concerns or resolving difficulties
- how the agreement will be managed and kept under review
The purpose for which information will be shared, the lawful basis on which the sharing will take place and general information about each data controller will need to be included in the privacy notice for those data subjects affected by the data sharing and collaboration between the organisation and the joint controller.
8.3 Separate Controller
The organisation may collaborate with another organisation which is a separate controller, as information is merely disclosed to one other. In this case, the organisation may agree to a Data Sharing Agreement with the other separate controller(s), which defines the following:
- parties involved in the agreement
- purpose for which information will be shared
- the lawful basis on which the sharing will take place
- other organisations involved in the data sharing
- what data items will be shared (including special category data)
- procedures to comply with data subjects’ rights
- governance arrangements
The purpose for which information will be shared, the lawful basis on which the sharing will take place and general information about each data controller will need to be included in the Privacy notice for those data subjects affected by the data sharing and the collaboration between the organisation and the other separate controller(s).
9 International Data Transfer
Where personal data is stored outside of the UK and the EU, safeguards to protect personal data may include, but are not limited to, the UK Addendum used in conjunction with the EU Standard Contractual Clauses, or UK International Data Transfer Agreement. Such safeguards will be subject to Transfer Risk Assessments .
10 Changes to this policy
This Policy is updated regularly by the Data Protection Lead when required. It is reviewed annually by the board of trustees.
This Policy was approved by trustees on 5th April 2025.
Our use of cookies
We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. For more detailed information about the cookies we use, see our 'Cookie Policy page'.Edit preferences Accept
Cookies settings
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyse and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
| Cookie | Duration | Description |
|---|---|---|
| __stripe_mid | 1 year | Stripe sets this cookie to process payments. |
| __stripe_sid | 30 minutes | Stripe sets this cookie to process payments. |
| cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category. |
| cookielawinfo-checkbox-analytics | 1 year | Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Analytics" category. |
| cookielawinfo-checkbox-functional | 1 year | The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 1 year | Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Necessary" category. |
| cookielawinfo-checkbox-others | 1 year | Set by the GDPR Cookie Consent plugin, this cookie stores user consent for cookies in the category "Others". |
| cookielawinfo-checkbox-performance | 1 year | Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Performance". |
| CookieLawInfoConsent | 1 year | CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie. |
| PHPSESSID | session | This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed. |
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
| Cookie | Duration | Description |
|---|---|---|
| _fbp | 3 months | Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website. |
| _ga | 1 year 1 month 4 days | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. |
| _ga_* | 1 year 1 month 4 days | Google Analytics sets this cookie to store and count page views. |
| _gat_gtag_UA_* | 1 minute | Google Analytics sets this cookie to store a unique user ID. |
| _gat_UA-* | 1 minute | Google Analytics sets this cookie for user behaviour tracking.n |
| _gid | 1 day | Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously. |
| CONSENT | 2 years | YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data. |
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
| Cookie | Duration | Description |
|---|---|---|
| test_cookie | 15 minutes | doubleclick.net sets this cookie to determine if the user's browser supports cookies. |
| VISITOR_INFO1_LIVE | 5 months 27 days | YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface. |
| YSC | session | Youtube sets this cookie to track the views of embedded videos on Youtube pages. |
| yt-remote-connected-devices | never | YouTube sets this cookie to store the user's video preferences using embedded YouTube videos. |
| yt-remote-device-id | never | YouTube sets this cookie to store the user's video preferences using embedded YouTube videos. |
| yt.innertube::nextId | never | YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen. |
| yt.innertube::requests | never | YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen. |
Powered by 