Privacy Statement


The NETpositive project partners take your privacy very seriously and we are committed to protecting your privacy online.

This statement explains the privacy and the data protection practices which apply to the Tool operated by us.

In this Policy references to "we" or "us" are to thegroup of organizations responsible for the development of the NETpositive project partners: ESD Consulting Ltd and the Stockholm Environment Institute.

Our aim is to safeguard our users' privacy whilst providing a personalised and valuable service. Collecting information is necessary if we are to satisfy the expectations and requirements of our users and funders, e.g. by communicating with them and providing an interactive service. We appreciate that you do not want the personal information you provide to us distributed indiscriminately and here we explain how we collect information, what we do with it and what controls you have.

What information do we collect?

We collect two kinds of information about our users:

a. non-personal information such as IP address (the location of the computer on the internet), pages accessed and files downloaded using Google Analytics. This helps us to determine how many individuals use our Tool, how many people visit on a regular basis, which pages are most popular, and which pages are least popular. This information doesn't tell us anything about who you are or where you live, it simply allows us to monitor and improve our service.

b. personal and institutional information such as the company name, type, and other demographics and e-mail address, and Contributions by the user including:

- selection, ranking and status of Issues and Actions;

 - user-submitted content related to personalised Issues and Actions;

The information is needed provide you with an improved service, to allow us conduct research and to allow us to improve the Tool content in future.

In addition to this, the tool is hosted on Heroku servers which are located in Ireland. YourIP address is stored on their servers for 7 days.

How is the information used?

Any personal data relating to you will be used and recorded by us in accordance with current data protection legislation and this Privacy Policy. We will use the information you provide to:

fulfil your requests, for access to greater functionality ;

- record any contact we have with you;

- prevent or detect fraud or abuses of our Tool and enable third parties to carry out technical, logistical or other functions on our behalf; and

- in aggregate (and therefore anonymously) to profile your use of the Tool and carry out research on our users' demographics and Sustainability Action Plans (and that of the industry and its sectors), to help us gain a better understanding of how our users navigate the Tool, and to enable us to improve our service to you.

As well as using personal information to fulfil requests, we also like to keep our supporters informed.

We may disclose aggregate statistics about our site visitors, in order to describe our services to prospective partners, and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifying information.

We may disclose personal information if we receive a complaint about any content you have posted or transmitted to the Tool if required to do so by law or if we believe that such action is necessary to protect and defend the rights, property or personal safety of the project partners, and the tool.

We reserve the right to use aggregate, anonymised, data from the tool which may be used by us in project reports, promotional/marketing material, and other forms of dissemination.

We reserve the right to contact you, the user, to request use of your data in non-anonymised form, and will only disseminate any personal information with this express written consent.

Except as indicated above we will not use or transfer this data to any third parties without your prior written permission.


Our sites contain links to other sites. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links from our websites and recommend that you check the policy of each site you visit.

In addition, if you linked to our Tool from a third party website, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.


We place great importance on the security of all personally identifiable information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to user information.

Use of cookies

In simple terms a cookie is a small piece of information sent from our website to your computer to help us to identify you quickly. Any information gathered by the use of cookies is compiled on an aggregate, anonymous basis.

Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. Most web browsers automatically accept cookies, but if you prefer, you should be able to change your browser to prevent that. You should read the information that came with your browser software to see how you can set up your browser to notify you when you receive a cookie, this should then give you the opportunity to decide whether to accept it. However, you may not be able to take full advantage of the Tool if you do so. Cookies are specific to the server that created them and cannot be accessed by other servers, which means they cannot be used to track your movements around the web.

Further information about cookies can be found at the Interactive Advertising Bureau's website

The following cookies are used to ensure the functioning of the Tool:

From Google analytics:

__utma – (2 year expiry) This cookie keeps track of the number of times a visitor has been to the site pertaining to the cookie, when their first visit was, and when their last visit occurred.
__utmb – (refreshed on each page load) and __utmc – (expires end of session). Working together to calculate how long a visit takes.
__utmz – (6 months expiry) Keeps track of where the visitor came from.

see for more info.

From django:
csrftoken – (1 year expiry) Refreshed for each form. Used to combat Cross Site Request Forgery - i.e. submitting bogus form data.
sessionid – (2 weeks expiry) This maintains the user's login.

From persona:
browserid_state and can_set_cookies. Set by persona. Expiry depends on what the user selected when they logged in.


Where is the information stored?

Information which you submit via our Tool is sent to servers hosted by Heroku  located in Ireland. This is necessary in order to process the information and to provide you with access to additional resources provided through the Tool.

We will periodically download user responses from the Tool for analysis purposes. These will be stored securely in accordance with the project partners Privacy Policies. 


We may make changes to this Policy from time to time. If we change our Privacy Policy we will post the changes on this page. If the change in our Privacy Policy affects the use of your personal information we will use our best endeavours to contact you by email to seek your consent to the use.

Your acceptance of this Policy

By using our Tool, you consent to the collection and use of information by us in accordance with our Privacy Policy. If you do not agree to this Policy, please do not use our Tool.

Your rights

Any personal information submitted via our websites or by text is treated in accordance with the Data Protection Act 1998. To find out more about your entitlements under this legislation, visit the Information Commissioner's website: or read the Act online at: .

If you would like to review or revise information you have previously provided to us online, you may do so by emailing

You may request details of personal information which we hold about you under the Data Protection Act 1998. If you would like a copy of the information held on you or if you have any questions relating to this Privacy Policy or how we use the personal information we have about you, please write to:

Stockholm Environment Institute

University of York

Grimston House



YO10 5DD


Last updated: September 2013



Return to login page