We have installed the GDPR compliant solutions provided by Google Analytics, so that you data is anonymised, and we can no longer identify the geolocation of your IP number.

_collect Amazon’s Google Analytics _collect cookie is used to send data to Google Analytics about the visitor's device and behaviour. It tracks the visitor across devices and marketing channels, though we do not use the marketing, nor have any advertising on our sites. This cookie helps us understand who has visited our sites and which pages they have visited. This information is used to enhance our websites as well as report in aggregated form to our funders. _ga Amazon’s Google Analytics _ga cookie identifies unique users, unique sessions, and can throttle the request rate if needed. In order for Google Analytics to determine that two distinct hits belong to the same user, a unique identifier, associated with that particular user, must be sent with each hit. This information is then harvested by Google Analytics to provide us with statistical data of site usage. _gat Amazon’s Google Analytics _gat cookie does not store any user information, it is just used to limit the number of requests made to doubleclick.net. _gid Amazon’s Google Analytics cookie speeds up the delivery of web content, by using Amazon’s worldwide network of datacenters. We ask, on your first visit following our implementation of the new GDPR regulations, that you either consent to having cookies that may contain personally identifying information installed, or else decline the installation of these cookies. Of course, in order for us to know either way what your preferences are, we need to set a cookie! This is a conundrum - but we believe it is the only way to comply with the new GDPR regulations. This cookie is only stored on your computer. We do not keep any record of your decision. If you delete the cookie data, or if you arrive at our site from another computer or browser, you will be asked again to accept or decline our cookies.

If you do not make a choice

If you choose to neither Accept or Decline cookies when our cookie banner displays, and continue to browse the site, our default behaviour will be to install cookies, as we have given you an opportunity to act before cookies are set on a first visit to a site. This is considered by us to be “Soft Opt-in” consent.

If you wish to change your cookie preferences after the initial GDPR consent request has been completed, you will need to do this manually in your browser settings by either enabling or disabling the cookies. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

Supporter information

If you have joined our network, we will use the information you have given us to try to connect you with the right parts of our network.

If you have signed up as a community member, thank you for doing so, we appreciate your support. As a community member you will be able to be more involved in our activities. We will use information you supply us to help you to be more involved. We may use your contact details to get in touch as part of that involvement.

Public data and publishing

If you are uploading datasets for one of our surveys or to one of our database services, we request that you check the data and ensure full anonymisation, so that we remain GDPR compliant. We do not wish to restrict a user's ability to provide datasets for public use, so please upload data responsibly. If in any doubt, please contact us via the contact page.

Author identification

When posting a comment on one of our blogs, a name and email address may be required. You do not have to select your real name or use your regular email address. Your email address will not be published. If you decide to comment, link, or pingback to a post, you must keep this in mind. If you are concerned, you may wish to get a free email account or attempt to use a remail service.

Page edits, comments, trackbacks, and pingbacks and other activity on our websites may be identified by your IP address, though we have now implemented Google Analytics GDPR solutions, which strips out the last two numbers from the IP address in order to become anonymous.

If you are concerned about attempts to match your IP address to your identity, you may wish to use an anonymous browsing service or attempt some means to obfuscate your real IP address. If so, you might like to try Tor, an anonymous browsing service. Please see Tor for more details: https://www.torproject.org.


If you have given us your email address through general correspondence, or have signed up to receive our newsletter, you agree to allow us to send email to that address in order to deliver our services to you. In practice this will usually involve emails about project updates or important changes to services to which you subscribe.

In addition to necessary emails, we will also occasionally use the email to contact you for our own purposes. For example we might want to tell you about new services we are offering or we might be seeking volunteers for one of our many activities. We will only do so sparingly. We understand how annoying it can be to receive large quantities of unsolicited mail. We will do our best to ensure that anything we do send to you will be relevant and unobtrusive.

Server Logging & Google Analytics

Any time you visit a page on the internet, you send quite a bit of information to the server. The web servers that host this site maintain access logs with the information that you send. This information is used to provide site statistics and to get an idea of popular pages and what sites link here. We do not intend to use these logs to identify legitimate users. The data logged may be used by us to solve technical problems with the site and, in cases of abuse of this site, to investigate the abuse. We use Google Analytics to gather data from cookies to analyse our website traffic in order to provide better services and to set benchmarks. We have now implemented Google Analytics’ GDPR recommendations in order to ensure that we meet GDPR compliance. The main change is that we can no longer see the full IP number of a visitor, and so we cannot tell which country the visitor is likely to come from.

Data release policy

Our policy is only to release the data we collect in the following circumstances:

As required by law, such as in response to a valid request from law enforcement. To designated third parties to resolve or investigate abuse complaints. When the information is related to spiders or bots, usually when investigating technical issues. For abusive users, we may release information to assist in attempting to block the abusive user or to complain to that user’s Internet Service Provider. If necessary to defend legal claims against us by third parties. When we deem it necessary to protect the property or rights of the user community, or this website. When you have given consent for data to be used, such as completing a survey. As an organisation that promotes the use of freely accessible data, we cannot be held responsible for the usage of any data supplied. No selling of information We will not sell information collected via this site, such as your email address, to third parties.

Information security

We aim to make our sites secure, and that any data you do provide, such as login information, is kept securely. Unfortunately we cannot guarantee this, though will notify you (if we have the information to do so) should there be any breach of security, as per GDPR guidelines.

Data subject request

You have the right to request information from us about data we may hold on you. There rights are enshrined in the GDPR regulation. In order for us to ensure we are providing this information to the correct individual, we will need to verify that we are releasing this information to the correct natural person, and not someone trying to steal your identity. Therefore we ask that you help us to resolve your identity as quickly as possible. Failure to provide sufficient verification details (i.e. you might need to tell us your IP number in order for us to find a match and confirm your identity) may delay our ability to provide this information within the 30 days required of the GDPR Regulation. If you would like to submit a Data Subject request please email admin [at] okfn.org

Right to be forgotten

Also enshrined in GDPR law is your right to be forgotten. There is another conundrum here, as we need to keep a record of anyone who has asked to be forgotten, so that we can provide proof to the ICO that we are compliant. This is the hardest part of GDPR, as it’s almost impossible to remove one person’s details from a backup we may have of data, for instance. However, we will be keeping ourselves up-to-date with industry fixes and changes, and will do our very best to ensure you can be forgotten. Of course, your right to be forgotten will need to reviewed against the organisations need to keep information on you to satisfy other regulatory bodies.

If you wish to act on this section of the law, please send an email to admin [at] okfn.org with the Subject matter “GDPR - Right to be forgotten”.