We generate log files from our web servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
If you do not want us to see your actual IP address, feel free to visit us via Tor.
References to the basis of processing (e.g. "(Basis: Art. 6(f).)") are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.
Well, you want to access the site, don’t you?
(Basis: Art. 6(b): this is necessary to deliver the service to you.)
We use the information we hold about you to defend our networks and services from attacks.
(Basis: Art. 6(c): we have to do this to comply with legal and regulatory obligations.)
If we are served with a binding order (for example, a court order, a notice under the investigatory powers framework, or a notice from the Information Commissioner’s Office) which includes you, we will be required to process your personal data to be able to comply with it.
(Basis: Art. 6(c): we have to do this to comply with legal and regulatory obligations.)
We may use the logs from our servers to assist with A&A’s security, as well as to determine visitor behaviour and help us plan our business strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).
(Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate, indeed sensible, thing for a business to do.)
We operate CCTV, covering public internal and external areas of our premises.
(Basis: Art. 6(f): we do this for the legitimate interest of protecting A&A.)
We run some mailing lists, to which you can subscribe if you wish.
(Basis: Art. 6(a): you consent to being on the mailing list for as long as you choose to remain a subscriber.)
We do not transfer or process data outside the European Economic Area unless the processing requires it (for example, where you are corresponding with us from outside the EEA and we reply to you).
Since all we will hold on you is, at most, an IP address and some browser information (and you can use Tor if you do not want to reveal your actual IP address), few of the rights in the GDPR will apply to you as a website visitor:
As a general principle, we will not transfer your personal data to third parties without your permission.
There are two exceptions to this: