Privacy policy

1.0 Our core beliefs regarding user privacy and data protection

We are the Audi A2 Owners' Club ("A2OC", "we", "our", "us").

  • We believe user privacy and data protection are human rights
  • We have a duty of care to the people within our data
  • Data is a liability, it should only be collected and processed when absolutely necessary
  • We will never sell, rent or otherwise distribute or make public your personal information

If you have questions about your personal information please contact us.

2.0 Relevant legislation

This website is designed to comply with the following national and international legislation with regards to data protection and user privacy:

This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact our data protection officer (details of whom can be found in section 13.0) for clarification.

3.0 Personal information that this website collects and why we collect it

This website collects and uses personal information for the following reasons:

3.1 Our forum

Should you choose to register a forum account, we only collect basic personal data about you which includes name, email address, a username and details of your A2. You can also chose to provide social media contact details. The data is collected at registration time and stored to this website’s forum database. When creating a thread, posting a response or messaging another user, we store your computer’s IP address and the time and date that you submitted the post. This information is only used to identify you as a contributor and is not passed on to any of the third party data processors detailed below. Only your username will be shown on the public-facing website although if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed.

Our system uses some spam prevention services to determine whether threads and posts are spam. Some of your registration data is sent to these services for validation:

For a small fee, users can upgrade their forum account to have additional privileges. The fee is collected using Paypal as a third party data processor. They will ask for additional personal data about you, including your address and postcode. This additional personal information is used by PayPal to validate the purchaser, and is not stored on any other system. This information is not passed to any other third party.

We keep your basic personal data for the duration of you being a member of the forum.

3.2 Our shop

Should you wish to purchase an item of merchandise from our shop, we will collect basic personal data about you which includes name, email address, postal address and telephone. The data is collected at registration time and stored to this website’s shop database. Payment for merchandise is collected using Paypal as a third party data processor. This information is not passed to any other third party.

We keep your basic personal data for the duration of you being a user of the shop.

3.3 Our donations

Should you wish to make a donation to the A2OC, we will collect basic personal data about you which includes name, email address, and postal address. The data is collected at registration time and stored to this website’s shop database. Payment for donations are collected using Paypal as a third party data processor. This information is not passed to any other third party.

We keep your basic personal data for the duration of you being a user of the shop.

3.4 Contact forms and email links

Should you chose to contact us using the contact forum or an email link, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our own SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices. However, not all mail servers are secured in such a way. Therefore, we would suggest that you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email.

4.0 How your personal information is used

We may use your personal information in the following ways:

  • For the purposes of making you a registered member of our site, in order for you to contribute content to this site.
  • We may use your email address to inform you of activity on our site.
  • Your IP address is recorded when you perform certain actions on our site. Your IP address is never publicly visible.

5.0 Other ways we may use your personal information.

In addition to notifying you of activity on our site which may be relevant to you, from time to time we may wish to communicate with all members any important information such as newsletters or announcements by email. You can opt-in to or opt-out of such emails in your profile.

We may collect non-personally identifiable information about you in the course of your interaction with our site. This information may include technical information about the browser or type of device you're using. This information will be used purely for the purposes of analytics and tracking the number of visitors to our site.

6.0 How we store your personal information

As detailed above, if you register on this website in the forum, shop or donation system, some personal information will be stored within this website’s databases. In addition, when accessing any of the systems, we store your computer’s IP address and the time and date that you accessed the system. These are currently the only occasions where personal data will be stored on this website. This data is currently stored in an identifiable fashion; a limitation of the content management systems that this website is built on.

7.0 Cookie policy

Cookies are small text files which are set by us on your computer which allow us to provide certain functionality on our site, such as being able to log in, or remembering certain preferences.

We have a detailed cookie policy and more information about the cookies that we set on this page.

8.0 Your rights

If at any point you believe the information we process on you is incorrect you can request to see this information and even have it corrected or deleted.

We reserve the right to maintain the content of existing forum threads and posts of deleted accounts in accordance with the right of freedom of expression and information (Article 17(3) GDPR).

Existing forum threads, posts and messages from deleted accounts shall be anonymised to have all user-identifiable information removed.

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).

9.0 About this website’s server

The website server is hosted by Nimbus Hosting in the UK.

All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.

10.0 Our third party data processors

We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0. The first 3 of these third parties are based in the USA and are EU-U.S Privacy Shield compliant.

11.0 Data breaches

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

12.0 Data Controller

The Data Controller is the Audi A2 Owners’ Club. A non-profit organisation.

13.0 Data Protection Officer

The Data Protection Officer can be contacted here.

14.0 Acceptance of this policy

Continued use of our site signifies your acceptance of this policy. If you do not accept the policy then please do not use this site. When registering we will further request your explicit acceptance of the privacy policy.

15.0 Changes to this policy

We may make changes to this policy at any time. You may be asked to review and re-accept the information in this policy if it changes in the future.

Back
Top