Privacy Policy

This page explains what personal information we collect, why we collect it, how long we keep it, and how to contact us.

What is this page for?

  • It tells you what personal information we collect on our website.
  • It tells you why we collect it.
  • It tells you how long we keep it.
  • It tells you how to contact us about your data.

Our website

What we collect and why

Comments

  • If you leave a comment we collect:
    • the information you type in the comment form (name, email, comment),
    • your IP address,
    • your browser details (user agent).
  • We use this to show the comment and to help stop spam.
  • We may send a code made from your email (a hash) to the Gravatar service so your profile picture can appear. See Gravatar’s privacy page: https://automattic.com/privacy/

Photos you upload

  • Do not upload photos that contain location data (EXIF GPS).
  • Anyone who downloads a photo can read any location data inside it.

Cookies (small files on your device)

  • We use cookies to make the site work and to save your choices.
  • Examples:
    • Remembering your name and email for comments — lasts 1 year.
    • Temporary cookie to check if your browser accepts cookies — deleted when you close the browser.
    • Login cookies — last 2 days, or 2 weeks if you choose “Remember me”.
    • Screen options cookie (saves display settings) — 1 year.
    • Post edit cookie (stores post ID only) — 1 day.
  • Some forms use Google reCAPTCHA to stop spam. If you agree, a cookie for consent is set and deleted after 30 days.

Embedded content from other sites

  • Pages may include content from other websites (for example videos).
  • That content works the same as if you visited the other site.
  • Those websites may collect data about you, use cookies, or track how you interact with that content.

Security logs

  • We record IP addresses and usernames for some events, for example:
    • login attempts,
    • password changes,
    • requests for suspicious pages,
    • changes to site content.
  • We keep these logs for 60 days.
  • We do this to protect the site from attacks.

Who we share your data with

  • Akismet (anti‑spam) may get comment details to check for spam.
  • Gravatar may get a hash of your email to show your avatar.
  • We use the hCaptcha service to protect our login and authentication forms against abuse by automated software (“bots”).

When you interact with hCaptcha, certain information is collected and processed to determine whether the request comes from a human. This may include:

  • IP address
  • Browser and device information
  • Date, time and language settings
  • Behavioural data (e.g. how you move your mouse or type)

This information is processed by Intuition Machines, Inc., the provider of hCaptcha, solely for the purposes of security, fraud prevention and abuse protection. hCaptcha does not use this information for advertising or marketing.

Use of hCaptcha is subject to the hCaptcha Privacy Policy and Terms of Service.

  • For two‑factor login, a QR code image may be made by an external service (SolidWP). Your username is sent to that service to make the image. . For privacy policy details, please see the SolidWP Privacy Policy.
  • We use a site scanner to look for malware. We do not send private information to the scanner, but the scanner may find information that is already public (for example public comments).

Where your data is sent

  • Some services help protect our site from distributed login attacks. To do this, the IP addresses of people trying to log in may be shared with a protection service.
  • Akismet receives comment data for spam checking. For privacy policy details, please see the SolidWP Privacy Policy.
  • Other external services may receive small items of data as described above.

Special cases

  • If you request a password reset, your IP address will be included in the reset email.
  • If you register an account, we store the personal information you give in your profile. You can see, change or delete your profile information at any time (but you cannot change your username). Site administrators can also see and edit your profile.

How long we keep your data

  • Comments and their extra information are kept until you ask us to delete them.
  • Security logs are kept for 60 days.
  • Cookies last as stated in the Cookies section above.

Your rights

  • You can ask us to:
    • give you a copy of your personal information,
    • correct information that is wrong,
    • delete your personal information (unless we must keep it for legal, security or admin reasons),
    • stop certain uses of your information,
    • get your data in a common, machine‑readable format.
  • To use any of these rights, contact us (details below).
  • You can also complain to the Information Commissioner’s Office (ICO): https://www.ico.org.uk

How to contact us

Email: data-protection@open.ac.uk
Telephone: +44 (0)1908 653994
Post: The Data Protection Officer, PO Box 497, The Open University, Walton Hall, Milton Keynes MK7 6AT

Policies

Accessibility Statement

Privacy Policy