We collect personal information directly from you when you contact us, register with us, enquire about our activities, make a donation, participate in an event, apply to volunteer or work with us, or otherwise provide us with your personal information.

We also collect the following information when you are on our websites: Internet Protocol (IP) address, and details of which version of web browser you used as well as information on how you use the site, using cookies and page tagging techniques. We look at this information on an aggregated basis via Google Analytics and do not identify you personally.

We may also receive personal information indirectly from you, for example through companies carrying out work on our behalf, such as surveys or event bookings, or website and social media platforms which you use to engage with us.

When you choose to interact with us we may collect the following personal information about you, under the lawful basis of legitimate interest:

• Borrowing:

  When you choose to register for an online account for the Library inventory, we will collect your name, email address, telephone number and postal address. We will also verify your ID on your first borrow. When you borrow things from the Library, we will additionally gain information about your borrowing habits. Payment details are processed securely online by a third party so Share Bristol has no access to your payment information.

• Feedback: We may also ask you survey questions about your experience with our services, which will be completely optional.
• Visiting our websites: When you visit our websites, we collect information about how you use our website and track which pages you visit when you follow links from our emails. Our websites:
  • www.sharebristol.org.uk
  • things.sharebristol.org.uk
• Volunteering: When you apply to volunteer with us we will collect your name, contact details and information about your skills. For some roles we will also perform background checks.
• Working with us: When you apply for a job with us we will collect your name, contact details and information about your work history and skills. We will perform background checks, which may include a DBS check. We will also ask questions about equalities to ensure we are attracting a wide range of applicants, and not excluding any groups from our work.
• Donating: If you donate to us online the platforms we use may collect information about you to process the payment. We will only receive contact details if you have agreed to them being shared with us.

We may collect the following under the lawful basis of legal obligation: 

• Accident reporting: If you are unfortunate enough to have an incident on our premises we will need to collect your contact details.

We use your personal information for a number of purposes, including:

1. Borrowing: Providing access to our online Thing catalogue to facilitate your borrowing. Administering your membership and borrowing, including processing payment, checking you live in the wider Bristol area, and sending email reminders.
2. Feedback: Inviting voluntary participation in research or surveys, and processing and other formal or informal feedback you give us.
3. Volunteering: Processing your application to volunteer with us, and for supporting you as a volunteer.
4. Donating: Processing donations we have received from you.
5. Communication: Emailing you relevant updates about our services, products and activities including monthly newsletters. These emails are sent to you if you have signed up for them (under consent) or if you have registered on our website (under legitimate interest).  You will be given the option to unsubscribe from these emails with every email which is sent out.
6. Promotion: Promoting Share Bristol on our website and social media platforms through photos, comments and data about your borrowing that you provide
7. Improving what we do: Analysing, managing and improving our services, products and information.
8. Website analysis: Analysing usage of our website using Google Analytics.

We will also process your personal information as required by law or regulation. 

We adopt appropriate technical and organisational measures to make sure your personal information is secure, and protected against unauthorised or unlawful processing, and accidental loss, destruction or damage, from the point of collection to the point of destruction.

Access to your personal information is restricted to those people who are required and authorised to process it. Appropriate background checks and training take place for our people who need to process your personal information.

Your personal information will only be shared with another organisation, acting on our behalf, if they agree to ensure sufficient safeguards are in place to protect your personal information.

We will remove your personal information if you ask us to do so, or if we no longer have a lawful basis for processing it.

If you are a Share Bristol employee, a minimal level of your personal information is required by law to be kept for up to seven years.

If you unsubscribe from e-newsletters, minimal personal information will be kept on a suppression list to ensure you do not receive such communications.

We will never sell your personal information to any third parties.

Information that we may share with the public will be to promote Share Bristol online and in the media. You will be given the option to opt-out, or restrict the use of any such publicity.

We will share your personal information when legally required to do so.

Your personal information belongs to you. You have rights over how we use your personal information:

• the right to be informed
• the right of access
• the right to rectification
• the right to erasure
• the right to restrict processing
• the right to data portability
• the right to object

At Share Bristol we don’t carry out any automated decision making or profiling.

For further information about your rights, and when they apply, see the Information Commissioner’s Office website: ico.org.uk/your-data-matters

You may access the personal information associated with your online membership account at any time by logging in to your online account with Share Bristol: things.sharebristol.org.uk

If any of your details change or need correcting, then you can edit these in your account or contact us to have these corrected. You can also ask for your account to be deactivated or deleted.

You can request to see personal information we hold about you by emailing hello@sharebristol.org.uk

You may unsubscribe from Share Bristol communications at any time, by clicking on the unsubscribe link in the emails or responding with an “unsubscribe” email response. However, we will continue to communicate with you for the purposes of facilitating your borrowing for as long as you remain a member. 

If you are unhappy with our use of your personal information, you have the right to complain to the Information Commissioner’s Office. We would encourage you to contact us (see below) in the first instance so we can attempt to resolve any concerns.

Our website Cookies

Website cookies are small text files that websites store on your device when you visit them, essentially acting like digital “memory cards” that help websites remember you and your preferences. Think of cookies like a coat check ticket at a restaurant – when you visit a website, it gives you a small piece of identifying information (the cookie) that it can recognise when you return, allowing it to “remember” who you are and what you were doing.

The Share Bristol website uses WordPress, a web platform which uses various categories of cookies:

Users Cookie

These cookies are used for authentication, ensuring a secure experience for people who log the Share Bristol site.

·         WordPress_[hash]: This cookie is used to store your authentication details upon login and is limited to the admin area.

·         wordpress_logged_in_[hash]: This cookie enables the interface to recognize you as a logged-in user and determine which account and preferences to use for various features.

·         wp-settings-{time}-[UID]: This cookie facilitates customizing your view of the admin interface and the main site interface. The number UID is the individual user ID from the user database table. 

Commenters Cookie

When visitors comment on the Share Bristol blog, WordPress stores several cookies on their computer. These cookies are designed to streamline the commenting process, making it more convenient for returning commenters.

·         comment_author_{HASH}: This cookie remembers the commenter’s name. When a visitor leaves a comment, this cookie stores their name so they don’t have to re-enter it the next time they comment. This improves the user experience by reducing repetitive data entry.

·         comment_author_email_{HASH}: This cookie stores the commenter’s email address. Similar to the name cookie, it ensures that the email address is pre-filled in the comment form for future comments, saving time and effort for the user.

·         comment_author_url_{HASH}: This cookie remembers the URL of the commenter’s website if they provide one. It makes it easier for users to leave their website link again without having to type it each time they comment.

WordPress Test Cookie

This cookie, named wordpress_test_cookie, simply checks if your browser supports cookies

Language Cookie

The wp_lang cookie is a session cookie set by WordPress to store your selected language during login. This ensures that all translatable labels are displayed in your chosen language.

Google Analytics Cookies

There are also cookies set by Google Analytics (GA4) JavaScript tags. To learn more about the data that Analytics collects, see Safeguarding your data. https://support.google.com/analytics/answer/6004245

Cookie name                    Default expiration time                               Description

_ga                                         2 years                                                 Used to distinguish users.

_ga_<container-id>       2 years                                                 Used to persist session state.

Google Maps Cookies

Several cookies from Google Maps which we use to show where our Libraries are located.

AEC

This is a Google security cookie that ensures requests within your browsing session are made by you, and not by malicious websites. It prevents other sites from acting on your behalf without your knowledge and helps protect against spam, fraud, and abuse. This cookie lasts for 6 months.

APISID

This cookie is used by Google to personalize ads on websites based on your recent searches and interactions. It helps Google collect visitor information for videos hosted by YouTube and other Google services. This cookie typically lasts for 2 years.

HSID

This cookie contains digitally signed and encrypted records of your Google Account ID and most recent sign-in time. It’s used to block many types of attacks, such as attempts to steal content from forms submitted in Google services. This security cookie lasts for 2 years.

NID

This cookie is specifically used to save the preferences of users not signed in to a Google account. It’s commonly used to play YouTube videos embedded on websites and helps Google provide personalized content and ads based on your browsing preferences. This cookie can last anywhere from 6 months to 10 years.

OTZ

This cookie is used by Google Analytics to track website traffic information. It helps Google collect data about how visitors interact with websites that use Google services. This cookie typically lasts for 1 month.

SAPISID

This cookie is used by Google to collect visitor information for videos hosted by YouTube on maps integrated with Google Maps. It helps optimize the delivery of Google content and services. This cookie typically lasts for 2 years.

SEARCH_SAMESITE

This is a Google security cookie that helps protect against cross-site request forgery attacks when using Google search services. It ensures that search requests are legitimate and come from the intended source.

SID

Similar to HSID, this cookie contains digitally signed and encrypted records of your Google Account ID and most recent sign-in time. It’s a security cookie that helps authenticate users and block various types of attacks. This cookie lasts for 2 years.

SIDCC

This is a security cookie that protects user data from unauthorized access. It works alongside other Google security cookies to ensure the integrity of your session and prevent fraudulent activities. This cookie typically lasts for 1 year.

SSID

This cookie is used by Google to collect visitor information for videos hosted by YouTube on maps integrated with Google Maps. It helps Google optimize the delivery of multimedia content and services. This cookie is persistent and typically lasts for 2 years.

Lend Engine Cookies

• PHPSESSID This is a session cookie that maintains your browsing session on our website. It allows our website to remember you as you navigate between different pages during your visit, ensuring features like shopping carts, login status, and form data are preserved. This cookie is automatically deleted when you close your browser.
• REMEMBERME This cookie is related to our Lend Engine system and remembers your login preferences when you choose the “Remember Me” option during login. It allows you to stay logged in for an extended period (typically several weeks) so you don’t have to enter your username and password every time you visit our website. You can control this by checking or unchecking the “Remember Me” option when logging in.

Stripe Cookies
We use Stripe as our payment gateway for processing memberships.

• __Secure-has_logged_in This cookie remembers whether you have recently logged into your account on our website. It helps us provide a smoother experience by keeping track of your login status for up to 6 months, so you don’t have to constantly re-enter your credentials.
  
  
• __Secure-LinkSessionPresent This cookie indicates whether you have an active Stripe Link session, which is Stripe’s feature that allows you to save payment information for faster checkout across different websites. It lasts for 1 year and helps streamline your payment experience.

• __stripe_orig_props This cookie remembers how you arrived at our website, including which page you came from and which page you first landed on. This information helps us understand user navigation patterns and improve our website experience. The cookie is stored for 1 year.

• cookie-perms This cookie stores your cookie preferences and consent choices. It remembers which types of cookies you’ve agreed to accept on our website, ensuring we respect your privacy settings on future visits. This cookie lasts for 6 months.

• machine_identifier This cookie creates a unique identifier for your device to help prevent fraudulent transactions and enhance security. It helps Stripe recognize your device for payment processing and fraud prevention purposes, lasting for 1 year.

• private_machine_identifier Similar to the machine_identifier, this cookie creates a more secure, private identifier for your device. It’s used for enhanced fraud detection and security measures during payment processing, and is stored for 1 year.

• __stripe_mid This cookie creates a unique machine identifier for your device that Stripe uses for fraud prevention and security purposes. It helps Stripe recognize your device across different payment sessions to detect suspicious activity and protect against fraudulent transactions. This cookie is stored for 1 year.

• __stripe_sid This cookie maintains your Stripe session identifier, which keeps track of your current payment session with Stripe. It ensures continuity during the payment process and helps Stripe provide a seamless checkout experience. This session cookie typically expires when you close your browser or after a period of inactivity.

All of these cookies are set by Stripe and are essential for secure payment processing and fraud prevention through their payment system.