Privacy Policy

We are committed to protecting your privacy and ensuring the security of your personal information.

Contents

Last Updated: January 2025

1. Introduction

Welcome to the Discretionary Powers Tracker. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform. We are committed to transparency and maintaining the highest standards of data protection in compliance with applicable privacy laws and regulations.

By accessing or using the Discretionary Powers Tracker, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our platform.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you register and use our platform:

  • Account Information: Name, email address, job title, department, and organizational affiliation
  • Authentication Data: Username, password (encrypted), and security credentials
  • Professional Details: Role within the system, assigned responsibilities, and authorization levels
  • Contact Information: Phone number and office location (if applicable)

2.2 Decision and Submission Data

  • Discretionary power decisions and supporting documentation
  • Decision guidance submissions and review comments
  • Audit trails and action logs
  • File uploads and attachments related to decisions

2.3 Technical Information

  • Usage Data: Pages visited, features used, time spent on platform, and interaction patterns
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Log Files: System access logs, error reports, and performance data
  • Session Data: Login times, session duration, and activity timestamps

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Platform Operations

  • Provide access to the Discretionary Powers Tracker and its features
  • Authenticate users and manage user accounts
  • Process and track discretionary power decisions
  • Enable collaboration between officers, reviewers, and administrators
  • Generate notifications and alerts relevant to your role

3.2 Compliance and Governance

  • Ensure compliance with legislative requirements and government regulations
  • Maintain comprehensive audit trails for accountability
  • Support internal and external auditing processes
  • Facilitate transparency and public access to appropriate information

3.3 System Improvement

  • Analyze usage patterns to improve platform functionality
  • Identify and resolve technical issues and bugs
  • Develop new features and enhance user experience
  • Generate statistical reports and analytics (anonymized where possible)

3.4 Security and Protection

  • Detect, prevent, and respond to security threats
  • Monitor for unauthorized access or fraudulent activities
  • Enforce our terms of service and platform policies
  • Protect the rights, property, and safety of our users and the public

4. Information Sharing and Disclosure

4.1 Within the Platform

Information is shared with authorized users based on their role and responsibilities. Access controls ensure that users only see information necessary for their functions:

  • Officers: Access to their own submissions and decisions
  • Reviewers: Access to submissions assigned for review
  • Administrators: Comprehensive access for system management and oversight
  • Auditors: Access to audit trails and compliance reports

4.2 Public Disclosure

In accordance with transparency requirements, certain information about discretionary power decisions may be made publicly available through our public search interface. This typically includes:

  • Decision summaries and outcomes
  • Dates and ministerial approvals
  • Legislative references and justifications
  • Anonymized or redacted information to protect personal privacy

4.3 Legal and Regulatory Requirements

We may disclose your information when required to:

  • Comply with legal obligations, court orders, or government requests
  • Respond to lawful requests from public authorities
  • Enforce our terms and conditions or protect our legal rights
  • Investigate potential violations or security incidents

4.4 Service Providers

We may engage trusted third-party service providers to support platform operations. These providers are contractually obligated to maintain confidentiality and use information only for specified purposes.

5. Data Security

We implement comprehensive security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction:

5.1 Technical Safeguards

  • Encryption: Data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption
  • Access Controls: Role-based access control (RBAC) ensures users access only authorized information
  • Authentication: Multi-factor authentication (MFA) available for enhanced account security
  • Firewalls: Network security measures to prevent unauthorized access
  • Monitoring: Continuous security monitoring and intrusion detection systems

5.2 Administrative Safeguards

  • Regular security audits and vulnerability assessments
  • Staff training on data protection and security best practices
  • Incident response procedures for security breaches
  • Background checks for personnel with access to sensitive data

5.3 Physical Safeguards

  • Secure data centers with restricted physical access
  • Environmental controls and redundancy measures
  • Regular backups stored in secure, geographically distributed locations

Note: While we implement robust security measures, no system is completely secure. Users are responsible for maintaining the confidentiality of their account credentials and should report any suspected security incidents immediately.

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Correction

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Account Management: Update your profile and contact information through your account settings

6.2 Data Portability and Deletion

  • Data Portability: Request a copy of your data in a structured, machine-readable format
  • Right to Erasure: Request deletion of your personal information, subject to legal retention requirements
  • Account Closure: Request closure of your account (some information may need to be retained for compliance)

6.3 Communication Preferences

  • Manage notification preferences through your account settings
  • Opt out of non-essential communications
  • Choose notification delivery methods (email, in-platform, etc.)

6.4 Exercising Your Rights

To exercise any of these rights, please contact our Privacy Officer using the contact information provided in Section 10. We will respond to your request within 30 days, subject to verification of your identity.

7. Cookies and Tracking Technologies

7.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our services. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until deleted or expired).

7.2 How We Use Cookies

  • Essential Cookies: Required for platform functionality, authentication, and security
  • Performance Cookies: Help us understand how users interact with the platform
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Collect anonymized data for system improvement

7.3 Other Tracking Technologies

We may also use:

  • Web Beacons: Small graphic images to track user interactions
  • Local Storage: Browser storage for temporary data and cache
  • Session Storage: Temporary storage for active sessions

7.4 Managing Cookies

You can control cookies through your browser settings. Please note that disabling certain cookies may impact platform functionality and your user experience.

8. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal, regulatory, and operational requirements.

8.1 Retention Periods

  • Account Information: Retained while your account is active and for a specified period after closure
  • Decision Records: Retained in accordance with government record-keeping requirements (typically 7-10 years)
  • Audit Trails: Retained for compliance and accountability purposes as required by law
  • Usage Data: Typically retained for 12-24 months unless longer retention is required
  • Security Logs: Retained for security investigation and incident response purposes

8.2 Deletion and Anonymization

After the retention period expires, personal information is either securely deleted or anonymized. Some information may be retained indefinitely in anonymized form for statistical and research purposes.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify users through the platform or via email
  • Provide a summary of key changes
  • In some cases, request your explicit consent for material changes

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information. Your continued use of the platform after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Officer

Discretionary Powers Tracker
Privacy and Data Protection Team

Contact Details

Email: privacy@discretionarypowers.gov
Phone: 1-800-555-PRIVACY
Response Time: Within 5 business days

Data Protection Commitment: We take your privacy seriously and are committed to protecting your personal information in accordance with applicable data protection laws and regulations.