We're updating our Cookies and Privacy policy

  • 23 April 2020
  • 24 replies
  • 2312 views

Hi everyone,

Just to let you know we’re updating our cookie policy and our privacy policy on 1 May.

We wanted to provide more transparency on how we use cookies, data, and third parties, including with search and social media platforms.

We’ve also included guidance on how to control and manage your data.

The main change is to allow us to use anonymised data from Members who’ve already joined us to advertise on social media to those who are similar in terms of interests, age and gender.

You can view our cookie policy by tapping here.

And our privacy policy by tapping here.

We’ll also be sending you an email over the next couple of days to let you know about these changes.

24 replies

I can't believe I'm the only person who saw "We're updating our Cookies..." on the homepage, and thought you were offering tea and biscuits.

Ho hum.

Thanks for the information Nataly.
Userlevel 7
Badge +8
​​​​​​​
Can we opt out of sharing data?
Userlevel 7
Badge +10
Here they are as at today's date. I note the policies are dated from 1st May - the email should or could have contained a link to the previous policies.
The filenames are those assigned by Pure Planet (ridiculous- why cant they just call them Pure_Planet_Privacy_Policy_01_May_2020 etc)


Here is the PURE PLANET PRIVACY POLICY online

Here is the PURE PLANET COOKIE POLICY online

and attached privacy policy

and attached cookie policy ​​​​​​​
you are limited to use any cookie strictly necessary for your website and you MUST give you an appropriate means of consenting to that cookie being set on your device. Advertising cookies are NOT strictly necessary, so please provide a link to limit the cookies to what you legally need to operate your site, otherwise you are contravening the Law
Userlevel 7
Badge +10
from the cookie policy
How can you manage your cookies?
Cookies enable the best experience on our website and some parts of it may not operate without
them. Specifically, some of our cookies are used to ensure the traffic is sent securely, to
maintain your session details and (ironically) to register your cookie preference.
You can delete cookies at any time in your device or change your browser settings so it blocks
them altogether. More details on managing cookies can be found on the Information
Commissioner's website here:
Cookies

​​​​​​​
Jezzer;52431:
Can we opt out of sharing data?
to quote the regulation..

How do the cookie regulations affect me?You may come across information about cookies and similar technologies on websites and be given choices about how some cookies are used. This might include, for example, being asked to agree to a cookie being used for a particular service, such as remembering your preferences on a site.
Organisations have to provide clear and comprehensive information about the way they use cookies, and ensure that for any cookie not strictly necessary for their website, they give you an appropriate means of consenting to that cookie being set on your device.
Userlevel 7
Badge +10
hi Richardc
​​​​​​​despite my post above I do agree with you there that should be an easier means of opting out of unnecessary cookies.

Richardc;52438:
to quote the regulation..

How do the cookie regulations affect me?

You may come across information about cookies and similar technologies on websites and be given choices about how some cookies are used. This might include, for example, being asked to agree to a cookie being used for a particular service, such as remembering your preferences on a site.
Organisations have to provide clear and comprehensive information about the way they use cookies, and ensure that for any cookie not strictly necessary for their website, they give you an appropriate means of consenting to that cookie being set on your device.
Woz,

I agree that they do point out how to delete the cookie, but that is not the point.... the requirement is that you have to consent to it being stored in the first place, which they do not do.

As an account holder, if I want to check what my usage has been, then I have no option to stop marketing cookies - these have absolutely NOTHING to do with the supply of my account information, so I should have to explicitly consent, through appropriate means (as per the regulations) to be stored on my device.
Well, I've got my cookie...


​​​​​​​My friend's.daughter made it for her Birthday for me.
Those first two links @woz are click tracking links possibly from your account. PP will think you’ve been a busy busy click clicker each time they’re clicked.
@Marc, @Nataly.

I don't know whether this helps, or muddies the waters.

Basically what RichardC is talking about is 'granular consent.'

If I've understood what he's saying correctly, then Pure Planet is not offering 'granular consent' from the 1st of May 2020. Are Pure Planet stating that by providing information on what cookies do what, and how to block them in the browser, they are providing 'granular consent' even if you are not providing separate tick boxes/sliders?
​​​​​​​

Regards

Mark
Userlevel 7
Badge +10
@Richardc and @Gwyndy and @Nataly and @Marc
that's what I thought, so as a comparison I tried some other larger providers and those I tried never popped up a granular consent. I then went to https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies so now I'm off to try some cookie deleting and testing...
I simply don't believe that PP could be so remiss as to ride roughshod over this so I suspect we are missing some facts here.
Irrespective of whether the consent to non-essential cookies is required I agree and I do think it should be a granular approach.
and...

Later update
It would appear that there are no essential cookies for purepla.net as far as I can tell. so presumably all the cookies I deleted were not essential.
this is what I see after cookie deletion when remaining logged in online.

also see HERE re first time use of app. (similar to online warning)
I'm now even more confused, I can only assume that there is no requirement for a granular approach, which seems to be at odds to the fact that the account is fully functional when cookies are deleted at every stage (before after and during login).
​​​​​​​@marc @Nataly please can we have some clarity on this?

Gwyndy;52464:
@Marc, @Nataly.

I don't know whether this helps, or muddies the waters.

Basically what RichardC is talking about is 'granular consent.'

If I've understood what he's saying correctly, then Pure Planet is not offering 'granular consent' from the 1st of May 2020. Are Pure Planet stating that by providing information on what cookies do what, and how to block them in the browser, they are providing 'granular consent' even if you are not providing separate tick boxes/sliders?
​​​​​​​

Regards

Mark
Userlevel 6
Badge +2
This, in case anybody thinks otherwise, is not some new legal change on the 1st May. Since the Data Protection Act 2018 it has been an offence for people to be expected to opt out if they don’t want their data used. In other words a customer must be asked to physically consent by ticking a box. A company cannot legally assume opt in and certainly not leave it for the customer to then have to opt out. There is of course some data needs to be held and used but solely for legal purposes such as the administration of a customer’s account and service.

Not only must a user physically consent to opt in by ticking a box, the ability to do so must be simple and clear. It must not be buried deep in some conditions that are difficult to find. Again to make it difficult or complex for a user to select preferences or options is also a criminal offence.

There is only one effective way to comply and that is have a nice clear box that pops up when a user accesses a site giving him or her the option to opt in if he or she wishes to do so. Whilst the selection made may then be stored so as to avoid repeated requests a company ought to pop the box up again every so often.

GDPR brought a lot in but it is now covered by the DPA 2018 which formally embraced GDPR. It is surprising how many companies make it difficult for a user to change options or even find out how to do it. The mechanism should not be buried deep in a policy but clear on the screen the moment a new user logs in. I find some companies don’t like it when you have made sure you have opted out and repeatedly ask you every time you access their page. Obviously in the hope that they become a pain in the backside so that eventually you give in and say “yes”.

When we clear out history in our browsers, which everybody should do as a security measure from time to time, then often you will find you are asked to reset consents - because you have wiped out past cookies and history!

From what I have seen an awful lot of sites are not compliant and deliberately so. The law in the USA and outside Europe is different. Europe’s, including us, is I believe one of the most stringent.

However, the enthusiasm to have a tight law has produced some problems. With some organisations it is common for the widowed partner of a deceased member to be contacted to provide support, even not just widowed partners, it could be ill ones or those going through a rough time. It is rare for organisations to hold the partner’s consent but the law now says you must if you want to use that person’s data to provide help and support to him or her.

It is not that the law is an ass but more that the legislators overlook some real needs. In a way it is like the law today during lockdown. There is no law that says you cannot go out 3 times for exercise in a day for example. The only law that applies is you must have a reasonable excuse. That has been misinterpreted by some because Parliament went and gave a list of examples of what reasonable excuse may be, but they are only examples, they are not legally imposed limitations despite some policemen thinking they are.

Serious stuff this! I hope all readers are well and smiling.
Hi @Richardc @Gwyndy @woz @G4RHL

Thank you for your feedback and valued input around this 🙌

Gwyndy;52464:

If I've understood what he's saying correctly, then Pure Planet is not offering 'granular consent' from the 1st of May 2020. Are Pure Planet stating that by providing information on what cookies do what, and how to block them in the browser, they are providing 'granular consent' even if you are not providing separate tick boxes/sliders? ​​​​​​​


This is a really good point from @Gwyndy, and is indeed how we've approached this issue.

That being said, following your feedback we do recognise the process could be made easier for users of our website - we're now looking into this and will of course update you here when there's more information 👍
Userlevel 7
Badge +10
or to rephrase......That being said, following your feedback we do recognise the process could be made legally compliant for users of our website? ....(I know...I know...)
reminds self...must go out for some excercise...
Nataly;52479:

That being said, following your feedback we do recognise the process could be made easier for users of our website .... 👍
G4RHL;52478:
This, in case anybody thinks otherwise, is not some new legal change on the 1st May. Since the Data Protection Act 2018 it has been an offence for people to be expected to opt out if they don’t want their data used. In other words a customer must be asked to physically consent by ticking a box. A company cannot legally assume opt in and certainly not leave it for the customer to then have to opt out. There is of course some data needs to be held and used but solely for legal purposes such as the administration of a customer’s account and service.


The underlined part is where this becomes a slight 'grey area' the Information Commissioner's Office guidance regarding what can be considered 'presumed consent' merely by accessing a website such as Pure Planet's - where you would only be here because you're an existing customer, therefore you've already consented to provide the information elsewhere, or you would reasonably expect to have to provide certain personal information to prove your identity/access the site - is rather opaque, and under those circumstances, the 'easy access' sliders do not apply.

The first thing the ICO site states is:
The GDPR sets a high standard for consent. But you often won’t need consent. If consent is difficult, look for a different lawful basis.


Pure Planet probably could, had they so wished, justified the fact that accessing the site to use your account, or this community, by it's very nature implies consent.

However, having asked for our consent, Pure Planet need to heed this advice:

How should we obtain, record and manage consent?

Make your consent request prominent, concise, separate from other terms and conditions, and easy to understand. Include:


  • the name of your organisation;
  • the name of any third party controllers who will rely on the consent;
  • why you want the data;
  • what you will do with it; and
  • that individuals can withdraw consent at any time.


Which they seem to have done, where they appear to have dropped the ball is here:

  • ​​​​​​​​​​​​​You must ask people to actively opt in. Don’t use pre-ticked boxes, opt-out boxes or other default settings. Wherever possible, give separate (‘granular’) options to consent to different purposes and different types of processing.



That, at least, is how I understand this situation. However, this is not the 'legalese' I was taught to comprehend, so I accept I may well have missed something - I also know from having had to read 'legalese' that there is, particularly where the government's concerned, a habit for both 'unintended consequences' and 'contradictory information.' Way back in 2002 (ish) while up at a meeting in London, we questioned several of the contradictions in the rules we had to operate under to be told 'yes, the lawyers didn't realise that when they wrote it,' and when we questioned what the lawyers were going to do to fix their mistake, the answer was basically 'wait until it someone decides to take it to the High Court and let them work it out.'

​​​​​​​
Userlevel 7
Badge +10
..where you would only be here because you're an existing customer....
But I take your point
Gwyndy;52505:
The underlined part is where this becomes a slight 'grey area' the Information Commissioner's Office guidance regarding what can be considered 'presumed consent' merely by accessing a website such as Pure Planet's - where you would only be here because you're an existing customer, therefore you've already consented to provide the information elsewhere, or you would reasonably expect to have to provide certain personal information to prove your identity/access the site - is rather opaque.
woz;52507:
#8e44ad ]...where you would only be here because you're an existing customer....
But I take your point#8e44ad ]


Sorry @woz, I was in the process of editing/adding to the post, is that something I've already fixed?
​​​​​​​
Userlevel 7
Badge +10
grrr, <*,*> formatting...
not sure what your question means but I'll try to mend it.
I was alluding to the fact that the logic that one is an existing customer isn't (logical)(not aimed at you)
Gwyndy;52509:
Sorry @woz, I was in the process of editing/adding to the post, is that something I've already fixed?
​​​​​​​
Hi everyone,

Just to give a quick update on this - we've started work to introduce granular opt out options for users on web.

Thank you for your valued feedback around Cookies/Privacy! 🙂
Just a further update to say we're expecting the work on granular consent for the web to be complete by the end of June 🙂
Userlevel 6
Badge +2

Can anybody advise how to set one’s privacy settings. WhatBot does not understand the question and there appear to be no links anywhere to do it as is now required.

When I logged on today I had the cookie notice on screen. I went to check the settings to see that PP are still not legally compliant with the Data Protection Act. It is still defaulting to all being preselected. That is illegal.

Hey @G4RHL 

Just to let you know I’ve moved this to our thread all about cookies, to keep the current feedback and updates all in one place :thumbsup:

Unfortunately the introduction of changes to cookies has been delayed due to some behind the scenes changes - but it is still being worked on, to implement granular consent ASAP (within the next couple of months). Sorry about the delay! 

Reply