Tyne and Wear Metro wiki:Privacy policy

Welcome to the Tyne and Wear Metro wiki ("we", "our", or "us"). We are committed to protecting your privacy and handling your personal data transparently. This Privacy Policy explains how we collect, use, and share information about you when you use our website (https://metro.hopperelec.co.uk/wiki).

The data controller responsible for your personal data is Cameron Johnston (hopperelec). You can contact me regarding your privacy and data protection rights at hopperelec@gmail.com.

Our lawful bases for processing your personal data are:

• Legitimate Interests:
  • To operate, maintain, and secure the wiki.
  • To prevent abuse and vandalism.
  • To maintain a public historical record of contributions.
• Consent: Where you optionally create an account, enable Two-Factor Authentication, or provide an email address, you are giving us consent to process that information for the purposes described in this policy.
• Legal Obligation: To comply with lawful requests from law enforcement or regulatory authorities.

To provide and protect our service, we collect the following data:

• Account Information: If you create an account, we store your chosen username and a secure password hash.
  • If you optionally enable Two-Factor Authentication (via the OATHAuth extension), we securely store your 2FA secret.
  • If you optionally provide an email address, we use it for password resets and page notifications. If you use the wiki's 'Email this user' feature to contact another user, your email address will be revealed to the recipient so they can reply.
• Public Contributions: Any edits, additions, or modifications you make to wiki pages are permanently recorded and publicly visible.
  • If you are logged in, your edits are attributed to your username.
  • If you are not logged in, your edits are attributed to your IP address.
• Server Logs: Our web server automatically logs requests. These logs include your IP address, browser type (User-Agent), and referring pages. We use this for detecting and preventing abuse, and for debugging server errors.
• Abuse Monitoring: We use extensions (AbuseFilter, CheckUser, LoginNotify, TorBlock) to monitor for suspicious activity. This may involve temporarily storing IP addresses associated with edits or login attempts. This data is automatically deleted within 90 days.

We use cookies to maintain your session, keep you logged in, and store your user preferences. All cookies we set are essential for the operation of the wiki or for security purposes. We do not use cookies for advertising or tracking purposes. Third-party services (listed below) may set their own cookies as described in their privacy policies.

All the servers that store and process the data we collect are located in the United Kingdom and that data is not knowingly transferred outside the UK. However, data collected by third-party services (listed below) may be processed in other jurisdictions as described in their privacy policies and subject to standard contractual clauses or other appropriate safeguards.

We utilize the following third-party services, which may collect data as described in their respective privacy policies:

• Cloudflare: Our site traffic is routed through Cloudflare for security and spam protection. Cloudflare may process your IP address and request data. We also use Cloudflare Turnstile to prevent automated spam and abuse during account creation, logging in, and page editing. Turnstile evaluates your browser environment and interaction patterns to verify you are human, which may involve processing technical device data.
• Oracle Cloud: Our site is hosted on Oracle Cloud Infrastructure (OCI). We also use OCI for sending any automated email notifications. Oracle may process your email address as part of this service.
• Wikimedia Commons: We pull some images dynamically from Wikimedia Commons. When you view a page with such an image, your browser makes a direct request to Wikimedia servers, subject to the Wikimedia Privacy Policy.
• Embedded Video: We allow embedded video content (via the EmbedVideo extension). If a page contains an embedded video (e.g., YouTube), viewing that page will cause your browser to request limited information (e.g., a thumbnail) from the video provider, which may collect some data according to their own privacy policies. Clicking "Load video" will display a warning containing a link to the provider's privacy policy, and the full video will only load if you click "Continue" after acknowledging the warning.
• OpenStreetMap: We allow embedded maps (via the Maps extension). If a page contains an embedded map, your browser will make requests to OpenStreetMap servers, which may collect some data according to the OpenStreetMap Privacy Policy.
• Linked Content: Anybody can create a wiki page that links to external websites. We have no control over and take no responsibility for the data collection practices of those external sites.

Under the UK General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Portability: When you request access to your data, you can also ask for it in a commonly used format (e.g., XML) so you can transfer it to another service if desired.
• Right to Rectification: You can update your account settings and email address at any time.
• Right to be Forgotten: While public wiki edits are a matter of public record, you can contact us to have your account permanently disabled and your identifiable personal information obfuscated or removed from the database. This is done using the extensions DisableAccount and RemovePII.
• Right to Restrict, Object and Withdraw Consent: You can object or withdraw your consent to certain processing of your data by changing your account settings (e.g., by removing your email address to stop notifications).
• Right to Complain: If you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

To exercise any of these rights, please contact the data controller. As per GDPR requirements, we will respond to your request without undue delay and at the latest within one month.

This wiki is not directed at children under the age of 13 and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us so we can delete it.

We may update this policy occasionally to reflect technical changes or legal requirements. You can see when it was last updated at the bottom of this page. We encourage you to review this page periodically for any changes.