This site only provides personal web hosting for the owner and email forwarding and file hosting services for non-profit organisations of which the owner is a member. As such the only personal data held are e-mail addresses, usernames, amateur radio callsigns and passwords of members of these organisations as end users or as delegated administrators for file hosting or e-mail lists.
It is believed that this falls within the letter and spirit of the Data Protection Act exemption documented at:
As of 20th September 2011 a data protection act registration was sought (reference zug284) on a voluntary basis at the owner's expense to ensure that the owner and the organisations that use this service are protected. This was granted with reference Z2865639 on 26th September 2011 and has been renewed annually. The registration is in the "General Business" category and is covers significantly more than is actually done by moffatig.com or any of the organisations that use this service.
A copy of the registration can be viewed by entering the registration number at
Access by data subjects to their data
Data subjects may request access to their data on the system from the owner by sending a stamped, self addressed envelope or an e-mail to
There will be no charge for the first request in each calendar year. Subsequent requests will be charged at the maximum rate permitted by English law.
This site does not track user's activity on other sites or analyse user behaviour in any way (although the right to review access logs for security audit or application support is reserved by the site owner).
Other persons with access to the data
- The site owner has access to all data and logs in the site.
- The web hosting provider (Aceshells Ltd. in the UK for moffatig.com and the backup provider (rsync.net) in Switzerland have access to any data stored in the moffatig.com server as a consequence of the virtual server and the daily backups respectively being hosted on their hardware.
- British Telecommunications plc hosts the g0ozs.org static web site so can see web access logs only (including access to images linked from the other sites)
- The moffatig.plus.com servers are hosted at the site owner's premises and no separate data processor has access.
- The administrators of the various hosted forums, websites and mailing lists have access to the data within their own forums, websites and the e-mail addresses and message history of their own lists.
The site owner will make available to the police or other UK public authorities such data as is required by UK law in case of a criminal investigation.
Statement of Principles
The data protection act registration requires the data controller to confirm compliance with a number of requirements which are:
|Adopting an information security policy? (i.e. providing clear management direction on responsibilities and procedures in order to safeguard personal data)
|| Please see security?
|Taking steps to control physical security? (for example, locking doors of the office or building where computer equipment is held)
||The moffatig.com servers are hosted by aceshells.co.uk in managed data centres. Please see: http://aceshells.com/bargain-virtual-dedicated-servers.php for more detail.
The moffatig.plus.net servers are in the owners home which is locked when unattended.
|Putting in place controls on access to information? (for example, introduction of password protection on files containing personal data and encryption)
||All access to the server at operating system level is secured by passwords and encrypted protocols are used for access wherever possible. Access is limited to trusted IP addresses to the greatest extent possible. All application access (other than web content and incoming e-mail) is controlled by passwords and IP address restrictions.
|Establishing a business continuity plan? (for example, holding a backup file in the event of personal data being lost through flood, fire or other catastrophe)
||The owner maintains two virtual servers for moffatig.com at different locations in the UK and the active server is backed up to a virtual disk hosted by rsync.net in Switzerland daily and before major configuration changes. The backups from one server can be restored onto the other with less than one man-day of effort. Similarly moffatig.plus.net is replicated to rsync.net overnight.
|Training your staff on security systems and procedures? (for example, are staff aware of their responsibilities, are they aware that personal data should only be accessed for business purposes?)
||The owner has received extensive data protection training in the course of his employment. The delegated administrators of the various lists have been advised to consider their responsibilities as data controllers of their own members' information and the relevance of the exemption for non-profit bodies. No delegated administrator has access to anyone else's data or to the operating system.
|Detecting and investigating breaches of security when they occur? (for example, producing audit trails that log access to personal data and can be attributed to a particular person)
||All access to the server at operating system level, to upload files, and to administer web applications is authenticated and logged including a user name and IP address. All logs are replicated off the machine to a remote file store. All e-mails sent through the list server are logged and archived. The message archives are only available to system administrators. A host level intrusion detection system with real time alerts sent to the owner and archived remote from the system has been installed.