What is Data Protection Policy?

Data Protection Policy is a kind of security arrangement that means to configuration, actualize, guide, screen and oversee security over an association's information. 

It principally targets verifying and ensuring sensible information put away, devoured, and oversaw by an association. This information can be put away inside the association center framework, offsite area or at an online/cloud administration. For further information please visit.

f:id:gdprtraining:20200224173644j:plain

The key target behind information insurance arrangement is guaranteeing the security and respectability of information very still and moving - paying little mind to its physical or legitimate area. The information insurance strategy will be intended to guarantee security over every one of the information stockpiling/expending area. 

An extensive information security strategy incorporates: 

  • Scope of information security 
  • Data security strategy/arrangement at the granular level for example singular, office, gadget and additionally IT condition 
  • Legal necessities for information security 
  • Roles and obligations of information caretaker or staff that will guarantee information assurance 

Approach components 

As a feature of our activities, we have to acquire and process data. This data incorporates any disconnected or online information that makes an individual recognizable, for example, names, addresses, usernames and passwords, advanced impressions, photos, government managed savings numbers, monetary information and so forth. 

For further information please watch >https://www.youtube.com/watch?v=9KzjRAHfVh4&t=11s

Our organization gathers this data in a straightforward manner and just with the full collaboration and information on invested individuals. When this data is accessible to us, the accompanying principles apply. 

Our information will be: 

  • Accurate and stayed up with the latest 
  • Collected decently and for legal purposes as it were 
  • Processed by the organization inside its lawful and good limits 
  • Protected against any unapproved or unlawful access by inner or outside gatherings 

Our information won't be: 

  • Communicated casually 
  • Stored for in excess of a predetermined measure of time 
  • Transferred to associations, states or nations that don't have satisfactory information insurance strategies 
  • Distributed to any gathering other than the ones settled upon by the information's proprietor (absolving genuine solicitations from law requirement specialists) 

Notwithstanding methods for dealing with the information the organization has direct commitments towards individuals to whom the information has a place. Explicitly we should: 

  • Let individuals know which of their information is gathered 
  • Inform individuals about how we'll process their information 
  • Inform individuals about who approaches their data 
  • Have arrangements in instances of lost, ruined or bargained information 
  • Allow individuals to demand that we change, eradicate, lessen or address information contained in our databases 

The Data Protection Policy (the Policy) guarantees the Royal College of Obstetricians and Gynecologists (the College) conforms to Data Protection Law, to be specific the EU General Data Protection Regulation 2016/679 (GDPR) and the Data Protection Act (DPA) 2018. These set out the system for how the UK forms individual information: 

 

  • GDPR, enforceable in all EU part states from 25 May 2018, covers the vast majority of the legitimate commitments for preparing individual information in the UK 
  • DPA establishes GDPR and replaces the DPA 1998. It sets out: 

o          how other data rights enactment (for example Opportunity of Information Act 2000) interface with the new DPA and GDPR 

o          how individual information must be handled in the UK where it doesn't fall inside EU law, for example migration or national security matters 

o          local decides for the UK that supplement GDPR, for example extra estimates required for the preparing of exceptional classification individual information 

o          the Information Commissioner's Office's (ICO) job, capacities and forces.

 

What is EU Representative?

Many of you have heard about the EU representative, but what it is, still unclear. We tried our best to explain the role of the EU representative. 

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018. This law arrived with precise requirements for organizations. 

But, still, there are some mystery elements around the role of the EU Representative that need elaboration. Many are wondering if it has a connection with the position of the Data Protection Officer (DPO). For more information please visit here

As they both stand accountable for safeguarding data subjects’ personal data. But, we can’t say who is more important, as they both pay different duties in an enterprise. 

Companies that are located inside the EU boundaries have under a legal obligation to hire a DPO. However, companies situated outside the EU, but deal with the personal data of EU citizens must hire an EU representative

f:id:gdprtraining:20200221153018j:plain

The GDPR brought strict laws for the organizations that deal with customers’ personal data. Companies become more concerned about their alignment with GDPR requirements that revolve around DPOs and EU Representatives.  

There are many things to discuss and focus on an EU representative. But, the main concerns are 

1) The difference between the DPO and UK EU representative

2) Its Responsibilities

3) Do non-European companies under the boundaries of an EU need an EU high representative?

4) Can a company hire a DPO as a substitute for an EU representative?

A representative’s job description 

 

 

The job of an EU representative demands him or her to work for non-EU-based organisations and must be established in the EU. 

The representative serves as a point of contact among the Information Commissioner’s Office (ICO), organisations and last, the data subjects.

Representatives are required to 

  • Respond to any queries the ICO or data subjects have concerning data processing.
  • Maintain records of the organisation’s data processing activities
  • Make data processing records accessible to the ICO.

 

Different roles of the DPO and an EU Representative

There is a significant difference between the job roles of a UK EU representative and the DPO. If a company, anyhow manages to assign these two tasks to one person, they might end up in a problematic conflict of interest. 

It is integral to know clearly that what the basic functions of each role are:

  • A Data Protection Officer (DPO) is hired by EU enterprises to facilitate and assess a company’s compliance with the GDPR provisions.
  • The duty of an EU Representative is to represent companies that are not based in the EU about their GDPR obligations.

The job of the DPO is to support an organisation and enable the efforts it makes to maintain its compliance with the GDPR. 

The GDPR provisions secure the DPO from being held liable for any legal action that might be taken by Data Protection Authorities (DPAs) or data subjects.

The EU Representative is a point of contact amid EU authorities, data subjects and the organisation. 

The representative must be established in the EU. Moreover, the requirements say that it should be based in one of the Member States where the data subjects reside for clear channels of communication. 

Whereas, the DPO is a support point for a company in its GDPR compliance efforts. 

 

Many companies are concerned about how the role of an EU Representative can affect their organisation. 

They should know they can decide the scope of a Representative’s role and authority during the contractual process of delegating a Representative.

Why is an EU Representative crucial for non-European companies with legal EU entities?

In Article 27 of the GDPR, an EU Representative is a lawful requirement for all non-European companies handling the information of the EU data subjects’. But, don’t have a physical presence in any Member States. 

Similarly, the non-European companies with legal entities in EU member states aren’t required to hire a representative. 

Though the EU high representative is not mandatory in such a situation. 

However, companies must understand that in any inquiry or compliance problem, the DPA’s will ask the organisation’s leadership team, in case of no representatives.    

Non-European companies with data subjects in the EU can hire a DPO or a privacy professional to support their compliance efforts, although the GDPR obligations do not allow them to do so. 

For such companies, a DPO is much required as compared to a Representative. Because, these companies will meet more GDPR requirements, as there will be more responsibilities than a representative could fulfil. 

Additionally, it is easier to hire a DPO than to find a willing individual for an EU Representative position, all because of the legal implications. 

Those individuals that agree to fulfil the job of a representative must prepare themselves for any situation related to infringements or for non-compliance consequences. The reason is, as they stand legally responsible and may take actions accordingly. 

On the other hand, the DPOs can be protected from any legal action by the DPAs. 

 

How about hiring a DPO for the tasks of the EU Representative?

As this subject was quite unclear under the GDPR and more explanation is entailed over this topic. 

The Irish Office of the Data Protection Commissioner (DPC) is the only government entity that has attempted to answer this question.

The statement of DPC was, nothing will happen if an individual will pay double duties or roles. 

But, an organisation must take care that the person handling dual responsibilities must not take on tasks which can end up in a conflict of interest. 

The DPC clearly stated that the conflict might occur, especially when it comes to keeping things confidential. 

An EU representative is a sole point between data subjects, DPA and an organisation. On the contrary, a DPO paying dual responsibilities can feel conflicted while receiving certain concerns from data subjects or the DPA. 

Because they have an obligation to facilitate the organisation’s compliance with the GDPR.

 

Who should be selected as an EU Representative

Any legal or neutral person, based in the EU member state can be anointed as an EU representative. 

For instance, if your company collects the personal information from the data subject of France, then you must have a France-based EU representative. 

In case, your company collects data from the entire states of EU; you are allowed to appoint a representative in an EU member state.  

Nevertheless, if your company have different countries to select from, the best option is to select the one form which most of the data is collected or conduct more extensive monitoring. 

In the end

The GDPR has not provided clear instructions about the interplay amongst the DPO and EU Representative. 

But, it would be a wise suggestion for many companies to hire two different persons for each role. 

Otherwise, they will experience many unavoidable potential conflicts of interest, and many compliance issues are likely to arise.  

None of these two roles should be avoided. Companies are under a legal obligation to hire individuals for these two roles. 

Each role has its own importance and duties to pay. If those duties are paid accurately and accordingly, a company can save itself from various breaches and fines. 

In the end, both roles are designed to provide assistance for EU companies. 

These roles are also imperative in a company to move securely in a data privacy world, along with huge responsibilities.

 

 

 

Frequently Asked Questions

 

1) What is an EU representative?

 

A European Authorised Representative (E.A.R.), a legal person appointed by non-European Union (EU) manufacturers, for representing them in the EU. The EU representatives also make sure about their organisation’s compliance with the European Directives.

 

2) Who is a controller under GDPR?

 

A controller defines the means of personal data processing. However, a processor is responsible for processing personal data on behalf of a controller.

 

3) Does GDPR apply to non-EU citizens?

The whole point of the GDPR is to protect data belonging to EU citizens and residents. ... This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

 

4) Does GDPR apply to all data?

GDPRPersonal Data

Only if the processing of data concerns personal data, the General Data Protection Regulation applies. The term is defined in Art. 4 (1). Personal data are any information which is related to an identified or identifiable natural person.

 

5) Can personal data be shared without permission?

In many cases, you can not share personal data unless you contain the explicit consent of the data subject. There are two types of personal data sharing, sharing personal data that is sensitive or confidential and sharing personal data for purposes of marketing.

Data Subject Access Request

What is DSAR?

The term DSAR first picked up ubiquity with the appearance of GDPR. DSAR represents Data Subject Access Rights, however you'll additionally observe it utilized as an abbreviation for Data Subject Access Requests. Put just, guidelines like GDPR give people the privilege to demand data about the manner in which organizations handle their own data. 

An information subject makes his solicitation by means of email, an online structure, or other dispatch. The organization then needs to confirm the requestor's personality and presence inside their information biological system and track the solicitation through to goals. All inside the necessary courses of events (30-45 days relying upon the guideline). For further information & detail visit here

f:id:gdprtraining:20200219210648j:plain

DSAR demands normally include: 

 

  1. Contact data of the information subject (name, email, and telephone number). 

 

  1. The sort of solicitation. Information subject demands frequently can be categorized as one of the accompanying classes: 

 

A ) What do you gather on clients? 

  1. What do you gather on me? 
  2. Erase my data 
  3. Take my information somewhere else 

 

  1. An open book field where the purchaser can add any setting to their solicitation. 

 

GDPR and CCPA information subject access demands are frequently showed by means of an online security rights demand structure as appeared in the screen capture underneath. 

DSAR GDPR Example 

For organizations that offer online record administrations, it regularly bodes well to have the information subject login into their online record before causing their solicitation as that assists with checking their personality with the organization (otherwise called an information controller).

For some associations, the most mind boggling step in the DSAR procedure is discovering PI and binds it back to the information subject. Why? 

For more information please watch >

https://www.youtube.com/watch?v=ib_1U73uTzM&feature=youtu.be

Think about the accompanying: 

A solitary bank exchange may get imitated across 100 frameworks. 

Capacity is modest to such an extent that undertakings gather petabytes of information every year and keep practically every last bit of it. 

Information is routinely spread over the endeavor to help a wide assortment of clients and business activities. 

Shockingly, the gigantic development in information assortment and expansion has not been joined by a similarly coordinated exertion in information the board and information administration. 

The results have been agonizing. Information ruptures. Abuse of private information. Loss of customer trust. Accordingly, organizations have emptied assets into actualizing security controls to square or limit access to their information. However, while Security is centered around who is utilizing the information, Privacy is about how the information is being utilized and for what reason. 

In the mean time, guidelines like GDPR and CCPA are committing organizations to regard and react to Data Subject Access Requests (DSARs) like the "right-to-be-overlooked". In any case, accomplishing fundamental consistence necessitates that organizations comprehend what individual data they have, where it's found, and its motivation. Up to this point, the fundamental information stock procedure has been a manual one comprising of use information proprietor reviews and spreadsheets. 

DSARs push the manual procedure to its limit. Not just in individuals assets required to physically look through those 100 frameworks in the bank model for each DSAR, yet in addition in the exactness and culmination required to be solid with the controllers. It is a major information issue and another methodology is required to process petabytes of information, separate key information focuses and determine the connections between them. Organizations have been left scrambling to meet their commitments.

What is CCTV Policy?

The motivation behind this Policy is to control the administration, activity and utilization of the Closed Circuit Television (CCTV) framework at Gonville and Caius College. Cameras are utilized to screen exercises inside College structures, on its destinations, its vehicle leaves and other open regions to recognize crime really happening, foreseen, or saw, and to verify the security and prosperity of the College, together with its Fellows, staff, understudies and guests

f:id:gdprtraining:20200219152540p:plain

  • CCTV policy observing and recording frameworks might be introduced in or on College property when this has been audited and affirmed by the College Security Sub Committee. 
  • The framework includes various fixed and completely useful (Pan/Tilt/Zoom) cameras situated in structures and remotely around the College's courts and related satellite destinations at Harvey Court, the Boathouse, Sportsground and understudy homes. These are checked by suitable work force. 
  • The CCTV arrangement will be enrolled with the Information Commissioner under the particulars of the Data Protection Act 2018. The College's utilization of CCTV conforms to the prerequisites of the Data Protection Act and, where pertinent, the Regulation of Investigatory Powers Act 2000. You can discover more data here. 
  • This arrangement record will be liable to survey bi-every year to incorporate discussion as proper with invested individuals.  
  • The CCTV framework is claimed by the College. 
  • Independently introduced and worked CCTV frameworks by staff/understudies won't be allowed on any College property and where discovered moves will be made to shut these frameworks down.  For more information please visit.

Targets OF THE CCTV POLICY 

  • The targets of the CCTV Policy are to: 

(a) Protect College property. 

(b) Ensure a more secure condition inside the College.  

(c) Support the Police in an offer to discourage and recognize wrongdoing, by giving proof on the side of an enquiry or arraignment. 

 

Activity OF THE CCTV SYSTEM  

The board of the framework 

  • The CCTV working framework will be controlled and oversaw by the Head Porter as per the standards and goals communicated in the College approach report. 
  • The everyday administration will be the obligation of both the Department Management Team (DMT) during the working week and by the 'accessible as needs be' obligation Porter outside ordinary hours and at ends of the week. 
  • All cameras are observed on the separate site where they work, however can be checked by approved individual on PCs inside the Porters' Department by utilization of the 'CCTV Window' programs and by the College IT Department. 
  • The CCTV framework will be worked 24 hours per day, 365 days of the year. 
  • If out-of-hours crisis upkeep is required, the obligation Porter must contact an individual from the DMT all together for a shout to be approved.
  • Emergency techniques will be utilized when it gets important to call the Emergency Services. 
  • Warning signs, as required by the Code of Practice of the Information Commissioner, will be set at all entrance courses to territories secured by the College's CCTV cameras. 
  • Liaison gatherings might be held with all bodies engaged with the help of the framework. 
  • System control - Monitoring systems: 

Regularly an individual from the DMT, in contact with the College IT Department, will check and affirm the productivity of the framework, guaranteeing that: 

  • the cameras are useful 
  • the hardware is appropriately recording 
  • Access to the CCTV System will be carefully constrained to the DMT, the Duty Porters and explicit approved people. Unapproved people are not allowed to see live or pre-recorded film. 
  • There must consistently be in any event one individual from the DMT or a Duty Porter present to effectively screen the framework or the Porters' Lodge must be bolted. 
  • Unless a prompt reaction to occasions is required, Porters must not re-direct cameras at an individual, their property or a particular gathering of people, without an authorisation being acquired from Head Porter, Deputy Head Porter or Senior Porter for Directed Surveillance to happen, as set out in the Regulation of Investigatory Power Act 2000.

What is Information Security Policy?

Data security strategy is a lot of arrangements gave by an association to guarantee that all data innovation clients inside the space of the association or its systems consent to rules and rules identified with the security of the data put away carefully anytime in the system or inside the association's limits of power.

The advancement of PC systems has made the sharing of data perpetually common. Data is presently traded at the pace of trillions of bytes for every millisecond, day by day numbers that may reach out incomprehensible or accessible terminology. An extent of that information isn't proposed for sharing past a constrained gathering and much information is secured by law or licensed innovation. Information security Policy attempts to establish those insurances and farthest point the appropriation of information not in the open area to approved beneficiaries.

Each association needs to ensure its information and furthermore control how it ought to be circulated both inside and without the hierarchical limits. This may imply that data may must be scrambled, approved through an outsider or establishment and may have limitations set on its appropriation concerning an order framework spread out in the data security approach

f:id:gdprtraining:20200218190712j:plain

A case of the utilization of a data security strategy may be in an information storeroom which stores database records for the benefit of therapeutic offices. These records are touchy and can't be shared, under punishment of law, with any unapproved beneficiary whether a genuine individual or another gadget. A data security strategy would be empowered inside the product that the office uses to deal with the information they are answerable for. What's more, laborers would for the most part be will undoubtedly consent to such an approach and would must have sight of it preceding working the information the board programming. For further detail please visit here

A business may utilize a data security strategy to ensure its advanced resources and scholarly rights in endeavors to forestall robbery of mechanical privileged insights and data that could profit contenders.

A common security approach may be various leveled and apply contrastingly relying upon whom they apply to. For instance, the secretarial staff who type every one of the interchanges of an association are typically bound never to share any data except if expressly approved, whereby an increasingly ranking director might be considered definitive enough to choose what data delivered by the secretaries can be shared, and to who, so they are not bound by a similar data security strategy terms. To cover the entire association along these lines, data security strategies as often as possible contain various particulars relying on the definitive status of the people they apply to.

Security dangers are changing, and consistence necessities for organizations and governments are getting increasingly mind boggling. Beating every last bit of it without a security arrangement set up is much the same as stopping the openings with a cloth, there is continually going to be a hole. For a security strategy to be powerful, there are a couple of key trademark necessities.

For more information about the Information Security Policy please visit here> https://youtu.be/1IyF5H_TqJI

Qualities of an Information security approach

  • Information security arrangement ought to be start to finish.
  • It ought to have a space for modification and updates.
  • It should fuse the hazard appraisal of the association.
  • It ought to be down to earth and enforceable.

Data security arrangement should verify the association from all finishes; it should cover all product, equipment gadgets, physical parameters, human asset, data/information, get to control, and so on., inside its extension. In the event that we talk about information as a start to finish object, it will cover–Data creation, alteration, handling, stockpiling and decimation/maintenance. It must be guaranteed that no stone has been left unturned at any progression.

Data security resembles a weapons contest. Associations will change and develop over some stretch of time; henceforth, a data security strategy ought to have space for the necessary form refreshes. The approach should be amended at fixed interims, and every one of the modifications should be affirmed and archived by the approved individual. At whatever point there is a significant change in the association, it ought to be guaranteed that the new updates are tended to in the approach too.

Associations proceed with a hazard evaluation to recognize the potential dangers and dangers. It is exceptionally simple to get an Information security strategy and change it to a great extent, yet various associations have distinctive consistence necessities. It ought to be guaranteed that all the recognized dangers are dealt with in the data security arrangement.

What is Privacy Policy?

A Privacy Policy is a lawful understanding that clarifies what sorts of individual data you accumulate from site guests, how you utilize this data, and how you protect it. A protection arrangement is an archive that clarifies how an association handles any client, customer or representative data assembled in its tasks. 

f:id:gdprtraining:20200217165550j:plain

Most sites make their security strategies accessible to site guests. A security page ought to determine any by and by recognizable data that is assembled, for example, name, address and Mastercard number, just as different things like request history, perusing propensities, transfers and downloads. The arrangement ought to likewise clarify if information might be left on a client's PC, for example, treats. As indicated by best practices, the strategy ought to reveal if information might be imparted to or offered to outsiders and provided that this is true, what the reason for existing is, for further information please navigate here

 

A Privacy Policy for the most part covers: 

  • The sorts of data gathered by the site or application 
  • The reason for gathering the information 
  • Data stockpiling, security and access 
  • Details of information moves 
  • Affiliated sites or associations (outsiders included) 
  • Use of treats 

There is no concensus with respect to whether security approaches are legitimately official and no consistency in authorization. In the United States, the Federal Trade Commission (FTC) advances requirement of existing laws and industry self-guideline. By and large for the FTC, information ruptures are not adequate for legitimate activity if there is no loss of cash related with the break. 

The European Union's Data Protection Directive has gone up against organizations, for example, Google about security changes that went in opposition to E.U. law, undermining sanctions on the enormous organization. 

Frequently, the main articulation found in an online security arrangement is one such that, by visiting the website page (which you are doing in case you're perusing the strategy), you consent to the subtleties of the webpage's protection approach.

What is GDPR Policy?

One of the most significant ideas in the EU General Data Protection Regulation (GDPR) is straightforwardness. People possess their own information. As an organization that is engaged with preparing that individual information, you should uncover everything that you do with it. This is the reason having a GDPR Policy is so significant. 

A Privacy Policy is compulsory under numerous protection laws. Also, under the GDPR, it's one of the most significant reports your organization has. It's the best way to exhibit to your clients, and to the specialists, that you pay attention to information assurance. 

A GDPR Privacy Policy is some of the time called a GDPR Privacy Statement or a GDPR Privacy Notice.  For more information please visit here.

f:id:gdprtraining:20200214164205j:plain

One of the most significant ideas in the EU General Data Protection Regulation (GDPR) is straightforwardness. People possess their own information. As an organization that is engaged with preparing that individual information, you should uncover everything that you do with it. This is the reason having a GDPR Policy is so significant. 
A Privacy Policy is compulsory under numerous protection laws. Also, under the GDPR, it's one of the most significant reports your organization has. It's the best way to exhibit to your clients, and to the specialists, that you pay attention to information assurance. 
A GDPR Privacy Policy is some of the time called a GDPR Privacy Statement or a GDPR Privacy Notice.  For more information please visit here.
The GDPR sets the guidelines about how close to home information ought to be prepared in the EU. It additionally gives rights to people with respect to their own information. Without protection laws like the GDPR, individuals would lose authority over the data that organizations and governments have gathered about them. 
A Privacy Policy is your organization's chance to show your clients that you can be trusted with their own information. It's additionally an opportunity to truly find a workable pace how much close to home information your organization controls, and whether your information insurance rehearses are lawfully consistent. 

Watch more about GDPR Policy >>https://www.youtube.com/watch?v=5GWT-3YUPEc
 
Your organization may have just delivered a Privacy Policy to follow one of the numerous different laws that require one, for instance: 
•        The California Online Privacy Protection Act (CalOPPA) 
•        Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) 
•        Australia's Privacy Act 
•        The GDPR's antecedent, the Data Protection Directive 
The GDPR is unique. Its prerequisites are more thorough than any of the above laws, and anything you created to conform to these will probably not be adequate under the GDPR. 
 
The GDPR sets down explicit necessities about the data you should give in your Privacy Policy. These are generally set out at Articles 13 and 14. 
Something critical to shoulder at the top of the priority list is this is an open confronting report, and isn't composed only for your clients. It ought to be focused on anybody whose individual information you may process - including potential clients and guests to your site. 
How about we investigate what you'll have to incorporate. 
Standards for Processing Personal Data 
Article 5 of the GDPR contains six standards by which every single individual datum must be prepared. 
They are: 
 
1.       Lawfulness, decency, and straightforwardness: comply with the law; just procedure individual information such that individuals would sensibly expect; consistently be open about your information security rehearses. 
2.       Purpose confinement: you should typically just process individual information for the particular explanation you gathered it and that's it. 
3.       Data minimization: don't process additional information than you need. 
4.       Accuracy: ensure that any close to home information you hold is sufficient and precise. 
5.       Storage confinement: don't store individual information for longer than you have to. 
6.       Integrity and privacy: consistently process individual information safely. 
 
A few organizations decide to set these standards out in their Privacy Policy just by posting them and announcing their consistence with them. This is the methodology taken by CRG: 

Kinds of Personal Data You Process 
 
The GDPR's meaning of "individual information" is expansive. The odds are that your organization forms a ton of it. 
Since everything from IP delivers to treat information establishes individual information, your site may process individual information from individuals who will never at any point contact your organization. In your Privacy Policy, you should be totally clear about each sort of close to home information you manage, and why you have to do this. 
Numerous organizations break this piece of their Privacy Policy down into sub-segments, for example, "information you give to us," "information gathered by our site," and so forth.