Last updated: 18 August 2023
Minifree Ltd (Registered in England, No. 9361826) is responsible for management of data provided by a customer, or otherwise anyone who contacts Minifree Ltd, and every step is taken to ensure that this data is handled securely; this includes things like customer name, address, telephone number and so on, when placing an order on the website. Minifree Ltd operates from England, in the United Kingdom, and it is a legal entity there.
Any data that is held by Minifree is held for the amount of time required by British law, and you have the right at any time to request a copy of all data that Minifree Ltd holds about you. You give consent to Minifree Ltd holding any such data, when you provide it; you also have the right to withdraw such consent, and request deletion of said data; however, Minifree also still need to hold onto to certain data for things like tax returns, for a minimum period of time under British law. So, Minifree will honour deletion requests when it is legal to do so, and no sooner than that.
It is not the policy of Minifree Ltd to share any data, under any circumstances, with any party, unless required to by law (the exception is for shipping companies, when shipping an order; see below); and only by court order, or otherwise if required legally to do so (for example, filing of tax returns to HMRC, the UK tax authority). Of course, Minifree Ltd is a British company and has to pay taxes, so at least the British government may be able to know certain information.
Regarding cookies (on the website): technically necessary cookies may be used depending on how you use the website, for example adding a product to a cart, and you later come back and the cart is still there. You can always delete these at any time. SPECIFICALLY: the type of cookie used is a *session cookie*; the session cookie contains an ID pertaining to your *session* on the website, and data is stored on the server. Your browser simply stores the session ID in a local cookie (minifree.org’s backend software is written in PHP and uses sessions). Learn more about PHP sessions here: https://www.php.net/manual/en/book.session.php
You can opt out of cookies by simply disabling them in your web browser. You receive an email confirmation and information about payment. Cookies are also not required for simply browsing the website. When you place an order, you simply add to cart and input your information as requested by the order form, and Minifree Ltd then receives this information in an email; you will also receive an order confirmation, with the same information. If you *don’t* want cookies, not even session cookies, ordering is still possible; simply email Minifree with your details, and say what you want, then an invoice will be provided with payment instructions, and your product will be provided to you under the same terms as if you ordered through this website.
An exception to sharing of data is as follows: when Minifree Ltd ships your order, your name, address (for shipping), email address and telephone number is supplied to a shipping company. Minifree alternates, depending on country, between these couriers, at this present time (as of 18 August 2023): DPD (rarely), UPS, DHL, Fedex. These are selected via the company at address: interparcel.com (website) – on interparcel, it’s possible to select between various couriers as listed here on this page. That means interparcel will also hold such data, for a certain period of time as required.
WEB HOSTING: Minifree Ltd’s website, https://minifree.org/, is *not* hosted under any outsourced third party hosting provider. The company director of Minifree Ltd, Leah Rowe, self-hosts the server from a lab used by Minifree Ltd. This is done securely, encrypted, on a securely configured machine with ports blocked from outside such as SSH, with measures taken generally to prevent unauthorized access. This is done, precisely to avoid the inherent security risk of outsourced web hosting services. Minifree Ltd email is also self-hosted. That means: any data you send to Minifree, any email you send, absolutely anything at all, is hosted on a server that only Minifree Ltd has any access to. Minifree Ltd takes security extremely seriously, and it’s specifically *for* security reasons that Minifree Ltd infrastructure is self-hosted in this way. (also freedom. when you run the server yourself, you have freedom over your hosting and how it’s implemented)
Minifree Ltd servers are *physically* secured, in a way to greatly diminish the chance of physical intrusion. Heavily under lock and key (several locks, and several keys, in a secure building). CCTV is also in place, to deter intrusion.
Minifree Ltd will of course delete any data it holds, even without being asked to, when that is legally permitted and when the information is no longer required as part of any contract and/or provision of goods/services.
If you have any questions, you can contact Minifree Ltd and best efforts will be made to answer them.
ENCRYPTION: All access to the Minifree website is done only by TLS encryption (https://). Absolutely all of it. Non-encrypted http:// is not permitted in Minifree Ltd’s web server; an automatic HTTP to HTTPS redirect is in place, and the server also enables HSTS (HyperText Strict Transport Security). Minifree Ltd email can also be encrypted; a GPG key is listed on the contact page, for end to end encrypted email communication between you and the company.
ALSO: Minifree Ltd is signed up to Information Commissioner’s Office and renews this every year. The ICO regulates data protection and data handling by companies in the UK.
tl;dr Minifree Ltd takes privacy and security very seriously. In fact, this is the precise purpose of the company, to provide secure, privacy-respecting computing devices to customers, so of course *we* also take our own security seriously. If you have any concerns, you can always contact Minifree Ltd.