> DATA_PROCESSING_NOTICE

OPERATION_PAIN_POINT is an internal hackathon idea-capture platform. This notice describes what we collect, why, how long we keep it, and your rights.

What we collect

• >Email address (from the user list imported by an admin)
• >Display name (optional, from the same list)
• >Submitted ideas (title, description, pain-point text)
• >Votes cast (which ideas you upvoted; un-vote events are retained)
• >Authentication audit log (timestamps, IP, user-agent of magic-link issuance and consumption -- used to detect forwarded links)

We do not collect: device fingerprints, location, browsing history outside this app, or third-party identity data.

Lawful basis

We process this data on the basis of legitimate interest (UK GDPR Article 6(1)(f) / EU GDPR Article 6(1)(f)). Running an internal employee idea-capture round is a legitimate business activity, and the data minimisation here is proportionate.

Retention

Data is retained for 90 days after the round is archived, then deleted. This default is configurable by the data controller. The frozen archive view (idea titles, vote counts, picked status) is kept as a read-only artefact; per-user vote attribution is purged at the 90-day cutoff.

Who can see what

• >Vote counts are public to all participants.
• >Vote attribution is admin-only and never exposed in the user-facing UI.
• >Submitted ideas are visible to all participants with the author display name attached.
• >The audit log (auth, vote, status changes) is admin-only.

Your rights

Under UK and EU GDPR you have the right to:

• >Access the data we hold about you
• >Correct inaccurate data
• >Delete your account and submitted content (subject to audit-trail requirements -- see Retention)
• >Object to this processing on grounds related to your particular situation

Contact

Data requests and concerns: [email protected]. The data controller is the project sponsor for this round.

Changes to this notice

Material changes will be communicated via the shared mailbox before the round opens.