Privacy policy

This Privacy Policy (“Policy”) addresses the data processing we undertake in connection with the 10 Point Plan website (the “Website”).

Data controllers

The data controller for data collected and processed in accordance with this Policy is Luminate. More information about the Luminate’s structure can be found in their Privacy Notice.

Luminate is both a public supporter of the 10 Point Plan, and also provides resources and infrastructure (such as the Website) to support the 10 Point Plan.


Any questions regarding this Policy or other data protection issues related to the 10 Point Plan should be submitted to:

Metadata outside our control

All internet usage generates additional “metadata” that is collected and retained by internet service providers. This data can be accessed by law enforcement and intelligence agencies, who may extrapolate upon it to build up detailed “pictures” of specific individuals and communities. Individuals concerned about this kind of surveillance are encouraged to take measures to protect their privacy, for example by using the Tor browser or a VPN.

What we process, why and the legal basis for this

Signatory information
If you choose to sign up and support the plan, we will collect the information you provide in order to register your support – name, title, organisation and email address. The legal basis for this processing is your consent, which you may withdraw at any time by contacting us above.

Website data
The personal data that we collect from Website visitors is limited to the Internet protocol (IP) address of the computer accessing the site; the browser software and operating system that the computer uses; and the Internet address (URL) of the outside website from which visitor came.

This information is processed for technical purposes on the basis of our legitimate interests in obtaining basic, aggregated statistical information about the use of our website; and assisting in diagnosing technical problems and defending against attacks.

This information is collected using cookies, which are deployed on the basis of Website visitor consent. More information about this can be found in the Cookies section below.

Data retention

If you sign up to support the plan, we retain your name and email address until / unless you ask us to remove your name and stop holding your data.

Website data
After 48 hours, we delete or anonymise all personal data processed for technical purposes. We anonymise any statistical or analytical data through aggregation that prevents the re-identification of individual users.

On occasion, we may need to retain personal data for longer than 48 hours. This includes the purposes of conducting tests, diagnosing technical problems and defending against attacks on our Website. In these situations, we will delete personal data as soon as it is no longer needed for the purpose for which it was kept.

Sensitive data
We do not collect or process any sensitive data, or “special category data” as defined in UK and EU data protection laws.

Tracking and cookies

Our Website uses cookies and other technical measures to monitor and protect against malicious traffic and to collect limited analytical data in order to understand how users engage with the Website. We respect “do not track” requests and only deploy non-essential cookies (e.g. those that gather analytics and statistics) on the basis of your consent.

We have limited the cookies deployed to the following:

– Strictly necessary Cloudflare cookies to protect the Website against DDoS attacks

– Strictly necessary application cookies to facilitate user logins and protect the Website against attempts to inject malicious code into registration forms

– Matomo performance cookies to provide Luminate with analytical information about the use of the website, which is only deployed with visitors’ consent (see further below)

Opting in and out of cookies

If you accepted the Matomo cookies, these will have been deployed with your consent. Matomo cookies collect analytical data about your use of the Website. If you declined the cookies, they will not have been deployed.

The Cloudflare and application cookies perform essential Website security functions and as such, it is not possible to opt-out.

Browser settings can also be used to manage cookie preferences. Each browser is different, so check the Help or Settings menu of your particular browser to learn how to change your cookie preferences.

Information security

We take all reasonable steps to ensure that personal data is processed securely and treated in accordance with this Policy. The technical and organisational measures to prevent unauthorised access to personal data include limiting staff and processor access to personal data in accordance with specific job responsibilities or contractual obligations, the encryption of data where possible, the institution of security protocols and staff training.

Although we do our best to protect personal data, information transmitted over the internet remains vulnerable to interception – for this reason, the transmission of any personal data to our websites or via email to us is therefore at the data subjects’ own risk.

Data sharing and processors

We engage third-party service providers to perform certain data processing tasks that enable us to run the Website and mailing list, these include:



These third parties are engaged on terms that ensure the confidentiality of data and compliance with applicable data protection laws.

Data sharing
No personal data will be shared with any parties outside of Luminate. Signatories to the 10 Point Plan will have their name, title, and organisation information shared publicly on the website.

International transfers of data

Where we transfer your data outside of the European Union or the European Economic Area, we will ensure that your data is appropriately protected by requiring the recipient to respect and uphold your rights as a data subject under all applicable laws and by making the transfer subject to an international transfer safeguard, for example, the Standard Contractual Clauses issued by the European Commission as adapted for use with the UK.

External websites

The Website includes links to external websites, or other external resources and social media platforms that may process your data or use cookies. You can find out more about these services and the way they process data through their respective websites and privacy policies. Please note we cannot control the way those external websites collect and retain your personal data, so you use those external services at your own risk.

The success of the Plan depends in part on people amplifying our messages, and we have provided social media plugins to allow you to easily share content from our website with your networks. In doing so your personal information will be disclosed to these social media platforms. When you share content using these buttons, a new page will pop up from the relevant social media platform. If you’re already logged into your account on that social media platform, then you will probably be automatically logged into this pop-up page. We have no control over how social media platforms use your personal information. We encourage you to read the privacy notices on the various social media platforms you use (and engage with their privacy tools).

Your rights

Individuals whose personal data is processed in accordance with this Policy may have the following rights available:

– The right to be informed as to whether we hold data about them;

– The right of access to that information;

– The right to have inaccurate data corrected;

– The right to have their data deleted;

– The right to opt-out of particular data processing operations;

– The right to receive their data in a form that makes it “portable”;

– The right to object to data processing;

– The right to receive an explanation about any automated decision making and/or profiling, and to challenge those decisions where appropriate.

To make a subject access request or complaint related to the processing of your personal data under this Policy contact

You also have the right to bring concerns to your national data protection regulator if you feel that your personal data has been unlawfully processed. In the UK (where Luminate bases some of its operations), this is the Information Commissioner’s Office – they can be contacted here.