How we handle your information.
The Ommatidium Project is a volunteer-run network that connects people interested in entomology and other invertebrates with contacts who can help. This notice covers the two groups whose data we hold: people who request an introduction and volunteers in our network.
Version 2026-07-v3. Effective 9 July 2026.
Who is responsible for this project?
EntoFacet is a UK-led, unincorporated volunteer project. The project handles personal data so it can route requests, manage volunteers and specialist contacts, send introductions, respect opt-outs, and keep privacy records. We are a small pilot for adults aged 18 and over.
For data-protection purposes, the controller is Armando Rosario. You can contact the project about privacy, access, correction, deletion, or opt-out requests at .
EntoFacet is UK-led and is not currently established in the European Union. We follow UK GDPR standards. We may support international requests where suitable volunteers or experts are available. We do not claim to operate as an EU legal entity, EU branch, or EU representative.
If you request an introduction
You do not need an account. When you submit a request you receive a private link by email. That link is the only way to view your request, add a follow up, export your data, or ask us to delete it. Keep it private; anyone with the link can see that one request. You can ask us to re-send your link if you lose it.
What we collect, only what we need to handle your request:
- your name and email address;
- the area you are based in, and your stage or situation;
- the invertebrate groups and the kind of help you are interested in;
- anything you add in the free-text box;
- a record of your consent and the version of this notice you agreed to;
- the status history of your request as volunteers work on it.
Why, and our lawful basis. We use your details to understand your request, match you to a suitable contact, and follow up. Our lawful basis is your consent, given by ticking the boxes on the form. You can withdraw consent at any time using your private link or by emailing ; withdrawing does not affect anything already done.
Making the introduction. When a volunteer connects you with a suitable expert, we send one email that introduces you both, from the Ommatidium Project, so you can reply to each other directly. That means the expert sees your name, your email and what you asked for. That is the whole point of the introduction you asked for, and we only ever share what is needed to make the connection.
How long we keep it. We keep your details while your request is open and for 12 months after it closes, after which they are deleted or anonymised automatically, unless you ask us to remove them sooner. A minimised record may be kept for accountability (for example that a deletion happened), without your personal details.
International introductions
EntoFacet is UK-led, but a suitable volunteer or expert may sometimes be based outside the UK. If we think an international contact is the right person for your request, we will share only what is needed to make the introduction.
Where the contact is outside the UK or EEA, we will either ask for your specific agreement before sharing your contact details, or give you a way to contact the expert yourself.
If you volunteer with us
What we collect when you join the network:
- your name and email address;
- your role or affiliation and the region you are based in;
- the groups you can advise on and the kinds of help you can offer;
- a short line about you, and whether you’re happy to be listed in the directory;
- a record of your agreement to the volunteer code of conduct.
Why, and our lawful basis. We use this to run the network: to route requests to the right person and to show you in the internal volunteer directory so other volunteers know who covers what. Our lawful basis is your consent, given when you sign up. You can withdraw it at any time by emailing .
Who sees it. Your directory entry is visible to other volunteers and admins in the network. It is not shown to the public or to requesters; an introduction only ever shares the details needed to make that connection, with consent.
How long we keep it. We keep your details while you are an active volunteer. If you step down, or ask us to remove you, we delete your entry and revoke your access promptly.
If you apply to join. When you fill in the sign-up form we hold your application (your name and email, the role you want, the groups and kinds of help you offer, your region, and anything you add) so an admin can review it and get in touch. If you apply as an expert to be referred to, we also hold the contact methods you are happy with, an optional institution, and a monthly number you are comfortable with. Your institution and where you are based are shown in our internal referral directory only if you give the point of contact consent on the form. If we do not take an application forward, or it goes stale, we delete or anonymise it. We do not keep declined or pending applications indefinitely.
Availability and contact preferences. Once you are set up you can block off times you are away, using a private link we email you, and choose who you are happy to be contacted by. We store those periods and preferences so we do not route requests to you when you are unavailable or outside what you have agreed to. If you choose to connect a personal calendar (by pasting its secret iCal link), we fetch it periodically and store only the busy time periods it contains, never the event titles or details, and you can disconnect it at any time.
Your staff account, and our action log. To sign in you have an account with our authentication provider: your email, a password you set, and, if you turn it on, an optional second sign-in step for extra security (two-factor authentication). We also hold operational notes you or an admin add, such as your capacity and a short bio. To keep the service secure and accountable we log staff actions against your account (for example claiming or replying to a request, or an admin changing a role or capacity). Our lawful basis for this security and accountability logging is our legitimate interest, not consent. When you step down we revoke your access and remove your directory entry promptly, but a minimised record of administrative actions is kept for accountability, without the detail of what was discussed.
If you are an expert or volunteer contact
We may hold your name, email address, affiliation or role, broad location, areas of invertebrate expertise, contact preferences, availability limits, and short internal notes needed to route suitable requests. Some experts give us this information directly. Others may be suggested by an existing volunteer or identified from a professional, public source.
We use this information only to ask whether you are willing to receive relevant introductions, to avoid sending unsuitable requests, and to respect any limits you set. Our lawful basis is your consent where you have joined or confirmed your preferences, or our legitimate interest in making careful, relevant professional introductions where a volunteer has suggested you as an appropriate contact.
You can say no at any time. Email and we will remove you from the referral list or mark you as do not contact. We do not publish the expert list, sell it, or use it for advertising.
If you ask to be told when we launch
If you give us your email to hear when EntoFacet opens, we hold only your email address, the date you asked, and a record of your consent and the version of this notice. We confirm the address first, by sending you a link to click, so we only keep addresses whose owner has confirmed them.
Why, and our lawful basis. We use it to send you a single email, on the day we launch, and nothing else. Our lawful basis is your consent, given by ticking the box. Every launch email carries a one-click unsubscribe, and you can ask us to remove you at any time by emailing .
How long we keep it. We delete the launch list once the launch email has been sent, because its only purpose is then complete. We never sell or share these addresses.
If you email us
If you write to our contact address, for example to ask about taking part as a volunteer or an expert, we use your message and your email address only to reply and to take that conversation forward. Our lawful basis is your consent in choosing to contact us. We keep the message only as long as we need it for that purpose, and you can ask us to delete it at any time. Your message is received by an ordinary email host acting on our instructions.
Who else can see it
- The volunteers and admins in our network who sort and handle requests.
- A suitable contact or mentor, only with the requester’s consent, and only the details needed to make the introduction.
We never sell your data and we never use it for advertising.
Records we keep to run the service
To keep the service accountable and secure we keep a minimal internal log of actions, for example that a request was created, assigned, replied to or anonymised, and a log of the automatic emails we send (confirmations, links and status updates). These hold identifiers and operational details, not the contents of your messages, and they are removed on the same retention schedule.
Volunteers and admins also exchange internal notes and coordination messages about a request, and some of these can be answered by email. We store them so the team has a shared record. They are internal, never shown to the public, and removed when the request is removed.
Impact reporting
We use operational records to produce private, aggregate impact summaries for contributors and project-wide reporting. These summaries help volunteers and experts describe their service, mentoring, outreach, and professional impact. Reports do not include requester names, email addresses, private messages, free-text request descriptions, individual request records, exact request dates, or raw location strings. Small categories may be withheld or grouped so that requesters cannot be identified from rare combinations of place, topic, date, or expertise. Downloadable summaries contain aggregate, privacy-protecting statistics only.
The services that process data for us
We use a small number of trusted providers, who act only on our instructions:
- Supabase, our database, staff login and any file storage, hosted in the London region so your data stays in the UK.
- Resend sends our emails: service emails (confirmations, links and status updates) and, if you asked to be told when we launch, a single launch announcement. We do not run newsletters or marketing campaigns.
- Cloudflare serves this website and securely processes the forms you submit.
- An email host receives any message you send to our contact address, like any ordinary mailbox provider.
Some of these companies are US-incorporated. Where data leaves the UK it is protected by the relevant data-processing agreements and standard contractual clauses (with the UK addendum). This is a low-sensitivity dataset with no special-category data.
Cookies
The public pages use no analytics, no marketing tools and no optional cookies. Staff who log in use strictly-necessary browser storage to keep them signed in. We do not use analytics, advertising, heatmaps or maps.
Your rights
Under UK data-protection law you can:
- see the data we hold about you, and export it (requesters: your link does this);
- ask us to correct it;
- ask us to delete it (requesters: your link does this);
- restrict or object to how we use it; and
- withdraw consent at any time.
Requesters can do most of this through the private request link. Volunteers, and anyone else, just email .
Concerns and complaints
If something has gone wrong, tell us at ; we acknowledge concerns within 30 days and explain what we are doing about it. You also have the right to complain to the Information Commissioner’s Office (ico.org.uk).