Activities/Privacy/PolicyDraft

This is a draft for the privacy policy stated on FSFEs website

For feedback, join the discussion on the legal and team list or write to Fellows/paul

Annotations:

General Policy

The restrictions described here on the dissemination of personal information are not subject to change. This policy is updated occasionally but the changes will not reduce the privacy protection of visitors. If there are changes made in the future, the changes will not affect information already collected.

Internal handling of private information

All people working directly for FSFE, including volunteers, are introduced to the privacy policy when they start their work /!\ . People handling non-public information sign a confidentiality statement either as part of a working contract or - in case of volunteers - independently of one. Consequently people who do not sign a confidentiality statement will not have access to personal information <!> .

Processing by third parties

Neither statistical data nor private information is ever sold or handed over to external parties. For some functions, such as payment processing, data may be processed by service providers. Those contractors will either be subject to data protection laws (i.e. in case of the postal service or regular banks), or we will inform you about it when we refer to those services .

We will not submit personal data to governmental bodies, except if explicitly required by law or if ordered by a court of competent jurisdiction. In those cases data will be submitted only to the appointed body.

Right to Information, Correction and Deletion

You can request details about your information stored by us and request correction as well as deletion or removal of information. Write an email to privacy@fsfe.org /!\ .

Website Users

Web Server Logging

Web server log entries are recorded each time, a visitor requests a web page or file from one of our web servers. The entries are used to respond to technical issues, particularly for blocking IP addresses or deactivating parts of the web page on the occurrence of (D)DOS attacks or targeted attacks on web forms including our payment system.

A reduced version of the server logs will also be used to generate statistics (see "Web Analytics")

Web server logs include

Web server logs will be kept for no more than fourteen days /!\ . The log files are stored on the web server and can be accessed only by our admin staff. On request the admin staff may send excerpts of the log files to employees involved with handling of payments or website development. Those excerpts will be reduced to the information required to track down irregularities with payment processors or server side scripts.

Web Tracking, Web Analytics and Cookies

Web analytics is not performed on the main web server logs /!\ . Statistics are generated upon need from a reduced copy of the server logs /!\ , containing:

We are interested in the statistics in particular

All analytics information is processed entirely on infrastructure under the exclusive control of FSFE.

We do not issue permanent cookies containing a unique ID. Some of our systems may use cookies to store user data but this data will not be linked to server side data collection facilities. Systems requiring a login, will usually hand out non-permanent session cookies.

Embedding of third party content

We aim to not embed elements from third parties into our website. This applies to graphics, JavaScript and iframes from external websites and also to other means suitable for third party tracking. In particular we will not automatically include social media buttons and embedded content from Disqus, Facebook, Flattr, Google+ and Twitter nor from other social media, content sharing, content hosting and similar services. We may include non-interactive buttons from said services which do either function as web links (i.e. Flattr) or become functional and capable of third party tracking after explicit user interaction. We do not allow dynamic scripts on our website to connect to external services without deliberate user interaction.

Submission of user data

At some places on our websites you can sign petitions, announce fellowship events, or enter other information. The information entered at these points is processed in ways dependent on the purpose. Whenever you encounter a web form where you can enter information, you should find a descriptive text on the same page, that states in what form the entered information is stored, processed and published. Should such information not be present, write an email to web@fsfeurope.org and we will see that it gets added to the page.

Mail order

Mail order of unpaid material

If you request promotion material (or any other kind of item which we send to you free of charge) your order detail, postal address and contact information will be stored in our ticket system. Your address and contact information will only be used to send the material to you and to make inquiries regarding your request of said material. The information is not used to send out newsletters or solicitation letters after you receive your material.

You do not require an account on our website to place a request for unpaid material.

Tickets in our ticket system, including the information they contain, is removed 30 days after the ticket has been closed (ie., the material has been sent to you).

Mail order of merchandise material

If you order paid material from our merchandise store (like T-shirts, coffee mugs, etc.) the procedure is similar as with promotional material. Your order detail, postal address and contact information will be stored in our ticket system. Your address and contact information will only be used to send the material to you and to make inquiries regarding your request of said material. In particular the information is not used to send out newsletters or solicitation letters after you receive your material.

We will store your payment details and material order for book keeping purposes to extent required by German law.

You do not require an account on our website to order material from the shop. Information will be removed from our ticket system 30 days after the ticket has been closed.

Donations

Should you make a donation to us, we will store accounting information regarding any payment to the extent required by German law. In addition we will publish information about monetary and material donations in accordance with our transparency policy.

Activities/Privacy/PolicyDraft (last edited 2017-09-20 20:50:07 by jzarl)