Diff for "Activities/Privacy/PolicyDraft"

Differences between revisions 16 and 17
Revision 16 as of 2018-05-16 11:26:19
Size: 8199
Editor: mk
Comment:
Revision 17 as of 2018-05-16 11:28:19
Size: 8269
Editor: mk
Comment:
Deletions are marked like this. Additions are marked like this.
Line 104: Line 104:
 * Newsletter not listed here.
 * Employee information missing
 *

This is a draft for the privacy policy stated on FSFEs website

For feedback, join the discussion on the legal and team list or write to Fellows/paul

Annotations:

  • {o} - unsure

  • {*} - was unsure, but has been cleared with the team

  • /!\ - not currently implemented this way

  • <!> - implementation status unknown

  • (./) - has been implemented

General Policy

The restrictions described here on the dissemination of personal information are not subject to change. This policy is updated occasionally but the changes will not reduce the privacy protection of visitors. If there are changes made in the future, the changes will not affect information already collected.

Internal handling of private information

All people working directly for the FSFE, including volunteers, are introduced to the privacy policy when they start their work /!\ . People handling non-public information sign a confidentiality statement either as part of a working contract or - in case of volunteers - independently of one. Consequently people who do not sign a confidentiality statement will not have access to personal information <!> .

Processing by third parties

Neither statistical data nor private information is ever sold or handed over to external parties. For some functions, such as payment processing, data may be processed by service providers. Those contractors will either be subject to data protection laws (i.e. in case of the postal service or regular banks), or we will inform you about it when we refer to those services .

We will not submit personal data to governmental bodies, except if explicitly required by law or if ordered by a court of competent jurisdiction. In those cases data will be submitted only to the appointed body.

Right to Information, Correction and Deletion

You can request details about your information stored by us and request correction as well as deletion or removal of information. Write an email to privacy@fsfe.org /!\ .

Website Users

Web Server Logging

Web server log entries are recorded each time, a visitor requests a web page or file from one of our web servers. The entries are used to respond to technical issues, particularly for blocking IP addresses or deactivating parts of the web page on the occurrence of (D)DOS attacks or targeted attacks on web forms including our payment system.

A reduced version of the server logs will also be used to generate statistics (see "Web Analytics")

Web server logs include

  • The full IP address of a visitor
  • The exact time of access
  • The requested page
  • The response status of the web server
  • The amount of data transferred in reply to the request
  • The HTTP referrer (previously visited site)
  • The User Agent string of the browser

Web server logs will be kept for no more than fourteen days /!\ . The log files are stored on the web server and can be accessed only by our system administrators. On request the system administrators may send excerpts of the log files to employees or volunteers involved with handling of payments or website development. Those excerpts will be reduced to the information required to track down irregularities with payment processors or server side scripts.

Web Tracking, Web Analytics and Cookies

Web analytics is not performed on the main web server logs /!\ . Statistics are generated upon need from a reduced copy of the server logs /!\ , containing:

  • An identifier replacing the IP address. The identifier is random and not based on the IP address. It serves to preserve uniqueness of an address within one log file.
  • The time of access limited to one hour of precision
  • The requested page
  • The response status of the web server
  • The amount of data transferred in reply to the request
  • The HTTP referrer (previously visited site)
  • The User Agent string of the browser

We are interested in the statistics in particular

  • To see what articles/pages are most interesting to visitors. This helps us gauge the public impact of our campaigns and political work.
  • To see from where people get linked to our website. This helps us determine the original context in which people get interested in Free Software and the FSFE.
  • To detect bugs on our website (i.e. when people get linked to nonexistent pages or defective scripts)
  • To see how people use interfaces to the content on our site (i.e. RSS/Atom, PDF documents Acceptance of JS, Images)
  • To see in what languages our site is read.
  • To predict our server load and improve timing of maintenance works.

All analytics information is processed entirely on infrastructure under the exclusive control of FSFE.

We do not issue permanent cookies containing a unique ID. Some of our systems may use cookies to store user data but this data will not be linked to server side data collection facilities. Systems requiring a login, will usually hand out non-permanent session cookies.

Embedding of third party content

We aim to not embed elements from third parties into our website. This applies to graphics, JavaScript and iframes from external websites and also to other means suitable for third party tracking. We may include non-interactive buttons from external services which do either function as web links or become functional and capable of third party tracking after explicit user interaction. We do not allow dynamic scripts on our website to connect to external services without deliberate user interaction.

Submission of user data

At some places on our websites you can sign petitions, announce events, or enter other information. The information entered at these points is processed in ways dependent on the purpose. Whenever you encounter a web form where you can enter information, you should find a descriptive text on the same page, that states in what form the entered information is stored, processed and published. Should such information not be present, write an email to web@fsfe.org and we will see that it gets added to the page.

Mail order

Mail order of unpaid material

If you request promotion material (or any other kind of item which we send to you free of charge) your order detail, postal address and contact information will be stored in our ticket system. Your address and contact information will only be used to send the material to you and to make inquiries regarding your request of said material. The information is not used to send out newsletters or solicitation letters after you receive your material.

You do not require an account on our website to place a request for unpaid material.

Tickets in our ticket system, including the information they contain, is removed 1 year after the ticket has been closed (ie., the material has been sent to you) so we can generate statistics about the orders to improve our service.

Mail order of merchandise material

If you order paid material from our merchandise store (like T-shirts, coffee mugs, etc.) the procedure is similar as with promotional material. Your order detail, postal address and contact information will be stored in our ticket system. Your address and contact information will only be used to send the material to you and to make inquiries regarding your request of said material.

We will store your payment details and material order for book keeping purposes to extent required by German law.

You do not require an account on our website to order material from the shop. Information will be removed from our ticket system 1 year after the ticket has been closed so we can generate statistics about the orders to improve our service.

Donations

Should you make a donation to us, we will store accounting information regarding any payment to the extent required by German law. In addition we will publish information about monetary and material donations in accordance with our transparency policy.

TODO

  • Supporters are not listed here.
  • Newsletter not listed here.
  • Employee information missing

Activities/Privacy/PolicyDraft (last edited 2018-05-16 11:28:19 by mk)