Diff for "TechDocs/DataProcessingTransparency"

Differences between revisions 32 and 33
Revision 32 as of 2018-04-19 09:33:06
Size: 7326
Editor: vincent
Comment:
Revision 33 as of 2018-04-19 09:44:33
Size: 7332
Editor: vincent
Comment:
Deletions are marked like this. Additions are marked like this.
Line 22: Line 22:
|| Jabber / XMPP || Account rosters, logs (connect, disconnect, messages process and possibly stored temporally on the server (offline storage + muc preview), status messages, with debug logging up to who talks to whom) || Debugging purposes || Legal obligation || system administrators || 2 weeks || || Jabber / XMPP || Account rosters, logs (connect, disconnect, messages process and possibly stored temporally on the server (offline storage + muc preview), status messages, with debug logging up to who talks to whom) || Debugging purposes || Consent || system administrators || 2 weeks ||
Line 24: Line 24:
|| Limesurvey|| No personal information are stored. Public IP addresses are processed by the webserver || The webserver needs the public IP addresses to serve requests || Consent || System administrators || - || || Limesurvey|| No personal information are stored. Public IP addresses are processed by the webserver || The webserver needs the public IP addresses to serve requests || Consent || System administrators || Nothing is stored ||
Line 27: Line 27:
||Mailing lists || Email address, full name (if the suscribed person chose to insert it), subscription details, logging see Mail and the [[https://wiki.list.org/DOC/What%20log%20files%20%28logs%29%20does%20Mailman%20write|official Maiman page]] || The mailing list service needs to know email to achieve its goal || Consent || ADMIN-TECH,List-Admins,team@ || Posts and subscriptions are stored for 1 year, bounces and errors are stored for 1 month, messages sent by Mailman itself are stored for 1 week, digests are stored for 4 months || ||Mailing lists || Email address, full name (if the person choose to insert it), subscription details, logging see Mail and the [[https://wiki.list.org/DOC/What%20log%20files%20%28logs%29%20does%20Mailman%20write|official Maiman page]] || The mailing list service needs to know email to achieve its goal || Consent || ADMIN-TECH,List-Admins,team@ || Posts and subscriptions are stored for 1 year, bounces and errors are stored for 1 month, messages sent by Mailman itself are stored for 1 week, digests are stored for 4 months ||
Line 37: Line 37:
||Subversion || No personal information are stored. Public IP addresses are processed by the webserver || The webserver needs the public IP addresses to serve requests || || System administrators || - || ||Subversion || No personal information are stored. Public IP addresses are processed by the webserver || The webserver needs the public IP addresses to serve requests || Consent || System administrators || - ||

FSFE Data processing

The goal of this page is to provide information regarding data processing at FSFE.

Service

What data is processed?

Why is the data processed?

What legal authorization do we have according to Article 6 of GDPR?

Who has access?

What is our Data retention policy?

Account Managing Software (AMS)

Only that which is included in the community database no separate information.

art13 savecodeshare.eu

IP addresses, SQL statements for error messages contain personal information

Error message are used for debugging, the webserver needs to know the source IP address

consent

system administrators

Data is stored for the container lifetime

Blogs

Error message are used for debugging, the web server needs to know the source IP address

Community Database

Data for our donors, supporters, staff, contractors, and volunteers: registration status, blacklisting status, name, birthday, sex, preferred language, postal address, primary and secondary email address, opt-in information for communication, information about donations transferred, information about automatic donation renewal status, information about donation receipts issued, username and password (hashed) for FSFE services, information about fellowship cards received, data modification history. Italic information is voluntary.

(1) Donor liaison, including the creation of donation receipts.
(2) Sending out information emails to those who opted in.
(3) Maintenance of access to FSFE's online services.
(4) Statistical queries.

(1) Legal requirements and legitimate interest.
(2) Explicit consent.
(3) ?
(4) Legitimate interest.

Community database administrator (currently: Reinhard), system administrators.

Data is automatically deleted if the registration is not confirmed (through payment of a donation or through approval by a team coordinator) within 6 weeks after signup. Upon explicit request, data is anonymised.

Discourse

IP Addresses, post timings, usernames

IP addresses are collected by discourse to prevent and block spam

Consent

system administrators + service maintainers

Data is stored for the container lifetime

DNS

Logging IP Addresses for errors and for example denied queries, more if debug logging is temporary necessary. With debug logging disabled the DNS queries are not stored, only processed

Legal obligation

Debugging purposes

System administrators

1 month

Docker environment

Docker containers activities. No personal data

-

-

-

-

docker status service

Docker containers activities. No personal data

-

-

-

-

Drone

Building scripts. No personal data

-

-

-

-

Finance accounting

Transaction data from all bank accounts, includes names of all people who send or receive money to/from FSFE.

To do our accounting

Legal requirements

Financial team, tax consultant, legal authorities.

Currently none defined. Data must be kept at least 10 years by law.

Finance repo

IP Addresses + username logging

debuging purposes

consent

Albert, Francesca, Matthias, Max, Polina, Ulrike

1 month

Forms API

No personnal data stored in the logs, but the service processes emails

The service needs the email of the users submitting a form so the emails can reach them

Consent

system administrators

Data is stored for the container lifetime

Friendica

GDPR process

Gitea

Emails and usernames of registered users and the files they work with; webserver logs (source IPs)

For authentication and operation of the platform; webserver logs for debugging

Consent

Service maintainers, system administrators

None; 1 week for logs

IRC Cloaks

Jabber / XMPP

Account rosters, logs (connect, disconnect, messages process and possibly stored temporally on the server (offline storage + muc preview), status messages, with debug logging up to who talks to whom)

Debugging purposes

Consent

system administrators

2 weeks

LDAP

ldap queries are logged to syslog (we log who tries to login on what service and when)

Security and debugging purposes

consent

System administrators

1 month

Limesurvey

No personal information are stored. Public IP addresses are processed by the webserver

The webserver needs the public IP addresses to serve requests

Consent

System administrators

Nothing is stored

Link shortener

Email

Email addresses + logs (send, receive emails, hostnames, IP addresses of messages sent through SMTP, etc)

To manage the forward email service and assure a basic level of spam control

Consent for providing emails and legitimate interest for spam control

Albert Jonas Matthias Max Paul fellowship@klaproth

1 month

Mailing lists

Email address, full name (if the person choose to insert it), subscription details, logging see Mail and the official Maiman page

The mailing list service needs to know email to achieve its goal

Consent

ADMIN-TECH,List-Admins,team@

Posts and subscriptions are stored for 1 year, bounces and errors are stored for 1 month, messages sent by Mailman itself are stored for 1 week, digests are stored for 4 months

Mailtrain + ZoneMTA

Email address, full name, subscription details

Data is stored for the container lifetime

Nlformat script

OpenVPN

OTRS

All communication around the tickets, in the format of emails exchanged.

Answering of incoming requests.

?

All members of the team which is responsible for the kind of request.

None.

Personell management

Planet

PMPC website

Source IP, Date, HTTP request, User-agent. This does not contain personal data

-

-

-

-

Registration system

Can be configured per event. For LLW, it is name, email address, affiliation, position, telephone number, ticket type, postal address, VAT Id, promotion code used, information about dinner attendance, dieatary preferences (!), participation in mentor system.

Necessary to organise the event.

Fulfillment of a contract.

Ulrike + Polina + ? + System administrators

None defined yet.

SSL certificates

Personal information of the person requesting them, email addresses and names (or whatever data is inserted by the person who is doing the certificate request)

Because the CA needs to know who requested a certificate

Consent

System administrators

Data are stored as long as the certificate exists

Subversion

No personal information are stored. Public IP addresses are processed by the webserver

The webserver needs the public IP addresses to serve requests

Consent

System administrators

-

Webserver + build system

Wekan

Technical logs, no personal data

-

-

-

-

Wiki

Source IP addresses

Debugging and security purposes

Wikicare takers, system-hackers

We store data for 14 days

TechDocs/DataProcessingTransparency (last edited 2023-07-11 10:12:55 by irakli)