Browse Source

Added link to changes' history.

pull/29/head
Fede.- 2 years ago
parent
commit
794c86eb3e
  1. 21
      privacy_policy.md

21
privacy_policy.md

@ -99,7 +99,7 @@ If a user chooses to use any of the services provided by us, the following data
- Our processing of your information is limited to providing the service.
- We store logs of your activity for a period no longer than 24hs (unless specified otherwise per service). This data is used to help diagnose software issues, maintain security of the system against intrusion and monitor the health of the platform.
- We store logs of your activity for a period no longer than 24 hours (unless specified otherwise per service). This data is used to help diagnose software issues, maintain security of the system against intrusion and monitor the health of the platform.
(Detailed information on [Privacy notices per service](#per_services) section)
@ -154,7 +154,7 @@ We store all data in **our own servers**, located in a data center in the **Neth
- IP addresses of currently logged in users via IMAP/POP3 protocols are stored as long as the device is logged in the server *(per each device logged in)*.
- Server logs, which store information such as, but not limited to, your username and your IP address, *from* and *to* email addresses, IP addresses of servers the emails come in or go out to, are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created. Logs are kept to prevent *brute-force attacks* on accounts and to provide quick insight when debugging issues.
- Server logs, which store information such as, but not limited to, your username and your IP address, *from* and *to* email addresses, IP addresses of servers the emails come in or go out to, are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created. Logs are kept to prevent brute-force attacks on accounts and to provide quick insight when debugging issues.
- Given that email works on a **federated** protocol, when interacting with email addresses hosted on third party servers (eg. Gmail.com, Posteo.org), data is sent to other independently operated and owned servers in the network over which we have no control.
@ -178,13 +178,13 @@ We store all data in **our own servers**, located in a data center in the **Neth
- The roster (your XMPP contact list) is stored on the server's database.
- Chat history is stored on the server in the same form as on the chat itself, meaning unencrypted chat is stored in plain-text and encrypted chat is stored encrypted. Additionally, the chat history, if specified by user on per chatroom basis, is stored on the server for a period of 6 months. You can decide to not have any history stored on the server per chat.
- Chat history is stored on the server in the same form as on the chat itself, meaning unencrypted chat is stored in plain-text and encrypted chat is stored encrypted. Additionally, the chat history, if not specified by the user on per chatroom basis, is stored on the server for a period of three months. You can decide to not have any history stored on the server per chat.
- Server logs, which store information such as, but not limited to, your IP address and your username are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created. Logs are kept to prevent brute-force attacks on accounts and to provide quick insight when debugging issues.
- Given that XMPP is a **federated** protocol, when interacting with users or chat-rooms hosted on third party servers, data is sent to other independently operated and owned servers in the network over which we have no control.
- Files uploaded to the server are stored as is (plain-text or encrypted) for a period of 6 months.
- Files uploaded to the server are stored as is (plain-text or encrypted) for a period of three months.
<a name="search"></a>
@ -224,7 +224,7 @@ We store all data in **our own servers**, located in a data center in the **Neth
- Pad content is stored on the server in the database as is (plain-text).
- Untouched pads and calcs expire after 6 months and are then removed from the server.
- Untouched pads and calcs expire after six months and are then removed from the server.
<a name="polls"></a>
@ -323,7 +323,7 @@ Under the **GDPR** you have a number of rights with regard to your personal data
* a. **Right to access** - The right to request (I) copies of your personal Data or (II) access to the information you submited and we hold at any time.
* b. **Right to correct** - The right to have your Data rectified if it is inaccurate or incomplete*.
* b. **Right to correct** - The right to have your Data rectified if it is inaccurate or incomplete.*
* c. **Right to erase** - The right to request delete or remove your Data from our servers.
@ -333,20 +333,23 @@ Under the **GDPR** you have a number of rights with regard to your personal data
* f. **Right to object** - The right to object to our use of your Data.
\* *Your* **Disroot username** *and* **Disroot email address** *are integral part of your user account and cannot be modified.<br>
Usernames remain in the database, even after erasure request, to prevent old usernames being re-used by new users, compromising the privacy of both and enabling possible identity theft. For that reason, usernames of accounts that have been deleted remain in the database to avoid being reused. However, all the linked personal information is deleted permanently.*
You have the right to lodge a complain, make enquires, excercise any of the rights described above or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), by contacting us via email to:
- **data.protection.officer@disroot.org** - Person responsible for this Privacy Statement
- **info@disroot.org** - General contact information
- **info@disroot.org** - General information contact
For the purposes of the **GDPR**, **Disroot.org** is the "data controller". This means that **Disroot** determines the purposes for which and the manner which your data is processed.
**Stichting Disroot.org**:<br>
Dutch Chamber of Commerce (KVK) number: 69988099
If you are not satisfied with the way your Data is handled by us, or think its processing is not appropriate, you have the right to send a complaint to the **Information Commissioners’ Office**.
**Dutch Data Protection Authority (Dutch DPA)**
@ -381,9 +384,13 @@ Access to your personal data, stored files and other information you provide to
# 6. Changes on this Privacy Statement
From time to time we may need to update this Privacy Statement. If we decide to do so, all changes will be publicly available and will be communicated to all users via the forum, our social networks and blog post. We recommend that you regularly check for any changes on this Statement.
<br>
You can follow the history of changes on this document on our git repository [**here**](https://git.disroot.org/Disroot/Disroot-Privacy-Policy/commits/branch/master)
#### Last update of this Privacy Statement:
- February 6th, 2020
<br>

Loading…
Cancel
Save