GDPR Administrative Data #21

Closed
opened 2 years ago by fede · 11 comments
fede commented 2 years ago
Owner

I think the best way to handle this aspect is to write a Donor Privacy Policy, that can be linked from Donations page and from the general PP. This way we don't overload the PP either.

I think the best way to handle this aspect is to write a Donor Privacy Policy, that can be linked from Donations page and from the general PP. This way we don't overload the PP either.
fede added this to the 1.2 milestone 2 years ago
muppeth was assigned by fede 2 years ago
meaz was assigned by fede 2 years ago
fede self-assigned this 2 years ago
antilopa was assigned by fede 2 years ago
maryjane was assigned by fede 2 years ago
Poster
Owner

Maybe we could add something like this to the PP, in the "Data we collect" section:

  • When you make an online donation to Disroot.org, we only collect personal data such as, but not limited to, username (if any), country, transaction IDs or bank account/reference. The only purpose for which we use this data is administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the "How do we store your data?" section. Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.
Maybe we could add something like this to the PP, in the "Data we collect" section: - When you make an online donation to Disroot.org, we only collect personal data such as, but not limited to, username (if any), country, transaction IDs or bank account/reference. The only purpose for which we use this data is administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the "How do we store your data?" section. Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.
Owner

I thinks this is pretty good already.

I thinks this is pretty good already.
Owner

It may be not the proper place to put this (given the false promise thing) but would like to have info that we are currently working on improvement to the system so that it is as hard as possible to link the payment details to usernames.

It may be not the proper place to put this (given the false promise thing) but would like to have info that we are currently working on improvement to the system so that it is as hard as possible to link the payment details to usernames.
Owner

When you make an online donation to Disroot.org, we only collect personal data such as, but not limited to, username (if any), country, transaction IDs or bank account/reference. The only purpose for which we use this data is administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the “How do we store your data?” section. In the near future we are planning to improve data collection by annonymising the data and disconnecting it from usernames.
Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.

When you make an online donation to Disroot.org, we only collect personal data such as, but not limited to, username (if any), country, transaction IDs or bank account/reference. The only purpose for which we use this data is administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the “How do we store your data?” section. **In the near future we are planning to improve data collection by annonymising the data and disconnecting it from usernames**. Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.
Owner

(Bolded text is what I added)

(Bolded text is what I added)
Owner

Are you sure we can add "promise" or things that are not currently available in the PP?

Are you sure we can add "promise" or things that are not currently available in the PP?
Poster
Owner

GDPR Transparency guidelines states that vague terms should be avoided, which I think is the case of this line about future improvement.
I would add it as a note below the "Data we collect" text.

GDPR Transparency guidelines states that vague terms should be avoided, which I think is the case of this line about future improvement. I would add it as a note below the "Data we collect" text.
Owner

@fede agree. As i said I know it shouldnt be there but somehow wanted to indicate to others (and i think even more importantly to us) that this situation is not ideal and we are aware of it and want to improve it as much as possible.

@fede agree. As i said I know it shouldnt be there but somehow wanted to indicate to others (and i think even more importantly to us) that this situation is not ideal and we are aware of it and want to improve it as much as possible.
Poster
Owner

We could think on some sort of visible "notice" (*) to add below this section. The PP text should be tighten to only what we actually do and nothing more, even when we know we could do it better.

We could think on some sort of visible "notice" (*) to add below this section. The PP text should be tighten to only what we actually do and nothing more, even when we know we could do it better.
Owner

Yeah you're right @fede probably shouldnt even put a notice. Instead create new epic for Q1 2020 Roadmap 😃

@fede can you add the missing part of thetext to the pull request? We can do last reads and send the link to some people to have last read before we push it to master.

Yeah you're right @fede probably shouldnt even put a notice. Instead create new epic for Q1 2020 Roadmap 😃 @fede can you add the missing part of thetext to the pull request? We can do last reads and send the link to some people to have last read before we push it to master.
Poster
Owner

Done

Done
fede closed this issue 2 years ago
Sign in to join this conversation.
No Milestone
4 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.