I think the best way to handle this aspect is to write a Donor Privacy Policy, that can be linked from Donations page and from the general PP. This way we don't overload the PP either.
I think the best way to handle this aspect is to write a Donor Privacy Policy, that can be linked from Donations page and from the general PP. This way we don't overload the PP either.
Maybe we could add something like this to the PP, in the "Data we collect" section:
When you make an online donation to Disroot.org, we only collect personal data such as, but not limited to, username (if any), country, transaction IDs or bank account/reference. The only purpose for which we use this data is administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the "How do we store your data?" section. Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.
Maybe we could add something like this to the PP, in the "Data we collect" section:
- When you make an online donation to Disroot.org, we only collect personal data such as, but not limited to, username (if any), country, transaction IDs or bank account/reference. The only purpose for which we use this data is administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the "How do we store your data?" section. Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.
It may be not the proper place to put this (given the false promise thing) but would like to have info that we are currently working on improvement to the system so that it is as hard as possible to link the payment details to usernames.
It may be not the proper place to put this (given the false promise thing) but would like to have info that we are currently working on improvement to the system so that it is as hard as possible to link the payment details to usernames.
When you make an online donation to Disroot.org, we only collect personal data such as, but not limited to, username (if any), country, transaction IDs or bank account/reference. The only purpose for which we use this data is administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the “How do we store your data?” section. In the near future we are planning to improve data collection by annonymising the data and disconnecting it from usernames.
Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.
When you make an online donation to Disroot.org, we only collect personal data such as, but not limited to, username (if any), country, transaction IDs or bank account/reference. The only purpose for which we use this data is administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the “How do we store your data?” section. **In the near future we are planning to improve data collection by annonymising the data and disconnecting it from usernames**.
Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.
GDPR Transparency guidelines states that vague terms should be avoided, which I think is the case of this line about future improvement.
I would add it as a note below the "Data we collect" text.
GDPR Transparency guidelines states that vague terms should be avoided, which I think is the case of this line about future improvement.
I would add it as a note below the "Data we collect" text.
@fede agree. As i said I know it shouldnt be there but somehow wanted to indicate to others (and i think even more importantly to us) that this situation is not ideal and we are aware of it and want to improve it as much as possible.
@fede agree. As i said I know it shouldnt be there but somehow wanted to indicate to others (and i think even more importantly to us) that this situation is not ideal and we are aware of it and want to improve it as much as possible.
We could think on some sort of visible "notice" (*) to add below this section. The PP text should be tighten to only what we actually do and nothing more, even when we know we could do it better.
We could think on some sort of visible "notice" (*) to add below this section. The PP text should be tighten to only what we actually do and nothing more, even when we know we could do it better.
Yeah you're right @fede probably shouldnt even put a notice. Instead create new epic for Q1 2020 Roadmap 😃
@fede can you add the missing part of thetext to the pull request? We can do last reads and send the link to some people to have last read before we push it to master.
Yeah you're right @fede probably shouldnt even put a notice. Instead create new epic for Q1 2020 Roadmap 😃
@fede can you add the missing part of thetext to the pull request? We can do last reads and send the link to some people to have last read before we push it to master.
I think the best way to handle this aspect is to write a Donor Privacy Policy, that can be linked from Donations page and from the general PP. This way we don't overload the PP either.
Maybe we could add something like this to the PP, in the "Data we collect" section:
I thinks this is pretty good already.
It may be not the proper place to put this (given the false promise thing) but would like to have info that we are currently working on improvement to the system so that it is as hard as possible to link the payment details to usernames.
When you make an online donation to Disroot.org, we only collect personal data such as, but not limited to, username (if any), country, transaction IDs or bank account/reference. The only purpose for which we use this data is administrative (verification of regular donations, accounting management) and is maintained under the same security measures described in the “How do we store your data?” section. In the near future we are planning to improve data collection by annonymising the data and disconnecting it from usernames.
Since all the data we collect is previously processed by a third-party payment processor such as PayPal, Patreon or Liberapay, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.
(Bolded text is what I added)
Are you sure we can add "promise" or things that are not currently available in the PP?
GDPR Transparency guidelines states that vague terms should be avoided, which I think is the case of this line about future improvement.
I would add it as a note below the "Data we collect" text.
@fede agree. As i said I know it shouldnt be there but somehow wanted to indicate to others (and i think even more importantly to us) that this situation is not ideal and we are aware of it and want to improve it as much as possible.
We could think on some sort of visible "notice" (*) to add below this section. The PP text should be tighten to only what we actually do and nothing more, even when we know we could do it better.
Yeah you're right @fede probably shouldnt even put a notice. Instead create new epic for Q1 2020 Roadmap 😃
@fede can you add the missing part of thetext to the pull request? We can do last reads and send the link to some people to have last read before we push it to master.
Done