Privacy Policy

Status: Under Review

ARTICLE I – PURPOSE

1. Purpose. The purpose of this Policy is to explain how Wikimedia District of Columbia ("Wikimedia DC") collects, uses, and shares your information, including personally identifiable information ("PII").

ARTICLE II – GENERAL PROVISIONS

1. Restricted Access. It is Wikimedia DC's policy to limit access to non-public data to staff and volunteers who need to process that information for the purposes described in this Policy.

2. Retention of Data. Unless otherwise stated in this Policy, the retention of data collected under this Policy is governed by the Record Retention Policy.

3. Sharing of Non-Public Data. Wikimedia DC shall only share non-public data:

(a) With the permission of affected persons;

(b) Upon the presentation of a valid court or government order;

(c) If it is reasonably necessary to prevent imminent and serious bodily harm or death to a person;

(d) To protect our organization, employees, contractors, users, or the public; or

(e) To detect, prevent, or otherwise assess and address potential spam, malware, fraud, abuse, unlawful activity, and security or technical concerns.

4. Sharing of Anonymized Data. Wikimedia DC may publish anonymized and aggregated data for promotional, fundraising, and reporting purposes, including to report progress against stated organizational goals. Wikimedia DC may also share anonymized data with third parties, including the Wikimedia Foundation, to conduct research on its operations, including its programs. Comments that are provided to Wikimedia DC may be publicly published and may be used in promotional materials.

5. No Selling or Leasing of Data. Unless otherwise stated, Wikimedia DC does not publish, sell, trade, or rent collected data. Wikimedia DC may use available information to supplement collected data to improve the information Wikimedia DC uses.

6. Use of Third-Party Data Storage. Wikimedia DC uses third-party providers for collecting and storing data. The Technology Access Policy establishes requirements for security standards and restriction of access.

ARTICLE III – WEBSITE

1. Definition. For the purposes of this Policy, "Wikimedia DC Website" includes the main Wikimedia DC website and any additional web property that is hosted by Wikimedia DC, a list of which is included in Appendix A of this Policy. The Secretary shall update Appendix A at his or her discretion to ensure that the list is accurate.

2. Information Collected by Server. Wikimedia DC collects the Internet Protocol (IP) address, time of visit, the URL requested, the server response code, the bytes served, the referrer if provided, and the user agent (which includes the browser, browser version, and operating system), collectively "Visitor Data," of anyone who visits the Wikimedia DC Website. Wikimedia DC uses Visitor Data to conduct research on Website usage, to assess technical issues that may arise, and to optimize the delivery of Website content.

3. Information Collected by Website. The MediaWiki software used by Wikimedia DC collects the IP address, user agent, and XFF header of any person who makes an edit to the website or performs any action that is logged in the website's Recent Changes feed, collectively "Editor Data". Editor Data is used to prevent abuse of the Wikimedia DC website. The Wikimedia DC Website also makes use of cookies and JavaScript applications for personalization of the Website, including the function of user accounts. Those with user accounts may optionally provide email addresses, used to send email through the Website without exposing the email address publicly.

4. Retention of Data. Wikimedia DC retains Visitor Data and Editor Data indefinitely in the event that an IP address is associated with abuse, including denial of service attacks and posting unsolicited, undesirable messages ("spam"). Otherwise, Visitor Data and Editor Data is retained for no longer than 90 days.

5. Public Data. Any information provided in the process of registering an account on the Website, and any information contained within an edit or other logged action to the Website, is retained indefinitely and shall be considered public. Passwords and email addresses are not considered public unless directly posted to the Website.

6. Collection of Additional Data. The Wikimedia DC Website may collect additional information for specific purposes, such as for grant applications or participation in certain programs. This information is used for the effective conduct of Wikimedia DC programs, and is subject to the same protection as other data collected through the Wikimedia DC Website.

7. Use of Third-Party Websites. Wikimedia DC uses third-party websites in the conduct of its operations, including social networking and event registration websites. The use of those websites is governed by the privacy policies published on such websites. Wikimedia DC may from time to time retain information that is made available through third-party websites for its own operations.

ARTICLE IV – DONORS

1. Donor Bill of Rights. Wikimedia DC adopts as its policy the Donor Bill of Rights as developed by the Association of Fundraising Professionals (AFP), the Association for Healthcare Philanthropy (AHP), the Council for Advancement and Support of Education (CASE), and the Giving Institute: Leading Consultants to Non-Profits.

2. Data Collected by Wikimedia DC. Data that Wikimedia DC collects from donors may include name, amount donated, address, telephone number, donor comments, e-mail address, and any other personal information provided to us (“Donor Data”). For donations by check, Donor Data also includes the data visible on the check. For donations processed online, Donor Data includes Website User Data. Wikimedia DC uses Donor Data for the purposes of processing payments, communicating with donors about its work, and conducting fundraising and other operations.

3. Data Collected by Payment Processors. Payment processors, as identified by Wikimedia DC's website, have access to Donor Data, as well as access to payment card information as supplied by donors. Wikimedia DC does not have access to payment card information. Use of such services is governed by their respective privacy policies. Wikimedia DC does not store credit card information, bank account numbers, or other financial account data sent directly to third-party processing services.

4. Use of Donor Data. Wikimedia DC uses Donor Data for the following:

(a) Distributing receipts and thanking donors for donations

(b) Informing donors about upcoming fundraising and other activities

(c) Internal analysis, such as research and analytics

(d) Record keeping

(e) Reporting to applicable government agencies as required by law

(f) Surveys, metrics, and other analytical purposes

(g) Other purposes related to the fundraising operations

5. Disclosure of Donor Identity. We may allow donors the option to have their name publicly associated with their donation unless otherwise requested as part of the online donation process.

ARTICLE V – OTHER INFORMATION COLLECTED

1. Information Collected through Surveys. Wikimedia DC administers surveys from time to time to collect feedback from those participating in Wikimedia DC programs. Participants may decline to complete all or part of a survey. Wikimedia DC uses this information to assess the performance of its programs.

2. Collection of Wikimedia Username. Wikimedia DC collects Wikimedia project usernames at events to facilitate the collection of editing metrics, including the number of edits made before, during, and after an editing program. Wikimedia DC uses this information to assess the performance of its programs. To the greatest extent feasible, Wikimedia DC shall not associate a Wikimedia username with that person's PII.

APPENDIX A – WEBSITES HOSTED BY WIKIMEDIA DC

1. Wikimedia DC: wikimediadc.org

2. WikiConference USA: wikiconferenceusa.org

3. Diversity Conference: wikidiversity.org