Difference between revisions of "Privacy policy"
Jump to navigation
Jump to search
(start policy) |
(Update website list) |
||
| (12 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
| + | {{color bar header|title=Privacy Policy|toc=yes}} |
||
| − | '''This is a draft for consideration at the August Board Meeting.''' |
||
| + | ==ARTICLE I – PURPOSE== |
||
| − | ==General Scope== |
||
| + | 1. <u>Purpose</u>. The purpose of this Privacy Policy ("Policy") is to explain how Wikimedia District of Columbia ("Wikimedia DC") collects, uses, and shares data, including personally identifiable information ("PII"), from website users, program participants, and donors. |
||
| − | This policy covers personally identifiable information collected or stored by the Society on its servers in relation to the projects hosted by the Society (“Projects”) and their communities. Consistent with its Data Retention Policy, the Foundation collects and retains the least amount of personally identifiable information needed to fulfill the Projects' operational needs. |
||
| − | ==Definitions== |
||
| − | ''Personally Identifiable Information'' refers to information which can be used to distinguish or trace an individual’s identity, including (but not limited to) their name, social security number, biometric records, credit card information, date or place of birth, mother’s maiden name, or other information that either alone, or in combination with other personal or identifying information is linked or linkable to a specific individual. |
||
| + | ==ARTICLE II – GENERAL PROVISIONS== |
||
| − | ''Society'' means the Wiki Society of Washington, DC, Inc. |
||
| + | 1. <u>Access</u>. Access to any non-public data collected under this Policy shall be limited to those staff and volunteers who have a legitimate business need to access that data for the purposes described in this Policy. |
||
| − | ==Activities on Society projects== |
||
| − | In general, this Policy only applies to private information stored or held by the Society which is not publicly available. |
||
| + | 2. <u>Retention</u>. Unless otherwise stated in this Policy, the retention of all data collected under this Policy shall be governed by the [[Record Retention Policy]]. |
||
| − | Interactions with the Projects not covered by this Policy include, but are not limited to, aspects of browsing and editing pages, use of the wiki "email user" function, subscribing and posting to the Society’s hosted email lists, and corresponding with volunteers via the Society’s email addresses. These interactions may reveal a contributor's IP address, and possibly other personal information, indiscriminately to the general public, or to specific groups of volunteers acting independently of the Society. |
||
| + | 3. <u>No Sale or Lease</u>. Wikimedia DC shall not sell, trade, or lease any data collected under this Policy. |
||
| − | Users may also interact with one another outside of Society sites, via email, IRC or other chat, or independent websites, and should assess the risks involved, and their personal need for privacy, before using these methods of communication. |
||
| + | 4. <u>Use of Third-Party Providers</u>. Wikimedia DC uses third-party providers, within and outside the United States, for collecting, storing, and processing public and non-public data collected under this Policy. |
||
| − | ==User accounts and authorship== |
||
| + | :(a) <u>Third-Party Privacy Policies</u>. Access to and use of data by third-party providers shall be governed by the respective privacy policies published by such providers, and by any specific agreements between Wikimedia DC and such providers. |
||
| + | :(b) <u>Requirements for Third-Party Providers</u>. Wikimedia DC shall select third-party providers in accordance with the security requirements set forth in the [[Technology Access Policy]], and shall exercise a reasonable standard of care to ensure the privacy of any data transferred to such providers. |
||
| + | :(c) <u>List of Third-Party Providers</u>. A complete list of third-party providers is included in Appendix B of this Policy. The President and Secretary shall update Appendix B as necessary to maintain said list. |
||
| + | 5. <u>Anonymized Data</u>. Wikimedia DC may publish anonymized and aggregated data for promotional, fundraising, and reporting purposes, including to report progress against stated organizational goals. Wikimedia DC may also share anonymized data with third parties, including the Wikimedia Foundation, to conduct research on its operations, including its programs. |
||
| − | The Society does not require editors to register with a project. Anyone can edit without logging in with a username, in which case they will be identified by network IP address. Users that do register are identified by their chosen username. Users select a password, which is confidential and used to verify the integrity of their account. |
||
| − | Except insofar as it may be required by law, no person should disclose, or knowingly expose, either user passwords and/or cookies generated to identify a user. Once created, user accounts will not be removed. It may be possible for a username to be changed, depending on the policies of individual projects. The Society does not guarantee that a username will be changed on request. |
||
| + | ==ARTICLE III – WEBSITE== |
||
| − | ==Purpose of the collection of private information== |
||
| + | 1. <u>Applicability</u>. For the purposes of this Policy, "Website" shall refer to any web domain that is hosted by Wikimedia DC. A complete list of such domains is included in Appendix A of this Policy, and the President and Secretary shall update Appendix A as necessary to maintain said list. |
||
| + | 2. <u>Non-Public Website Data</u>. Wikimedia DC collects certain non-public data from users of the Website (the "Non-Public Website Data"), as follows: |
||
| − | The Society limits the collection of personally identifiable user data to purposes which serve the well-being of its projects, including but not limited to the following: |
||
| + | :(a) <u>Visitor Data</u>. Wikimedia DC collects the Internet Protocol (IP) address, time of visit, the URL requested, the server response code, the bytes served, the referrer (if provided), and the user agent (which includes the browser, browser version, and operating system), collectively the "Visitor Data", of anyone who visits the Website. Wikimedia DC uses Visitor Data to conduct research on Website usage, to assess technical issues that may arise, and to optimize the delivery of Website content. |
||
| + | :(b) <u>Editor Data</u>. The MediaWiki software used by Wikimedia DC collects the IP address, user agent, and XFF header, collectively the "Editor Data", of any person who makes an edit to the Website or performs any action that is logged in the Website's Recent Changes feed. Editor Data is used to prevent abuse of the Website. |
||
| + | :(c) <u>Other Data</u>. The Website makes use of cookies and JavaScript applications for personalization of the Website, including the function of user accounts. Persons with user accounts on the Website may optionally provide email addresses, used to send email through the Website without exposing the email address publicly. |
||
| + | 3. <u>Retention of Non-Public Website Data</u>. Non-Public Website Data may be retained indefinitely in the event that an IP address is associated with abuse, including denial of service attacks and posting unsolicited, undesirable messages ("spam"). Otherwise, Non-Public Website Data shall be retained for no longer than ninety (90) days. |
||
| − | :To enhance the public accountability of the projects. |
||
| − | :To solve technical problems. Log data may be examined by developers in the course of solving technical problems. |
||
| − | :To contact members regarding the conduct of Society business, including the provision of notice of the Society’s membership meetings. |
||
| − | ==Details of data retention== |
||
| − | ===General expectations=== |
||
| − | ====IP and other technical information==== |
||
| − | :When a visitor requests or reads a page, or sends email to a Society server, no more information is collected than is typically collected by web sites. The Society may keep raw logs of such transactions, but these will not be published or used to track legitimate users. |
||
| + | 4. <u>Sharing of Non-Public Website Data</u>. Wikimedia DC shall only share Non-Public Website Data: |
||
| − | :When a page is edited by a logged-in editor, the server confidentially stores related IP information for a limited period of time. This information is automatically deleted after a set period. For editors who do not log in, the IP address used is publicly and permanently credited as the author of the edit. It may be possible for a third party to identify the author from this IP address in conjunction with other information available. Logging in with a registered username allows for better preservation of privacy. |
||
| + | : (a) With the permission of affected persons; |
||
| − | ====User names==== |
||
| + | : (b) Upon the presentation of a valid court or government order; |
||
| − | Users are free to choose a user name on the Society’s websites. No inference should be drawn between the user name used on the Society’s computer systems and a user name on systems operated by the Wikimedia Foundation. The Society does not have access to confidential information on the Wikimedia Foundation systems and does not require its members to disclose their other user names to it. |
||
| + | : (c) As reasonably necessary to prevent imminent and serious bodily harm or death to a person; |
||
| − | ====Cookies==== |
||
| + | : (d) To protect Wikimedia DC, its employees, contractors, and users, or the public; or |
||
| − | :The sites set a temporary session cookie on a visitor's computer whenever a web page is visited. Readers who do not intend to log in or edit may deny this cookie; it will be deleted at the end of the browser's session. More cookies may be set when one logs in to maintain logged-in status. If one saves a user name or password in one's browser, that information will be saved for up to 30 days, and this information will be resent to the server on every visit to the same Project. Contributors using a public machine who do not wish to show their username to future users of the machine should clear these cookies after use. |
||
| + | : (e) To detect, prevent, or otherwise assess and address potential spam, malware, fraud, abuse, unlawful activity, and security or technical concerns. |
||
| − | ====Email==== |
||
| − | ::Users are not required to list an email address when registering. Users who provide a valid email address can enable other logged-in users to send email to them through the wiki. When receiving an email from other users through this system, one's email address is not revealed to the sender. When choosing to send an email to other users, one's email is displayed as the sender. |
||
| − | ::The email address put into one's user preferences may be used by the Society for communication. Users whose accounts do not have a valid email address will not be able to reset their password if it is lost. In such a situation, however, users may be able to contact one of the Society’s administrators to enter a new e-mail address. A user can remove the account's email address from his preferences at any time to prevent it from being used. Private correspondence between users may be saved at those users' discretion and is not subject to Society policy. |
||
| − | ::On mailing lists: |
||
| − | ::The email addresses used to subscribe and post to Project mailing lists are exposed to other subscribers. The list archives of most such mailing lists are public, and searches of public archives may be performed on the Web. Subscribers' addresses may also be quoted in other users' messages. These email addresses and any messages sent to a mailing list may be archived and may remain available to the public permanently. |
||
| − | ::Some e-mail addresses forward mail to a team of volunteers.The team may discuss the contents of received mail with other contributors in order to respond effectively. |
||
| − | ==Access to and release of personally identifiable information== |
||
| − | Access: |
||
| + | 5. <u>Public Website Data</u>. Any information provided in the process of registering an account on the Website, and any information contained within an edit or other logged action to the Website, shall be considered public and shall be retained indefinitely. Passwords and email addresses shall not be considered public unless directly posted to the Website. |
||
| − | The Society is run by volunteers. Selected volunteers will have access to personally identifiable information to the extent necessary to carry on the Society’s operations. |
||
| + | 6. <u>Collection of Additional Data</u>. The Website may collect additional information for specific purposes, such as for grant applications or participation in certain programs. This information shall be used for the effective conduct of Wikimedia DC programs, and shall subject to the same protection as other data collected through the Website. |
||
| − | Release: Policy on Release of Data |
||
| + | ==ARTICLE IV – DONORS== |
||
| − | The Society will release personally identifiable data collected in the server logs, or through records in its data files, or through other non-publicly-available methods, in any of the following situations: |
||
| + | 1. <u>Donor Bill of Rights</u>. Wikimedia DC adopts as its policy the [http://www.afpnet.org/files/ContentDocuments/DonorBillofRights.pdf Donor Bill of Rights] developed by the Association of Fundraising Professionals (AFP), the Association for Healthcare Philanthropy (AHP), the Council for Advancement and Support of Education (CASE), and the Giving Institute. |
||
| − | # In response to a valid subpoena or other compulsory request from law enforcement, |
||
| − | # With permission of the affected user, |
||
| − | # When necessary for investigation of abuse complaints, |
||
| − | # Where the information pertains to page views generated by a spider or bot and its dissemination is necessary to illustrate or resolve technical issues, |
||
| − | # Where the user has been vandalizing or persistently behaving in a disruptive way, data may be released to a service provider, carrier, or other third-party entity to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers, |
||
| − | # Where it is reasonably necessary to protect the rights, property or safety of the Society, its users or the public. |
||
| − | # When necessary to work with the Society’s vendors (for example, to provide housing and dining services during Wikimania.) |
||
| − | # To the extent required by D.C. Code § 29-301.26 or other provisions of law. |
||
| − | Except as described above, the Society’s policy does not permit distribution of personally identifiable information under any circumstances. |
||
| + | 2. <u>Donor Data Collected by Wikimedia DC</u>. Data that Wikimedia DC collects from donors may include name, address, telephone number, email address, amount donated, and any other personal information provided by the donor (collectively the "Donor Data"). For donations by check, the Donor Data also includes any data visible on the check. For donations processed online, the Donor Data includes Visitor Data. |
||
| − | Third-party access and notifying registered users when receiving legal process: |
||
| + | 3. <u>Donor Data Collected by Payment Processors</u>. Third-party payment processing services utilized by Wikimedia DC have access to Donor Data, as well as access to payment card information supplied by donors. Use of such services is governed by their respective privacy policies. Wikimedia DC does not store credit card information, bank account numbers, or other financial account data provided by donors directly to third-party payment processing services. |
||
| − | As a general principle, the access to, and retention of, personally identifiable data in all projects should be minimal and should be used only internally to serve the well-being of the projects. Occasionally, however, the Society may receive a subpoena or other compulsory request from a law-enforcement agency or a court or equivalent government body that requests the disclosure of information about a registered user, and may be compelled by law to comply with the request. In the event of such a legally compulsory request, the Society will attempt to notify the affected user within three business days after the arrival of such subpoena by sending a notice by email to the email address (if any) that the affected user has listed in his or her user preferences. |
||
| + | 4. <u>Use of Donor Data</u>. Wikimedia DC uses Donor Data for the following: |
||
| − | The Society cannot advise a user receiving such a notification regarding the law or an appropriate response to a subpoena. The Society does note, however, that such users may have the legal right to resist or limit that information in court by filing a motion to quash the subpoena. Users who wish to oppose a subpoena or other compulsory request should seek legal advice concerning applicable rights and procedures that may be available. |
||
| + | : (a) Distributing receipts and thanking donors for donations; |
||
| + | : (b) Informing donors about upcoming fundraising and other activities; |
||
| + | : (c) Internal analysis, such as research and analytics; |
||
| + | : (d) Record-keeping and reporting to government agencies and as otherwise required by law; |
||
| + | : (f) Surveys, metrics, and other analytical purposes; and |
||
| + | : (g) Other purposes related to fundraising operations. |
||
| + | ==ARTICLE V – OTHER INFORMATION== |
||
| − | If the Society receives a court-filed motion to quash or otherwise limit the subpoena as a result of action by a user or their lawyer, the Society will not disclose the requested information until the Society receives an order from the court to do so. |
||
| + | 1. <u>Data Collected through Surveys</u>. Wikimedia DC administers surveys to collect feedback from those participating in Wikimedia DC programs. Participants may decline to complete all or part of a survey. Wikimedia DC uses this information to assess the performance of its programs. Unless stated otherwise, comments that are provided to Wikimedia DC as part of survey responses may be published or used in promotional materials. |
||
| + | 2. <u>Collection of Wikimedia Usernames</u>. Wikimedia DC collects Wikimedia project usernames at events to facilitate the collection of editing metrics, including the number of edits made before, during, and after an editing event. Wikimedia DC uses this information to assess the performance of its programs. To the greatest extent possible, Wikimedia DC shall not associate any collected Wikimedia username with any other PII collected or retained by Wikimedia DC. |
||
| − | Society members or other registered users are not required to provide an email address. However, when an affected registered user does not provide an email address, the Society will not be able to notify the affected user in private email messages when it receives requests from law enforcement to disclose personally identifiable information about the user. |
||
| + | ==APPENDIX A – LIST OF WEBSITES== |
||
| − | ==Disclaimer== |
||
| + | # https://wikimediadc.org |
||
| − | The Society believes that maintaining and preserving the privacy of user data is an important value. This Privacy Policy, together with other policies, resolutions, and actions by the Society, represents a committed effort to safeguard the security of the limited user information that is collected and retained on our servers. Nevertheless, the Society cannot guarantee that user information will remain private. We acknowledge that, in spite of our committed effort to protect private user information, determined individuals may still develop data-mining and other methods to uncover such information and disclose it. For this reason, the Society can make no guarantee against unauthorized access to information provided in the course of participating in Society Projects or related communities. |
||
| + | # https://wikiconference.org |
||
| + | # https://wikidiversity.org |
||
| + | ==APPENDIX B – LIST OF THIRD-PARTY DATA PROCESSORS== |
||
| + | # https://apps.google.com |
||
| + | # https://dropbox.com |
||
| + | # https://eventbrite.com |
||
| + | # https://meetup.com |
||
| + | # https://paypal.com |
||
| + | # https://podio.com |
||
| + | # https://qbo.intuit.com |
||
| + | [[Category:Policies]] |
||
| − | <hr> |
||
| + | [[Category:Privacy]] |
||
| − | This draft from the Legal Committee is based on the WMF Privacy Policy and is consistent with D.C. Law. Please leave comments on the talk page. |
||
Latest revision as of 17:04, 10 December 2016
ARTICLE I – PURPOSE
1. Purpose. The purpose of this Privacy Policy ("Policy") is to explain how Wikimedia District of Columbia ("Wikimedia DC") collects, uses, and shares data, including personally identifiable information ("PII"), from website users, program participants, and donors.
ARTICLE II – GENERAL PROVISIONS
1. Access. Access to any non-public data collected under this Policy shall be limited to those staff and volunteers who have a legitimate business need to access that data for the purposes described in this Policy.
2. Retention. Unless otherwise stated in this Policy, the retention of all data collected under this Policy shall be governed by the Record Retention Policy.
3. No Sale or Lease. Wikimedia DC shall not sell, trade, or lease any data collected under this Policy.
4. Use of Third-Party Providers. Wikimedia DC uses third-party providers, within and outside the United States, for collecting, storing, and processing public and non-public data collected under this Policy.
- (a) Third-Party Privacy Policies. Access to and use of data by third-party providers shall be governed by the respective privacy policies published by such providers, and by any specific agreements between Wikimedia DC and such providers.
- (b) Requirements for Third-Party Providers. Wikimedia DC shall select third-party providers in accordance with the security requirements set forth in the Technology Access Policy, and shall exercise a reasonable standard of care to ensure the privacy of any data transferred to such providers.
- (c) List of Third-Party Providers. A complete list of third-party providers is included in Appendix B of this Policy. The President and Secretary shall update Appendix B as necessary to maintain said list.
5. Anonymized Data. Wikimedia DC may publish anonymized and aggregated data for promotional, fundraising, and reporting purposes, including to report progress against stated organizational goals. Wikimedia DC may also share anonymized data with third parties, including the Wikimedia Foundation, to conduct research on its operations, including its programs.
ARTICLE III – WEBSITE
1. Applicability. For the purposes of this Policy, "Website" shall refer to any web domain that is hosted by Wikimedia DC. A complete list of such domains is included in Appendix A of this Policy, and the President and Secretary shall update Appendix A as necessary to maintain said list.
2. Non-Public Website Data. Wikimedia DC collects certain non-public data from users of the Website (the "Non-Public Website Data"), as follows:
- (a) Visitor Data. Wikimedia DC collects the Internet Protocol (IP) address, time of visit, the URL requested, the server response code, the bytes served, the referrer (if provided), and the user agent (which includes the browser, browser version, and operating system), collectively the "Visitor Data", of anyone who visits the Website. Wikimedia DC uses Visitor Data to conduct research on Website usage, to assess technical issues that may arise, and to optimize the delivery of Website content.
- (b) Editor Data. The MediaWiki software used by Wikimedia DC collects the IP address, user agent, and XFF header, collectively the "Editor Data", of any person who makes an edit to the Website or performs any action that is logged in the Website's Recent Changes feed. Editor Data is used to prevent abuse of the Website.
- (c) Other Data. The Website makes use of cookies and JavaScript applications for personalization of the Website, including the function of user accounts. Persons with user accounts on the Website may optionally provide email addresses, used to send email through the Website without exposing the email address publicly.
3. Retention of Non-Public Website Data. Non-Public Website Data may be retained indefinitely in the event that an IP address is associated with abuse, including denial of service attacks and posting unsolicited, undesirable messages ("spam"). Otherwise, Non-Public Website Data shall be retained for no longer than ninety (90) days.
4. Sharing of Non-Public Website Data. Wikimedia DC shall only share Non-Public Website Data:
- (a) With the permission of affected persons;
- (b) Upon the presentation of a valid court or government order;
- (c) As reasonably necessary to prevent imminent and serious bodily harm or death to a person;
- (d) To protect Wikimedia DC, its employees, contractors, and users, or the public; or
- (e) To detect, prevent, or otherwise assess and address potential spam, malware, fraud, abuse, unlawful activity, and security or technical concerns.
5. Public Website Data. Any information provided in the process of registering an account on the Website, and any information contained within an edit or other logged action to the Website, shall be considered public and shall be retained indefinitely. Passwords and email addresses shall not be considered public unless directly posted to the Website.
6. Collection of Additional Data. The Website may collect additional information for specific purposes, such as for grant applications or participation in certain programs. This information shall be used for the effective conduct of Wikimedia DC programs, and shall subject to the same protection as other data collected through the Website.
ARTICLE IV – DONORS
1. Donor Bill of Rights. Wikimedia DC adopts as its policy the Donor Bill of Rights developed by the Association of Fundraising Professionals (AFP), the Association for Healthcare Philanthropy (AHP), the Council for Advancement and Support of Education (CASE), and the Giving Institute.
2. Donor Data Collected by Wikimedia DC. Data that Wikimedia DC collects from donors may include name, address, telephone number, email address, amount donated, and any other personal information provided by the donor (collectively the "Donor Data"). For donations by check, the Donor Data also includes any data visible on the check. For donations processed online, the Donor Data includes Visitor Data.
3. Donor Data Collected by Payment Processors. Third-party payment processing services utilized by Wikimedia DC have access to Donor Data, as well as access to payment card information supplied by donors. Use of such services is governed by their respective privacy policies. Wikimedia DC does not store credit card information, bank account numbers, or other financial account data provided by donors directly to third-party payment processing services.
4. Use of Donor Data. Wikimedia DC uses Donor Data for the following:
- (a) Distributing receipts and thanking donors for donations;
- (b) Informing donors about upcoming fundraising and other activities;
- (c) Internal analysis, such as research and analytics;
- (d) Record-keeping and reporting to government agencies and as otherwise required by law;
- (f) Surveys, metrics, and other analytical purposes; and
- (g) Other purposes related to fundraising operations.
ARTICLE V – OTHER INFORMATION
1. Data Collected through Surveys. Wikimedia DC administers surveys to collect feedback from those participating in Wikimedia DC programs. Participants may decline to complete all or part of a survey. Wikimedia DC uses this information to assess the performance of its programs. Unless stated otherwise, comments that are provided to Wikimedia DC as part of survey responses may be published or used in promotional materials.
2. Collection of Wikimedia Usernames. Wikimedia DC collects Wikimedia project usernames at events to facilitate the collection of editing metrics, including the number of edits made before, during, and after an editing event. Wikimedia DC uses this information to assess the performance of its programs. To the greatest extent possible, Wikimedia DC shall not associate any collected Wikimedia username with any other PII collected or retained by Wikimedia DC.