OIAr:Privacy policy

From OIAr
Revision as of 23:44, 24 March 2013 by Jan Schoonderbeek (talk | contribs) (privacy policy installed)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

OIAr Privacy Policy per 2013-03-24

The Scope of this Document

This document addresses the use and retention of personally identifiable information on the OIAr website.

On the Nature of the OIAr Wiki

Any registered user gains the right to edit content, discussion pages, and user pages, including those of other users. It is expected that those rights will not be abused, and any such abuse will lead to the perpetrator losing all edit rights.

OIAr is a public wiki. Any content submitted to OIAr is subject to the Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license. Links are provided on the footer of each page to the full text of the license. The authors of any edit, contribution, correction etc. are publicly identifiable, and may be contacted by any other registered user.

User Accounts

OIAr may be read by any member of the public, without the creation of a registered account. Contribution in any form does, however, require the user to have a registered account. Registered users have a sidebar link to several Preferences pages. On the first page there is a field for entering an email address. This is optional, but it is recommended that you do enter one, as it may be impossible for us to help with a lost password if you do not. Your email address is not publicly viewable. Pages other than the first one are mainly for display preferences and should be browsed at your leisure.

In order to contact another user, you should use the user's Talk page. This ensures that both of you are addressed only by your OIAr username.

From time to time users will be granted extra rights by associating them with a user group. As an example, a potential ambassador needs to request to be added to the Newseditor group. Without that he cannot create news items.

Collection and Retention of Personally Identifiable Information

The Purpose of Collecting Personally Identifiable Information

Personally Identifiable Information is collected for the security and smooth running of OIAr. Examples of the use of this information includes, but is not limited to

  • Public Accountability. When a user registers an account, no check is made regarding the identity of the user. In the case of a serious abuse occurring it is necessary that mechanisms exist for the investigation of the event.
  • To provide statistics. In order to ensure smooth running mechanisms exist for statistics to be gathered from the raw logs of accesses. Information from those logs is not made public.
  • To investigate technical problems. Raw logs may be examined by the system administrators when investigating any technical problem, including tracking down badly-behaved web-spiders.

Every effort is made protect personal information, but it is the user's responsibility to consider any possible consequence of information entered on the site. It should also be noted that before the introduction of the requirement to register in order to edit, any user editing without logging in was identified by his IP address, which is publicly viewable in the edit histories.

Retention of Personally Identifiable Information

IP and other technical information

In the course of any contribution the IP address of the editor is securely registered on the server. It is expired after a fixed period. There is no public access to that information.

Cookies

If your browser allows it cookies may be set either as session cookies or to maintain logged in status. Users are reminded that if they save a username and password in a browser, that information will be available for use for up to 30 days. Any contributor using a public machine is advised to clear all such cookies and browser caches.

Page History

All edits, contributions and translations are normally retained indefinitely and can be viewed in the Page History. Deleting a page hides it from view, but users in the higher levels of access groups will still be able to access the information. Permanent deletion will normally only occur when required by law.

User Contributions

OIAr offers RSS and Atom aggregation feeds. Aggregation is made according to the user's registration and login status. Other information regarding user contribution, such as the number of edits made, is publicly available in the User Contributions list on Special Pages.

When Reading OIAr

OIAr securely logs accesses in the same way as other websites. That information is not publicly available.

When Editing or Translating Pages

The IP address of a contributor is stored for a time on the server. While system administrators can view that information it is not publicly available.

Discussions

On OIAr Discussion pages
Discussions normally take place either on user talk pages (associated with a user's personal page) or on talk pages associated with a page. Only your username is publicly visible although the server logs will have a record of your entry. Such discussions are controlled by the same privacy rules as other pages.

By email
It is possible to email a user. If you do, your email address will be visible to him. The recipient's email address will not be shown to you. By its nature such an exchange will be outside of OIAr and will not be governed by the site's privacy policy.

via LinkedIn
You may discuss the topics covered by OIAr in the LinkedIn group “Open Infrastructure Architecture”. Such discussions are outside of OIAr's control, and are not covered by this privacy policy.

Access to and Release of Personally Identifiable Information

OIAr is run by volunteers, a small number of which have privileged access rights. Should you need to contact one of those at any time you are advised to consult Special:ListGroupRights. Access to personally identifiable information is limited to users with a high level of access rights.

Policy for Release of Personally Identifiable Information

Data not publicly available may be released by those with high access rights in any of the following circumstances:

  • In response to a valid order from a legal entity
  • At the request of, or with the permission of the owner of the information
  • When necessary for the investigation of abuse complaints
  • Where the information pertains to page views generated by a spider or bot and its dissemination is necessary to illustrate or resolve technical issues,
  • Where there has been persistent vandalism, abuse or disruptive behaviour, information may be released to a service provider or carrier with a view to requesting a targeted IP block or initiating other complaints procedures.
  • Where there is a threat to the rights, property or safety of OIAr, its users or the public.

Except as described here, it is the policy that personally identifiable information will not be released.

Third Party Access and the User's Rights

Should OIAr administrators receive a valid compulsory order from a law enforcement agency the administrators will attempt to reach the user in question by email to an address provided in the User Preferences page to notify him. This will normally happen within three business days of receipt of the order.

OIAr administrators would be compelled to comply with such an order, and cannot advise a user in such a case. However, the user would have the right to resist by filing a motion to quash the order. In that case legal advice should be sought. In this situation, OIAr administrators, on receipt of a court-filed motion to quash the order, would release no information until an order from the court to do so is received.

Users are not obliged to supply an email address. It should be noted that if no address is provided, it will not be possible to follow this procedure of notification.

Disclaimer

The administrators of OIAr respect your privacy, and every care is taken to protect it. However it is impossible to guarantee that user information will remain private. Access by unauthorized agencies may be possible despite all our efforts to protect your data. It is the responsibility of the user to consider the consequences of such unauthorized access.


This policy is drafted specifically for the OIAr, but based on the corresponding texts of UserBase wiki - a big "thank you" to the KDE volunteers!