[odrs-web/production] Add a privacy policy
- From: Richard Hughes <rhughes src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [odrs-web/production] Add a privacy policy
- Date: Fri, 25 May 2018 19:33:56 +0000 (UTC)
commit 77ff25190555c05207688ba5b2bd5dcc93a6aa0b
Author: Richard Hughes <richard hughsie com>
Date: Fri May 25 20:33:04 2018 +0100
Add a privacy policy
app/templates/index.html | 3 +
app/templates/privacy.html | 349 ++++++++++++++++++++++++++++++++++++++++++++
app/views.py | 5 +
3 files changed, 357 insertions(+), 0 deletions(-)
---
diff --git a/app/templates/index.html b/app/templates/index.html
index 5f4eb85..92fea65 100644
--- a/app/templates/index.html
+++ b/app/templates/index.html
@@ -65,6 +65,9 @@ To then vote or remove a specific review you need to specify the
<code>user_key</code> and <code>user_id</code> values along with the
<code>review_id</code>.
</p>
+<p>
+ Find the GDPR policy <a href="/privacy">here</a>.
+</p>
<h2>Moderation</h2>
<p>
diff --git a/app/templates/privacy.html b/app/templates/privacy.html
new file mode 100644
index 0000000..8c6afdc
--- /dev/null
+++ b/app/templates/privacy.html
@@ -0,0 +1,349 @@
+{% extends "default.html" %}
+{% block title %}ODRS: Open Desktop Ratings Service{% endblock %}
+
+{% block content %}
+
+<h1>Privacy Report</h1>
+
+<h2>Introduction</h2>
+<p>
+ We hold personal data about people submitting reviews, moderators, and people
+ accessing the ODRS service for a variety of purposes.
+ This policy sets out how we seek to protect personal data and ensure that
+ people understand the rules governing their use of personal data.
+ In particular, this policy requires that the Data Protection Officer (DPO) be
+ consulted before any significant new data processing activity is initiated to
+ ensure that relevant compliance steps are addressed.
+</p>
+
+<h2>Scope</h2>
+<p>
+ This policy applies to all users who have access to any of the personally
+ identifiable data.
+</p>
+
+<h2>Who is responsible for this policy?</h2>
+<p>
+ As the Data Protection Officer, <a href="mailto:richard hughsie com">Richard Hughes</a>
+ has overall responsibility for the day-to-day implementation of this policy.
+ The DPO is registered with the Information Commissioner’s Office (ICO) in the
+ United Kingdom as a registered data controller.
+</p>
+
+<hr/>
+
+<h1>Our Procedures</h1>
+<h2>Fair and lawful processing</h2>
+<p>
+ We must process personal data fairly and lawfully in accordance with individuals’ rights.
+ This generally means that we should not process personal data unless the
+ individual whose details we are processing has consented to this happening,
+ or where such collection is unavoidable and/or considered pragmatic in the
+ context, e.g. logging the number of upvotes of a specific review.
+</p>
+
+<p>
+ We do not consider an IP address requesting the application ratings data to
+ represent a single user (due to NAT or VPN use), and as such requests are not
+ considered personal data using the draft GDPR guidelines.
+</p>
+
+<h2>Accuracy and relevance</h2>
+<p>
+ We will ensure that any personal data we process is accurate, adequate,
+ relevant and not excessive, given the purpose for which it was obtained.
+ We will not process personal data obtained for one purpose for any unconnected
+ purpose unless the individual concerned has agreed to this or would otherwise
+ reasonably expect this.
+ Individuals may ask that we correct inaccurate personal data relating to them.
+ If you believe that information is inaccurate you should inform the DPO.
+</p>
+
+<h2>Your personal data</h2>
+<p>
+ You must take reasonable steps to ensure that personal data we hold about
+ moderators is accurate and updated as required.
+ For example, if your personal circumstances change, please update them using
+ the profile pages or inform the Data Protection Officer.
+</p>
+
+<h2>Data security</h2>
+<p>
+ We keep personal data secure against loss or misuse.
+ Where other organisations process personal data as a service on our behalf,
+ the DPO will establish what, if any, additional specific data security
+ arrangements need to be implemented in contracts with those third party
+ organisations.
+</p>
+
+<h2>Storing data securely</h2>
+ <p>
+ All data is stored electronically and all passwords are stored adhering to
+ security best practices.
+</p>
+
+<h2>Data retention</h2>
+<p>
+ We must retain personal data for no longer than is necessary.
+ What is necessary will depend on the circumstances of each case, taking into
+ account the reasons that the personal data was obtained, but should be
+ determined in a manner consistent with our data retention guidelines.
+ Anonymized statistics (e.g. review requests) will be kept for a maximum of
+ 5 years which allows us to project future service requirements and provide
+ usage graphs over time.
+</p>
+
+<h2>Transferring data internationally</h2>
+<p>
+ There are restrictions on international transfers of personal data.
+ We do not transfer personal data anywhere inside or outside the EU without the
+ approval of the Data Protection Officer, unless required to do so by law.
+</p>
+
+<hr/>
+
+<h1>Subject Access Requests</h1>
+<p>
+ Please note that under the Data Protection Act 1998, individuals are entitled,
+ subject to certain exceptions, to request access to information held about them.
+</p>
+
+<p>
+ On receiving a subject access request, we will refer that request immediately
+ to the DPO. We may ask you to help us comply with those requests.
+ Please also contact the Data Protection Officer if you would like to correct
+ or request information that we hold about you.
+ There are also restrictions on the information to which you are entitled under
+ applicable law.
+</p>
+
+<h2>Processing data in accordance with your rights</h2>
+<p>
+ We will never use identifiable vendor data for direct marketing purposes.
+</p>
+
+<hr/>
+
+<h1>GDPR Provisions</h1>
+<p>
+ Where not specified previously in this policy, the following provisions will
+ be in effect on or before 25 May 2018.
+</p>
+
+<h2>Privacy Notice - transparency of data protection</h2>
+<p>
+ Being transparent and providing accessible information to individuals about how
+ we will use their personal data is important for our project.
+ The following are details on how we collect data and what we will do with it:
+</p>
+
+<h3>Moderator Information</h3>
+<table class="table">
+ <tr class="row">
+ <td class="text-muted col-sm-2">What:</td>
+ <td class="col-sm-10">
+ The moderator real name, password, and supported languages.
+ </td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Why collected:</td>
+ <td class="col-sm-10">
+ Secure authentication, to allow moderators to log in an edit or delete reviews.
+ </td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Where stored:</td>
+ <td class="col-sm-10">MySQL database on odrs.gnome.org.</td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">When copied:</td>
+ <td class="col-sm-10">Backed up to off-site secure storage weekly.</td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Who has access:</td>
+ <td class="col-sm-10">The ODRS administrators and the DPO.</td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Wiped:</td>
+ <td class="col-sm-10">When the moderator requests deletion of the user account.</td>
+ </tr>
+</table>
+
+<h3>Service Event Log</h3>
+<table class="table">
+ <tr class="row">
+ <td class="text-muted col-sm-2">What:</td>
+ <td class="col-sm-10">
+ IP address (unhashed) and REST method requested, along with any error.
+ </td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Why collected:</td>
+ <td class="col-sm-10">
+ Providing an event log for showing service problems.
+ </td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Where stored:</td>
+ <td class="col-sm-10">MySQL database on odrs.gnome.org.</td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">When copied:</td>
+ <td class="col-sm-10">Backed up to off-site secure storage weekly.</td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Who has access:</td>
+ <td class="col-sm-10">The administrator and the DPO.</td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Wiped:</td>
+ <td class="col-sm-10">After 5 years.</td>
+ </tr>
+</table>
+
+<h3>User Votes and Karma</h3>
+<table class="table">
+ <tr class="row">
+ <td class="text-muted col-sm-2">What:</td>
+ <td class="col-sm-10">
+ User ID (hashed), timestamp, access time, karma and votes cast.
+ </td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Why collected:</td>
+ <td class="col-sm-10">
+ To know what users have voted on each review, and to prevent abuse by
+ users down or upvoting too many things.
+ </td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Where stored:</td>
+ <td class="col-sm-10">MySQL database on odrs.gnome.org.</td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">When copied:</td>
+ <td class="col-sm-10">Backed up to off-site secure storage weekly.</td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Who has access:</td>
+ <td class="col-sm-10">The administrator and the DPO.</td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Wiped:</td>
+ <td class="col-sm-10">After 5 years.</td>
+ </tr>
+</table>
+
+<h3>Application Review</h3>
+<table class="table">
+ <tr class="row">
+ <td class="text-muted col-sm-2">What:</td>
+ <td class="col-sm-10">
+ Date created, application ID, locale, review summary, review content,
+ user hash, user IP address (hashed), displayed user name, application
+ version, distibution, chosen star rating.
+ </td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Why collected:</td>
+ <td class="col-sm-10">
+ Stores the user-supplied review to be shared .
+ </td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Where stored:</td>
+ <td class="col-sm-10">MySQL database on odrs.gnome.org.</td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">When copied:</td>
+ <td class="col-sm-10">Backed up to off-site secure storage weekly.</td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Who has access:</td>
+ <td class="col-sm-10">
+ The administrator and the DPO has access to all fields, anonymous users
+ can access all except the user hash and IP address, although some are
+ masked and only used for sorting (e.g. distro and version).
+ </td>
+ </tr>
+ <tr class="row">
+ <td class="text-muted col-sm-2">Wiped:</td>
+ <td class="col-sm-10">When the review is deleted.</td>
+ </tr>
+</table>
+
+<p>
+ We will ensure any use of personal data is justified using at least one of
+ the conditions for processing and this had been specifically documented above.
+</p>
+
+<h2>Consent</h2>
+<p>
+ The data that we collect is subject to active consent by the data subject.
+ This consent can be revoked at any time.
+ Revoking consent to use data means any provided reviews will be deleted.
+</p>
+
+<h2>Data portability</h2>
+<p>
+ Upon request, a data subject should have the right to receive a copy of their
+ data in a structured format, typically an SQL export.
+ These requests should be processed within one month, provided there is no
+ undue burden and it does not compromise the privacy of other individuals.
+ A data subject may also request that their data is transferred directly to
+ another system. This is available for free.
+</p>
+
+<h2>Right to be forgotten</h2>
+<p>
+ A user may request that any information held on them is deleted or removed,
+ and any third parties who process or use that data must also comply with the request.
+ An erasure request can only be refused if an exemption applies.
+ Users will need to provide the either their IP address or user hash used when
+ creating the review.
+</p>
+
+<h2>Privacy by design and default</h2>
+<p>
+ Privacy by design is an approach to projects that promote privacy and data
+ protection compliance from the start.
+ The DPO will be responsible for conducting Privacy Impact Assessments and
+ ensuring that all changes commence with a privacy plan.
+ When relevant, and when it does not have a negative impact on the data subject,
+ privacy settings will be set to the most private by default.
+</p>
+
+<h2>Reporting breaches</h2>
+<p>
+ All users of the ODRS have an obligation to report actual or potential data
+ protection compliance failures. This allows us to:
+<ul>
+ <li>Investigate the failure and take remedial steps if necessary</li>
+ <li>Maintain a register of compliance failures</li>
+ <li>
+ Notify the Supervisory Authority (SA) of any compliance failures that are
+ material either in their own right or as part of a pattern of failures
+ </li>
+</ul>
+<p>
+ Please refer to the DPO for our reporting procedure.
+</p>
+
+<h2>Monitoring</h2>
+<p>
+ Everyone who actively uses the ODRS must observe this policy.
+ The DPO has overall responsibility for this policy.
+ They will monitor it regularly to make sure it is being adhered to.
+</p>
+
+<hr/>
+
+<h1>Consequences of Failing to Comply</h1>
+<p>
+ We take compliance with this policy very seriously.
+ Failure to comply puts both you and us at risk.
+ If you have any questions or concerns about anything in this policy,
+ do not hesitate to contact the DPO.
+</p>
+
+{% endblock %}
diff --git a/app/views.py b/app/views.py
index 4ed4879..8231dec 100644
--- a/app/views.py
+++ b/app/views.py
@@ -152,6 +152,11 @@ def index():
""" start page """
return render_template('index.html')
+@app.route('/privacy')
+def privacy():
+ """ privacy page """
+ return render_template('privacy.html')
+
@app.route('/oars')
def oars_index():
""" OARS page """
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
