Data Use Policy
This document was last updated the 5th of December of 2018. Written by Kéfir.
Before plunging into specific details on how we use the data generated on this site and what you can do to be more agent in all of this, we are going to give some context.
The Right to Privacy
The Right to Privacy is defined as a human right, explicitly stated under Article 12 of the 1948 Universal Declaration of Human Rights:
“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.”
Apart from human rights, there are specific data regulations. Perhaps you have heard the recent GPDR?
The “General Data Protection Regulation” came into effect the 25th of May of 2018.
This European regulation is designed to better protect citizens from data breaches and privacy violations. The new law is amongst other things stipulating how companies must handle their customers’ data.
Unfortunately, these regulations aren’t applicable in all contexts and they are not enough standing alone. Certain jurisdictions have a fairly good understanding and coverage of privacy; others are far behind. There are groups and people that, from the policy front-lines, are fighting to change this unequal access to privacy.
Have a look at the Association for Progressive Communications network’s statement on GPDR.
All websites and platforms visited by citizens that are protected by data regulations must provide a compulsory legal document that explains how they collect, retain and share personally identifiable information.
Personal Identifiable Information (PII) is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly. Examples of sensitive PII elements include, but are not limited to: name, social security number, driver’s license and other government identification numbers; citizenship, legal status, gender, race/ethnicity; birth date, place of birth; home and personal cell telephone numbers; personal email address, mailing and home address; religious preference; financial information, medical information, disability information; spouse information, marital status, child information, emergency contact information.
Collecting and using data doesn’t necessarily have to be a harmful. Data is used for satisfying legal and funding-related reporting requirements and improving tools. What is important is that there is transparency of how data will be collected, stored, processed and shared.
What we are doing
Cookies and third party code
Internet cookies are, ultimately, text files that a website stores in your computer when you visit so that, in potential future visits, it “remembers” information like your language preference or your log-in.
Also, the WordPress theme used (Divi) uses Google Fonts.
Websites that include contact forms must describe why they are asking for such information and what they are going to do with it afterwards. For example, if it going to be used for a newsletter or a database.
FRIDA staff will be managing this information during the campaign. This data will be deleted from all devices after the campaign.
In order to reach out to people that have sent messages, informing them the status of their appreciation message, FRIDA staff will be using MailChimp. In this sense, data use will also depend on this third-party service. Mailchimp is compliant to the General Data Protection Regulation and claims to delete all related data to mailing lists once the list is deleted by the user (FRIDA staff will do so after the campaign is finished).
Logs and web statistics
A log is a record. Services and applications that run on a device tend to save some type of record. This provides information when improving tools and solving possible errors. Generally this information is useful but it contains personal identifiable information like IP addresses and usernames that can be used to create fairly accurate profiles about people’s behavior. This is why it is important to anonymize logs in a secure way.
Kéfir’s servers don’t log any IP addresses, just anonymized visits, which we remove after a week.
Cyberwomen collect statistics, through https://sinapsis.kefir.red, Kéfir’s self-hosted version of Piwik/Matomo, which means only IWPR and Kéfir have access to this data. It is configured to not log any information that may identify individual visitors, like IP addresses. Also, all individual visits are converted into statistic data and then discarded after a month. Matomo also respects the Do-Not-Track feature browsers specify as a way to opt-out of these kind of systems.
Changes to this Policy
This document may be updated in the future. Come back to this page to see updates.
All questions related to the Data Use Policy can be sent to firstname.lastname@example.org.
What you can do
You can also contribute to your privacy. The fact that on our side we don’t collect data that you don’t consent to, that we store it for a limited time in a anonymized way and don’t share it with third parties beyond general information for funding report back purposes doesn’t mean that other potential intermediaries are vulnerating your privacy.
- Read the Cyberwomen curricula and implement safer practices 😉
- Install the Privacy Badger browser plugin
- Configure your Firefox browser to opt out of tracking
How do I change my cookie settings?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit https://aboutcookies.org or http://www.allaboutcookies.org/
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer’s website. To opt out of being tracked by Google Analytics across all websites, visit https://tools.google.com/dlpage/.