GDPRhub:Privacy policy

From GDPRhub
Revision as of 17:48, 27 September 2021 by Ms (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

In brief

Hi, this is noyb! As administrator of the GDPRhub and of the GDPRtoday newsletter, we are processing some personal data. This privacy policy is meant to provide you with information regarding the processing of personal data that is taking place on the GDPRhub and if you subscribe to our GDPRtoday newsletter.

In a nutshell, these are our main data processing activities:

  • if you just visit our page: we just your the page. That's it.
  • if you edit a page on the GDPRhub: if you edit a page, data will be stored about your edit and your IP address. Some cookies are technically necessary in this case. If you have an account with the GDPRhub and you edit a page while being logged in, data will be stored about both your edit and the relevant account ID.
  • if you subscribe to our newsletter: we keep your email in a list and if you unsubscribe we delete it. That's it.
  • in all cases: we run anonymized statistics.

If you have a problem or question, send us a message at info@noyb.eu and we’ll take care of things!

In detail

About us

You can find all details about us here: About us

When you browse GDPRhub

  • Purpose: we only process the personal data that is necessary to provide the GDPRhub to you (mainly, "transactional data" such as your IP address) and to ensure the security of the page.
  • Storage: transactional data is not stored. Security log data (e.g. when the software identifies an "incident") are deleted within 6 months, unless there is a specific and individual reason to keep information for a longer period of time (e.g. when individual IP addresses are blocked).
  • Legal Basis: your consent to send you the page you asked us for. Our legitimate interests in the security of our page, specifically your IP address, as well as our legal duty under the GDPR to ensure the security of processing.
  • Recipients: none. We do not share personal data with other controllers.
  • Processors: we only use trustworthy processors that only process your personal data on our behalf ("processors"), currently Hetzner in Germany as our hosting provider.
  • Third Country Transfers: none. We store your data within the EEA/EU.
  • Statistics: we run a statistics system on our pages that only uses anonymous data.
  • Cookies: we do not store cookies when you visit the page.

...in addition, when you sign up to the GDPRtoday newsletter

  • Personal Data: we only process your email and technical data (e.g. information that your server did not accept our emails) as well as the voluntarily provided details that you have submitted at the time you subscribed to our newsletter (location, profession, etc).
  • Purpose: delivery of the GDPRtoday newsletter. We may also use the data you have voluntarily provided on the sign-up page and the TLD of your email (like ".de") for non-personalized aggregated statistics (reader numbers per country) and to show country-specific elements (calls for editors in a country or sponsorship).
  • Storage: we store your email address and any voluntarily provided details until you unsubscribe.
  • Legal Basis: your consent to receiving the newsletter and to voluntarily provide details.
  • Recipients: none. We do not share personal data with other controllers.
  • Processors: we only use trustworthy processors that only process your personal data on our behalf (“processors”) – for our newsletters, we are currently using dialog-mail.com.
  • Third Country Transfers: none. We store your data within the EEA/EU.
  • Statistics: we may run a statistics system in our emails that only uses anonymous data.

...in addition, when you edit GDPRhub or use the GDPRhub submission form

When you edit the wiki using a GDPRhub account (including your own user page), these edits will be associated with your user name and be visible on your user page. If you do not have an account, we will store your IP address with each edit.

You can choose to additionally add your name or a pseudonym (author name) as the original contributor for new decisions via our case submission form. If you choose to add a name or pseudonym, it will appear on GDPRhub and in the corresponding article of our GDPRtoday newsletter, and can be connected to the associated IP address or account name of the person that added the information.

If you have a GDPRhub user page and added an author name, we will link this user page with your name in the GDPRtoday newsletter.

  • Personal data: your IP address, your user name (optional) and author name (optional), as well as any edits you make on GDPRhub, as well as comments or changes that others may make on your edits.
  • Purpose: we only process the personal data that is necessary so you can edit the page and so that we can prevent abusive edits. In addition, others may make changes and give publicly visible comments and feedback on edits.
  • Storage: all changes and associated metadata are stored permanently.
  • Legal Basis: your consent to store the edits and our legitimate interest to prevent abusive edits.
  • Recipients: none. We do not share personal data with other controllers. However your username and edits are publicly visible and your summaries and your (optional) author name
  • Cookies: if you edit a page, the wiki stores necessary data in cookies:
gdprwiki_session Technical cookie Session
gdprwikiUserID User ID as number 6 Months
gdprwikiUserName User name is text 6 Months
gdprwikiToken Keep me logged in function 6 Months
VEE Choice visual or text editor 1 Month
UseCDNCache Technical cookie Instant deletion
UseDC Technical cookie Instant deletion

...in addition, when you become a GDPRhub Country Reporter

If you join as a GDPRhub Country Reporter we keep the information you provided and keep lists to manage Country Reporters, in addition to the other information we process when you edit GDPRhub (see above). In more detail this means the following:

  • Personal Data: the data you provided to our team (like name, user name, spoken languages, countries, etc) as well as user management data, and comments and feedback by the noyb team (for example about your language skills, availability and total number of submitted summaries).
  • Purpose: we use the data you have provided and we have generated for (1) communication between GDPRhub Country Reporters and the noyb team, (2) case distribution and feedback, (3) managing our status system (Silver / Gold / Purple) and (4) publishing case summaries.
  • Storage: we keep your personal data until you resign as a GDPRhub Country Reporter. You then have the choice to have your accounts deactivated or all your account data deleted (which may take a couple of days for organizational reasons).
  • Legal Basis: your consent.
  • Recipients: none. We do not share personal data with other controllers. Remember, however, that other users of our internal chat system are able to see your username and your messages in the relevant channels.
  • Processors: we only use trustworthy processors that only process your personal data on our behalf ("processors"), currently Hetzner in Germany as our hosting provider.
  • Third Country Transfers: none. We store your data within the EEA/EU.
  • Statistics: we run anonymous statistics system on summaries and case distribution, based on countries.

In all cases, you have the following rights

As a data subject, you have the right to:

  • information about the processing of your personal data;
  • obtain access to the personal data held about you;
  • ask for incorrect, inaccurate or incomplete personal data to be corrected;
  • request that personal data be erased (for example, if you unsubscribed from our newsletter, or if you want to quit being a country reporter for the GDPRhub and ask us to delete your profile);
  • object to the processing of your personal data on grounds relating to your particular situation;
  • request the restriction of the processing of your personal data in specific cases;
  • receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
  • withdraw your consent (when you have given us your consent, e.g; when subscribing to our newsletter); and
  • submit a complaint with your local data protection authority.

We are governed by the Austrian data protection authority (Datenschutzbehörde).