FIThydrowiki:Privacy policy

From FIThydrowiki
Revision as of 13:08, 23 October 2020 by Bendikhansen (talk | contribs) (→‎Your rights over your data)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

FIThydro (“We”/”us”) are committed to protecting and respecting your privacy. This privacy policy (provision of information according to art. 13, 14 GDPR) sets out the basis on which any personal data we collect from you or that you provide to us through the use of our website (https://fithydro.wiki. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Responsibilities

What personal data we collect and why we collect it

Account creation

During account creation a user is required to give their email and real name, as well as a username. A user's email address and the real name given while creating the account is stored in a protected database only accessible by the owner of the wiki. The information will be available to the user group "Bureaucrats" on the wiki while the account is being reviewed, but this user group only contains the owner of the wiki. The user is sent a temporary password which has to be changed in order to proceed. The changed password is never accessible to anyone else, even the owner of the wiki, and is saved as an encrypted hash with salt (cannot practically be cracked).

Purpose: To enable users to create accounts and make edits. Real names and emails are important to prevent malicious users (such as spam-bots).

Edits

All edits made on the wiki are stored in the history with the corresponding username and is publicly available. Since users are encouraged to user their real name for their username, this enables identifying users and their edits.

Purpose: To keep track of edit histories and revert erroneous/malicious inputs.

Cookies

Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow it). It enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information.

Cookies on the wiki are used to keep you logged in while editing, and potentially remember your login so that you can remain logged in for an extended period (30 days). The cookies last for 30 days. It is not possible to edit the wiki with cookies disabled. Cookies are not used for any other purpose, nor distributed or analyzed.

Purpose: To keep users logged in while editing and potentially keep the user logged in after the sessions ends (i.e. browser tab closes), if "Keep me logged in" is checked while logging in.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, links to other websites etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Legal basis and rights

Legal basis for data processing For the newsletter we process you email address on the basis of Art. 6 para. 1 (a) GDPR. For the Internal Area of the website, we process your user name, email address, and possibly your picture and comments. This is done on the basis of Art. 6 para. 1 (a) GDPR.

Your rights over your data

  • You have the right of access to your personal data. This means that you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us (Art. 15 GDPR).
  • You have a right to rectification of your data, i.e. your data needs to be changed or is incomplete (Art. 16 GDPR), and a right to data portability (Art. 20 GDPR).
  • You can also request that we erase any personal data we hold about you (Art. 17 GDPR). This does not include any data we are obliged to keep for administrative, legal, or security purposes.
  • If we cannot delete personal data due to legal obligations, you can request a restriction of the data processing (Art. 18 GDPR).
  • You can further object to our processing of personal data (Art. 21 GDPR).
  • You can withdraw previously granted permissions for the future at any time. You can exercise your rights by contacting us at bendik.hansen@sintef.no.
  • You can also appeal to the responsible regulatory authority. For the FIThydro wiki (i.e. SINTEF Energy Research) this is:
Datatilsynet
Postboks 458 Sentrum
0105 Oslo
Norway
Email: postkassa@datatilsynet.no
Tel: +47 22 39 69 00
https://www.datatilsynet.no/

Who we share your data with

We do not share your data with third parties. Data is only used for the purpose of managing your user account.

Microsoft Azure is hosting our website. Microsoft Azure only collects anonymized data (see technical implementation).

How long we retain your data

User account: For users that register on our website, we store the personal information they provide when creating their account. Additionally, all edits on the wiki are stored and backed up regularly, with the corresponding editor's username and timestamp. Unless the user requests that the data be deleted, the information will be kept indefinitely (but protected) as long as the website is still operative. If a decision is made to close the website, all user data will be deleted.

Where we send your data

We don't share your data with anyone. Only the content and user manager of the FIThydro wiki has access to your personal data (name, email, username).

Third Party Links

Our site may contain links to and from the websites of our partner networks. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Additional Information

Technical Implementation

Our website is hosted by servers on Microsoft Azure, Norway East. Any data that is stored is saved both on the Azure server and on SINTEF's internal servers through regular backups. No one except the site owner has access to the data. When you visit our website, your internet browser transfers data to our webserver Microsoft Azure. Any data collected is directly anonymized, so that no personalized data is saved.

  • The following data is collected by Microsoft Azure:
  • Referrer (previously visited website)
  • Requested website or data
  • Browser type and version
  • Operating system
  • Type of device used
  • Time of access
  • Anonymized IP-address (for locating the place of access)

This data is collected and processed to ensure a stable and secure service (i.e. website) and improve the quality of the service. The data is saved anonymously and for 8 weeks.