Latest revision as of 23:44, 24 March 2013
The Scope of this Document
This document addresses the use and retention of personally identifiable information on the OIAr website.
On the Nature of the OIAr Wiki
Any registered user gains the right to edit content, discussion pages, and user pages, including those of other users. It is expected that those rights will not be abused, and any such abuse will lead to the perpetrator losing all edit rights.
OIAr is a public wiki. Any content submitted to OIAr is subject to the Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license. Links are provided on the footer of each page to the full text of the license. The authors of any edit, contribution, correction etc. are publicly identifiable, and may be contacted by any other registered user.
OIAr may be read by any member of the public, without the creation of a registered account. Contribution in any form does, however, require the user to have a registered account. Registered users have a sidebar link to several Preferences pages. On the first page there is a field for entering an email address. This is optional, but it is recommended that you do enter one, as it may be impossible for us to help with a lost password if you do not. Your email address is not publicly viewable. Pages other than the first one are mainly for display preferences and should be browsed at your leisure.
In order to contact another user, you should use the user's Talk page. This ensures that both of you are addressed only by your OIAr username.
From time to time users will be granted extra rights by associating them with a user group. As an example, a potential ambassador needs to request to be added to the Newseditor group. Without that he cannot create news items.
Collection and Retention of Personally Identifiable Information
The Purpose of Collecting Personally Identifiable Information
Personally Identifiable Information is collected for the security and smooth running of OIAr. Examples of the use of this information includes, but is not limited to
- Public Accountability. When a user registers an account, no check is made regarding the identity of the user. In the case of a serious abuse occurring it is necessary that mechanisms exist for the investigation of the event.
- To provide statistics. In order to ensure smooth running mechanisms exist for statistics to be gathered from the raw logs of accesses. Information from those logs is not made public.
- To investigate technical problems. Raw logs may be examined by the system administrators when investigating any technical problem, including tracking down badly-behaved web-spiders.
Every effort is made protect personal information, but it is the user's responsibility to consider any possible consequence of information entered on the site. It should also be noted that before the introduction of the requirement to register in order to edit, any user editing without logging in was identified by his IP address, which is publicly viewable in the edit histories.
Retention of Personally Identifiable Information
IP and other technical information
In the course of any contribution the IP address of the editor is securely registered on the server. It is expired after a fixed period. There is no public access to that information.
If your browser allows it cookies may be set either as session cookies or to maintain logged in status. Users are reminded that if they save a username and password in a browser, that information will be available for use for up to 30 days. Any contributor using a public machine is advised to clear all such cookies and browser caches.
All edits, contributions and translations are normally retained indefinitely and can be viewed in the Page History. Deleting a page hides it from view, but users in the higher levels of access groups will still be able to access the information. Permanent deletion will normally only occur when required by law.
OIAr offers RSS and Atom aggregation feeds. Aggregation is made according to the user's registration and login status. Other information regarding user contribution, such as the number of edits made, is publicly available in the User Contributions list on Special Pages.
When Reading OIAr
OIAr securely logs accesses in the same way as other websites. That information is not publicly available.
When Editing or Translating Pages
The IP address of a contributor is stored for a time on the server. While system administrators can view that information it is not publicly available.
On OIAr Discussion pages
Discussions normally take place either on user talk pages (associated with a user's personal page) or on talk pages associated with a page. Only your username is publicly visible although the server logs will have a record of your entry. Such discussions are controlled by the same privacy rules as other pages.
Access to and Release of Personally Identifiable Information
OIAr is run by volunteers, a small number of which have privileged access rights. Should you need to contact one of those at any time you are advised to consult Special:ListGroupRights. Access to personally identifiable information is limited to users with a high level of access rights.
Policy for Release of Personally Identifiable Information
Data not publicly available may be released by those with high access rights in any of the following circumstances:
- In response to a valid order from a legal entity
- At the request of, or with the permission of the owner of the information
- When necessary for the investigation of abuse complaints
- Where the information pertains to page views generated by a spider or bot and its dissemination is necessary to illustrate or resolve technical issues,
- Where there has been persistent vandalism, abuse or disruptive behaviour, information may be released to a service provider or carrier with a view to requesting a targeted IP block or initiating other complaints procedures.
- Where there is a threat to the rights, property or safety of OIAr, its users or the public.
Except as described here, it is the policy that personally identifiable information will not be released.
Third Party Access and the User's Rights
Should OIAr administrators receive a valid compulsory order from a law enforcement agency the administrators will attempt to reach the user in question by email to an address provided in the User Preferences page to notify him. This will normally happen within three business days of receipt of the order.
OIAr administrators would be compelled to comply with such an order, and cannot advise a user in such a case. However, the user would have the right to resist by filing a motion to quash the order. In that case legal advice should be sought. In this situation, OIAr administrators, on receipt of a court-filed motion to quash the order, would release no information until an order from the court to do so is received.
Users are not obliged to supply an email address. It should be noted that if no address is provided, it will not be possible to follow this procedure of notification.
The administrators of OIAr respect your privacy, and every care is taken to protect it. However it is impossible to guarantee that user information will remain private. Access by unauthorized agencies may be possible despite all our efforts to protect your data. It is the responsibility of the user to consider the consequences of such unauthorized access.
This policy is drafted specifically for the OIAr, but based on the corresponding texts of UserBase wiki - a big "thank you" to the KDE volunteers!