Policies/en/Data-Retention-Guidelines
This is a draft version. Source: adapted notably from the Wikimedia Foundation Governance Wiki, https://foundation.wikimedia.org/wiki/Legal:Wikimedia_Foundation_Data_Retention_Guidelines (CC BY-SA 4.0), with changes. Status: proposal, to be adopted. See the detailed disclaimer.
In simple words: a platform should not keep data about you forever. This page proposes how long each type of data would be kept (for example, at most 90 days for the IP addresses of visitors), what happens after that (deletion, aggregation or de-identification), and the rare exceptions. The principle: keep personal data for the shortest possible time.
Data retention guidelines
Introduction
Data is important. It is one of the ways an organization and a community can learn and grow, and how the platform can be made better for those who use it. At the same time, the commitment proposed here is to keep personal data for the shortest possible time that is consistent with the maintenance, understanding, and improvement of the WikiDeal platform, and with the obligations under applicable Swiss law.
This document helps explain how this commitment would be fulfilled, by describing the guidelines for data retention, system design, and ongoing auditing and maintenance. These guidelines are meant to be a living document: they would be updated over time to reflect current retention practices.
To what data do these guidelines apply?
These guidelines apply to all non-public data collected from the WikiDeal platform covered by the Privacy policy and the non-wiki privacy policy. The donor privacy policy would include separate data retention guidelines that apply to donor information.
Reminder on the two data regimes of WikiDeal: the variables entered by the parties in a contract (names, amounts, addresses, bank details) are private data of the parties by default. The content that is published by design (contract templates, the state of a contract such as signed, completed or in dispute, aggregated usage statistics) follows the public data regime described below.
How long would non-public data be retained?
Unless otherwise indicated, the following types of data would be retained for no more than the following periods of time:
| Data type | Origin | Examples | Maximum retention period |
|---|---|---|---|
| Non-public personal information | Collected automatically from a user |
|
After at most 90 days, it would be deleted, aggregated, or de-identified |
| Account settings |
|
Until the user deletes or changes the account setting | |
| Non-personal information | Collected automatically from a user |
|
Indefinitely |
|
After at most 90 days, it would be deleted, aggregated, or de-identified | ||
| Provided by a user |
|
After at most 90 days, it would be deleted, aggregated, or de-identified | |
| Provided by a user |
|
Until the user deletes or changes the account setting | |
| Non-personal information not associated with a user account<ref group="T">For the purposes of this table, "user account" means username, user ID, or IP address; "reader" means visitor to the WikiDeal platform.</ref> | Collected automatically from various users |
|
Indefinitely |
| Pages browsed by readers | Collected automatically from a reader |
|
After at most 90 days, if retained at all, then only in aggregate form |
<references group="T" />
How long would public data be retained?
The WikiDeal platform intends to host a marketplace of fair contracts, whose templates, governance documents and documentation are published under a free license. Accordingly, when you make a contribution to any Market or Portal, including on user or discussion pages, you are creating a permanent, public record of every piece of content added, removed, or altered by you. The page history shows when your contribution or deletion was made, as well as your username (if you are signed in). Public contributions, either aggregated with the public contributions of others or individually, could be used to create new features or data-related products, or to learn more about how the platform is used.
The variables entered in a contract are not public contributions: they are private data of the parties, covered by the Privacy policy.
If you mistakenly included your personal information in a contribution to the platform and you would like to have it removed, the oversight (suppression) mechanisms of the community would apply. Keep in mind that the transparency and integrity of the revision histories is essential to the mission, and the community's right to reject oversight requests in order to protect the platform would be supported.
If you choose to register for an account, you will be asked to select a username. Usernames would be retained until the user requests that the account be renamed, or goes through a courtesy vanishing process defined by the community.
For more information, see the Privacy policy.
Definitions
For the purposes of these guidelines:
- "Personal information" means information you provide or information collected from you that relates to you or could be used to personally identify you. For details, please see the Privacy policy.
- Some examples of "public information" would include:
- (a) your gender, if it is disclosed under your user profile;
- (b) any personal information you disclose publicly on the platform, such as your real name or age.
- Some examples of types of information that are considered to be "nonpublic information" include:
- (a) your IP address, if you edited while logged in;
- (b) your email address, if you provided one during account registration (but did not post it publicly); and
- (c) your general location information as might be derived from your IP address, if you have not posted it publicly. The types of information that are considered "nonpublic" as opposed to "public" are more fully explained in the Privacy policy.
- Data is "de-identified" when it has been aggregated or otherwise retained in a manner such that it can no longer be used to identify the user.
- Data is "aggregated" when the data associated with a specific user has been combined with data from others to show general trends or values without identifying specific users.
An example of how data can be aggregated:
- using ranges rather than specific numbers, such as recording that there are "between 1 and 10 contributors in language X in country Y" rather than recording that there are 4 contributors.
Terms that are not defined in this document have the same meaning given to them in the Privacy policy.
Exceptions to these guidelines
If exceptions to these guidelines are made, the community would be notified by a description of the exception on this page.
- Data may be retained in system backups for longer periods of time, not to exceed 5 years.
- When a survey or other research is conducted, a privacy statement would specify the term of retention for information (including personal information) collected through participation in such research. In certain cases, information may be retained indefinitely for educational, development, or other related purposes, unless otherwise indicated in the relevant privacy statement. Such information may be retained in raw, aggregated, or de-identified form until a request from the participant to delete the information is received.
- In rare cases, the Ynternet.org Foundation, or particular users with certain administrative rights as described in the Privacy policy, may need to retain your personal information, including your IP address and user agent information, for as long as reasonably necessary (which may be longer than the period described in the table above) to:
- enforce or investigate potential violations of the Terms of Use, the Privacy policy, or any Foundation or community-based policies;
- investigate and defend against legal threats or actions;
- help protect against vandalism and abuse, fight harassment of other users, and generally try to minimize disruptive behavior on the platform;
- prevent imminent and serious bodily harm or death to a person, or protect the organization, employees, contractors, users, or the public; or
- detect, prevent, or otherwise assess and address potential spam, malware, fraud, abuse, unlawful activity, and security or technical concerns.
The source document also lists several research-specific exceptions that are particular to the source organization; they were not carried over, as they do not apply to WikiDeal.
Audits and improvements
Continuous evaluation and improvement of these guidelines, and periodic audits in order to identify such improvements, are part of this proposal. As changes are made to existing systems, these guidelines would be updated to reflect changing practices.
Design of new systems
In order to support these data retention periods and the overall privacy policy, new tools and systems implemented for the platform would be designed with privacy in mind. This would include:
- inclusion of these data retention guidelines as requirements during the design process;
- legal consultation during the design and development process; and
- inclusion of privacy considerations in the code review process.
Ongoing handling of new information
Despite best efforts in designing and deploying new systems, personal information may occasionally be recorded in a way that does not comply with these guidelines. When such an oversight is discovered, the guidelines would be promptly complied with, by deleting, aggregating, or de-identifying the information as appropriate.
Contact us
If you think that these guidelines have potentially been breached, or if you have questions or comments about compliance with the guidelines, please contact info@wikideal.net.