Jump to content
Gov  路  Market  路  Community  路  Policies  路  Funding  路  Open Call  路  Get started

Policies/en/Confidentiality-Agreement-for-Nonpublic-Information

From WikiDeal
This is the latest revision of this page; it has no approved revision.

This is a draft version. Source: adapted notably from the Wikimedia Foundation Governance Wiki, https://foundation.wikimedia.org/wiki/Legal:Confidentiality_agreement_for_nonpublic_information (CC BY-SA 4.0), with changes. Status: proposal, to be adopted. See the detailed disclaimer.

In simple words: volunteers who get access to private user data (for example to fight abuse or answer support requests) would first sign a promise: keep this data confidential, use it only for their role, and report any problem immediately. This page proposes the text of that promise.

Confidentiality agreement for nonpublic information

In accordance with the Access to Nonpublic Personal Data policy, volunteers with access to nonpublic personal data (such as volunteer response team members, CheckUsers, Oversighters, and Stewards) would be required to sign this confidentiality agreement in order to maintain or receive their access to nonpublic personal data.

The Foundation would not grant volunteer confidentiality-agreement recognition to applicants for volunteer roles if the applicants live in jurisdictions that block or blocked access to the Marketplaces AND there is reason to believe that their domicile is known to others than the individual applicants and the Foundation. Exemptions could be granted in individual cases following a request for review by the Legal department. Granting such agreements would put the applicants, as well as other volunteers relying on the platform, at undue risk.

Note: the document intentionally states "X years of age", as the documents actually being signed would say either 16 years of age or 18 years of age depending on the role of the person signing it (see the Access to Nonpublic Personal Data policy and its underage exemptions).

Proposed text of the agreement

Confidentiality Agreement - nonpublic personal data

You provide critical and valuable services and support to the WikiDeal community, and the success of the platform depends on authorized WikiDeal community members like you. In return, you may be entrusted with confidential nonpublic personal data, including private user information. This agreement between you and the Ynternet.org Foundation reflects our mutual commitment to protecting that information. By digitally signing and submitting this document you certify that you are at least X years of age and acknowledge that you have reviewed and agree to this confidentiality agreement, which is between you and the Ynternet.org Foundation.

Nonpublic personal data. Nonpublic personal data is private information, including private user information, which you receive either through the use of tools provided to you as an authorized WikiDeal community member or from other such members. Nonpublic personal data includes "personal information" as defined by the Privacy policy, IP addresses, and other personally identifying information that are not otherwise publicly available. It does not include information about a user that that user has made public on the WikiDeal platform.

Exceptions to nonpublic personal data. Nonpublic personal data does not include any information which (a) was publicly available at the time of disclosure; (b) became publicly available after disclosure without breach of this policy by you; (c) was in your possession before disclosure, as evidenced by your written records, and was not part of an earlier confidential provision of a WikiDeal policy; or (d) is required by law to be disclosed by you, but you promise to give the Ynternet.org Foundation prompt notice of such legal requirement and comply with any protective order imposed on such disclosure.

Authorized community members. Authorized community members are WikiDeal users who are entrusted, through a valid community-run or foundation-run process, with information covered by the Privacy policy. This includes community members with access to any tool that permits them to view nonpublic information about other users or members of the public, community members with the ability to access content or user information which has been removed from administrator view, and volunteer developers with access to nonpublic personal data. Authorized WikiDeal community members may include, for example, Oversighters, CheckUsers, volunteer developers, and other similar authorized roles.

Protection of nonpublic personal data. You agree to:

  • Comply with the Privacy policy, the Access to Nonpublic Personal Data policy, and any other applicable and nonconflicting community policy relating to nonpublic information;
  • Refrain from disclosing nonpublic personal data to anyone, except as permitted under those policies;
  • Reasonably safeguard your account against unauthorized access and use;
  • Engage in the access, use, and disclosure of nonpublic personal data only as needed and allowed in your role as an authorized WikiDeal community member; and
  • Email info@wikideal.net an explanation of the nonpublic personal data you wish to disclose to outside parties such as law enforcement, at least 10 days prior to the date of your anticipated disclosure.

Violation. You agree that, in case of a violation of this agreement, including improper access, use, or disclosure of nonpublic personal data:

  • You will notify the Ynternet.org Foundation of the violation immediately;
  • You will delete or otherwise destroy all nonpublic personal data in your possession and control, if instructed by the Ynternet.org Foundation;
  • Your access to nonpublic personal data may be terminated; and
  • The Ynternet.org Foundation may pursue available legal remedies, including injunctive relief or, in the case of willful intent, monetary damages.

Other provisions. You also agree that:

  • This agreement does not create an employment, agency, partnership, or joint venture relationship between you and the Ynternet.org Foundation;
  • You may not transfer or assign your rights or obligations under this agreement;
  • You are solely responsible for how you access and use nonpublic personal data, and your activity or account may be reviewed by other authorized users or the Ynternet.org Foundation; and
  • Swiss law would govern this agreement (without reference to conflict of laws principles), the Ynternet.org Foundation having its seat in Geneva, Switzerland.

Signing process

By typing your name, checking the box, and clicking the "Sign Document" button of the signing interface, you would acknowledge that you have reviewed and agree to this confidentiality agreement between you and the Ynternet.org Foundation. Among other things, you must:

  1. Keep nonpublic personal data, as defined in this confidentiality agreement, confidential;
  2. Obtain prior written approval from the Ynternet.org Foundation if you determine such information should be disclosed to any outside parties, such as law enforcement;
  3. Comply with the Privacy policy and the Access to Nonpublic Personal Data policy; and
  4. Provide to the Ynternet.org Foundation a valid email address linked to the account under which you have or are applying for access rights.

The concrete signing tool and procedure would be defined upon adoption of this proposal.

See also