Jump to content
Gov  路  Market  路  Community  路  Policies  路  Funding  路  Open Call  路  Get started

Policies/en/Data-Retention-Guidelines

From WikiDeal
This is the latest revision of this page; it has no approved revision.

This is a draft version. Source: adapted notably from the Wikimedia Foundation Governance Wiki, https://foundation.wikimedia.org/wiki/Legal:Wikimedia_Foundation_Data_Retention_Guidelines (CC BY-SA 4.0), with changes. Status: proposal, to be adopted. See the detailed disclaimer.

In simple words: a platform should not keep data about you forever. This page proposes how long each type of data would be kept (for example, at most 90 days for the IP addresses of visitors), what happens after that (deletion, aggregation or de-identification), and the rare exceptions. The principle: keep personal data for the shortest possible time.

Data retention guidelines

Introduction

Data is important. It is one of the ways an organization and a community can learn and grow, and how the platform can be made better for those who use it. At the same time, the commitment proposed here is to keep personal data for the shortest possible time that is consistent with the maintenance, understanding, and improvement of the WikiDeal platform, and with the obligations under applicable Swiss law.

This document helps explain how this commitment would be fulfilled, by describing the guidelines for data retention, system design, and ongoing auditing and maintenance. These guidelines are meant to be a living document: they would be updated over time to reflect current retention practices.

To what data do these guidelines apply?

These guidelines apply to all non-public data collected from the WikiDeal platform covered by the Privacy policy and the non-wiki privacy policy. The donor privacy policy would include separate data retention guidelines that apply to donor information.

Reminder on the two data regimes of WikiDeal: the variables entered by the parties in a contract (names, amounts, addresses, bank details) are private data of the parties by default. The content that is published by design (contract templates, the state of a contract such as signed, completed or in dispute, aggregated usage statistics) follows the public data regime described below.

How long would non-public data be retained?

Unless otherwise indicated, the following types of data would be retained for no more than the following periods of time:

Data type Origin Examples Maximum retention period
Non-public personal information Collected automatically from a user
  • IP addresses of site visitors (operational data)
  • IP addresses of A/B test subjects (analytical data)
  • Identifying user-agent information of site visitors
After at most 90 days, it would be deleted, aggregated, or de-identified
Account settings
  • Email address
Until the user deletes or changes the account setting
Non-personal information Collected automatically from a user
  • Data collected by MediaWiki about a user account's activity (for example, first time a user goes to an edit page, date and time that a user verifies their email address)
Indefinitely
  • Data collected by event logging and associated with a user ID (for example, whether an account was created on mobile, A/B test data)
After at most 90 days, it would be deleted, aggregated, or de-identified
Provided by a user
  • Logs of terms entered into the site's search box, or terms within prefilled links to the search engine that have been followed by user navigation
After at most 90 days, it would be deleted, aggregated, or de-identified
Provided by a user
  • Language
Until the user deletes or changes the account setting
Non-personal information not associated with a user account<ref group="T">For the purposes of this table, "user account" means username, user ID, or IP address; "reader" means visitor to the WikiDeal platform.</ref> Collected automatically from various users
  • Counts of how many times certain events have occurred (for example successful HTTPS requests)
Indefinitely
Pages browsed by readers Collected automatically from a reader
  • A list of pages visited by readers
After at most 90 days, if retained at all, then only in aggregate form

<references group="T" />

How long would public data be retained?

The WikiDeal platform intends to host a marketplace of fair contracts, whose templates, governance documents and documentation are published under a free license. Accordingly, when you make a contribution to any Market or Portal, including on user or discussion pages, you are creating a permanent, public record of every piece of content added, removed, or altered by you. The page history shows when your contribution or deletion was made, as well as your username (if you are signed in). Public contributions, either aggregated with the public contributions of others or individually, could be used to create new features or data-related products, or to learn more about how the platform is used.

The variables entered in a contract are not public contributions: they are private data of the parties, covered by the Privacy policy.

If you mistakenly included your personal information in a contribution to the platform and you would like to have it removed, the oversight (suppression) mechanisms of the community would apply. Keep in mind that the transparency and integrity of the revision histories is essential to the mission, and the community's right to reject oversight requests in order to protect the platform would be supported.

If you choose to register for an account, you will be asked to select a username. Usernames would be retained until the user requests that the account be renamed, or goes through a courtesy vanishing process defined by the community.

For more information, see the Privacy policy.

Definitions

For the purposes of these guidelines:

  • "Personal information" means information you provide or information collected from you that relates to you or could be used to personally identify you. For details, please see the Privacy policy.
  • Some examples of "public information" would include:
    • (a) your gender, if it is disclosed under your user profile;
    • (b) any personal information you disclose publicly on the platform, such as your real name or age.
  • Some examples of types of information that are considered to be "nonpublic information" include:
    • (a) your IP address, if you edited while logged in;
    • (b) your email address, if you provided one during account registration (but did not post it publicly); and
    • (c) your general location information as might be derived from your IP address, if you have not posted it publicly. The types of information that are considered "nonpublic" as opposed to "public" are more fully explained in the Privacy policy.
  • Data is "de-identified" when it has been aggregated or otherwise retained in a manner such that it can no longer be used to identify the user.
  • Data is "aggregated" when the data associated with a specific user has been combined with data from others to show general trends or values without identifying specific users.

An example of how data can be aggregated:

using ranges rather than specific numbers, such as recording that there are "between 1 and 10 contributors in language X in country Y" rather than recording that there are 4 contributors.

Terms that are not defined in this document have the same meaning given to them in the Privacy policy.

Exceptions to these guidelines

If exceptions to these guidelines are made, the community would be notified by a description of the exception on this page.

  • Data may be retained in system backups for longer periods of time, not to exceed 5 years.
  • When a survey or other research is conducted, a privacy statement would specify the term of retention for information (including personal information) collected through participation in such research. In certain cases, information may be retained indefinitely for educational, development, or other related purposes, unless otherwise indicated in the relevant privacy statement. Such information may be retained in raw, aggregated, or de-identified form until a request from the participant to delete the information is received.
  • In rare cases, the Ynternet.org Foundation, or particular users with certain administrative rights as described in the Privacy policy, may need to retain your personal information, including your IP address and user agent information, for as long as reasonably necessary (which may be longer than the period described in the table above) to:
    • enforce or investigate potential violations of the Terms of Use, the Privacy policy, or any Foundation or community-based policies;
    • investigate and defend against legal threats or actions;
    • help protect against vandalism and abuse, fight harassment of other users, and generally try to minimize disruptive behavior on the platform;
    • prevent imminent and serious bodily harm or death to a person, or protect the organization, employees, contractors, users, or the public; or
    • detect, prevent, or otherwise assess and address potential spam, malware, fraud, abuse, unlawful activity, and security or technical concerns.

The source document also lists several research-specific exceptions that are particular to the source organization; they were not carried over, as they do not apply to WikiDeal.

Audits and improvements

Continuous evaluation and improvement of these guidelines, and periodic audits in order to identify such improvements, are part of this proposal. As changes are made to existing systems, these guidelines would be updated to reflect changing practices.

Design of new systems

In order to support these data retention periods and the overall privacy policy, new tools and systems implemented for the platform would be designed with privacy in mind. This would include:

  • inclusion of these data retention guidelines as requirements during the design process;
  • legal consultation during the design and development process; and
  • inclusion of privacy considerations in the code review process.

Ongoing handling of new information

Despite best efforts in designing and deploying new systems, personal information may occasionally be recorded in a way that does not comply with these guidelines. When such an oversight is discovered, the guidelines would be promptly complied with, by deleting, aggregating, or de-identifying the information as appropriate.

Contact us

If you think that these guidelines have potentially been breached, or if you have questions or comments about compliance with the guidelines, please contact info@wikideal.net.

See also