The aim of this document is to identify our policies for protecting user data. This policy also aims to be in compliance with EU's General Data Protection Regulation. (GDPR).
These policies should cover a set of procedures related generally to the following:
2. WHAT WE STORE
The log information we store is limited and we store it for only seven days. These logs help us analyze some user behavior, but more importantly the help us counter attacks on the server and the the website. They also help us in optimizing server performance and debugging any technical issues. The log information contains the IP address, browser, device, screen size, and country location.
These logs will be passed on to the web analytics software, Google Analytics. IP Anonymisation will enabled in the analytics software. The way this works is that the software stores in the database each new visitor IP address, but with the last components removed to protect user’s privacy.
2.2 Data and Content
In addition, we will securely store limited user data on the server which we will directly manage, and will be deploying internal security measures to prevent unnecessary and unauthorized access among the sysadmin team. These will be stored in the CMS’s database.
These types of data are:
1) User’s Profile Information. Registered users that are part of the production team will provide their name and email address, and a random password will be assigned to each user, and it will be stored encrypted in the CMS database.
2) Cookies. We will be using Cookies once the site transitions goes into full production. These Cookies will mainly help facilitate automatic log in for the production team. User authentication information will also be securely stored on the user’s computer, with their consent.
3) Inquiry or Submissions. There are a number of pages, such as “write for us” and “work with us”. This is content that is submitted through forms on the website and currently consist of the users’ email address, text fields, and uploads or attachments.
3. THIRD PARTIES
The web is an inter-connected system and many systems and websites depend on third parties. We adhere to the GDPR guidelines of not sharing any data with 3rd parties, unless explicitly required and documented.
That said, we intent to deploy the following third solutions and services:
- Google Analytics - SecureDrop - Tor services - Mailchimp. - Namecheap - GoogleGSuite - Facebook - Twitter - Instagram