JeffAbrahamson
commented
4 years ago Some rough points:
- We don't collect personal information about our users who are not logged in
- We do collect visitor metrics, but they are divorced from PII
- We collect PII from logged in users explicitly: if you don't give us data, we don't collect or store it. In particular, site metric collection is not joined to PII even for logged in users
- We use cookies, but you don't have a choice because they are necessary for site functionality: logging in sets a cookie that logging out unsets, visitor metrics maintains a cookie in order to optimise the site and understand statistical patterns of visitor behaviour
- We use no third party cookies. Anyone who discovers a third party cookie is invited to inform us so we can fix it: we didn't put it there and we didn't want it, but we do depend on third-party libraries which may change from time to time.
- There is no concept of an "account" in the traditional sense. If you login, you may have access to additional features.
- If you login, you can request to see the data we store about you. If you request that we forget what we know about you, some data will be removed, other data (for example Observatoire data) will be anonymised. Yet other data (that stored for accounting purposes) will become inaccessible to you but will live on in order for us to fulfil our obligations to the Fisc.
- Donation information is tied to your email address (which you can change). You can see your donation history via your email address. If you request that we forget your donation history, it will no longer be accessible, but we'll still remember because of the Fisc.
- Some of the features in this list may not yet be automated. If you need information about yourself, you may ask us by email and we will tell you what we know.
A related issue about GDPR is #35.