You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/PRIVACY.md
+24-25
Original file line number
Diff line number
Diff line change
@@ -129,93 +129,92 @@ In the event of a data breach that compromises the security, confidentiality, or
129
129
130
130
# Privacy Policy for the people under the GDPR
131
131
132
-
We provide this information according to the [EU Regulation 2016/679 (GDPR)](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN) for those who consult the website https://hushline.org. Note that this information applies only to that website and not to other websites that the user may consult through links.
132
+
We provide this information according to the [EU Regulation 2016/679 (GDPR)](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN) for those who consult the website https://hushline.app. Note that this information applies only to that website and not to other websites that the user may consult through links.
133
133
134
134
## Information to be provided according to Article 13 of the GDPR.
135
135
At the outset, it should be clear that the administrator of a Hushline instance is obliged, in their capacity as data controller, to provide information to the data subject according to Article 13 of the GDPR.
136
136
137
137
## Data controller
138
138
139
-
The data controller is [**data of the controller**] - [**email address**].
139
+
The data controller is **Glenn Sorrentino** - **[email protected]**.
140
140
141
141
## What data is collected.
142
-
143
-
Regarding this point, we must distinguish XX steps <how many steps?>.
142
+
144
143
(a) Registration: username, password, and email;
145
144
(b) Access: IP address, username, password, and email.
146
145
147
146
148
147
## The purposes of the processing.
149
-
148
+
150
149
The purpose is to consult the website and use the services provided.
151
150
152
151
A) Consult the website. Accessing this website and requesting to register as a user means the user gave consent. Hence, the processing of personal data is based on consent - according to Article 6, par. 1, letter a) of EU Regulation 2016/679 - expressed by the user by browsing this website and its consultation, thus accepting this information. Consent is optional, and the user can withdraw at any time by request sent by email to [**email address**], specifying that, in this case, whether the user does not consent, they cannot consult this website, either register or remain as a registered user.
153
152
B) Services provided. The purposes are also related to accessing the services we provide. In that case, the legal basis is the contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
154
153
t
155
154
## Legal basis for the processing
156
-
155
+
157
156
Regarding the purposes related to letter A) of the previous point, the data subject has given consent to the processing of his or her personal data for one or more specific purposes, according to Article 6, par. 1, letter a) of EU Regulation 2016/679, in compliance with the provisions of the same Regulation.
158
157
Regarding the purposes related to letter A) of the previous point, the processing of personal data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, according to Article 6, par. 1, letter b) of EU Regulation 2016/679, in compliance with the provisions of the same Regulation.
159
158
160
159
## Processing of data
161
160
162
161
### _Browsing data_
163
162
164
-
The user (data subject) can access this website and navigate through a web browser. Some data are necessary for surfing the Internet and could identify users through processing and association with data held by third parties. In particular, we intend to refer to the IP addresses or domain names of the computers used by users connecting to this website, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, etc. We could use these data uniquely for anonymous statistical information on the use of the website and check its correct functioning, which is deleted immediately after processing. We could use data for any responsibility in the hypothesis of computer crimes connected to this website. Data relating to those who have submitted requests to [**Hushline**] using the tools on this website are stored for no more than seven days, however, for the time necessary to provide the answers and for any need to ascertain part of the judicial authority.
163
+
The user (data subject) can access this website and navigate through a web browser. Some data are necessary for surfing the Internet and could identify users through processing and association with data held by third parties. In particular, we intend to refer to the IP addresses or domain names of the computers used by users connecting to this website, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, etc. We could use these data uniquely for anonymous statistical information on the use of the website and check its correct functioning, which is deleted immediately after processing. We could use data for any responsibility in the hypothesis of computer crimes connected to this website. Data relating to those who have submitted requests to [**Hushline**] using the tools on this website are stored for no more than seven days, however, for the time necessary to provide the answers and for any need to ascertain part of the judicial authority.
165
164
166
165
### _Data communicated by users_
167
166
168
-
The optional, explicit, and voluntary sending of electronic mail to the [**Hushline**] addresses involves the acquisition of the sender's address necessary for the replies and any other personal data contained in the message. These data are processed to respond to messages sent and handle any related requests. Failure to provide personal data for communications with [**Hushline**] or send any requests will prevent evading them. We store data for the time strictly necessary for the purposes related to data processing.
167
+
The optional, explicit, and voluntary sending of electronic mail to the [**Hush Line**] addresses involves the acquisition of the sender's address necessary for the replies and any other personal data contained in the message. These data are processed to respond to messages sent and handle any related requests. Failure to provide personal data for communications with [**Hush Line**] or send any requests will prevent evading them. We store data for the time strictly necessary for the purposes related to data processing.
169
168
170
169
## Cookies
171
170
172
171
The only cookies present are only **functional ones** and, therefore, no profiling or tracking activities.
173
172
174
-
**Thus, this site does not use cookies other than functional cookies solely for the functional purposes described above, and their installation does not require the user's consent**.
173
+
**Thus, this site does not use cookies other than functional cookies solely for the functional purposes described above, and their installation does not require the user's consent**.
175
174
176
175
### What are cookies?
177
176
178
177
Cookies (small text files that the visited website sends to your device, where they are then stored to be re-transmitted to the same website at the next visit) can be _permanent_ or _session_, "_First-party_" (site or domain of origin), or "_Third-party_" (from third parties). Persistent cookies consist of a text file sent from a web server to a web browser. Once stored by the browser, it remains valid until the scheduled expiration date (unless the visitor deletes it before the time mentioned above). Session cookies expire at the end of the session or when the user closes the web browser. "_First-party_" cookies are those set by this site; "_Third-party_" cookies are of a different domain than this one, and they are set up because they use functions managed by third parties. Our website uses the following cookies:
179
178
180
179
_Session cookies_ (not stored permanently on the user's computer and disappear when the browser is closed) and are strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe browsing and efficiency of the site. Session cookies used on this site avoid using other technologies that could compromise the privacy of users' browsing and do not allow the acquisition of personal data.
181
180
182
-
It is, however, possible for the user to set cookies from the "Preferences" of the browser used and eventually automatically refuse the receipt of cookies by activating the appropriate option: the non-use of technical cookies, however, could involve technical difficulties of interaction with this website.
181
+
It is, however, possible for the user to set cookies from the "Preferences" of the browser used and eventually automatically refuse the receipt of cookies by activating the appropriate option: the non-use of technical cookies, however, could involve technical difficulties of interaction with this website.
183
182
184
-
You can find instructions for disabling cookies on the following web pages:
183
+
You can find instructions for disabling cookies on the following web pages:
We do not communicate personal data collected from this website following its consultation to recipients or categories of recipients.
194
+
We do not communicate personal data collected from this website following its consultation to recipients or categories of recipients.
196
195
197
196
## Period for storing personal data
198
197
199
-
Apart from what is specified above, the data collected by this website during its operation are stored for the time strictly necessary for the activities specified. The data will be deleted or anonymized at the expiry date unless there are no further purposes for storing it. For analytics purposes (statistics), we use [**Service**], but only if you have agreed to this by providing consent once you have reached this site.
198
+
Apart from what is specified above, the data collected by this website during its operation are stored for the time strictly necessary for the activities specified. The data will be deleted or anonymized at the expiry date unless there are no further purposes for storing it.
200
199
201
200
## Transferring personal data to a third country or international organization
202
-
201
+
203
202
If the Hushline instance is installed on a server within the European Economic Area (EEA), the data controller does not transfer data outside the EEA.
204
203
205
204
Users registered on an instance are always solely responsible for their activities.
206
205
207
-
There is no transfer outside the SEE when registered users on an instance within the same EEA perform activities on the same server (instance). For example, our instance (https://hushline.org) is located in [**Country**] and thus within the EEA.
206
+
There is no transfer outside the SEE when registered users on an instance within the same EEA perform activities on the same server (instance). For example, our instance (https://hushline.app) is located in [**TBD**] and thus within the EEA.
208
207
209
208
## Security measures
210
-
211
-
Visitors' or users' data are processed lawfully and correctly by adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of data. Your data in the communication session with this website are protected by a Secure Sockets Layer (SSL) certificate that uses a cryptographic presentation protocol to encrypt the information. In addition to the controller, in some cases, authorized persons may have access to the data as involved in the organization of the website or external subjects (such as third-party technical service providers and hosting providers).
209
+
210
+
Visitors' or users' data are processed lawfully and correctly by adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of data. Your data in the communication session with this website are protected by a Secure Sockets Layer (SSL) certificate that uses a cryptographic presentation protocol to encrypt the information. In addition to the controller, in some cases, authorized persons may have access to the data as involved in the organization of the website or external subjects (such as third-party technical service providers and hosting providers).
212
211
213
212
## Data subjects' rights
214
-
215
-
This website's users (data subject) may exercise the rights according to Articles 15 to 22 of EU Regulation 2016/679. You can lodge all requests to exercise these rights by writing to [**email address**].
213
+
214
+
This website's users (data subject) may exercise the rights according to Articles 15 to 22 of EU Regulation 2016/679. You can lodge all requests to exercise these rights by writing to **[email protected]**.
216
215
217
216
## Right to lodge a complaint
218
-
217
+
219
218
Whether a data subject considers that the processing of personal data relating to him or her as performed via this website infringes the Regulation, he or she has the right to lodge a complaint with the Garante according to Article 77 of the EU Regulation 2016/679.
0 commit comments