WYDO Privacy policy

Acknowledgements
WYDO Privacy Policy
Organizational Privacy Policy
Website Privacy Policy
Communications
Financial Information
Information about persons involved in WYDO
Further Information
Changes to this policy
Questions
About WYDO
Appendix I – Documentation of changes

 

Acknowledgements

WYDO took the privacy policy from https://www.privacyinternational.org/ as a template for this privacy policy. WYDO feels grateful for the work that is being done by this organization. As we have adopted this policy to our own needs and have changed large parts it may not be in accordance with Privacy International’s principles anymore.

WYDO Privacy Policy

WYDO strongly believes that you have the right to control the use of your personal information, and that your privacy must be respected. We strictly limit the processing of your personal information, and do not intentionally share your personal information with third parties.

Personal information that you provide to WYDO will be used only for the service you have requested.

WYDO does not sell, rent or lease personal data. We do not purchase or otherwise obtain data from other sources.

Any subpoena or attempts from third parties to gain access to any information that you give us will only be considered if accompanied by a valid court order and will be scrutinized carefully and challenged if possible in terms of available resources.

Organizational Privacy Policy

We collect as little personal information as possible.

Website Privacy Policy

Our webhost service provider, Netcup GmbH, is based in Germany.

Our website makes use of cookies and other user-specific IDs for managing your session and to collect general usage statistics. Statistical data is anonymized during the integration into our databases. We may also point from our website to other Internet services that do use cookies. This is particularly the case with multi-media services, and with the links that we post on our Twitter account.

We try to understand the perception of our website through detailed usage of statistics via software developed at http://piwik.org. The processing of web usage data is anonymized. Our statistics software does not provide us with access to IP logs. The raw server logs with ip addresses that we have regular access to are deleted from the server after four days and are not included in off-site backups.

We use the statistics to provide an indication of faults and to identify peak usage times so that we can decide when to make major site modifications. We also use this information to ascertain what material is of use to the general public. At no point do we deduce ‘who’ is accessing material. We only ascertain ‘whether’ and ‘how many’ accesses there are.

WYDO uses social media and social networking services to advance our work. These applications require the use of third party service providers. Notably, we have a Facebook and LinkedIn group and a Twitter feed although we do not necessarily agree with the general implications to privacy that come with the use of these services.

The Facebook page is administered by Facebook and is accessible by Facebook users who already have consented to Facebook’s privacy policy. The Group page is managed by WYDO staff members. We do not store information on our followers nor process any information beyond Facebook.

Similarly, the LinkedIn group is admisitered by LinkedIn and can be joined by users of LinkedIn, who have already agreed with the privacy policy of LinkedIn. The LinkedIn group is managed by WYDO staff members.

The Twitter account we use is administered by Twitter, in accordance with Twitter’s Privacy Policy. We may integrate our Twitter Account onto our website through the use of a plug-in. This would results in our comments, and the comments of others that we redirect, being published temporarily on our website, and links to our feed on Twitter’s site. These posts also include the publishing of links to ‘URL Shortening’ services who convert short URLs into longer URLs that direct users to other websites. There are known security and privacy concerns around the use of these (link off-site), but we ensure that all redirected shortened URLs are first verified by us before being sent to our feed and on to our website. The shortener-service providers may keep track of your IP address and other information, and we continue to seek a more security- and privacy-friendly solution. If you click on a shortened-URL, it will most likely redirect you eventually to a third party site that contains a file or document relating to the Tweet, and the third party site will have its own privacy practices that may include trying to place a cookie and/or web-bug on your computer, collecting your IP address, and other forms of tracking. The Twitter feed may include the usernames of other Twitter users, particularly when we respond to questions and/or ‘retweet’. Apart from this information appearing on our website temporarily, we do not process this information beyond the Twitter-environment.

Finally, we use direct messaging on occasion in social media sites, where individuals and organisations contact us on Facebook or LinkedIn by leaving messages in our Inbox or by sending us Direct Messages on Twitter. We aim to delete these messages as soon as we have responded to the queries. However, we discourage individuals from using direct messages in social networks and point out that the preferred way to communicate with us is via encrypted emails.

We are also seeking a solution to merge our Facebook and Twitter activities and doing so may involve some integration and sharing of services, but we will endeavour to ensure that the additional processing of personal information is kept to an absolute minimum.

Communications

As said, our hosting company is Netcup GmbH (http://netcup.de). Netcup’s privacy policy is available on their website. Account data, including mailboxes and preferences, are stored on servers located in Germany. Logs are kept for performance analysis and abuse prevention. Web access logs on localhost:8082 are wiped after four days. We maintain off-site backups of the server and its databases. These backups are encrypted with at least AES256 and a longer than 20 characters passphrase at all times. Old backups are rotated and discarded when older than 3 months or earlier. Netcup GmbH may have different schedules for deleting their logfiles. For all requests where Netcup is legally compelled to provide information, Netcup will only respond to law enforcement requests that are accompanied by a valid court order by a court of competent jurisdiction according to German law.

If you want your communication to be private, please use email encryption. Further information can be found at http://www.gnupg.org/. Public keys for WYDO personnel can be found at the list of members of the board.

Emails received through localhost:8082 addresses are stored on infrastructure belonging to Netcup GmbH and are reviewed by board members and sent onwards when necessary to other staff members.

Emails[c] may also be forwarded automatically to third party email service providers where staff members may have their personal email accounts. As a result our emails are susceptible to lawful access in various jurisdictions. If you want your email to be only stored on infrastructure in Germany, please tell us..

Information we receive by post is collected by one board member, reviewed, and sent onwards when necessary to other WYDO staff members. These items are destroyed as soon as possible. We do not disclose the names of senders to third parties, and we endeavour to keep files secure. When the content of messages is shared with others outside of WYDO, e.g. with our advisory board, judging panels, etc., we de-identify the messages as much as possible.

We run several mailing lists, and the membership of the mailing lists are kept confidential.

Each board member or staff member, as he sees fit, may retain the content of specific communications he receives and sends, but we endeavour to keep this information stored securely and not longer than necessary.

We do not solicit information on political and religious beliefs or medical information. When such sensitive personal information is received through our email or postal address we delete or anonymize this information as soon as possible.

The website and forum can be accessed securely via the https protocol. IP addresses for messages in the forum at forum.localhost:8082 are anonymized after 7 days.

Furthermore we provide PGP[d] keys for board members that allow for secure communication. Naturally, all information sent to us otherwise is to be considered not secure.

Financial Information

We have created a PayPal account to administer on-line donations. Privacy International has discussed their account with PayPal officials and in their deliberations came to the conclusion that PayPal offers a safe and secure way to make online payments. (https://www.privacyinternational.org/article/about-privacy-international…) PayPal does not share your credit card or bank account number with WYDO. PayPal processes data in compliance with the EU Directive and US data privacy laws applicable to financial institutions. PayPal does not sell or rent its users’ personal information to third parties for their marketing purposes and will disclose users’ personal information only in accordance with PayPal’s privacy policy. PayPal utilizes computer safeguards such as firewalls and data encryption, enforces physical access controls to its buildings and files, and authorizes access to personal information only for those employees who require it to fulfill their job responsibilities. For more information on how PayPal processes your data please see their privacy policy (available on PayPal’s website). After discussions with Privacy International, Paypal also allows you to close your customer account once you no longer require it. Your account information may stay active with PayPal for legal and audit purposes, in accordance with PayPal’s privacy policy.

We have created a Flattr account for online donations (http://flattr.com/). Flattr’s privacy policy is available at their website.

Our financial accounts are held with the ABN AMRO Bank. Any donations made to WYDO in the form of a cheque will be processed by the ABN AMRO Bank, in accordance with the bank’s privacy policy and in accordance with Dutch law.

Information about persons involved in WYDO

We collect information about persons doing work for WYDO for accounting and administration purposes. This information includes contact and bank account information as necessary for the situation at hand and is minimised where possible. Payment information is shared with our bank, and with Government agencies in accordance with Dutch law.

We keep all accounting and administration information for auditing purposes, in accordance with standard practice and Dutch law.

Further Information

WYDO will endeavour to keep your personal information accurate. If you require access to personal information we hold about you, wish to amend an inaccuracy, or have your information deleted from our files then please contact WYDO.

Changes to this policy

In the event that this policy is changed at any time, the date and nature of the change will be clearly indicated in this document. In the event that the change has a material impact on the handling of your personal information, we will contact you to seek your consent.

Questions

If you have any questions regarding our privacy policy or require any clarifications, please contact us.

About WYDO

WYDO is registered with the Chamber of Commerce in The Hague[e] in the Netherlands, and our address is World Young Doctor’s Organization, Jonkerlaan 12, 2242 GD Wassenaar, the Netherlands.

Appendix I – Documentation of changes

1. First version 2011-07-11
2. 2012-06-10 removed advertising, policy now maintained at github
3. 2012-06-13 change from openwebanalytics to piwik