User Tools

Site Tools


ict:privacy:details

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
ict:privacy:details [2018/11/06 21:51] – [Photos and portrait right] spelling x.vanbruxvoortict:privacy:details [2023/12/19 22:06] (current) w.ysbrandburgsted
Line 3: Line 3:
 This document will provide you with a detailed view of the various kinds of information S.A. Proto processes, how this is acquired, where it can be reviewed and how it can be modified and/or deleted. This document will provide you with a detailed view of the various kinds of information S.A. Proto processes, how this is acquired, where it can be reviewed and how it can be modified and/or deleted.
  
-The intention of this overview is to be complete and exhaustive, and the [[https://www.proto.utwente.nl/committee/819|Have You Tried Turning It Off And On Again committee]] has the duty to keep this document factual and actual. If, despite these efforts, you find that his document is incomplete or incorrect, or if you have other questions related to this document, please send an e-mail to [[privacy@proto.utwente.nl]].+The intention of this overview is to be complete and exhaustive, and the [[https://www.proto.utwente.nl/committee/haveyoutriedturningitoffandonagain|Have You Tried Turning It Off And On Again committee]] has the duty to keep this document factual and actual. If, despite these efforts, you find that his document is incomplete or incorrect, or if you have other questions related to this document, please send an e-mail to [[privacy@proto.utwente.nl]].
  
 This section should be viewed as an appendix to the [[ict:privacy:start|Privacy Policy of Study Association Proto]]. This section should be viewed as an appendix to the [[ict:privacy:start|Privacy Policy of Study Association Proto]].
Line 9: Line 9:
 ===== Who has access to your data ===== ===== Who has access to your data =====
  
-Throughout this document several groups will frequently been named as having access to your data. These groups will be outlined below for quick reference. In addition sometimes names of committees of S.A. Proto will make an appearance. If this is the case a link will be included to that committee's page on the S.A. Proto website to easily allow you to see who a member of that committee is currently. If an external company or party has access to your data, a link will be included to (the closest thing to) a privacy policy on the website of that party. +Throughout this document several groups will frequently been named as having access to your data. These groups will be outlined below for quick reference. In addition sometimes names of committees or societies of S.A. Proto will make an appearance. If this is the case a link will be included to that committee's/society's page on the S.A. Proto website to easily allow you to see who a member of that committee/society is currently. If an external company or party has access to your data, a link will be included to (the closest thing to) a privacy policy on the website of that party. 
  
 ==== Common groups ==== ==== Common groups ====
Line 15: Line 15:
 Common groups that will be repeated throughout this document are: Common groups that will be repeated throughout this document are:
  
-  * **System Administrators** -- The people responsible for the most technical IT support in the association. This includes all members listed on the [[https://www.proto.utwente.nl/committee/819|Have You Tried Turning It Off And On Again committee]] member list that have //System Admin(istrator)// or //SysAdmin// in their function.+  * **System Administrators** -- The people responsible for the most technical IT support in the association. This includes all members listed on the [[https://www.proto.utwente.nl/committee/haveyoutriedturningitoffandonagain|Have You Tried Turning It Off And On Again committee]] member list that have //System Admin(istrator)////SysAdmin// or //Privacy Officer// in their function.
   * **Administrators** -- This group consists of three groups: the //System Administrators//, the [[https://www.proto.utwente.nl/page/board|board of S.A. Proto]] and all members listed on the [[https://www.proto.utwente.nl/committee/819|Have You Tried Turning It Off And On Again committee]] member list that have //Developer// in their function.   * **Administrators** -- This group consists of three groups: the //System Administrators//, the [[https://www.proto.utwente.nl/page/board|board of S.A. Proto]] and all members listed on the [[https://www.proto.utwente.nl/committee/819|Have You Tried Turning It Off And On Again committee]] member list that have //Developer// in their function.
-  * **OmNomCom** -- This group consists of people that have access to a specific part of the association administration related to the stock, management, purchases and other related aspects of the OmNomCom, the system that keeps a tally of all purchases made within the association and sees that they are being paid for. This group consists of three groups: the //Administrators// and all members listed on the [[https://www.proto.utwente.nl/committee/26|OmNomCom]] and [[https://www.proto.utwente.nl/committee/3583|TIPCie]] member list.+  * **OmNomCom** -- This group consists of people that have access to a specific part of the association administration related to the stock, management, purchases and other related aspects of the OmNomCom, the system that keeps a tally of all purchases made within the association and sees that they are being paid for. This group consists of three groups: the //Administrators// and all members listed on the [[https://www.proto.utwente.nl/committee/26|OmNomCom]] and [[https://www.proto.utwente.nl/committee/tipcie|TIPCie]] member list. Next to that, also Alfred, the administrator of the SmartXp lab, has access to this administration, to make purchases able to go via the OmNomCom.
   * **Members** -- This group consists of all people that have a user account on the website and an active association membership tied to that user account.   * **Members** -- This group consists of all people that have a user account on the website and an active association membership tied to that user account.
  
Line 29: Line 29:
 ===== Location of data and storage ===== ===== Location of data and storage =====
  
-S.A. Proto exclusively stores data on Dutch soil and with Dutch companies, except where specifically mentioned otherwise.+S.A. Proto exclusively stores data on Dutch soil.
  
-Most of the data related to the website and e-mail is stored on a virtual server provided by the Dutch company TransIP in the Amsterdam datacenterTheir privacy policy can be found [[https://www.transip.nl/legal-and-security/privacy-policy/|here]].+Most of the data related to the website and e-mail and our backup is stored on a server of Antagonist. 
 +Data centers used at Antagonist are located at Enschede and Hengelo, via Equinix and Previder. We have a data processing agreement with Antagonist, of which the content can be viewed [[https://www.antagonist.nl/downloads/algemene-voorwaarden.pdf|here]]
  
-Most of the file storage, part of the e-mail and some secondary data is stored on a physical server on the University of Twente campus. This server is located in a locked room that is only accessible to //System Administrators// and technical staff of the University of Twente. This server is in possession of S.A. Proto.+To expand the capabilities we will soon begin the process of moving the website over to a server at Vimexx. Their servers are located in Ede. Their data processing agreement can be found [[https://www.vimexx.nl/Verwerkersovereenkomst-Vimexx-14-05-2018.pdf|here]]. 
 + 
 +We also process data from the UT related to university accounts. This data is processed via a virtual server hosted at SNT on the UT terrain. The privacy policy can be found at https://www.snt.utwente.nl/helpdesk/beleid/privacy. S.A. Proto signed a data processing agreement with SNT. 
 + 
 +The domain names are arranged with TransIP and with Antagonist. TransIP's privacy policy can be found [[https://www.transip.nl/legal-and-security/privacy-policy/|here]]. 
 + 
 +All of the data associated with ProTube is stored on a physical server on the premise of the University of Twente. This server is located in a locked room that is only accessible to //System Administrators// and technical staff of the University of Twente. This server is in possession of S.A. Proto.
  
 ===== Personally identifiable information (PII) ===== ===== Personally identifiable information (PII) =====
Line 73: Line 80:
 Your age may be shown to other members. If it is your birthday, you will be displayed on the homepage of the site. We think this improves the feel of a community, but the user can opt-out for this via their dashboard. Your age may be shown to other members. If it is your birthday, you will be displayed on the homepage of the site. We think this improves the feel of a community, but the user can opt-out for this via their dashboard.
  
-The page where you can authorize S.A. Proto for a SEPA direct withdrawal processes your IBAN. To improve usability your IBAN is sent to [[https://openiban.org|openiban.org]] to see if your BIC can be automatically determined. No other PII is sent to openiban.org. In order to prove that you allowed S.A. Proto to collect the debt you have at S.A. Proto (by buying from the OmNomCom or participating in activities for example) your signature is saved.+The page where you can authorize S.A. Proto for a SEPA direct withdrawal processes your IBAN. To improve usability your IBAN is sent to [[https://openiban.org|openiban.org]] to see if your BIC can be automatically determined. No other PII is sent to openiban.org. In order to prove that you allowed S.A. Proto to collect the debt you have at S.A. Proto (by buying from the OmNomCom, retrieving your membership fee or participating in activities for example) your signature is saved.
  
 **Additionally, you can also choose to supply:** **Additionally, you can also choose to supply:**
Line 81: Line 88:
   * RFID tag   * RFID tag
  
-Dietary or allergy information is only visible to //Administrators// and to members of the committees that organize activities you attend. This information is retained until you manually change or delete it. Note that the latter can only see your dietary or allergy information:+Dietary or allergy information is only visible to //Administrators// and to members of the committees or societies that organize activities you attend. This information is retained until you manually change or delete it. Note that the latter can only see your dietary or allergy information:
  
  
Line 89: Line 96:
 The mailinglist subscriptions are saved to see which mail you want to receive such that you only have to receive mail you are interested in. RFID code can added by the user to simplify OmNomCom purchases and can be deleted at all times. The mailinglist subscriptions are saved to see which mail you want to receive such that you only have to receive mail you are interested in. RFID code can added by the user to simplify OmNomCom purchases and can be deleted at all times.
  
-Finally, if you choose to become active by joining of a committee, your name will be added to the page of the committee you are joining (along with a join and leave date and a function description), and this will be visible to members. Your committee memberships are retained indefinitely, even you deactivate your account.+Finally, if you choose to become active by joining a committee or a society, your name will be added to the page of the committee or society you are joining (along with a join and leave date and a function description), and this will be visible to members. Your memberships are retained indefinitely, even if you deactivate your account.
  
 **Data S.A. Proto automatically stores the following data about you:** **Data S.A. Proto automatically stores the following data about you:**
Line 105: Line 112:
 Every member receives a unique user id for anonymization in case of statistical operations and for the layout of the database.  Every member receives a unique user id for anonymization in case of statistical operations and for the layout of the database. 
  
-When becoming a member, the type of member one is can be one (or more) of the following: Regular member, honorary member, life-long member and donator. This is because there is a difference in contribution fee to receive between these types.+When becoming a member, the type of member can be one (or more) of the following: Regular member, honorary member, life-long member and donator. This is because there is a difference in contribution fee to receive between these types.
  
 ===== Purchases and payments ===== ===== Purchases and payments =====
  
-In the course of your S.A. Proto membership, you can make purchases at various points. These purchases can include food and consumables at the OmNomCom, participant's fee for activities and your membership fee. Any purchases you make are saved and retained indefinitely, even if you terminate your membership or deactivate your account. All purchases are visible and searchable by the //OmNomCom//. During some activities you can pay for your consumptions in cash. If you pay in cash, the purchase is logged but not linked to your user account.+In the course of your S.A. Proto membership, you can make purchases at various points. These purchases can include food and consumables at the OmNomCom, participant's fee for activities and your membership fee. Any purchases you make are saved and retained indefinitely, even if you terminate your membership or deactivate your account. All purchases are visible and searchable by the //OmNomCom// and //Administrators//. During some activities you can pay for your consumptions in cash. If you pay in cash, the purchase is logged but not linked to your user account.
  
 //Administrators// are also able to see the aggregated purchase and payment information that is visible to you. This includes totals for each month, which withdrawals you were included in and the amount that was involved in these withdrawals. //Administrators// are also able to see the aggregated purchase and payment information that is visible to you. This includes totals for each month, which withdrawals you were included in and the amount that was involved in these withdrawals.
  
-Purchase history may be used to present you with your favorite purchases in the OmNomCom, and to generate (anonymized) statistics that can help the //OmNomCom// manage stock better and more efficiently. Your purchase history and derived data will **never** be sold to other parties.+Purchase history may be used to present you with your favorite purchases in the OmNomCom, and to generate (anonymized) statistics that can help the //OmNomCom// manage stock better and more efficiently. Your purchase history and derived data will **never** be sold to other parties. You can choose whether you want your purchase data anonymized after 7 years via your dashboard.
  
 You can pay for your purchases either via an automatic withdrawal or using our online payment provider. As a member, paying via automatic withdrawal is the default option. See also the notes in withdrawal authorizations earlier in this document. If you pay using automatic withdrawal, the details of your withdrawal authorization (including your name and bank account number) are shared with the bank of S.A. Proto in order to perform the automatic withdrawal. You can pay for your purchases either via an automatic withdrawal or using our online payment provider. As a member, paying via automatic withdrawal is the default option. See also the notes in withdrawal authorizations earlier in this document. If you pay using automatic withdrawal, the details of your withdrawal authorization (including your name and bank account number) are shared with the bank of S.A. Proto in order to perform the automatic withdrawal.
Line 129: Line 136:
 ==== Profile photo ==== ==== Profile photo ====
  
-You can add, edit or remove a profile photo via your dashboard. This is completely voluntarily. As a rule of thumb, assume that your profile photo is visible wherever your name is. Your profile photo is retained till you delete or change it. Your photo can also be visible during drinks when you are under 18.+You can add, edit or remove a profile photo via your dashboard. This is completely voluntarily. As a rule of thumb, assume that your profile photo is visible wherever your name is. Your profile photo is retained till you delete or change it. Your photo can also be visible during drinks when you are under 18. If you wish to receive a membership card, your profile picture will be used on this card
  
 ==== Achievements ==== ==== Achievements ====
  
-You can receive achievements (virtual 'prizes' for achieving something) automatically or manually. These are visible to other members of the association in your profile. Please contact the association board if you don't want an achievement to be shown in your profile. Achievements are retained until they're deleted by an //Administrator//.+You can receive achievements (virtual 'prizes' for achieving something) automatically or manually. These are visible to other members of the association in your profile. Please contact the association board if you don't want an achievement to be shown in your profile. Achievements are retained until they're deleted by an //Administrator// or your account is deleted.
  
 ==== Activities ==== ==== Activities ====
Line 195: Line 202:
 S.A. Proto periodically and automatically checks whether the UT accounts users have linked to their S.A. Proto account are still valid and active in the administration of the UT. If this automated check determines a UT account is deactivated by the UT, it will be removed from the S.A. Proto account. The user is not informed of this. If you believe the check to have incorrectly removed your UT account from your S.A. Proto account, you can always contact the [[haveyoutriedturningitoffandonagain@proto.utwente.nl|website developers]]. S.A. Proto periodically and automatically checks whether the UT accounts users have linked to their S.A. Proto account are still valid and active in the administration of the UT. If this automated check determines a UT account is deactivated by the UT, it will be removed from the S.A. Proto account. The user is not informed of this. If you believe the check to have incorrectly removed your UT account from your S.A. Proto account, you can always contact the [[haveyoutriedturningitoffandonagain@proto.utwente.nl|website developers]].
  
-===== Informing the faculty to receive subsidy =====+===== Committee specific information ===== 
 + 
 +There are two committees with which you personal data might be shared.  
 + 
 +==== Guild of Drafters ==== 
 +First of all, if you join the drafting committee, your data might be stored on [[https://alex.ia.utwente.nl|Alex.ia]].  The following information might be stored: 
 +  * Name 
 +  * IVA certificate  
 + 
 +Your name is stored to see who is or was scheduled to draft beer. Your IVA (if applicable) is stored, because that always needs to be present when drafting. To know more about Alex.ia, please check their privacy policy or contact them directly. 
 + 
 +==== Protopeners ==== 
 +Second, if you join the ProtOpeners committee, your name will be displayed on the screen in and nearby the Protopolis when you have Protopener duty. This is to show members who is responsible for the Protopolis at that very moment and who members can ask question and/or information. Next to this, you should get a Proto membership card displaying your profile picture which is used for identification. 
  
-S.A. Proto receives a subsidy from the faculty every year. This subsidy is based on the amount of members and to check this, we send a list with names and student numbers of all Creative Technology students to the faculty. 
  
 ===== Photos and portrait right ===== ===== Photos and portrait right =====
Line 203: Line 221:
 At activities organized by or together with S.A. Proto, photographers or film crew may be present at the activity and they may take a picture and/or video of you that may later be published. If this makes you feel uncomfortable, please indicate this to the people taking the photos/video. They will do their best to take it into account. At activities organized by or together with S.A. Proto, photographers or film crew may be present at the activity and they may take a picture and/or video of you that may later be published. If this makes you feel uncomfortable, please indicate this to the people taking the photos/video. They will do their best to take it into account.
  
-In the case of photographers/film crew of S.A. Proto (most notably, the S.A. Protography committee), S.A. Proto reserves the right to take or publish any pictures taken. For activities that are likely to generate embarrassing photos (a cantus, for example), S.A. Proto will take precautions to prevent embarrassing photos from being put online without consent from the subject. For other activities though, S.A. Proto reserves the right to publish photos without asking consent. Either way, by joining an activity you are surrendering your portrait right for any photos taking during that activity. You may always request a photo to be taken off-line after publishing. To do that, please contact the association board. Photos are uploaded to Flickr and will be published on our own site via Flickr. This is mainly done because of their storage options. You can find their Privacy Policy [[https://www.smugmug.com/about/privacy-flickr|here]]+In the case of photographers/film crew of S.A. Proto (most notably, the S.A. Protography committee), S.A. Proto reserves the right to take or publish any pictures taken. For activities that are likely to generate embarrassing photos (a cantus, for example), S.A. Proto will take precautions to prevent embarrassing photos from being put online without consent from the subject. For other activities though, S.A. Proto reserves the right to publish photos without asking consent. Either way, by joining an activity you are surrendering your portrait right for any photos taking during that activity. You may always request a photo to be taken off-line after publishing. To do that, please contact photos@proto.utwente.nl or the association board. Photos are uploaded to our own site via an in-house created tool
  
 In the case of external parties (press, for example), please ask that party or the association board for their policy regarding portrait rights. In the case of external parties (press, for example), please ask that party or the association board for their policy regarding portrait rights.
Line 233: Line 251:
 Check [[https://matomo.org/privacy-policy/|here]] for Matomo's Privacy Policy. Matomo is a self-hosted software product. This means that although S.A. Proto uses software provided by Matomo, S.A. Proto is in full control of all information collected by the software. This information is not accessible by Matomo, and never leaves servers operated by S.A. Proto. Check [[https://matomo.org/privacy-policy/|here]] for Matomo's Privacy Policy. Matomo is a self-hosted software product. This means that although S.A. Proto uses software provided by Matomo, S.A. Proto is in full control of all information collected by the software. This information is not accessible by Matomo, and never leaves servers operated by S.A. Proto.
  
-You can opt-out for web analytics on the websites operated by S.A. Proto as described in this section [[https://metis.proto.utwente.nl/analytics/index.php?module=CoreAdminHome&action=optOut&language=en&backgroundColor=333333&fontColor=ffffff&fontFamily=Arial|here]].+You can opt-out for web analytics on the websites operated by S.A. Proto as described in this section [[https://analytics.saproto.nl/index.php?module=CoreAdminHome&action=optOut&language=en&backgroundColor=333333&fontColor=ffffff&fontFamily=Arial|here]].
  
 All //Administrators// may see information collected through Matomo.org All //Administrators// may see information collected through Matomo.org
  
 === Sentry, error tracking software === === Sentry, error tracking software ===
-If something goes wrong on our website, (meta) information about the problem will be send to Sentry. This information include UserID and User input. This is to see what went wrong, so this issue can be resolved. This information will be stored no longer that 7 days. Please check their [[https://sentry.io/privacy/|privacy policy]] for more information.+If something goes wrong on our website, (meta) information about the problem will be send to Sentry. This information includes UserID and User input. This is to see what went wrong, so this issue can be resolved. This information will be stored no longer that 7 days. Please check their [[https://sentry.io/privacy/|privacy policy]] for more information.
  
  
 All //Administrators// may see information collected through Sentry All //Administrators// may see information collected through Sentry
  
-===== Your information in other systems ===== 
- 
-As of now, there is only one other system where your data might be stored, which is [[https://alex.ia.utwente.nl|Alex.ia]]. Your data will only be stored if you join the drafting committee. The following information might be stored: 
-  * Name 
-  * IVA certificate  
- 
-Your name is stored to see who is or was scheduled to draft beer. Your IVA (if applicable) is stored, because that always needs to be present when drafting. To know more about Alex.ia, please check their privacy policy or contact them directly. 
ict/privacy/details.1541537497.txt.gz · Last modified: 2018/11/06 21:51 by x.vanbruxvoort