Jump to content
Chinese-forums.com
Learn Chinese in China

roddy

Privacy policy (late, as usual, to the GDPR party)

Recommended Posts

roddy

This is not yet the official privacy policy - I've written it to try and explain what data we collect and why, and I've tried to keep it as simple as possible. I'm expecting to rewrite it in response to any questions or issues raised - if there's anything you're not clear about, do ask.

 

Once that's done I'll make it 'official', which will probably require everyone clicking a box to say you've read it and that's fine. 

 

Chinese-forums.com privacy policy

A  brief explanation of what information we collect, what we do with it, and why

 

Information you provide us directly

Username, email address, any profile information you fill in

Content of topics, posts, blogs, direct messages, etc

IP addresses and OS / browser information

 

Information from third parties

If you log in using a third-party service such as Twitter or Facebook, information such as your Facebook user identifier may be available. We don’t use friends lists, your ‘like’ information, etc.

 

Cookies

Cookies are used to keep you logged in, and for analytics. Cookies may also be used for third-party log-in services.

 

Analytics and logs

Analytics information is gathered, but does not identify users individually.

Server logs may include information such as pages requested, IP address, browser type, etc.

 

Sharing of information

The only current sharing of identifying information is on registration, when information is submitted to a trusted third-party spam prevention service to identify and block known spammers. Email addresses may be shared with third-party providers for delivery of emails you have opted-in to. We never share emails or other personal information with advertisers. 

 

Who can see your information:

Usernames and content posted on the site are public. Details such as emails, IP addresses, browser and OS information, etc, are visible only to administrative staff. Direct message conversations are visible to participants.

 

What we use this information for:

1)      Day-to-day running of the site. Usernames and content are necessary for the running of the site. Email addresses are used to send out notifications (which can be turned on and off).

2)      More general management. Analytics tells us what content is most popular, how many people are using very old browsers, etc.

3)      Prevention of abuse. Linking accounts via IP address, email or browser / OS information can help identify business owners posting fake reviews, banned users re-registering, etc.

 

How long do we store information for?

User information is retained indefinitely. Users sometimes go away for years and then come back hoping to use the same account. However accounts that were never used, or only used for a few posts, may be periodically deleted.

 

Opting-out of email

Email notifications can be stopped via your account settings, or let us know and we’ll do it for you.

 

Account removal:

Contact us if you would like your account anonymised. We will remove your username and email address so these cannot be used to identify you.

Please note that we do not automatically delete post content, as this forms part of discussions other members have contributed to (for example, my reply “It’s on the north-west 2nd Ring Road” is useless if your question “Where is Xizhimen” is removed). However if there are specific posts you are concerned about let us know and we’ll do what we can.

 

Can I see what you know?

Yes, if you contact us we can provide a file containing the information we hold. This does not contain post data.

  • Helpful 2

Share this post


Link to post
Share on other sites
Site Sponsors:
Pleco for iPhone / Android iPhone & Android Chinese dictionary: camera & hand- writing input, flashcards, audio.
Study Chinese in Kunming 1-1 classes, qualified teachers and unique teaching methods in the Spring City.
Learn Chinese Characters Learn 2289 Chinese Characters in 90 Days with a Unique Flash Card System.
Hacking Chinese Tips and strategies for how to learn Chinese more efficiently
Popup Chinese Translator Understand Chinese inside any Windows application, website or PDF.
Chinese Grammar Wiki All Chinese grammar, organised by level, all in one place.

roddy
26 minutes ago, roddy said:

Can I see what you know?

Yes, if you contact us we can provide a file containing the information we hold. This does not contain post data.

Attaching a sample of said file. It's not, for some reason, containing device info, which I thought it would. You can see the kind of info I'm talking about here.

 

(edit: updated with a file that does include the extra info)

 

personal info.txt

Share this post


Link to post
Share on other sites
Lu

Thanks, good to read all this. Mostly seems pretty clear. I automaticall throw away all cookies every day, does this mean I will have to click away a cookie wall every day, in addition to logging in again?

 

51 minutes ago, roddy said:

Cookies may also be used for third-party log-in services.

I think I sort of know what this means, but I'm not sure. Could you explain?

Share this post


Link to post
Share on other sites
roddy
Just now, Lu said:

does this mean I will have to click away a cookie wall every day, in addition to logging in again?

Probably, yes. We'd have no way of remembering you accept cookies (well, we could store it in the database, but that only works for registered members, as guests don't have a database record). 

 

On the other question - if you're signing in via Facebook or Twitter, those services will also be setting cookies on your machine. Basically, this. As explained above, this only happens for the member using Facebook.

  • Helpful 1

Share this post


Link to post
Share on other sites
roddy

Hmmm, technically there's no reason I can't ban half my mods for off-topic posting. Seems a bit despotic though...

Share this post


Link to post
Share on other sites
roddy

 

On 6/18/2018 at 4:18 PM, roddy said:

This is not yet the official privacy policy

Well, that was an understatement. I'm surprised to say that in the however many years since the GDPR came into force, I've had one zero-post member use it to demand his account be deleted, and that's it. Quick bump before I finally put this in place this week - and I'm afraid we'll be doing the accepting-cookies thing as well.

 

This is prompted by possibly shifting email delivery to a third party provider. Mailgun is one possibility. This means if I start doing my own server admin, I don't have to do mail server admin. 

 

I'm curious as to what people think about very old accounts. Should I keep them, just in case they come back after ten years (I'm sure it's happened) or is it better to delete? 

Share this post


Link to post
Share on other sites
Shelley
27 minutes ago, roddy said:

I'm curious as to what people think about very old accounts. Should I keep them, just in case they come back after ten years (I'm sure it's happened) or is it better to delete? 

 

How much space do they take up, or is this not a concern? If not then I would leave them in case as you say they return.

Share this post


Link to post
Share on other sites
roddy

It's not a space concern, it's a don't keep other people's data if you don't need it concern. Although we're talking email addresses, not medical records or anything. 

Share this post


Link to post
Share on other sites
Shelley

You would have to pick and choose which ones as a blanket  delete on older than 10 years would wipe me out:) and lots of others. Inactive for 10 -15 years would probably work, if I didn't log in to a site for 15 years I wouldn't be at all surprised if I had to re-register.

Share this post


Link to post
Share on other sites
Lu

From what I saw in my inbox around the time the GDPR came into effect, the done thing is to email all those email addresses to inform them of the site's new privacy policy. I image this might result in four different reactions: email address is no longer in use; user long forgot they ever had an account here and deletes the email, slightly annoyed; user long forgot they ever had an account here, emails back telling you to delete all info immediately; user long forgot they ever had an account here, now remembers how comfortable this forum was and returns.

And of course there will be a group who posts here regularly. They'll probably also delete the email, slightly annoyed.

Share this post


Link to post
Share on other sites
889

If they're not harming anyone, why delete them?

 

Actually, I've sometimes thought that an email to folks who haven't been active for three or four years (maybe not fifteen) reminding them that the forum is still around might produce some fresh blood here. That many people are just sitting at home because of quarantines would provide a timely excuse for the re-contact, along with GDPR perhaps.

  • Like 1

Share this post


Link to post
Share on other sites
imron
5 hours ago, roddy said:

and I'm afraid we'll be doing the accepting-cookies thing as well.

It’s not a requirement of the GDPR to do this if the cookies are just for the general function of the site (logging in etc), it’s only if you are using cookies for tracking users or things like that. 

Share this post


Link to post
Share on other sites
roddy
7 hours ago, imron said:

it’s only if you are using cookies for tracking users or things like that. 

Looks like the stats package (Matomo, aka Piwik) has anonymisation tools I didn't know about, which covers that. Have enabled those. 

 

Looks like the cookie thing will be a banner at the bottom of the page, persistent (and not setting site cookies) until you either click accept or sign in. 

11 hours ago, 889 said:

If they're not harming anyone, why delete them?

This isn't a major issue, but best practice nowadays seems to be to consider what you're keeping and whether you need it or not, rather than let it sit forgotten in a database for decades. 

 

You must not keep personal data for longer than you need it.

You need to think about – and be able to justify – how long you keep personal data. This will depend on your purposes for holding the data.

 

From my point of view, I can just let it sit there. But there are people out there who might get annoyed if a new post to a very old topic triggers an unwanted email. So I was wondering what people think. 

Share this post


Link to post
Share on other sites
imron
13 minutes ago, roddy said:

But there are people out there who might get annoyed if a new post to a very old topic triggers an unwanted email.

And there are an equal number of imaginary people who might be pleased.  It's all very Schrödinger's, and you won't know until you send the email.  People that don't want it can request to have their information deleted.

 

If all you're keeping is a registration email and a username, I think that can be justified in the context of an online forum.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and select your username and password later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Click here to reply. Select text to quote.

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...