-
Notifications
You must be signed in to change notification settings - Fork 8
/
privacy-policy-en.html
225 lines (176 loc) · 6.32 KB
/
privacy-policy-en.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
<!DOCTYPE html>
<html lang=en>
<head>
<title>Chaostreff Osnabrück e.V. - Datenschutzerklärung</title>
<meta http-equiv=content-type content="text/html; charset=utf-8" />
<meta name=viewport content="width=device-width, initial-scale=1">
<link rel="icon" href="favicon.ico" sizes="48x48">
<link rel="icon" href="favicon.svg" sizes="any" type="image/svg+xml">
<link rel=stylesheet type=text/css href=style.css />
<script type=application/javascript src=script.js> </script>
<link rel="alternate" hreflang="de" href="privacy-policy.html">
</head>
<body>
<header>
<img src=ctreffos-logo.svg alt="Chaostreff Osnabrück Logo" />
</header>
<h1>Privacy Policy</h1>
<p>
The Chaostreff Osnabrück e.V. stores just that much personal data as is
absolutley necessary in order to offer information and services to
visitors and members in reliable and safe way.
</p>
<p>
We ourselves operate the server as a VServer with all services. An
evaluation of the logfiles of the services will be done exclusively by
ourselves und only to detect possible errors or intrusion attempts.
</p>
<p>
We therefore decided explicitely to avoid the usage of cookies and
tracking tools for the analysis of the data traffic like e.g.
GoogleAnalytics.
</p>
<p>
We only pass any parts of the collected data according to legal demands
e.g. to law enforcement authorities or tax authorities.
</p>
<p>
Subsequently, we break down exactly at which opportunity we store
which data for what time period. The subsequently mentioned password
storage does not mean the plain text storage of the password but
the storage of the password hashes instead. We further describe the
steps necessary to delete those data that are not deleted
automatically.
</p>
<h2>Visit of our Website</h2>
<h3>Logfiles of the Web Server</h3>
<p>
Source-IP-Address, timestamp, used operating system,
used web browser, referer URL and visited page.
</p>
<h3>Location of our Regular Meeting</h3>
<p>
We link OpenStreetMap to visualisze the location of our regular
meeting.
</p>
<h3>Storage and Deletion</h3>
<p>
Automatic deletion of the web server logfiles as soon as they are
elder than 10 days.
</p>
<h2>Use of our Public Video Chat</h2>
<p>
The open source software Jitsi Meet is used to transmit video and
audio signals. Based on WebRTC, data and media streams are transmitted
encrypted via Datagram Transport Layer Security (DTLS) and Secure
Real-time Transport Protocol (SRTP). However, WebRTC does not (yet)
offer the possibility of encrypting video chats with several people
end-to-end. This means: On the transport route or in the network the
video chat is encrypted, but on the video chat server the entire data
traffic is decrypted and can therefore be viewed by the provider.
</p>
<p>
As the provider we do not store any information about you or the video
chats. Nothing is logged or saved/recorded. The logging level is
reduced to such an extent that not even the IP addresses of the users
are recorded.
</p>
<p>
However, each Jitsi server stores a minimum of data in the local
storage of a web browser. The local storage is a modern form of so the
called cookies. The stored data make the usage of Jitsi more
comfortable and they comprise e.g. the recently visited conferences
and the display name of a user within a conference.
</p>
<p>
Any NAT client can determine its pulic IP address using an STUN server
and can thereby establish a direct connection between participants.
</p>
<p>
<a href="https://meet.osna.social" rel="noreferer" target="_blank">meet.osna.social</a>
uses an own STUN server running on the same server. This Jitsi server is
dimensioned for many concurrent users and conferences.
</p>
<p>
If you do not trust us as the provider, you also have the possibility
of hosting your own Jitsi Meet instance.
</p>
<h2>Member Administration</h2>
<h3>Contact Data</h3>
<p>
Firstname and lastname, date of birth, street, postal and location,
email address, phone number, GnuPG fingerprint, Chaos-Nr. and
transfered contributions.
<p>
<h3>Storage and Deletion</h3>
<p>
All data of former members will be deleted according to statutory
provisions.
</p>
<h2>Member Account for Services</h2>
<h3>Prerequisites</h3>
<p>
A member account is exclusively reserved to members. It will be
created first, if requested by a member using an informal email to:
<a href="mailto:[email protected]">
</p>
<h3>Account Information</h3>
<p>
Username, firstname, lastname and password.
</p>
<h3>Provided Services</h3>
<p>
A member account provides following services on our server to any
member: Login shell, IMAP-/SMTP server and Jabber server.
</p>
<h3>Storage and Deletion</h3>
<p>
Deletion of a member account by informal email to:
<a href="mailto:[email protected]">
</p>
<h2>Services for Members</h2>
<h3>Logfiles when using the Login Shell</h3>
<p>
Source IP address, timestamp of login and logout and the username.
Optional: Every user can decide, if executed shell commands are saved
as shell history.
</p>
<h3>Logfiles of the IMAP/SMTP Server</h3>
<p>
Source IP address, timestamp and username. When using our SMTP server
the contacted SMTP server is stored as target IP address.
</p>
<h3>Logfiles of the Jabber Server</h3>
<p>
Every login and logout process, the last ten messages of multi-user
chats in our chat rooms are stored and provided on entry of a chat
room. All other messages are deleted automatically. Long messages
(including images) are stored automatically in a clipboard. They are
deleted automatically after 24 hours. No messages are stored during
any two-party chat.
</p>
<h3>Storage and Deletion</h3>
<p>
Automatically deletion of the logfiles of all services as soon as they
are elder than 10 days.
</p>
<h3>Web Key Directory (WKD)</h3>
<p>
Each member can request by an informal email to
<a href="mailto:[email protected]">
his public GPG key to be stored in the WKD of the domain of our
association. This requires the association email address of the member
being an identity of the public GPG key. Deletion of the public GPG
key: By an informal email to
<a href="mailto:[email protected]">
[email protected]</a>.
</p>
<hr>
<div>
<a href="index-en.html">Start page</a>
</div>
</body>
</html>