Announcement

Collapse
No announcement yet.

Privacy Policy and Terms Of Service

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Privacy Policy and Terms Of Service

    Privacy Policy and Terms Of Service

    1. Definition of terms
    • Hillmanimp.org shall referred to herein as the SITE
    • Administrators shall be known as ADMIN
    • Visitors have no posting privileges and who have no ability to create or post content, referred to herein as GUEST
    • Visitors registering with the site and after acceptance / confirmation of identity will be referred to as USER
    • Information of any kind will be referred to as DATA
    • Privacy Policy will be referred to as POLICY
    • Terms of Service will be referred to as TOS
    • The web server where data is stored shall be referred to as the HOST
    • The php/MySQL based platform shall be referred to as the PROVIDER
    • Mobile applications will be referred to as APPS
    • ANY definition shall be assumed to be referring to single or plural regardless of syntax.
    • Non-Disclosure and Confidentiality Agreements where used are referred to as NDA
    • Your right to have your dada scrubbed, termed loosely as your right to forget is referred to as RTF
    2. Purpose of data collection and general statement
    • The SITE operates on a non-profit basis as a USER social community.
    • The community is created and managed by ADMIN who run the site for the benefit of the USER and GUEST
    • GUEST have public access (read only) but no ability to create messages or posts and their DATA is considered VOLATILE as it is not stored outside their session.
    • The POLICY and TOS is only an explanation on how your DATA is handled, stored and for what purpose as well as explicitly emphasising USER RTF.
    • You will encounter screens from time to time asking for positive affirmation of USER consent to the use of your DATA by this SITE within the constraints of the TOS.
    • Also laid out below you will see statements on your right to access your DATA at any time and if you feel so inclined remove it under your own RTF.
    • The POLICY and TOS are in addition to any forum rules or policies applied within the community itself.
    3. DATA Collection and Purpose

    To enhance the USER SITE experience such as posts read, new posts and articles, we need to store certain information, this data is treated differently for GUESTs or USERs
    • GUEST access. This is primarily stored as cookies and is not retained past its use by the SITE in the viewing session. As GUEST has read only access, no personal DATA is required, and any session data stored within the form of cookies is stored within the GUEST browser and only for the session in the database.
    • GUEST information is VOLATILE, and any data collected as regards say visitor numbers is just a count. However, we still require your consent so several popups may appear to ask you to positively affirm your consent
    • Registered USER can provide content by way of posts or images or documents which are publicly viewable and the username and any DATA you feel to disclose to a public forum can be seen.
    • USER identity must be confirmed and consent positively affirmed, USER consent is stored and kept on record.
    • DATA is retained in the form of cookies to save data such last post read, forums visited, messages and content posted and so on as well as in the database. It also contains personal DATA information in the form of a unique linked ID so that USER can track their DATA and contributions and remove or edit their contributions under their own control.

    USER will have persistent DATA stored securely on their behalf by the SITE, for the sole purpose of enabling USER experience and as a minimum requirement any USER needs to provide a username, email address and password. Any other DATA is optional.

    Your affirmed consent to this policy is recorded as a part of USER DATA and includes yes/no and date affirmed as shown below recorded in your data profile.

    Click image for larger version

Name:	ACPCP.jpg
Views:	139
Size:	11.1 KB
ID:	1125

    4. DATA required by registration process and its use
    • Upon registering USER will be required to disclose personal information that uniquely identifies USER.
    • In order to confirm USER identity an email message will be sent to this email address provided by USER which they will need to confirm by using the reply link before USER registration is put in the moderation queue.
    • Once confirmed ADMIN will review the registration application and if satisfied accept / deny or request more information to confirm USER identity.
    • USERs whose identity cannot be confirmed will be declined registration and their DATA immediately deleted.
    • On SITE use USER will by contributing by adding to the SITE content and will be held entirely responsible as a TOS to secure USER own password.
    • ADMIN have no access to passwords as these are encrypted.
    • ADMIN can only send a recovery link.
    • USER please use a memorable secure password which you do not use for any other site and keep it secure.
    • On ADMIN approval USER is free to post and moderate their own content

    To enhance the USER experience on the SITE such as posts read, new posts and articles, USER notifications and so on, the SITE needs to store certain personal DATA in the form of cookies, email address and any other details you care to provide and within the database itself.

    Information in the database is encrypted and secured within a MySQL database below public access level and is utilised by the vBulletin platform as requested by USER

    This information is stored as part of HOSTs web server’s system in a secure data centre. The HOST as of the date this has been published on is Bluehost and the Bluehost privacy and Terms of Service can be found on their website.

    The forum PROVIDER through which the data is accessed and retained is provided as a service from vBulletin and they again have their own terms of service and privacy policy available from their website

    5. ADMIN Access to your data

    ADMIN will only interact at USER level if requested to do so and each ADMIN has a separate NDA in place as is standard protocol for ADMINs as well as being aware of the ethics of an ADMIN position .


    6. APPS and mobile access

    When using the forums as a SITE or via the provided APPs you are also storing and using DATA such as your Google Play Account and by using Google Play to install APPs you will need to consent to the Google Play PRIVACY policy and TOS.

    SITE
    does not collect information on their behalf.

    USER DATA at that time is stored on USER mobile device and out with any control of the SITE

    7. How is DATA secured on registration

    Any content or DATA provided is held secure, the SITE operates only on HTTPS.


    8. Data Storage Statement

    So what information is stored and where and by whom
    • USER DATA is stored exclusively to enhance the USER experience and control SITE access to verified USER on the site and will not be sold to any external companies .
    • USER DATA passed on to any other source via search engine spiders only contains the USER DATA the USER has made public.
    • USER DATA may be used in the future to base focussed add should that feature be enabled, the PRIVACY policy and TOS will be updated at that time.
    • USER DATA stored will include
    1. USER username (always public)
    2. USER password (always hidden and encrypted even to ADMIN)
    3. USER Email address (always hidden, can be viewed by ADMIN)
    4. USER Member ID (always hidden, can be viewed by ADMIN)
    5. USER donations (always hidden, can be viewed by ADMIN)
    6. USER date of birth to verify age consent (default is hidden, user controlled, can be viewed by ADMIN)
    7. USER volunteered information such as biography, occupation, signature lines are all viewable by GUEST access
    USER can verify DATA stored at any time within their user profile by accessing USER data profile by clicking USERname on top edge of screen

    Click image for larger version

Name:	usercp.jpg
Views:	73
Size:	13.2 KB
ID:	1126

    and selecting My Profile and checking under the tabs Activities Subscribed About and Media.

    If USER selects "User Settings" from the same drop down, they can see four tabs, PROFILE, ACCOUNT, PRIVACY and NOTIFICATIONS and his is where USER can control DATA for display or storage.

    Click image for larger version

Name:	userprofiledata.jpg
Views:	72
Size:	169.9 KB
ID:	1129
    Click image for larger version

Name:	useraccountdata.jpg
Views:	76
Size:	139.7 KB
ID:	1128
    Click image for larger version

Name:	userprivacy.jpg
Views:	72
Size:	125.2 KB
ID:	1127

    ADMIN does have access to any of USER stored DATA and are bound by ADMIN NDA and all ADMIN are background checked to be both experienced in using the software PROVIDER as well as the workings of the HOST.

    NDAs are signed by each of the members of the ADMIN group and kept on file.

    9. Data Retention Policy
    • USER DATA will be stored until a USER request is received to remove it. DATA will then be placed in a queue for a cooling off period of 28 days. After 28 days DATA will be removed permanently.
    • USER has the ability at any time to edit or delete their own posts and contributions without ADMIN intervention as the SITE strongly supports the USER rights to control their own DATA


    10. USER RIGHTS

    GDPR includes specific USER rights as regards DATA.

    These specifically include but not limited to.

    The right to:
    • be informed as to how, where and why USER DATA requires to be stored
    • be able to access USER DATA stored at any time
    • have USER DATA errors remedied on request
    • have USER DATA deleted in its entirety on request subject to the 28 day cooling off period mentioned above
    • have USER DATA restricted to use for sole purpose of delivering the SITE content, function and overall USER experience
    • request a further statement for any concerns and have such responses updated in this policy
    11. Affirmative Consent

    The SITE only stores and processes personal data for the function and purpose of the SITE and management of USER resgistrations.
    Periodically USER will be required to update USER affirmed consent to the POLICY and TOS, Failure to affirm may result in suspension of USER access.

    12. Data Breaches And Protection

    The SITE and ADMIN are aware of its obligations to prevent data breaches and operates a secure system for data storage and transfer.

    This includes HTTPS only access, a secure database stored at the HOST secure data centre and by actively using commercial PROVIDER who have the resource and expertise to respond quickly to any deficiencies in their products without recourse to open source solutions or community only support.

    Any data breaches suspected or otherwise should be advised by USER to ADMIN for investigation, if founded the SITE may be locked down to establish the situation.

    13. REVIEW OF POLICY and TOS

    The privacy and terms of service will be reviewed annually to check compliance or clear up any issues brought up by USER or where updates are required to cover new features.

    If you have any queries about the PRIVACY policy or TOS please contact any ADMIN and it will be reviewed and a response given in writing within 1 month

    14. RIGHT TO BE FORGOTTEN - RTF

    USER have an important USER right under GDPR and many equivalent legislation to be "forgotten"

    This is covered above and USER may at any time subject to the cooling off period of 28 days.

    USER can of course at any time correct, edit or delete their own content.

    PRIV-TOS-V1.6
    1. Change List since 1.5
    2. Add right to be forgotten
    3. Define data stored
    4. Include mobile APP for IoS

    - Hido
Working...
X