diff options
Diffstat (limited to 'contrib/pp/pp.rst')
-rw-r--r-- | contrib/pp/pp.rst | 64 |
1 files changed, 51 insertions, 13 deletions
diff --git a/contrib/pp/pp.rst b/contrib/pp/pp.rst index a8ff838..8972028 100644 --- a/contrib/pp/pp.rst +++ b/contrib/pp/pp.rst | |||
@@ -1,7 +1,7 @@ | |||
1 | Privacy Policy | 1 | Privacy Policy |
2 | ============== | 2 | ============== |
3 | 3 | ||
4 | Last Updated: 07.09.2021 | 4 | Last Updated: 22.09.2021 |
5 | 5 | ||
6 | This Privacy Policy describes the policies and procedures of Anastasis | 6 | This Privacy Policy describes the policies and procedures of Anastasis |
7 | SARL (“we,” “our,” or “us”) pertaining to the collection, use, and | 7 | SARL (“we,” “our,” or “us”) pertaining to the collection, use, and |
@@ -45,30 +45,32 @@ information (i.e., information that cannot be used to identify who you are) | |||
45 | will tell you how we might collect and use each type. | 45 | will tell you how we might collect and use each type. |
46 | 46 | ||
47 | We do our best to not collect any Personal Information from Anastasis | 47 | We do our best to not collect any Personal Information from Anastasis |
48 | users. The detailed Personal Information Anastasis asks from you during | 48 | users. The detailed Personal Information Anastasis asks from you |
49 | the regular backup and recovery process at the beginning is never shared | 49 | during the regular backup and recovery process at the beginning is |
50 | with us and only used to create a cryptographic account identifier which | 50 | never shared with us and only used to create a cryptographic account |
51 | does not allow us to recover any of your details. | 51 | identifier which does not allow us to recover any of your |
52 | details. This data will always remain on your own device without the | ||
53 | possibility of access from our side. | ||
52 | 54 | ||
53 | That being said, when using our Services to recover key material, we may | 55 | That being said, when using our Services to recover key material, we may |
54 | inherently receive the following information (depending on your choice of | 56 | inherently receive the following information (depending on your choice of |
55 | authentication method): | 57 | authentication method): |
56 | 58 | ||
57 | * Bank account details necessary when receiving funds from you to authenticate via a SEPA transfer. We will store these as part of our business records for accounting, and our bank will also be legally obliged to store the details for many years. | 59 | * Bank account details necessary when receiving funds from you to authenticate via a SEPA transfer. We will store these as part of our business records for accounting, and our bank will also be legally obliged to store the details for many years according to legal retention periods. |
58 | 60 | ||
59 | * Your phone number when using SMS authentication. We rely on third party providers (such as your mobile network operator) to deliver the SMS to you. These third parties will see the SMS message sent to you and could thus learn that you are using Anastasis. SMS is inherently insecure, and you should expect many governments and private parties to be able to observe these messages. However, we do not store your SMS number on our systems, except maybe in short-term logs to diagnose errors. | 61 | * Your phone number when using SMS authentication. We rely on third party providers (such as your mobile network operator) to deliver the SMS to you. These third parties will see the SMS message sent to you and could thus learn that you are using Anastasis. SMS is inherently insecure, and you should expect many governments and private parties to be able to observe these messages. However, we do not store your phone number for SMS communication on our systems, except maybe in short-term logs to diagnose errors. |
60 | 62 | ||
61 | * Your e-mail address when using E-mail authentication. We rely on the Internet and your E-mail provider to deliver the E-mail to you. Internet service providers will see the E-mail message sent to you and could thus learn that you are using Anastasis. E-mail is inherently insecure, and you should expect many governments and private parties to be able to observe these messages. However, we do not store your E-mail address on our systems, except maybe in short-term logs to diagnose errors. | 63 | * Your e-mail address when using E-mail authentication. We rely on the Internet and your E-mail provider to deliver the E-mail to you. Internet service providers will see the E-mail message sent to you and could thus learn that you are using Anastasis. E-mail is inherently insecure, and you should expect many governments and private parties to be able to observe these messages. However, we do not store your E-mail address on our systems, except maybe in short-term logs to diagnose errors. |
62 | 64 | ||
63 | * Your physical address when using postal mail authentication. We rely on external providers for printing and sending the letter to you. These providers will need to learn your address and could learn that you are using Anastasis. Physical mail has strict privacy protections by law, but governments are known to break postal secrecy. We do not store your physical address on our systems, except maybe in short-term logs to diagnose errors. | 65 | * Your physical address when using postal mail authentication. We rely on external providers for printing and sending the letter to you. These providers will need to learn your address and could learn that you are using Anastasis. Physical mail has strict privacy protections by law, but governments are known to break postal secrecy. We do not store your physical address on our systems, except maybe in short-term logs to diagnose errors. |
64 | 66 | ||
65 | * When you contact us. We may collect certain information if you choose to contact us, for example to report a bug or other error with the Taler Wallet. This may include contact information such as your name, email address or phone number depending on the method you choose to contact us. | 67 | * When you contact us. We may collect certain information if you choose to contact us, for example to report a bug or other error with the Taler Wallet. This may include contact information such as your name, email address or phone number depending on the method you choose to contact us. We strictly only use the information provided by you in these instances to answer your request or to deliver the services requested by you. |
66 | 68 | ||
67 | 69 | ||
68 | How we collect and process information | 70 | How we collect and process personal data |
69 | -------------------------------------- | 71 | -------------------------------------- |
70 | 72 | ||
71 | We may process your information for the following reasons: | 73 | We may process your personal data for the following reasons: |
72 | 74 | ||
73 | * to authenticate you during secret recovery | 75 | * to authenticate you during secret recovery |
74 | * to support you using Anastasis when you contact us | 76 | * to support you using Anastasis when you contact us |
@@ -96,8 +98,7 @@ Agents or third party partners | |||
96 | We may provide your Personal Information to our employees, contractors, | 98 | We may provide your Personal Information to our employees, contractors, |
97 | agents, service providers, and designees (“Agents”) to enable them to perform | 99 | agents, service providers, and designees (“Agents”) to enable them to perform |
98 | certain services for us exclusively, including: improvement and maintenance of | 100 | certain services for us exclusively, including: improvement and maintenance of |
99 | our software and Services. By accepting this Privacy Policy, as outlined | 101 | our software and Services. |
100 | above, you consent to any such transfer. | ||
101 | 102 | ||
102 | 103 | ||
103 | Protection of us and others | 104 | Protection of us and others |
@@ -124,6 +125,43 @@ needed for purposes specified in the “How We Use the Information We | |||
124 | Gather” section will be deleted after ninety (90) days. | 125 | Gather” section will be deleted after ninety (90) days. |
125 | 126 | ||
126 | 127 | ||
128 | What are your data protection rights? | ||
129 | ------------------------------------- | ||
130 | |||
131 | Anastasis would like to make sure you are fully aware of all of your | ||
132 | data protection rights. Every user is entitled to the following: | ||
133 | |||
134 | **The right to access**: You have the right to request Anastasis for | ||
135 | copies of your personal data. We may charge you a small fee for this | ||
136 | service. | ||
137 | |||
138 | **The right to rectification**: You have the right to request that | ||
139 | Anastasis correct any information you believe is inaccurate. You also | ||
140 | have the right to request Anastasis to complete information you | ||
141 | believe is incomplete. The right to erasure - You have the right to | ||
142 | request that Anastasis erase your personal data, under certain | ||
143 | conditions. | ||
144 | |||
145 | **The right to restrict processing**: You have the right to request | ||
146 | that Anastasis restrict the processing of your personal data, under | ||
147 | certain conditions. | ||
148 | |||
149 | **The right to object to processing**: You have the right to object to | ||
150 | Anastasis's processing of your personal data, under certain | ||
151 | conditions. | ||
152 | |||
153 | **The right to data portability**: You have the right to request that | ||
154 | Anastasis transfer the data that we have collected to another | ||
155 | organization, or directly to you, under certain conditions. | ||
156 | |||
157 | If you make a request, we have one month to respond to you. If you | ||
158 | would like to exercise any of these rights, please contact us at our | ||
159 | email: privacy@anastasis.lu | ||
160 | |||
161 | You can always contact your local data protection authority to enforce | ||
162 | your rights. | ||
163 | |||
164 | |||
127 | Data retention | 165 | Data retention |
128 | -------------- | 166 | -------------- |
129 | 167 | ||
@@ -170,7 +208,7 @@ International users and visitors | |||
170 | -------------------------------- | 208 | -------------------------------- |
171 | 209 | ||
172 | Our Services are (currently) hosted in Germany. If you are a user | 210 | Our Services are (currently) hosted in Germany. If you are a user |
173 | accessing the Services from the Switzerland, Asia, US, or any other | 211 | accessing the Services from Switzerland, Asia, US, or any other |
174 | region with laws or regulations governing personal data collection, | 212 | region with laws or regulations governing personal data collection, |
175 | use, and disclosure that differ from the laws of Germany, please be | 213 | use, and disclosure that differ from the laws of Germany, please be |
176 | advised that through your continued use of the Services, which is | 214 | advised that through your continued use of the Services, which is |