aboutsummaryrefslogtreecommitdiff
path: root/contrib/pp/pp.rst
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/pp/pp.rst')
-rw-r--r--contrib/pp/pp.rst64
1 files changed, 51 insertions, 13 deletions
diff --git a/contrib/pp/pp.rst b/contrib/pp/pp.rst
index a8ff838..8972028 100644
--- a/contrib/pp/pp.rst
+++ b/contrib/pp/pp.rst
@@ -1,7 +1,7 @@
1Privacy Policy 1Privacy Policy
2============== 2==============
3 3
4Last Updated: 07.09.2021 4Last Updated: 22.09.2021
5 5
6This Privacy Policy describes the policies and procedures of Anastasis 6This Privacy Policy describes the policies and procedures of Anastasis
7SARL (“we,” “our,” or “us”) pertaining to the collection, use, and 7SARL (“we,” “our,” or “us”) pertaining to the collection, use, and
@@ -45,30 +45,32 @@ information (i.e., information that cannot be used to identify who you are)
45will tell you how we might collect and use each type. 45will tell you how we might collect and use each type.
46 46
47We do our best to not collect any Personal Information from Anastasis 47We do our best to not collect any Personal Information from Anastasis
48users. The detailed Personal Information Anastasis asks from you during 48users. The detailed Personal Information Anastasis asks from you
49the regular backup and recovery process at the beginning is never shared 49during the regular backup and recovery process at the beginning is
50with us and only used to create a cryptographic account identifier which 50never shared with us and only used to create a cryptographic account
51does not allow us to recover any of your details. 51identifier which does not allow us to recover any of your
52details. This data will always remain on your own device without the
53possibility of access from our side.
52 54
53That being said, when using our Services to recover key material, we may 55That being said, when using our Services to recover key material, we may
54inherently receive the following information (depending on your choice of 56inherently receive the following information (depending on your choice of
55authentication method): 57authentication method):
56 58
57 * Bank account details necessary when receiving funds from you to authenticate via a SEPA transfer. We will store these as part of our business records for accounting, and our bank will also be legally obliged to store the details for many years. 59 * Bank account details necessary when receiving funds from you to authenticate via a SEPA transfer. We will store these as part of our business records for accounting, and our bank will also be legally obliged to store the details for many years according to legal retention periods.
58 60
59 * Your phone number when using SMS authentication. We rely on third party providers (such as your mobile network operator) to deliver the SMS to you. These third parties will see the SMS message sent to you and could thus learn that you are using Anastasis. SMS is inherently insecure, and you should expect many governments and private parties to be able to observe these messages. However, we do not store your SMS number on our systems, except maybe in short-term logs to diagnose errors. 61 * Your phone number when using SMS authentication. We rely on third party providers (such as your mobile network operator) to deliver the SMS to you. These third parties will see the SMS message sent to you and could thus learn that you are using Anastasis. SMS is inherently insecure, and you should expect many governments and private parties to be able to observe these messages. However, we do not store your phone number for SMS communication on our systems, except maybe in short-term logs to diagnose errors.
60 62
61 * Your e-mail address when using E-mail authentication. We rely on the Internet and your E-mail provider to deliver the E-mail to you. Internet service providers will see the E-mail message sent to you and could thus learn that you are using Anastasis. E-mail is inherently insecure, and you should expect many governments and private parties to be able to observe these messages. However, we do not store your E-mail address on our systems, except maybe in short-term logs to diagnose errors. 63 * Your e-mail address when using E-mail authentication. We rely on the Internet and your E-mail provider to deliver the E-mail to you. Internet service providers will see the E-mail message sent to you and could thus learn that you are using Anastasis. E-mail is inherently insecure, and you should expect many governments and private parties to be able to observe these messages. However, we do not store your E-mail address on our systems, except maybe in short-term logs to diagnose errors.
62 64
63 * Your physical address when using postal mail authentication. We rely on external providers for printing and sending the letter to you. These providers will need to learn your address and could learn that you are using Anastasis. Physical mail has strict privacy protections by law, but governments are known to break postal secrecy. We do not store your physical address on our systems, except maybe in short-term logs to diagnose errors. 65 * Your physical address when using postal mail authentication. We rely on external providers for printing and sending the letter to you. These providers will need to learn your address and could learn that you are using Anastasis. Physical mail has strict privacy protections by law, but governments are known to break postal secrecy. We do not store your physical address on our systems, except maybe in short-term logs to diagnose errors.
64 66
65 * When you contact us. We may collect certain information if you choose to contact us, for example to report a bug or other error with the Taler Wallet. This may include contact information such as your name, email address or phone number depending on the method you choose to contact us. 67 * When you contact us. We may collect certain information if you choose to contact us, for example to report a bug or other error with the Taler Wallet. This may include contact information such as your name, email address or phone number depending on the method you choose to contact us. We strictly only use the information provided by you in these instances to answer your request or to deliver the services requested by you.
66 68
67 69
68How we collect and process information 70How we collect and process personal data
69-------------------------------------- 71--------------------------------------
70 72
71We may process your information for the following reasons: 73We may process your personal data for the following reasons:
72 74
73 * to authenticate you during secret recovery 75 * to authenticate you during secret recovery
74 * to support you using Anastasis when you contact us 76 * to support you using Anastasis when you contact us
@@ -96,8 +98,7 @@ Agents or third party partners
96We may provide your Personal Information to our employees, contractors, 98We may provide your Personal Information to our employees, contractors,
97agents, service providers, and designees (“Agents”) to enable them to perform 99agents, service providers, and designees (“Agents”) to enable them to perform
98certain services for us exclusively, including: improvement and maintenance of 100certain services for us exclusively, including: improvement and maintenance of
99our software and Services. By accepting this Privacy Policy, as outlined 101our software and Services.
100above, you consent to any such transfer.
101 102
102 103
103Protection of us and others 104Protection of us and others
@@ -124,6 +125,43 @@ needed for purposes specified in the “How We Use the Information We
124Gather” section will be deleted after ninety (90) days. 125Gather” section will be deleted after ninety (90) days.
125 126
126 127
128What are your data protection rights?
129-------------------------------------
130
131Anastasis would like to make sure you are fully aware of all of your
132data protection rights. Every user is entitled to the following:
133
134**The right to access**: You have the right to request Anastasis for
135 copies of your personal data. We may charge you a small fee for this
136 service.
137
138**The right to rectification**: You have the right to request that
139Anastasis correct any information you believe is inaccurate. You also
140have the right to request Anastasis to complete information you
141believe is incomplete. The right to erasure - You have the right to
142request that Anastasis erase your personal data, under certain
143conditions.
144
145**The right to restrict processing**: You have the right to request
146 that Anastasis restrict the processing of your personal data, under
147 certain conditions.
148
149**The right to object to processing**: You have the right to object to
150 Anastasis's processing of your personal data, under certain
151 conditions.
152
153**The right to data portability**: You have the right to request that
154 Anastasis transfer the data that we have collected to another
155 organization, or directly to you, under certain conditions.
156
157If you make a request, we have one month to respond to you. If you
158would like to exercise any of these rights, please contact us at our
159email: privacy@anastasis.lu
160
161You can always contact your local data protection authority to enforce
162your rights.
163
164
127Data retention 165Data retention
128-------------- 166--------------
129 167
@@ -170,7 +208,7 @@ International users and visitors
170-------------------------------- 208--------------------------------
171 209
172Our Services are (currently) hosted in Germany. If you are a user 210Our Services are (currently) hosted in Germany. If you are a user
173accessing the Services from the Switzerland, Asia, US, or any other 211accessing the Services from Switzerland, Asia, US, or any other
174region with laws or regulations governing personal data collection, 212region with laws or regulations governing personal data collection,
175use, and disclosure that differ from the laws of Germany, please be 213use, and disclosure that differ from the laws of Germany, please be
176advised that through your continued use of the Services, which is 214advised that through your continued use of the Services, which is