From 449d52caf4010ed112f1928bf6b5234bcfb9a339 Mon Sep 17 00:00:00 2001 From: Gareth Coles Date: Sun, 20 May 2018 23:29:17 +0100 Subject: Privacy/Usability updates (#75) * Use less intrusive oauth scopes, add login redirect method * Remove debugging prints, add missing __init__ * Work towards new privacy policy * Fix judging state icons on code jam management page * Jammer profile retraction and punishments based on jam status * Linting * [Jams] Deny profile saving for users < 13 years, and finish removal page * Fix tests * Clean up and address Volcyy's review * Add proper login redirection to require_roles decorator * Fix template is_staff() and add staff link to navigation * Address lemon's review * Linting * Privacy page formatting * Privacy page formatting --- templates/main/about/privacy.html | 253 +++++++++++++++++++++++++------------ templates/main/jams/profile.html | 41 +++++- templates/main/jams/retract.html | 61 +++++++++ templates/main/jams/retracted.html | 31 +++++ templates/main/navigation.html | 16 +++ templates/staff/jams/index.html | 30 ++--- 6 files changed, 338 insertions(+), 94 deletions(-) create mode 100644 templates/main/jams/retract.html create mode 100644 templates/main/jams/retracted.html (limited to 'templates') diff --git a/templates/main/about/privacy.html b/templates/main/about/privacy.html index 870b75a8..92a5eb73 100644 --- a/templates/main/about/privacy.html +++ b/templates/main/about/privacy.html @@ -20,119 +20,216 @@

We take every step to ensure that your data is used ethically and that includes making sure that you know exactly what data we collect, and what we do with it. That means that instead of a - bunch of legal mumbo-jumbo, we've provided this information in an easy, human-readable form below. + bunch of legalese, we've provided this information in an easy, human-readable form below.

-

- What We Collect +

+ Please note that we are a completely non-profit community. We have no interest in selling your + data, or shipping it off to third parties. Our community is entirely volunteer-run - it does + not have any form of monetary income whatsoever - and we believe that this is how it should be. +

+ +

Data collection

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
What we collectWhenWhat it's used forWho can access it
Discord user IDself.accept() run on DiscordStatistics, data association (infractions, code jam applications, etc)Administrative staff
Discord username and discriminatorself.accept() run on DiscordDisplay purposes (alongside ID in staff areas, public profiles)Public, for code jam team listings and winner info
Assigned roles on Discordself.accept() run on DiscordAccess control for the siteAdministrative staff
Messages sent on Discordself.accept() run on Discord + Stored in memory by the bot for processing temporarily, no message content reaches + the database unless you're using a bot command that interfaces with the site - May be + temporarily written to a log file for debugging purposes + N/A
OAuth access and refresh tokenDiscord login on siteUsed to find your Discord user ID when you log inAdministrative staff
Date of birthCode jam profile Age verification and a factor in code jam team match-ups; only stored if you're over 13Administrative staff
GitHub usernameCode jam profileUsed to identify you on GitHub as part of a code jam teamPublic, for code jam team listings
TimezoneCode jam profileA factor in code jam team match-upsAdministrative staff
- +

+ Collecting consent + +

-

- Cherry-picking from the firehose of data + +

+ If you joined the community on or before the 20th of May, 2018, you will have seen an announcement about our + privacy policy on the Discord server. You will have had the opportunity to leave the server if + you weren't happy with it. If you decided to stay, then we will consider you to have accepted + our use of your data, as detailed on this page.

- During your time on the discord server, we collect... + If you joined the community after the 20th of May, 2018, you will have been greeted with the + #checkpoint channel. In this channel, you must run the self.accept() + command to signify that you accept both our rules and this privacy policy. This will also have been + detailed in a message in that channel.

- - -

- Should you click the login button on the site, we additionally collect... + Please note that your acceptance of this privacy policy is retroactive, and you agree that any + revisions to it will apply when they are published. We will attempt to keep everyone updated on + changes to this policy via the usual announcement channels - if at any point you are not happy with + a change to the privacy policy, please bring it up with a member of staff. If we're unable to + solve your issue in a satisfactory way, you may remove your data as detailed below.

- +

+ Data removal + + + + +

- Should you set up your code jam profile, we additionally collect... + If you'd like to remove your data from our servers, there are two options available to you.

- +
+
+
+
+

Complete data removal

+
+ +
+

+ If you'd like to remove all of your personal data from our servers, all you need to do + is leave the Discord server. As much of the data we collect is necessary for running + our community, we are unable to offer you community membership with zero data collection. +

+

+ Once you've left the Discord server, your data is removed automatically. Please note that + for the sake of data integrity and moderation purposes, we do not remove your Discord + user ID from our database - but we do anonymize your data as far as possible. +

+

+ As with deleting your code jam profile directly, you will be issued an automatic ban + from future code jams if you have applied for or are currently taking part in a + code jam. +

+
+
+
+
+
+
+

Code jam profile removal

+
-

- How We Use Your Data +
+

+ If you've provided us with a code jam profile in the past and would like to remove + it, you may do so by heading to the + "My Profile" page, + where you will find a button that will remove your profile. +

+

+ Please note that this is a nuclear option. If you have applied for or are currently + taking part in a code jam, this will void your application and you will receive an + automatic ban from future code jams until you've contacted us about it. +

+
+

+
+
+ +

+ GDPR compliance - +

- Keeping secrets + Keeping your data under your control

- We use your data for the daily maintainance of the server and website. In short: We only collect - what we need. To explain this in more detail: + Under the terms specified above, we do aim to comply with GDPR. While we do not currently have + an automated way for users to export the data they've provided to us, we're happy to do this + manually or answer any other GDPR- or privacy-related queries you may have. Feel free to contact + our GDPR officer on Discord (gdude#2002), or any other member of the administrative + staff. +

+

+ We are currently working on an automated way to get all of your data in both a human-readable + and machine-readable format. Keep your eye on the usual announcements channels for more information + on that, as it happens.

- -

- GDPR +

+ Changelog - +

- Keeping your data under your control + Accountability, for the masses

-

- The data we collect is required for the daily operation of this website, our bot and the Discord - server. That said, we intend to fully comply with GDPR. Here's how we do this, and how you can - contact us with any questions you have: -

-