Privacy #1

New Issue

kreyren · 2021-08-25T16:12:27+02:00

kreyren commented

2021-08-25 16:12:27 +02:00

How should we handle privacy?

mainly:

What to do with user data
How the data are stored, see https://www.zakonyprolidi.cz/cs/2018-82
GDPR (https://www.zakonyprolidi.cz/cs/2019-110?text=osobni+udaje)
1. Right to be forgotten
2. Right for an objection
3. Right for data accuracy
4. Right to reduce processing

How should we handle privacy? mainly: 1. What to do with user data 2. How the data are stored, see https://www.zakonyprolidi.cz/cs/2018-82 3. GDPR (https://www.zakonyprolidi.cz/cs/2019-110?text=osobni+udaje) 1. Right to be forgotten 2. Right for an objection 3. Right for data accuracy 4. Right to reduce processing

wanderer commented

2021-08-25 16:23:12 +02:00

What to do with user data

What do you mean what to do with user data.
We store it for the user, that is te point (user accounts, repos, issues, the whole bundle). We store it for the purpose of providing the service, anything that is required could also be bogus data (no actual verification is performed so users can provide whatever).

As per the GDPR, once a gitea account is deleted, we store no additional information on the user, so there's that.

Right for data accuracy

I have no idea what this stands for

Right for an objection

neither this one

Right to reduce processing

there is no data processing beyond the necessary gitea backend stuff that could be considered data processing, as far as I know, so this one is redundant

> What to do with user data What do you mean what to do with user data. We store it for the user, that is te point (user accounts, repos, issues, the whole bundle). We store it for the purpose of providing the service, anything that is required could also be bogus data (no actual verification is performed so users can provide whatever). As per the GDPR, once a gitea account is deleted, we store no additional information on the user, so there's that. > Right for data accuracy I have no idea what this stands for > Right for an objection neither this one > Right to reduce processing there is no data processing beyond the necessary gitea backend stuff that could be considered data processing, as far as I know, so this one is redundant

kreyren commented

2021-08-25 18:25:59 +02:00

Fine, i dumb it down

I need to know exactly what you do with wander land's users:

What data you need for them to use the services
How the data is processed
How the data is stored (we have to comply with 82/2018 Sb. assuming czech juridistiction)
Who has access to the user data and how they access it
How can the data be removed on user's request (GDPR)
How can user change the data to make sure that they are accurate (GDPR)
What do you want the procedure to be in case of a data leak

Fine, i dumb it down I need to know exactly what you do with wander land's users: 1. What data you need for them to use the services 2. How the data is processed 3. How the data is stored (we have to comply with 82/2018 Sb. assuming czech juridistiction) 4. Who has access to the user data and how they access it 5. How can the data be removed on user's request (GDPR) 6. How can user change the data to make sure that they are accurate (GDPR) 7. What do you want the procedure to be in case of a data leak

Sign in to join this conversation.