Jump to: content, navigation, search

Navigation menu

Privacy Policy: Difference between revisions

Privacy Policy (view source)

Revision as of 05:00, 16 December 2023

163 bytes added ,  4 months ago
Updated privacy policy, primary to account for the CDN, but also some clean-up
m (→‎OSMF Membership Data: Replaced join.osmfoundation.org with https://supporting.openstreetmap.org/#Membership-Categories)
(Updated privacy policy, primary to account for the CDN, but also some clean-up)
 
== Introduction==
 
This document states the OpenStreetMap '''privacy policy''' forapplicable services formally operated and provided by the [http://osmfoundation.org/to OpenStreetMap Foundation (OSMF)] activities. In particular, these areactivities include:
 
* the openstreetmapOpenStreetMap.org website and associated services and APIs,
* the OpenStreetMap data distribution,
* the OpenStreetMap wiki and help sites, and
* the OpenStreetMap mailing lists and forums.
 
It describes what personal information we may be gathering from you, who can see this information, and what options you have for controlling this. We value your privacy and strive to achieve a balance between the legitimate interests of the OpenStreetMap project and your interests and rights.
 
This document is mainly intended for OpenStreetMap contributors, if you are not an OpenStreetMap contributor, but are using services provided by the OSMF, withoutwe contributing,believe sectionthe [[#Data_we_receive_automatically | Data we receive automatically]] section will be most relevant for you.
 
As the OSMF has many legacy systems and practices that have currently not been fully reviewed and documented, it is possible that a subject of particular interest to you has not been covered yet or is inaccurately described. Please usesee the [[#Contact | contact information]] section, below, to reach us if you have any such questions or believe that you have found a discrepancy. As we will be updating this document regularly to reflect our better understanding of these issues, please check from time to time for updates.
 
OpenStreetMap developers, contributors and related companies will often use the OpenStreetMap name and logo to set up groups or services on third-party web sites. For example, there might be a Facebook page, a Google Plus page, a Slack channel, a page on Xing or LinkedIn, a Meetup group, and so on. The privacy practices of such services are outside of OSMF's control and might be located in countries with different data protection rules. Data you share on these platforms cannot, therefore, be covered by this policy. Please refer to the privacy policies of those third-party services.
* identifying all the contributions made by an account,
* contacting the contributor in the case of questions in respect to the nature and source of the contributions,
* detectiondetecting, removalremoving and correction ofcorrecting spam accounts, vandallismvandalism, and violations of the rights of third parties,
* facilitating the communication between OpenStreetMap contributors., and
* researchresearching and analysis onanalysing aggregate contributions to improve or prioritise OSMF services, such as evaluating mapping efficacy, map completeness, and determining if locations or mappers are disproportionately represented.
 
==What data do we store and process?==
===Data from contributions to OpenStreetMap===
 
Besides the geographic data contributed (points lines, and areas with associated attributes and GPS trace data), and communications related data (diary posts and comments, the user page, changeset comments, and messages) we store
 
* editing session meta-data. For example comments added by the user, any version and similar information added by the editing application, which editing application and which aerial imagery layers where used.
* user id and login name of the author of every change to an object and a timestamp indicating when that change occuredoccurred.
* the e-mail address associated with your account,
* any blocks the user has received and associated messages., and
* network access data (example IP addresses) for the systems and services operated by the OSMF. see [[#Data_we_receive_automatically | Data we receive automatically]] .
===OSMF Membership Data===
 
The full personal name and residential address of members of the organisation according to the companiesCompanies actAct are, by law, required to be added to the OSMF register of members. Terminating membership does not lead to the entry being deleted. Associate members are not required to provide their full details and the information can be deleted if membership is terminated. Payment details for both classes of members isare retained for accounting purposes as long as required by law. The processing of this data is necessary for compliance with a legal obligation (see [https://gdpr-info.eu/art-6-gdpr/ GDPR article 6.1c]).
 
More details on OSMF membership options can be found on https://supporting.openstreetmap.org/#Membership-Categories.
Some events organized by the OSMF require prior registration to be able to participate, most notably our annual State of the Map conference. This data is required to verify payment of entry fees, planning of venues, catering and scheduling of talks and presentations and is visible to the group organizing the event. The processing of this data is necessary for the performance of a contract (see [https://gdpr-info.eu/art-6-gdpr/ GDPR article 6.1b]).
===Personal Data from Your Communications with OpenStreetMap===
 
Personal data such as your name and contact information submitted as a result of communicating with OpenStreetMap, joining mailing lists, participating in the forum, or requesting information is retained to facilitate our ability to correspond with you.
 
==Who has access to the data==
 
We do not share email addresses associated with accounts with any third party and they are only accessible to our operations and working group personnel thatwho have signed confidentiality agreements. User -to -user messages are visible to the sender and the recipient,; other access is limited to our operations staff and only if required for operational reasons, to enforce our acceptable use policies, to fulfil any legal obligations, and, most notably, to prevent SPAMspam.
 
Similarly, network access data is only used forto support internalnetwork purposesoperations and access is limited to operating personnel forperforming operational tasks and to combat vandalism and SPAM protectionminimize purposesspam.
 
The otherremainder of the personal data collected by us is made available, depending on the use case, via the website, via the editing API and from our data dumps, to users with accounts andwho toare the general public. Some of the non-geographic data may be available only by some methods however this is subject tologged changein.
 
To reduce the distribution of the non-geographic information we offer our data dumps with and without the additional personal data. Entities that require and process the additional data can register with the OSMF and you can find contact information for them here: [[Registered data controllers]]. We do not contract with them, and any processing of the data carried out by such entities is done on their own behalf.
 
==Where do we store the data==
 
ThePersonal website,data APIother servers,than databasesany andassociated thewith a tile serversrequest (for auxiliaryinstance, servicesIP areaddresses currentlyand request details) is locatedstored in the United Kingdom and the Netherlands. Backups are stored in the EU.
 
Map tiles are provided by a global network of cache servers,; which tile server your browser or app accessaccesses is determined dynamically by geolocation of the IP address and selectionoperation of the cachecontent serverdistribution "nearest"network toat you.the Whiletime in general this means that you will be usingof the tile cache physically nearest to you, this can be affected byrequest.
 
* uncertainties in determining the location of the client from its IP address
* operational issues (server downtime etc)
* network topology and load
 
The current list of tile cache servers can be found here: [https://hardware.openstreetmap.org/#tile-caches https://hardware.openstreetmap.org/#tile-caches] and you can determine which one is currently being used with the following link [https://tile.openstreetmap.org/cgi-bin/debug https://tile.openstreetmap.org/cgi-bin/debug].
 
==How can you control the processing of your data and reduce privacy related issues==
 
While not required by law, we provide the following mechanismmechanisms to reduce the exposure of potentiallyyour privacypersonal related information for you.data:
 
* you can select a non -identifying login name and change it at any time you wantwill,
* you are not required to include personal data in diary posts, comments, email listserv, the wiki, or other OSM communications methods, and you may delete diary posts at any time through your account,
* you can [https://wiki.openstreetmap.org/wiki/FAQ#How_can_I_close_my_account.3F request that your account to be deleted] (restrictions apply, see below) and this will be conveyed to registered entities that are usingutilizing ouryour fullpersonal data.
 
You should not enable gravatar support or use an e-mail address you have associated with a gravatar with if privacy is a concern.
 
You can further reduce exposure by not adding personal information to the map data (personal names and similarsuch) that you submit. Such information is in general not considered to be ana useful addition to our data and you should refrain from adding it.
 
==Right to Object==
=== GPS Trace Data ===
 
The uploading of GPS data is entirely optional and not a prerequisite for contributions to OpenStreetMap. If you do submit GPS data, it is uploaded in the form of individual GPX files. These are kept as raw files, as well as being imported into the database. GPX files can be marked "[https://wiki.openstreetmap.org/wiki/Visibility_of_GPS_traces public]" by the uploader; this is completely unrelated to the option of making one's ''edits'' "public".
 
When GPS data for an area is downloaded via the API, no indication is provided of which user uploaded a point, or of the timestamp that wasis associated with the point. Points are, however, returned in timestamp order. GPS data downloaded in this way will include points from traces which were not marked as public.
 
If a GPS trace is marked as public when it is uploaded then the raw trace may be downloaded from the web site or by using an API call. In this case the user's display name is shown (regardless of whether the user has made their ''edits'' public or not) and the timestamps in the GPX file will be included. Also, any additional information placed in the GPX file will still be present, e.g., waypoints with their names and/or notes entered, associated symbols, elevation data, etc. You should remove any such information from the data and trim enough information from the beginning and the end of the trace to obscure the start and destination of it before uploading it if you have privacy concerns .
 
=== Map Data ===
=== User 'home' location ===
 
If a user sets a home location then theyit will appear on the "nearby mappers" list for other people with a home location near theirsthe user's home location. This is an option on your account settings page.
 
=== Email Addresses ===
The registered email address for an OSM user account will never intentionally be published on the internet anywhere, shared with third party organisations, or revealed directly to other users. Email addresses will be used by the server to notify the user if another user has sent a message through the website, and for other system generated notifications.
 
Only [https://wiki.openstreetmap.org/wiki/System_Administrators System Administrators] will have direct access to email address data associated with the OSM account. It may be used by these people to contact users directly about their edits or other OpenStreetMap -related issues.
 
Email addresses associated with wiki, forum and help site accounts are stored separately from the OSM user account data in the respective systems. These address are used for notifications and user -to -user communication (if enabled). These addresses are not publicly visible or shared with third parties, but may be visible to the administrators of the systems.
 
Note that some other types of [https://wiki.openstreetmap.org/wiki/Accounts Accounts] used by developers/community do expose email address information more publicly (due to technical limitations of the software used, rather than policy decisions). The Trac system exposes your email address in plaintext on the page if the email address (rather than the display name) is used to login. The mailing list system exposes email addresses of people posting messages to everyone who receives the message, as well as in the archive web pages. If you want to post to the list, the system also requires you to register with your proper 'from' address, not a forwarding address.
 
The openstreetmap.org website supports the display of [http://gravatar.com/ Gravatars], these are retrieved from gravatar.com by generating a globally unique key from your e-mail address. Our website software will check on the initial signup and on every email address change if you have a Gravatar for the new address and start displaying it if one exists. You can stop this behaviour by explicitly turning Gravatar support off in your account settings. You should be aware that, if a Gravatar is displayed, the key can be used to track your account over any website that has Gravatar support.
 
===Surveys===
 
The Foundation may from time to time conduct surveys, both of the Foundation membership and of others, including the broader OpenStreetMap community, in order to determine the opinions of Foundation membership, the OpenStreetMap community, and others, and better to serve the members and the community, a legitimate purpose of the Foundation. Distributing surveys and processing their results may require the use of personal data such as names and email addresses. Personal data gathered or used in connection with surveys will be processed in accordance with applicable data privacy laws and will be retained only as long as reasonably necessary.
 
Email addresses of members of the OSMF may be used to invite Foundation members to participate in surveys.
 
If survey data are made publicly available (for instance, for analysis by the OSM- or research communities at large) the data will be anonymized. If the anonymized data are organized in such a fashion that individuals might be reasonably identifiable (for instance, a group with few individuals that is identifiable with a specific geography or function) the grouping will be merged to deter identification. Further, the Foundation Board reserves the right to exclude from public release any variables that might permit deanonymization of the data.
 
Anonymized survey data, which may be useful to the Foundation in the future for comparison purposes, may be retained indefinitely in accordance with applicable data privacy laws.
 
===Data you may voluntarily add to your profile or diary posts===
You are not required to fill out your profile or make diary posts. By voluntarily entering personal data in your user profile or diary posts, you consent to that information being publicly available and stored by OSMF as long as you maintain an OSM account. You may edit your public profile or your diary posts at any time to remove such information if you change your mind.
 
===DataPersonal data we receive automatically===
 
The OSMF operates a number of services for the OpenStreetMap community, examples are the openstreetmap.org website, the "Standard" style online map, the OSM API and the nominatim search facility.
Further we may operate user interaction tracking software that will generate additional records of user activity, for example Piwik.
 
ServicesAdditionally, OSMF may engage third party service providers to assist in the delivery of services to the OpenStreetMap community. Those third party service providers may gather personal data in connection with the provision of services. For example, Content Distribution Networks (a “CDN”) may that use Geo-DNS or similar mechanisms to distributeallocate load to geographically distributed servers willand could potentially generate a record of your location at a large scale. (forSee example[[Third theparty OSMF tile cache network determines theprovided country you are likely to be located inservices and directsdata]] your requests to an appropriate server).below
 
These records are used or can be used in the following ways:
* to improve the OpenStreetMap dataset. For example by analysing nominatim queries for missing addresses and postcodes and providing such data to the OSM community.
 
The data collected on the systems will be accessible by the system administrators and the appropriate OSMF working groups, for example the Data Working Group. No personal information or information that is linked to an individual will be released to third parties, except except to the extent the third party is a service provider or as required by law. See [[Third party provided services and data]] below.
 
IP addresses stored by Piwik are shortened to two bytes and detailed usage information is retained for 180 days.
=== Third party provided services and data ===
 
We may share personal data with vendors or agents working on our behalf for the purposes described in this privacy policy. For example, we may hire companies to assist with protecting and securing our systems or services, increasing their efficiency, and to support the OSMF activities described herein. For instance, OSMF recently engaged a CDN provider to allocate demand generated by OSM users efficiently across a global network.
Third party services providing content linked to via or third party JavaScript files utilised by OSMF provided sites are not covered by this policy and you will need to refer to the respective service providers for more information. Using these services will typically transmit at least your Internet address and browser information to the operators.
 
Any vendor or agent that we retain must comply with our data privacy and security requirements and this privacy policy and are not allowed to use personal data they receive from us for any other purpose other than to provide the services requested by OSMF. Like us, they will never barter, trade, or sell access to your personal data. We remain responsible and liable under data protection laws if third-party agents we engage to process personal data on our behalf do so in a manner inconsistent with the applicable data protection laws, unless we prove that we are not responsible for the event giving rise to the damage.
 
===Unrelated Third-Party-Providers of Services and Data===
 
ThirdSome partysites or services providingprovided contentby OSMF may be linked towith viathird party applications or websites that provide content or services that is unrelated to OSMF. Such third party JavaScriptapplications filesor utilisedwebsites byare not associated with OSMF providedand sitespersonal aredata collected by them is not covered by the terms of this privacy policy. and youYou will need to refer to the respective servicethird providersparty provider of such content or services for more information about how they handle personal data collected by them. Using these services will typically transmit at least your Internet address and browser information to the operatorsoperator.
 
Some such unrelated third-party providers are:
 
These are specifically
:
* Cycle and Transport Map layers available via the openstreetmap.org website operated by [http://www.thunderforest.com/contact/ Gravitystorm Limited, New Malden, United Kingdom]
* Humanitarian map layer available via the openstreetmap.org website operated by the [http://openstreetmap.fr/contact OpenStreetMap France c/o Maison des Associations du 2ème Arrondissement, 23 rue Greneta, 75002 Paris]
* 3rd party service integrations in editing applications available from openstreetmap.org:
** background layers, see the [https://github.com/osmlab/editor-layer-index Editor Layer Index] for information on the operators of the numerous imagery layers.
**iD Editor is an open source OpenStreetMap editor that is not operated by the OSMF. [https://github.com/openstreetmap/iD/blob/develop/PRIVACY.md Privacy Policy].
** Mapillary street-level imagery is provided by Mapillary AB, Bredgatan 4, 211 30 Malmö, Sweden, [https://www.mapillary.com/privacy privacy policy].
** OpenStreetCamMapillary street-level imagery is provided by TelenavMapillary AB, Inc.Bredgatan USA4, 211 30 Malmö, Sweden. [https://www.skobblermapillary.com/legal#privacyprivacy privacy policyPrivacy Policy].
** MapillaryKartaView street-level imagery is provided by MapillaryGrab AB,Taxi BredgatanHoldings 4,Pte. 211 30 Malmö, Sweden,Ltd. [https://wwwkartaview.mapillary.comorg/privacy-policy privacyPrivacy policyPolicy].
* Gravatar images in user profiles that display these are provided by Aut O’Mattic A8C Ireland Ltd., Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland. [https://automattic.com/privacy/ privacyPrivacy policyPolicy].
 
===Communication via OSMF provided Systems===
* openstreetmap Organisation and source code repositories on [https://help.github.com/articles/github-privacy-statement/ Github]
 
By using those systems that are provided by the OSMF, for example the messaging system on openstreetmap.org, you agree to your communications being intercepted by OSMF system managers when necessary to address operational issues, to enforce our acceptable use policies, most notably to prevent SPAMspam, and to fulfil any legal obligations.
 
You should be aware of the above when communicating sensitive information and you should employ encryption to protect your communications content.
If you have contributed your account will be renamed to user_''USERID'' and contributions and changeset comments will be retained with this name, diary entries and your user page will be removed. Since we do not allow anonymous edits we will non-publicly retain your email address in case you need to be contacted with respect to your contributions.
 
Wiki and forum accounts will be renamed to a pseudo-anonymous name, but otherwise will remain as is. You can unsubscribe yourself from any mailing lists, however you need to realize that personal copies held by the recipients of any mails you sent to the lists and the archives on lists.openstreetmap.org can notcannot be removed.
 
In your request for account removal you need to identify all accounts that are affected as we do not have information on which accounts belong to which OpenStreetMap id.
===Cookies===
 
Numerous OSMF -operated services use cookies to store information on your login and site navigation state. We also use cookies and similar technologies to recognize and improve your use of our websites.. You may delete cookies from your computer, and most browsers provide the option to block them. If you block cookies placed by us (first party cookies), you will not be able to access parts of the OSMF websites and services that require a login. However, your access to our websites will not be affected if you disable cookies placed by third parties.
 
== Other Relevant Policies ==
KathleenLu
14

edits

Retrieved from "https://osmfoundation.org/wiki/Special:MobileDiff/11742"