From 5d3e58c1fc95392ae302dc22c36e9c8d0422e99e Mon Sep 17 00:00:00 2001 From: Sander Roosendaal Date: Thu, 8 Mar 2018 12:52:38 +0100 Subject: [PATCH] revised privacy policy --- rowers/interactiveplots.py | 5 +- rowers/templates/gdpr_optin.html | 171 +-------------------- rowers/templates/legal.html | 175 +--------------------- rowers/templates/privacypolicy.html | 223 ++++++++++++++++++++++++++++ 4 files changed, 229 insertions(+), 345 deletions(-) create mode 100644 rowers/templates/privacypolicy.html diff --git a/rowers/interactiveplots.py b/rowers/interactiveplots.py index c80bb63c..1ecdbb61 100644 --- a/rowers/interactiveplots.py +++ b/rowers/interactiveplots.py @@ -3269,7 +3269,10 @@ def thumbnail_flex_chart(rowdata,id=0,promember=0, rowdata['xname'] = axlabels[xparam] - rowdata['yname1'] = axlabels[yparam1] + try: + rowdata['yname1'] = axlabels[yparam1] + except KeyError: + rowdata['yname1'] = axlabels[xparam] if yparam2 != 'None': rowdata['yname2'] = axlabels[yparam2] else: diff --git a/rowers/templates/gdpr_optin.html b/rowers/templates/gdpr_optin.html index 939a307f..f340bd93 100644 --- a/rowers/templates/gdpr_optin.html +++ b/rowers/templates/gdpr_optin.html @@ -20,176 +20,7 @@

-

Personal information collection

-

- rowsandall.com may collect and use the following kinds of information: -

- Explicitly, the following information is collected: - -

- -

- The site is only accessible to user of 16 years and older. -

- -

Data Deletion

- -

All the data mentioned in the previous section are stored in files - and in a database, hosted on our hosting provider's servers. Our - hosting provider is creating backups of those data. The database backups - are retained for 7 days. File backups are retained for 30 days. However, - the file names or content do not contain any links to the users. The - link to the file is stored under the user data in the database, so once - a database entry is removed, there is no way to link a file with data - to a particular user. -

-

- When a user requests deletion of the data, his account and all data linked to his account - are removed from the database and the files are deleted. This includes all data mentioned in the - previous section. In backups, database entries will be removed after 7 days and files after - 30 days. -

- -

Data deletion can be initiated by the user through the button on the user settings page.

- -

Data Security

- -

The site uses SSL to encrypt data transferred between the server and the client (web browers, - mobile apps, third party sites). Any forms are secured from Cross Site Request Forgery (CSRF) using Django's - CSRF middleware.

- -

- We have a double defense against reading or editing of personal data. First, we ensure that all "protected" views - are only visible to logged-in users. Only logged-in users have buttons leading to the private parts of the site. - As a second step, protecting against guessing of URL, before serving data from the database, we check explicitly that the data - is owned by the user in question, redirecting unauthorized requests to a "Permission Denied" page. Private data is collected - through POST requests to prevent them from being visible in URL data. -

- -

rowsandall.com will take reasonable technical and organisational precautions to prevent the loss, - misuse or alteration of your personal information.

- -

In case of loss, misuse or alteration of your personal information, we will inform you without undue delay and take measures - to prevent further misuse. In particular, we will deactivate your account, which will not delete the data but make them - inaccessible even for people who obtained the password (including yourself). We will await your instructions. If no - instructions are received within 7 days of contacting you, your account and all your data will be removed. -

- - -

Data Sharing and access to data

- -

- Only the data owner can the site administrator can edit and/or delete the data. Per our data policy, the site administrator will not alter - or delete any data owned by users, unless requested so. As data are not stored on servers that are physically owner by us, or by - our hosting provider, but we use rented server space, we are technically sharing the information to agents or sub-contractors. -

- -

- Where rowsandall.com discloses your personal information to its agents or sub-contractors for these purposes, - the agent or sub-contractor in question will be obligated to use that personal information in accordance with the terms of this privacy statement. - Our hosting provider is based in the European Union and is bound by the same GDPR regulation as we are. -

- -

In addition to the disclosures reasonably necessary for the purposes identified elsewhere above, rowsandall.com - may disclose your personal information to the extent that it is required to do so by law, in connection with - any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights.

- - -

- Workout data and charts based on workout data can be shared to anyone by sharing the URL. Workouts have an option to be set to - "private", in which case the data are not visible to anyone except the owner. The site is not searchable for data other than - your own data, so there is no way for other people to track your workouts, unless you share them. -

- -

- Cross-border data transfers. Information that rowsandall.com collects may be stored and processed in and transferred - between any of the countries in which rowsandall.com operates to enable the use of the information in accordance with this privacy policy. - In addition, personal information that you submit for publication on the website will be published on the internet and - may be available around the world. - You agree to such cross-border transfers of personal information. -

- -

- By accepting an "invitation" to become a member of a team, or by requesting to become part of a team, you agree to automatically - share all your workout data (including workouts done prior to becoming a member of the team) to the team manager (coach) and, - depending to the team policy, to other members of the team. When you leave - a team, all your workout data will immediately become invisible to those who had access to it during your team membership, including - workouts that cover the period of time when you were member of the team. As a member of a team, you grant the team manager - permission to edit workout data - on your behalf, including the creation of charts and cross workout analysis. You also grant the team manager permission to - edit your heart rate and power settings, as well as functional threshold information and the account information accessible on your - settings page under the header "Account Information". The team manager is not able to access or change your passwords, team memberships, - favorite charts, export settings, workflow layout, or secret tokens. Also, the team manager is not able to download all your data, - not can he deactivate or delete your account. -

- -

- This site offers the possiblity to synchronize your data with other fitness sites. By clicking on the share or connect button (link, or - equivalent) you agree to share information between rowsandall.com and the other website. Rowsandall.com is not responsible for the privacy - policies or practices of any third party. -

- -

Data portability

- -

Through the "download your data" link on the user settings page, each user can download all workout data. Stroke data can be downloaded - through links in the downloaded workout data file.

+ {% include "privacypolicy.html" %}
diff --git a/rowers/templates/legal.html b/rowers/templates/legal.html index 6a4b3d35..995660c3 100644 --- a/rowers/templates/legal.html +++ b/rowers/templates/legal.html @@ -156,183 +156,10 @@

Privacy Policy

-

Credit

-

This document was created using a Contractology template available at -http://www.freenetlaw.com.. It was modified to reflect the GDPR requirements.

+{% include "privacypolicy.html" %} -

Personal information collection

-

- rowsandall.com may collect and use the following kinds of information: -

- Explicitly, the following information is collected: - -

- -

- The site is only accessible to user of 16 years and older. -

- -

Data Deletion

- -

All the data mentioned in the previous section are stored in files - and in a database, hosted on our hosting provider's servers. Our - hosting provider is creating backups of those data. The database backups - are retained for 7 days. File backups are retained for 30 days. However, - the file names or content do not contain any links to the users. The - link to the file is stored under the user data in the database, so once - a database entry is removed, there is no way to link a file with data - to a particular user. -

-

- When a user requests deletion of the data, his account and all data linked to his account - are removed from the database and the files are deleted. This includes all data mentioned in the - previous section. In backups, database entries will be removed after 7 days and files after - 30 days. -

- -

Data deletion can be initiated by the user through the button on the user settings page.

- -

Data Security

- -

The site uses SSL to encrypt data transferred between the server and the client (web browers, - mobile apps, third party sites). Any forms are secured from Cross Site Request Forgery (CSRF) using Django's - CSRF middleware.

- -

- We have a double defense against reading or editing of personal data. First, we ensure that all "protected" views - are only visible to logged-in users. Only logged-in users have buttons leading to the private parts of the site. - As a second step, protecting against guessing of URL, before serving data from the database, we check explicitly that the data - is owned by the user in question, redirecting unauthorized requests to a "Permission Denied" page. Private data is collected - through POST requests to prevent them from being visible in URL data. -

- -

rowsandall.com will take reasonable technical and organisational precautions to prevent the loss, - misuse or alteration of your personal information.

- -

In case of loss, misuse or alteration of your personal information, we will inform you without undue delay and take measures - to prevent further misuse. In particular, we will deactivate your account, which will not delete the data but make them - inaccessible even for people who obtained the password (including yourself). We will await your instructions. If no - instructions are received within 7 days of contacting you, your account and all your data will be removed. -

- - -

Data Sharing and access to data

- -

- Only the data owner can the site administrator can edit and/or delete the data. Per our data policy, the site administrator will not alter - or delete any data owned by users, unless requested so. As data are not stored on servers that are physically owner by us, or by - our hosting provider, but we use rented server space, we are technically sharing the information to agents or sub-contractors. -

- -

- Where rowsandall.com discloses your personal information to its agents or sub-contractors for these purposes, - the agent or sub-contractor in question will be obligated to use that personal information in accordance with the terms of this privacy statement. - Our hosting provider is based in the European Union and is bound by the same GDPR regulation as we are. -

- -

In addition to the disclosures reasonably necessary for the purposes identified elsewhere above, rowsandall.com - may disclose your personal information to the extent that it is required to do so by law, in connection with - any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights.

- - -

- Workout data and charts based on workout data can be shared to anyone by sharing the URL. Workouts have an option to be set to - "private", in which case the data are not visible to anyone except the owner. The site is not searchable for data other than - your own data, so there is no way for other people to track your workouts, unless you share them. -

- -

- Cross-border data transfers. Information that rowsandall.com collects may be stored and processed in and transferred - between any of the countries in which rowsandall.com operates to enable the use of the information in accordance with this privacy policy. - In addition, personal information that you submit for publication on the website will be published on the internet and - may be available around the world. - You agree to such cross-border transfers of personal information. -

- -

- By accepting an "invitation" to become a member of a team, or by requesting to become part of a team, you agree to automatically - share all your workout data (including workouts done prior to becoming a member of the team) to the team manager (coach) and, - depending to the team policy, to other members of the team. When you leave - a team, all your workout data will immediately become invisible to those who had access to it during your team membership, including - workouts that cover the period of time when you were member of the team. As a member of a team, you grant the team manager - permission to edit workout data - on your behalf, including the creation of charts and cross workout analysis. You also grant the team manager permission to - edit your heart rate and power settings, as well as functional threshold information and the account information accessible on your - settings page under the header "Account Information". The team manager is not able to access or change your passwords, team memberships, - favorite charts, export settings, workflow layout, or secret tokens. Also, the team manager is not able to download all your data, - not can he deactivate or delete your account. -

- -

- This site offers the possiblity to synchronize your data with other fitness sites. By clicking on the share or connect button (link, or - equivalent) you agree to share information between rowsandall.com and the other website. Rowsandall.com is not responsible for the privacy - policies or practices of any third party. -

- -

Data portability

- -

Through the "download your data" link on the user settings page, each user can download all workout data. Stroke data can be downloaded - through links in the downloaded workout data file.

-
diff --git a/rowers/templates/privacypolicy.html b/rowers/templates/privacypolicy.html new file mode 100644 index 00000000..ee7ec1a2 --- /dev/null +++ b/rowers/templates/privacypolicy.html @@ -0,0 +1,223 @@ + +

Personal information collection

+

+ At rowsandall.com we take your privacy very seriously. IN order to provide access + to the service we must collect and store some personal information about you. +

+ +

+ Childen under 16 years of age are not permitted to access the services provided + by rowsandall.com. By agreeing to this privacy policy you are also agreeing + that you are 16 years of age or older. +

+ +

+ What is collected? Rowsandall.com may collect and use the following kinds of information: +

+

+ +

+ Basic profile information is collected from you when you create your account including your full + name and email address. As you use the site, information about the users, workouts, + charts and other resources you interact with will also be stored and linked to + your profile information. +

+ +

+ Explicitly, the following information is collected: +

+

+ + +

Who can I contact?

+ +

+ The data protection officer for rowsandall.com is Sander Roosendaal and he may be contacted + at support@rowsandall.com. +

+ +

Data Deletion

+ +

If you have previously consented to allow rowsandall.com to store and process your personal + data in accordance with this privacy policy, and you wish to withdraw your conent, + you can do one of the following: +

+

+ +

All the data mentioned in the previous section are stored in files + and in a database, hosted on our hosting provider's servers. Our + hosting provider is creating backups of those data. The database backups + are retained for 7 days. File backups are retained for 30 days. However, + the file names or content do not contain any links to the users. The + link to the file is stored under the user data in the database, so once + a database entry is removed, there is no way to link a file with data + to a particular user. +

+

+ When a user requests deletion of the data, his account and all data linked to his account + are removed from the database and the files are deleted. This includes all data mentioned in the + previous section. In backups, database entries will be removed after 7 days and files after + 30 days. +

+ +

Data deletion can be initiated by the user through the button on the user settings page.

+ +

Data Security

+ +

The site uses SSL to encrypt data transferred between the server and the client (web browers, + mobile apps, third party sites). Any forms are secured from Cross Site Request Forgery (CSRF) using Django's + CSRF middleware.

+ +

+ We have a double defense against reading or editing of personal data. First, we ensure that all "protected" views + are only visible to logged-in users. Only logged-in users have buttons leading to the private parts of the site. + As a second step, protecting against guessing of URL, before serving data from the database, we check explicitly that the data + is owned by the user in question, redirecting unauthorized requests to a "Permission Denied" page. Private data is collected + through POST requests to prevent them from being visible in URL data. +

+ +

rowsandall.com will take reasonable technical and organisational precautions to prevent the loss, + misuse or alteration of your personal information.

+ +

In case of loss, misuse or alteration of your personal information, we will inform you without undue delay and take measures + to prevent further misuse. In particular, we will deactivate your account, which will not delete the data but make them + inaccessible even for people who obtained the password (including yourself). We will await your instructions. If no + instructions are received within 7 days of contacting you, your account and all your data will be removed. +

+ + +

Who is my data shared with?

+ +

+ Only the data owner and the site administrator can edit and/or delete the data. Per our data policy, the site administrator will not alter + or delete any data owned by users, unless requested so. As data are not stored on servers that are physically owner by us, or by + our hosting provider, but we use rented server space, we are technically sharing the information to agents or sub-contractors. +

+ +

+ Where rowsandall.com discloses your personal information to its agents or sub-contractors for these purposes, + the agent or sub-contractor in question will be obligated to use that personal information in accordance with the terms of this privacy statement. + Our hosting provider is based in the European Union and is bound by the same GDPR regulation as we are. +

+ +

In addition to the disclosures reasonably necessary for the purposes identified elsewhere above, rowsandall.com + may disclose your personal information to the extent that it is required to do so by law, in connection with + any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights.

+ + +

+ Workout data and charts based on workout data can be shared to anyone by sharing the URL. Workouts have an option to be set to + "private", in which case the data are not visible to anyone except the owner. The site is not searchable for data other than + your own data, so there is no way for other people to track your workouts, unless you share them. +

+ +

+ Cross-border data transfers. Information that rowsandall.com collects may be stored and processed in and transferred + between any of the countries in which rowsandall.com operates to enable the use of the information in accordance with this privacy policy. + In addition, personal information that you submit for publication on the website will be published on the internet and + may be available around the world. + You agree to such cross-border transfers of personal information. +

+ +

+ By accepting an "invitation" to become a member of a team, or by requesting to become part of a team, you agree to automatically + share all your workout data (including workouts done prior to becoming a member of the team) to the team manager (coach) and, + depending to the team policy, to other members of the team. When you leave + a team, all your workout data will immediately become invisible to those who had access to it during your team membership, including + workouts that cover the period of time when you were member of the team. As a member of a team, you grant the team manager + permission to edit workout data + on your behalf, including the creation of charts and cross workout analysis. You also grant the team manager permission to + edit your heart rate and power settings, as well as functional threshold information and the account information accessible on your + settings page under the header "Account Information". The team manager is not able to access or change your passwords, team memberships, + favorite charts, export settings, workflow layout, or secret tokens. Also, the team manager is not able to download all your data, + not can he deactivate or delete your account. +

+ +

+ This site offers the possiblity to synchronize your data with other fitness sites. By clicking on the share or connect button (link, or + equivalent) you agree to share information between rowsandall.com and the other website. Rowsandall.com is not responsible for the privacy + policies or practices of any third party. Sharing the data to third party sites is at your own risk and you should ensure that the third party + has suitable GDPR compliant measures in place. +

+ +

Inactive Users - accounts are deleted after 18 months

+ +

+ If a user is not active on the site for 12 months, we will make deactivate the account. After 18 months, the account is deleted. +

+ +

Duration of consent

+ +

+ The data will be retained for the duration of the owner's membership, or 18 months after the user's last activity on the site. +

+ +

Data portability

+ +

Through the "download your data" link on the user settings page, each user can download all workout data. Stroke data can be downloaded + through links in the downloaded workout data file.

+ +

Your personal data are shown on the user settings page. Send an email to support@rowsandall.com if you wish to obtain a full record of all the personal data + relating to you that has been collected in accordance with this privacy policy. +

+