From 656104a921310e8f65967f0d2eedf210f21b1cf0 Mon Sep 17 00:00:00 2001 From: Sander Roosendaal Date: Fri, 9 Mar 2018 09:01:00 +0100 Subject: [PATCH] more detailed privacy policy around teams and bug fix --- rowers/templates/privacypolicy.html | 43 ++++++++++++++++++++++++++++- rowers/templates/team.html | 7 +++++ rowers/templates/teams.html | 6 +++- rowers/views.py | 9 ++++-- 4 files changed, 61 insertions(+), 4 deletions(-) diff --git a/rowers/templates/privacypolicy.html b/rowers/templates/privacypolicy.html index ee7ec1a2..65906b84 100644 --- a/rowers/templates/privacypolicy.html +++ b/rowers/templates/privacypolicy.html @@ -178,6 +178,20 @@ may be available around the world. You agree to such cross-border transfers of personal information.

+ +

Team Functionality

+ +

+ On rowsandall.com, users with the paid "Coach" plan can establish teams and invite other users to become part of the team. The purpose + of a team is to share workout and training plan data between the coach and the team members. In terms of sharing behavior, there are two types of teams: +

+ The sharing behavior is chosen by the team member when he establishes the team and can be changed during the existence of the team. +

By accepting an "invitation" to become a member of a team, or by requesting to become part of a team, you agree to automatically @@ -192,7 +206,34 @@ favorite charts, export settings, workflow layout, or secret tokens. Also, the team manager is not able to download all your data, not can he deactivate or delete your account.

- + +

+ Each team member is bound by this privacy policy and the GDPR regulation of the European Union regarding the personal data of other team + members that he has access to. By accepting an invitation to a team, the new member agrees to limit the use of these data strictly to the + allowed use according to this privacy policy and the GDPR. +

+ +

+ Team managers can access requests of users to be added to one of their teams. By accepting the invitation, the manager accepts the responsibilities + and duties associated with access to personal data of the new team member. He is bound by this privacy policy and the GDPR regulation + of the European Union regarding the personal data that he has access to. +

+ +

+ In case that a team manager wants to change the sharing behavior of one of his teams from "Coach Only" to "All Members", he has to inform all + impacted team members in due time. He shall give team members a minimum of three days to decide whether they agree with the new sharing policy, and + collect the consent of the team members with the new sharing policy. The team manager must remove team members who did not give their active consent + to the new policy from his team. If a team member has not responded within 7 days of being notified, the team manager will understand this as "no consent" + and remove the team member. +

+ +

+ When notified of a change in team sharing behavior by the team manager, the team member has to decide whether he agrees. In case of disagreement, he shall + revoke his team membership within less than 7 days of being notified. +

+ +

Third Party Sharing

+

This site offers the possiblity to synchronize your data with other fitness sites. By clicking on the share or connect button (link, or equivalent) you agree to share information between rowsandall.com and the other website. Rowsandall.com is not responsible for the privacy diff --git a/rowers/templates/team.html b/rowers/templates/team.html index cc53418c..2d992033 100644 --- a/rowers/templates/team.html +++ b/rowers/templates/team.html @@ -32,6 +32,13 @@ {% elif hasrequested %}

You have requested access to this team

{% else %} +

You can request access to this team. By requesting access, you + agree to the Privacy Policy regarding + team functionality. You agree to share your workout data (except + workouts marked as "private") to all team members and the team manager. + You also grant the team manager access to your heart rate and power + zone settings, as well as your functional threshold information. You + are granting the team manager permission to edit your workouts.

Join A request will be sent to the team manager diff --git a/rowers/templates/teams.html b/rowers/templates/teams.html index 9971a001..af2bc40e 100644 --- a/rowers/templates/teams.html +++ b/rowers/templates/teams.html @@ -111,7 +111,11 @@ a team invite, you are agreeing with the sharing of personal data between team members and coaches according to our privacy policy. -

+

+ +

As a team manager, by accepting a team invite, you are agreeing + with privacy policy regarding teams and + personal data owned by team members.

diff --git a/rowers/views.py b/rowers/views.py index dfd3a102..0d94704c 100644 --- a/rowers/views.py +++ b/rowers/views.py @@ -12190,8 +12190,13 @@ def plannedsession_teamcreate_view(request,timeperiod='thisweek', teams = Team.objects.filter(manager=request.user) - teamchoices = [(team.id, team.name) for team in teams] - teaminitial = [str(teams[0].id)] + if len(teams)>0: + teamchoices = [(team.id, team.name) for team in teams] + teaminitial = [str(teams[0].id)] + else: + messages.info(request,"You have no teams established yet. We are redirecting you to the Team Management page.") + url = reverse(rower_teams_view) + return HttpResponseRedirect(url) startdate,enddate = get_dates_timeperiod(timeperiod)