Privacy/Records of processing activities

From Nasqueron Agora
Revision as of 00:03, 21 February 2023 by Dereckson (talk | contribs) (+Geo)

These records of processing activities document the procedures by which personal data / personal identity information are processed.

It includes significant information about data processing, including data categories, the group of data subjects, the purpose of the processing and the data recipients.

By transparency, these records are made public.

Privacy actors

The responsable du traitement des données / data controller is the Nasqueron privacy SIG, the entity inside Nasqueron with the mission to organize procedures related to privacy regulations.

Categories

P-001. Operations PII

  • Category
    • Category number: P-001
    • Category name: Operations PII
  • Processing
    • Processing entity: Nasqueron Operations SIG
  • Data collected
    • Who are concerned? Members of the Nasqueron Operations SIG (inside use)
    • Personal data type: IP, e-mail, phone number
    • Datasource: given by the person concerned
    • Goals: internal contact, technical restriction based on this data, contact points for infrastructure incidents
    • How long data is kept? as long as the person belongs to Nasqueron Operations SIG, and then, as long there is a legitimate interest to keep the data
  • Security:
    • ACL. Only Nasqueron Operations SIG members can view, edit, audit the data
    • Storage.
      • Vault. Data is stored in Vault in an encrypted fashion, to be deployed to servers. Some data like IP addresses may be published in clear text in configuration files, but those can only be accessed by Nasqueron Operations SIG members, with a protection by SSH keys.
      • Private Git repository. Some data may be maintained as a Git repository, but this repository is put in the "Nasqueron Operations private" space on DevCentral and NOT replicated to third-party services; the Git repository is stored on a server only reachable by Nasqueron Operations SIG members.
      • Encrypted backup. The data may be backed up, but only in encrypted form, with keys not leaving our infrastructure premises.
    • Transfers of data. Data is kept in servers located in the European Economic Area (EEA).
  • Policy: Privacy/Operations PII

P-002. Web applications

  • Category
    • Category number: P-002
    • Category name: Web applications
  • Processing
    • Processing entity: Nasqueron Operations SIG
  • Data collected
    • Who are concerned? People who create an account on a web application hosted on the Nasqueron PaaS, for example devcentral.nasqueron.org (Phabricator), agora.nasqueron.org (MediaWiki)
    • Personal data type: IP, e-mail
    • Datasource: given by the person concerned
    • Goals: account management
    • How long data is kept? as long as the person wishes to keep the account on that service, and then, as long there is a legitimate interest to keep the data
  • Security:
    • ACL. Only Nasqueron Operations SIG members can access the data, and only for technical purposes.
    • Storage.
      • Database. Data is stored in databases, deployed on servers. Database access is restricted to (1) the application using this data (2) the authentication grove application, if a shared account is used (3) members of the Nasqueron Operations SIG for technical purpose. The application access is protected by credentials like password ; in addition, on the Docker PaaS, the database isn't directly exposed on the public InterNet but has a private IP address. Members of the Nasqueron Operations SIG, in their quality of system administrator, connect to the database through a server with audited SSH keys.
      • Encrypted backup. The data may be backed up, but only in encrypted form, with keys not leaving our infrastructure premises.
    • Transfers of data. Data is kept in servers located in the European Economic Area (EEA).
  • Policy: Privacy/General privacy policy

P-003. Geo

  • Category
    • Category number: P-003
    • Category name: Geo
  • Processing
    • Processing entity: Nasqueron Operations SIG
  • Data collected
    • Who are concerned? Users of geo.nasqueron.org
    • Personal data type: IP, exact location, nickname
    • Datasource: given by the person concerned, collected through application clients
    • Goals: offer geolocation services
    • How long data is kept?
      • Hauk: as a sensible data, location is only kept as long as the person shares geolocation during a session, and deleted immediately afterwards ; the maximum duration of a session is 24 hours
      • IP at proxy level: see P-002
  • Security:
    • ACL. Only Nasqueron Operations SIG members can access the Docker engines where the service runs.
    • Storage.
      • Cache. The sensible geolocalisation part is never stored on disk, only on RAM through Redis or memcached, configured to disable swap. Cache isn't exposed directly on Internet. Any deployment is automated and restart the services, destroying currently stored information. Access to the servers is restricted to Nasqueron Operations SIG members, with a protection by SSH keys.
      • Backup. No backup of the exact location or nickname. For logs, see P-002.
    • Transfers of data. Data is kept in servers located in the European Economic Area (EEA).
  • Policy: Privacy/Geo