FeministWiki:Privacy policy

From FeministWiki
Revision as of 15:39, 22 October 2020 by Technician (talk | contribs)
Jump to navigation Jump to search

Privacy Policy

The entity responsible in the context of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

FeministWiki gemeinnützige UG (haftungsbeschränkt)
Richard-Wagner-Str. 25
DE-35321 Laubach

District court Giessen, HRB 10100

Legal correspondent: Taylan Ulrich Kammer

Email: info@feministwiki.org

Your rights as a data subject

You can exercise the following rights at any time using the contact details of our data protection officer:

  • Information about your data stored by us and their processing (Art. 15 GDPR),
  • Correction of incorrect personal data (Art. 16 GDPR),
  • Deletion of your data stored by us (Art. 17 GDPR),
  • Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
  • Objection to the processing of your data by us (Art. 21 GDPR) and
  • Data portability, provided you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR).

If you have given us your consent, you can revoke it at any time with effect for the future.

You can contact a supervisory authority with a complaint at any time, e.g. to the responsible supervisory authority of the federal state of your place of residence or to the authority responsible for us as the responsible body.

A list of the supervisory authorities (for the non-public area) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Changes to our privacy policy

We reserve the right to adapt this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration will then apply to your next visit.

Embedded content from other websites

Articles on this website may refer to other content (links).

These websites can collect data about you, use cookies, embed additional tracking services from third parties and your interaction with the embedded content, if you have an account and are logged in to this website.

Liability for content

The articles that can be called up on the website are for general information only and not for advice in specific cases. We endeavor to ensure that all information and data contained on the website are correct and up to date in accordance with Section 7 (1) of the German Telemedia Act. For the correctness, completeness, up-to-dateness or quality of the information and data provided, no guarantee is given according to Sections 8 to 10 of the Act. Liability for the content of the information that can be accessed is excluded unless it is intentional or grossly negligent incorrect information. Obligations to remove or block the use of information under general law remain unaffected. Liability in this regard is only possible from the point in time at which we become aware of a specific legal violation. As soon as we become aware of such legal violations, we will remove this content immediately.

Liability for links

We are not responsible for the content of websites that can be reached via a hyperlink. The operators of the linked pages are solely responsible for their content. We expressly do not adopt the content of these Internet pages as our own and can therefore not guarantee the correctness, completeness and availability of the content. When the link was first established, we checked the third-party content to see whether it might trigger civil or criminal liability. However, we are not obliged to constantly check the content to which we refer in our offer for changes that could give rise to new responsibility. Only if we discover or are informed by others that a specific offer to which we have provided a link triggers civil or criminal liability, we will remove the reference to this offer, insofar as this is technically possible and reasonable for us.


The content and works on this website created by the operator of this website are subject to German copyright law. All contributions from third parties are marked as such. The duplication, processing, distribution and any kind of exploitation outside the limits of copyright require the written consent of the respective author or creator. Copies of these pages are only permitted for private use, but not for commercial purposes.

Data protection

As a rule, our website can be used without providing personal data. Insofar as personal data (e.g. name, address or email address) is collected on our website, this is always done on a voluntary basis as far as possible. These data will not be passed on to third parties without your express consent.

In connection with your access, data is temporarily stored in our server for the purpose of data security, which may allow identification (website visited, time of access, amount of data sent in bytes, source / reference from which you came to the page, browser used, operating system used, visible IP address). The data collected are only used for statistical evaluations. However, we reserve the right to check server log files retrospectively if there are concrete indications of illegal use. An evaluation, with the exception of statistical purposes in anonymous form, does not take place.

In lay terms

This section does not constitute a legal privacy policy. This is an honest summary of everything you might want to know about the FeministWiki and privacy, explained in lay terms instead of legalese.

Data stored by the FeministWiki could be split in two categories: data stored about your account, and data generated by your usage of FeministWiki services like opening pages, editing pages, using the chat system, or uploading files.

Account data

At its core, the FeministWiki doesn't save anything about you other than your chosen username, a "cryptographic hash" of your current password, and the username of the member who added you. In addition, it can save an e-mail address and a "display name" of your choosing, if you enter these in the account settings page or provide them in the account request form. A detailed listing of all data stored in relation to your FeministWiki account follows.

The username

Your username doesn't need to correspond to your real identity in any way. If it does, note that other members can see it in some places such as the list of names in the chat service. It's almost impossible to keep 100% of malicious people from getting a FeministWiki membership, so a malicious person could end up seeing your username too. Furthermore, if you edit the wiki, post on public parts of the forum, publish a FeministWiki blog post etc., then your username will be publicly visible. If this is a problem for you, please contact the technician to change your username to one that doesn't relate to your real identity.

The password

Your password is not saved in plain text. Rather, a "salted SHA1 hash" of your password is saved. In layperson terms, this means: even in case of a data leak, attackers won't immediately know your password, though it's technically possible for them to figure it out if they spend a lot of time processing the leaked data. For this reason, the password you use here should not be a very important one, such as the password you use for online banking. (This issue applies to almost all websites that use passwords; the FeministWiki is not any less secure in this regard than other websites.) All FeministWiki services use encrypted communication, so your password doesn't travel over the network in plain text either.

The member who added you

The username of the FeministWiki member who created your account is visible to the technician, if she/he cares to look it up from the internally kept database.

Your regular e-mail address

In the account settings, you can set an e-mail address that should be associated with your FeministWiki account instead of the default address of (username)@feministwiki.org. (In the account request form, this corresponds to the address you provide in the first e-mail input field.) While this address won't be listed publicly anywhere, it's possible that other FeministWiki members may see it. Given that it's practically impossible to keep out 100% of malicious persons from getting a FeministWiki member account, you should consider the risk that a malicious person will see this e-mail address. As such, consider not providing one and just using the (username)@feministwiki.org address provided by the FeministWiki, or providing one that cannot be traced to your real identity, if keeping your identity hidden is important to you.

Your recovery e-mail address

Also in the account settings, you can provide a secondary, hidden e-mail address that will be used solely for account recovery in case you forget your FeministWiki password. This address is only visible to the technician. However, despite state of the art security measures, please note that a data leak can never be ruled out 100%, so if keeping your identity secret is very important to you, consider leaving this empty and instead taking good care of your password, or using an address that can't be traced to your real identity.

Data provided in the account request form

If you use the account registration/request form, if you leave out the primary e-mail address field, you are asked to fill out a secondary e-mail field so your account request can be responded to. While this address is not recorded in the member database (unless you explicitly opt in), it will appear in the automatic e-mail sent to admin@feministwiki.org. Likewise with the text you write in the "personal declaration" field of the form. The e-mail containing this data is stored on the mail server of the FeministWiki, meaning that the same data leak concerns as explained in the previous section might apply. That said, the technician will try to make sure that these e-mails are deleted after the account request is processed. (So far, a technical guarantee of this is not provided; this will come in a future rework of the account request system.)

Activity data

When you use any of the FeministWiki services, like visiting any part of the website, editing wiki pages, posting to the forum, sending chat messages, sending FeministWiki e-mail, uploading files, or writing or commenting on blog posts, you generate data that is stored on the server, some of which is also publicly shown. Details follow.

Visiting pages

Absolutely every web page of the FeministWiki that you visit (including forum, blogs, the on-site chat or email clients, etc.) generate an "access log" entry on the web server which contains your IP address, time of access, and optional information sent by your web browser. (Heads up: this is a standard feature of web servers and is done by every website you visit, unless they've specifically turned this function off, which is unlikely.) This helps with alleviating abuse of the website and searching for technical problems when for instance someone is getting error messages when trying to open pages.

Usually, your IP address cannot be traced back to your real identity, although it reveals the location of your internet service provider and therefore possibly an approximate geographic location. If this is an issue for you, please look into software such as the Tor Project or other ways to hide your IP address from websites you visit.

The FeministWiki will absolutely never reveal the contents of the access logs to anyone.

Editing the wiki

All individual edits made to the wiki (including talk pages and other types of special pages) are permanently recorded, with the username of the editor and the date and time of the edit. These records remain even if the page is later edited by someone else so thoroughly that none of the content written by you remains. This recording of all edits helps to resolve issues with vandalism by malicious editors. (E.g. if someone removes all content on a page and replaces it with garbage, the original content can be recovered in a few clicks, and the edit logs will show who did the vandalism.)

Note: This is a standard feature of the wiki software MediaWiki that is also used by Wikipedia.

Posting on the forum

Most sections of the forum are publicly visible. Your username will appear aside your forum post, as well as the date and time of the post. There are sections of the forum that are only visible to members, but please remember that it's difficult to keep out 100% of malicious persons from getting a FeministWiki account. All forum posts are also stored on the server, and data leaks may happen despite state of the art security measures.

Using the chat system

Chat messages sent through the FeministWiki chat service are only visible to the recipient(s) of the message. However, they are stored on the server to provide you your chat history when you log in to the chat with a different device. Ideally, don't ever send personal information through the FeministWiki chat service if you want it to remain absolutely secret.

Furthermore, any device you use to log in to the chat system leads to an access log entry to be stored by the software. This helps identifying the cause of technical problems, like when someone is having difficulties logging in.

Writing blog posts or comments

The blog posts as well as the comments beneath them are publicly visible, and have your username attached to them, as well as the date and time of the comment, much like public posts on the forum.

Uploading files to the file storage system

The files you upload to the FeministWiki file storage are private by default. You have the option of sharing them with others by creating a sharing link or making files or whole folders accessible to other members. Since the files are stored on the server however, you should ideally never upload any files with personal information that you want to keep absolutely secret.

Sending and receiving FeministWiki e-mail

The e-mails you send and receive with your (username)@feministwiki.org account are stored on the server. Ideally, don't send any e-mail that provides personal information which you want to keep absolutely secret.

Furthermore, any e-mail client software you've configered to automatically fetch your received FeministWiki e-mail leads to access log entries to be stored by the e-mail server whenever the software in question opens a connection to look for any incoming mail. This helps with identifying technical problems like when someone is having difficulty receiving their FeministWiki e-mail, and is a standard feature of all e-mail servers, meaning your regular e-mail provider is doing it as well.

Contact for further questions

Please contact technician@feministwiki.org if you have any privacy related concerns or questions that aren't answered above.