Skip to content

Latest commit

 

History

History
159 lines (101 loc) · 17.4 KB

privacy.md

File metadata and controls

159 lines (101 loc) · 17.4 KB
title layout Intro Text Page Contact
Privacy Policy
page
Our privacy policy covers what personal data we collect, how we use personal data, and the options that you have regarding the collection and use. Keep reading to learn more.
Label Text Contact Email
Contact HOT
Have a question about the Privacy Policy?

Privacy Policy

Last Modified: 24 September, 2020 (source on Github)

Humanitarian OpenStreetMap Team (“HOT,” “we,” “us,” or “our”) is committed to protecting the privacy of those who visit our websites and use our services. This Privacy Policy describes (1) the types of information we collect about you (sometimes called “personal information”) when you access or use our websites (including www.hotosm.org, tasks.hotosm.org, export.hotosm.org, and openaerialmap.org), applications, products, services, and tools (collectively, the “Services”); (2) how we use the information we collect from you; and (3) your choices regarding how we use or share that information.

We want to try to make this Privacy Policy as accessible and useful to our visitors as possible. With that in mind, we’ve provided a high-level overview below to give you a general sense of what data we collect and how we use it. If you would like more details, however, we encourage you to keep reading past the overview. And if you have questions about our policies, you can contact us here.

Overview

In general, we collect information about the actions that you take on the Services, and we use this information to provide the Services to you. You can access some of the Service features without creating an account or providing us with personal information. However, if you set up an account with us, you’ll need to provide us with contact information, such as your email, so that we can communicate with you and provide you with information about the Services. Additionally, we use Matomo, an open source web analytics tool, to help us analyze data on website traffic and page views. We take steps to protect the personal information you provide us, such as by limiting access to the information to trained staff and designated volunteers, and only sharing your information as needed to provide the Services to you. We also provide you with certain choices regarding your personal information, and we aim to honor your preferences.

This Privacy Policy Contains the Following Sections:

  1. Information We Collect From You and How We Collect It

  2. How And Why We Use the Information We Collect

  3. How and When We Share Information

  4. How We Protect Your Information

  5. Your Choices Regarding Your Personal Information

  6. Third-Party Websites and Services

  7. Children’s Privacy

  8. Modifications to This Privacy Policy

  9. How to Contact Us


Information We Collect From You and How We Collect It

Depending on how you use the Services and its features, we or third parties working on our behalf may collect information about you (sometimes referred to as “personal information”). The type of personal information we collect from or about you may include: name, address, country, email address, gender, social media account information, OpenStreetMap (“OSM”) account information, and any other information you choose to provide to us. We may also collect information about the device you are using, such as the device’s IP address.

We may collect this information when you:

  • Register an account with us;
  • Contact us through the website or send an email to customer support;
  • Create a public profile;
  • Use HOT websites or applications, such as the Tasking Manager, OSM Export Tool, and/or OpenAerial Map;
  • Import OpenStreetsMap content to HOT Services;
  • Sign up for our mailing list or newsletter;
  • Publish content to a HOT-hosted messaging platform such as Slack, Github, or our mailing list;
  • Provide answers to a survey;
  • Connect with us via social media platforms;
  • Apply for employment or an internship with us;
  • Make a donation to us via Donately, PayPal, or Venmo; and
  • Use various functions of the Services.

Information Collected from Third Parties

We may also collect information about you from third parties. In particular, if you have an OSM account, we may receive your user ID and display name for that account and information regarding your actions on OSM. Additionally, if you choose to authenticate your HOT account using a social media account (e.g., Facebook or Google), we may collect, store, and use information you make available through that social media account, including any information that you have authorized the social media service to share with organizations like us, or that is necessary for the sign-in process. Please see your social media service provider’s privacy policy for more information about the data it shares when you initiate these connections. We treat any personal information we receive from these third parties consistent with this Privacy Policy.

Cookies and Similar Technologies

When you use the Services, we, or third parties operating on our behalf, use cookies and similar technologies to collect information about the features that you access and use, and about the browser and computer or device you use to access the Services. A cookie is tiny file that a website stores on a visitor’s computer or device, and that the visitor’s browser provides to the website each time the visitor returns. HOT uses cookies to help us understand and remember your preferences based on your previous or current site activity and make the Services more easily navigable and useful for you. We also use cookies to help us monitor and track how the features of the Services are being used, evaluate the effectiveness of email campaigns, and to communicate volunteer opportunities that may be of interest to you. We use Matomo, an open-source website analytics tool, across the Services to help us collect the following information:

  • Log Information: information about visitors to the Services, including IP address, operating system, and browser ID.
  • Usage Information: information about how visitors interact with the Services, including information about what webpages on the Services were visited and for how long, the website the visitor navigated to the Services from, and the actions taken while using the Services.

How to Refuse the Use of Cookies

Most browsers include tools to help you manage cookies. For example, you should be able to choose to have your browser warn you each time a cookie is being sent, or you can choose to turn off (i.e., refuse to accept) all cookies. Each browser is different, however, so please consult your browser’s “Help” menu to learn the correct way to modify how your browser handles cookies. You can find more information about cookies and how to disable cookies at www.allaboutcookies.org.

Keep in mind that we need certain information in order for the Services to function properly. If you disable cookies, you may no longer be able to use or access some features of the Services.

How And Why We Use the Information We Collect

Purposes for Using Information

HOT may use your information in the following ways:

  • To provide the Services to you (for example, when you register an account with the Tasking Manager, HOT uses your information to provide you with the coordination services to conduct remote mapping with thousands of other volunteers);
  • To improve the Services in order to better serve you (for example, HOT collects and analyzes information on how visitors use various features of the Services, and uses that data to make improvements to the Services);
  • To communicate with you, respond to your communications with us, or to provide you with technical support;
  • To enable to you to access certain features, such as Tasking Manager, that require account authentication;
  • To monitor and prevent any problems with the Services;
  • To detect, investigate, and prevent activities that may violate our policies or be illegal;
  • To serve our legitimate business purposes;
  • To comply with our legal obligations; and
  • To process your donation.

We may also maintain and use information in de-identified or aggregated forms that do not identify you. We will retain your information for no longer than is necessary for the purposes for which it is processed.

Payment Processing

When you make a donation to HOT, your payment information is processed by third-party donation and payment processing services, Donately and Stripe, which are compliant with the Payment Card Industry Data Security Standards. HOT does not see, use, or retain your payment information. The payment information you submit is securely collected and used by Donately and Stripe in accordance with their privacy policies. More information on Stripe’s privacy practices is available here: https://stripe.com/us/privacy; and on Donately’s privacy practices is available here: https://donately.com/privacy-policy/.

Legal Bases for Collecting and Using Information

For those visitors whose personal information is subject to EU data protection laws, the legal bases for processing your information as set out in this Privacy Policy are as follows: (1) The processing is necessary in order to fulfill our contractual commitments to you; (2) The processing is necessary for us to comply with a legal obligation; (3) We have a legitimate interest in processing your information – for example, to provide and update our Services, to improve our Services so that we can offer you an even better user experience, to safeguard our Services, to communicate with you, to measure, gauge, and improve the effectiveness of our services, and better understand user retention and attrition, to monitor and prevent any problems with our Services, and to personalize your experience; or (4) You have given us your consent – for example before we place certain cookies on your device and access and analyze them later on.

How and When We Share Information

We may share information about you in limited circumstances for the purposes described in this Privacy Policy and with appropriate safeguards on your privacy and the security of your personal information. In particular:

  • Service admins or project managers: Depending on the Services used, administrators, project managers, or other authorized users, which may include HOT employees or designated volunteers working on HOT’s behalf, may have access to your username, email address, or other personal information.
  • Independent contractors or vendors: We may disclose information about you to independent contractors vendors, and/or other third parties working on our behalf in connection with providing you the Services. We require all third parties that have access to your personal information to handle it consistent with this Privacy Policy.
  • Partners, affiliates, or other third parties in connection with a merger, acquisition, or change in leadership: In the event HOT merges with or is acquired by another organization, or undergoes a restructuring, change in leadership or other similar significant organizational change, we may disclose and transfer your personal information to authorized third parties in connection with that event.

How We Protect Your Information

We use appropriate administrative, technical, and physical measures designed to prevent unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss of personal information.

Although we exercise reasonable care in providing secure transmission of information and storage of the information provide us through the Services, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure. Accordingly, we cannot ensure or warrant the security of any information you transmit to us.

Your Choices Regarding Your Personal Information

Certain local laws establish rights for consumers who are subject to their protections. For example, the European Union’s General Data Protection Regulation provides for the following rights for individuals whose data is collected in the EU:

  • Right to request access to your personal data;
  • Right to request correction or deletion of your personal data;
  • Right to object to our use and processing of your personal data;
  • Right to request that we limit our use and processing of your personal data; and
  • Right to request portability of your personal data.

While these rights are not absolute – e.g., we do not have to delete your data if we need the data for compliance with a legal obligation – and they are not legally required in every jurisdiction in which we collect data, HOT wants to make it easy and straightforward for all our users to enjoy these rights, we provide you the ability to exercise certain controls regarding our collection, use, and sharing of your information. Consistent with that approach, we provide you with several choices when it comes to information about you:

  • Opt-Out of Electronic Communications: You may opt out of receiving messages from HOT depending on the Services used. Just follow the instructions in those messages. If you opt out of receiving marketing messages from us, we may still send you other non-commercial messages, like those about your account and legal notices.
  • Do Not Track: HOT responds to “do not track” signals across all of our Services, so you may elect to use this signal in your browser settings.
  • Set Your Browser to Reject Cookies: As mentioned above, you can usually choose to set your browser to remove or reject browser cookies before using HOT’s services, with the drawback that certain features may not function properly without the aid of cookies.
  • Close Your Account: If you created a profile or account with us, you can contact us at [email protected] to request that we close a specific HOT account and/or profile. Please keep in mind that we may continue to retain and use your information after you close your account as described in this Privacy Policy. For example, we may use your information if reasonably needed to comply with (or demonstrate our compliance with) legal obligations, or as reasonably needed for our legitimate business interests.

If you have any questions or otherwise would like to contact us about one of these rights, you can email [email protected] to ask a question or request to exercise one of your rights. We will consider all requests and provide our response within the time period stated by applicable law. We may request you provide us with information necessary to confirm your identity before responding to your request – this is solely to protect you, and we will not use any of the information you provide us to confirm your identity for anything other than confirming your identity. In some functions of the Services you may exercise these controls via your account settings in addition to contacting us at the email address above. However, not all of our Services allow you to access, correct, or delete your personal data within your account settings. If applicable, you can make a complaint to the government supervisory authority of your jurisdiction.

Third-Party Websites and Services

The Services may include links to third-party websites and services that are not owned or controlled by us, such as GitHub, Slack, Venmo, PayPal, or social media platforms like Twitter, Facebook, and LinkedIn. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. If you choose to use any third-party websites or services, the collection, use, and disclosure of your information on those websites will be subject to the privacy policies of these websites and services.

Children’s Privacy

We encourage youth to volunteer with HOT under the supervision of their parent or guardian, and are committed to protecting the privacy of children who use our Services. We do not knowingly collect personal information from children under 16. However, depending on how you use the Services, we may collect and use information about your child that you provide to us. Before we collect any such information, we will seek your permission. If we become aware we are processing the data of a child under the age of 16 without parental consent, we will take reasonable steps to delete such information as required under applicable laws. If you believe we might have personal information from or about a child under 16, please contact us at [email protected].

Modifications to This Privacy Policy

We may modify this Privacy Policy from time to time. All such changes will be reflected on this page and the date of revision will be noted at the top of the Privacy Policy. Please check the Policy periodically for updates.

How to Contact Us

If you have a question about this Privacy Policy, please contact us at [email protected]. Additional contact details are as follows:

1100 13th Street NW Suite 800 Washington, D.C. 20005