OSHWiki:Privacy policy

From OSHWiki
Revision as of 09:08, 13 December 2013 by palmerk (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The OSHwiki is an online open-content collaborative encyclopaedia that is a voluntary group of individuals working to develop a common resource of Occupational Safety and Health Knowledge.

Personal data is processed by the OSHwiki project team and, if needed by the OSHwiki Editorial Board, which may assist EU-OSHA in approving author applications in line with Regulation (EC) Nº 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data. Further details of the privacy policy of EU-OSHA and the full text of the Regulation can be assessed here.

Type of data processed and for what purposes

For readers and authors of the OSHwiki

The user’s IP address is collected and processed for the purpose of enabling the session. In addition, log files are created for each access to the website and contain the following information:

  • The user’s IP address
  • The date and time when the user’s request to access the website reached the web server
  • The requested URL
  • The HTTP return code served to the requester (the user)
  • The requester’s processing time
  • The requester’s user agent string.

The information from the log files is solely used for the purpose of producing anonymous statistics on the use of the OSHwiki containing the following aggregated data: total number of visits, countries of the users, duration of sessions, path followed by the users during the sessions).

Additional data processed for authors of the OSHwiki

The information processed when requesting an author account is:

  • An email address which is necessary to access the online application and edit the OSH wiki.
  • First and last name
  • Organisation
  • Professional experience in the field of expertise
  • Password: Many aspects of the OHSwiki’s community interactions depend on the reputation and respect that is built up through a history of valued contributions. User passwords are the only guarantee of the integrity of a user’s edit history. All users are encouraged never to share their passwords. No one shall knowingly expose the password of another user to public release either directly or indirectly.

The processing of this personal data is necessary to:

  • Be able to determine whether the person has the relevant expertise in the field to be able to provide reliable and up-to-date information on the OSHwiki;
  • Establish a list of authors of the OSHwiki to increase transparency and reliability of information provided. The information will not be re-used for an incompatible purpose;
  • To allow authors to create, access, manage their OSHwiki account and edit the OSH wiki.

Cookies

The OSHwiki will set temporary session cookies whenever you visit the site. These cookies are needed to allow the session. They will be deleted when you close your browser session. More cookies may be set when you log in, to avoid typing in your user name (or optionally password) on your next visit. These last up to 30 days. You may clear these cookies after use if you are using a public machine and don’t wish to expose your username to future users of the machine. (If so, clear the browser cache as well). Cookies do not contain any personal information about you and cannot be used to identify an individual user.

The processing of personal data as described above are legitimate as they allow EU-OSHA to fulfil its role as described in its Founding Regulations and Annual Management Plans and Work Programmes according to which EU-OSHA should have a leading role in disseminating .promoting and supporting exchange of information on health and safety and work and should implement an OSHwiki as one of the means to do so.

Recipients of the data processed

Access to the personal data is granted on the basis of the role and responsibilities of the subjects involved (“need to know” principle):

  • Duly appointed EU-OSHA staff to the OSHwiki project
  • Duly appointed members to the OSHwiki Editorial Board
  • External provider hosting EU-OSHA’s server
  • Legal Service, Civil Service Tribunal, the European Data Protection Supervisor, the European Anti-Fraud Office (OLAF), the European Ombudsman, the Court of Auditors, the Internal Audit Service, if applicable.

All the recipients mentioned are bound by above comply with Regulation (EC) Nº 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data. EU-OSHA will not disclose personal data about the authors to third parties without their specific request or unambiguous consent. EU-OSHA will not divulge personal data for direct marketing purposes.

The data subject’s rights

OSHwiki authors can access their personal information, verify its accuracy, delete it and correct it by sending an email to info@oshwiki.eu

Information on the conservation period of personal data

The information contained in the log files are kept for 2 years in EU-OSHA’s server hosted by an external provider. The additional data related to authors, which is inaccessible for external users, is kept until the author sends an email to info@oshwiki.eu requesting the deletion of the account.

Information security

We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption of communication and physical security measures to guard against unauthorised access to systems where we store personal data.

The Data Controller

The Data Controller means “the Community institution or body, the Directorate-General, the unit or any other organisational entity which alone or jointly with others determines the purposes and means of the processing of personal data” (Article 2(d), Reg. 45/2001). The Data Controller for the OSHwiki is the Head of the Communication and Promotion Unit, Andrew Smith (smith@osha.europa.eu).

Contact information

Should you have queries or complaints regarding the collecting, processing or use of your personal data, please contact the Data Protection Officer at DPO@osha.europa.eu. In case of conflict, complaints can also be addressed to the European Data Protection Supervisor