Beleid met betrekking tot de toegang tot niet-publieke gegevens
 | This policy was published on 6 November 2018 and came into effect on November 15, 2018. For the previous version please see the previous version |
Dit is een gebruikersvriendelijke samenvatting van de toegang tot niet-publieke persoonlijke databeleid.
Disclaimer: Deze samenvatting is geen deel van de toegang tot niet-publieke persoonlijke databeleid en is geen juridisch document. Het is simpelweg een handige referentie voor het begrijpen van het volledige toegang tot niet-publieke persoonlijke databeleid. Zie het als de gebruikersvriendelijke interface.
Omdat we geloven dat de privacy van de Wikimediagemeenschap essentieel is, gemeenschapsleden met toegang tot niet-publieke persoonlijke data mogen alleen informatie openbaren onder bepaalde omstandigheden, zoals:
- Wanneer de gemeenschapsleden het nodig hebben om schade aan Wikimedia Sites te stoppen (zoals assistentie in het richten van IP-blokkades);
- When there is an immediate and credible threat of serious bodily harm;
- When the community members have the express permission of the user whose nonpublic personal data is to be disclosed; or
- Wanneer gevraagd door de wet.
Because we believe that safeguarding the privacy of the Wikimedia community is an important Wikimedia value, those who have access to nonpublic personal data need to:
- Be at least 18 years old (except email response team members, who must be at least 16 years old);
- Provide contact information; and
- Sign a confidentiality agreement.
Because we value the community members who take on this critical role in the safeguarding of the Wikimedia Sites and its users and want to protect their privacy, we promise to:
- Keep confidential and secure their contact information and confidentiality agreement
Doel
Wikimedia Sites (de Sites) is een product van de globale gemeenschap van vrijwillige bijdragers en bewerkers. Deze toegewijde groep van individuen schrijven en cureren niet enkel inhoud op de Sites, ze helpen ook om de veiligheid van de Sites en haar gebruikers te verzekeren, net als de nakoming van het toepasbare beleid. Om deze immense taak effectief te beheren, worden sommige gemeenschapsleden toevertrouwd met toegang tot een beperkt aantal niet-publieke informatie betreffende andere gebruikers. Bijvoorbeeld, een vertrouwd gemeenschapslid die "checkuser"-rechten heeft, zou deze rechten kunnen gebruiken om te onderzoeken of een gebruiker meerdere accounts gebruikt op een manier die niet overeenkomt met het Wikimedia-beleid. Het doel van dit "Toegang tot niet-publieke informatie"-beleid (het Beleid) is:
- explain the minimum requirements that must be met by any community member who has access to Nonpublic Personal Data;
- explain the rights and responsibilities of community members with access to Nonpublic Personal Data;
- ensure that community members with access to Nonpublic Personal Data understand and commit to maintaining the confidentiality of Nonpublic Personal Data; and
- provide guidelines to community members with access to Nonpublic Personal Data as to when they may access Nonpublic Personal Data, how they may use such information, and when and to whom they may disclose such information.
Community members covered by this Policy
This Policy applies to any community member to whom the Wikimedia Foundation has granted access to Nonpublic Personal Data covered by the Privacy Policy (“Designated Community Member”), including:
- Community members with access to any tool that permits them to view Nonpublic Personal Data about other users (such as the CheckUser tool) or members of the public (for example, through VRTS accounts);
- Community members with the ability to access content or Nonpublic Personal Data which has been removed from administrator view (such as the Suppression tool); and
- Volunteer developers with access to Nonpublic Personal Data.
For illustrative purposes only, some examples of Designated Community Members include: VRTS administrators, email response team members, and Stewards. This Policy does not apply to users whose rights only include the ability to view standard deleted revisions. This Policy also does not apply to Wikimedia Foundation employees or contractors who act in their professional capacity because they are already subject to other confidentiality agreements that are as or more protective than this Policy.
Minimumeisen voor leden van de gemeenschap die toegang vragen tot niet-openbare informatierechten
The following conditions are minimum requirements that all Designated Community Members must meet before being granted access to Nonpublic Personal Data ("access rights"). These conditions should also be considered requirements to be a candidate for any community-run selection process for a role that would convey such access rights. The community may require candidates for access rights to meet additional community-specified criteria on a case-by-case or role-by-role basis.
(a) Minumumleeftijd. We waarderen onze leden van de gemeenschap, hoe oud ze ook moge zijn. Echter, toegang tot niet-publieke informatie vereist volwassenheid vanwege verantwoordelijkheden die gepaard gaan met vertrouwelijkheidsverplichtingen. Om deze reden moet elk lid van de gemeenschap dat toegangsrechten aanvraagt:
- op zijn minst achtien (18) jaar of ouder zijn, met uitzondering leden van het e-mailreactieteam welke op zijn minst zestien (16) jaar of ouder zijn; en
- moeten zich bij de Wikimedia Foundation certificeren dat ze voldoen aan de minimumleeftijd die is vereist voor de rechten waarvoor ze zich aanmelden.
(b) Geldig, gekoppeld e-mailadres. Om ervoor te zorgen dat we contact kunnen opnemen met de personen die deze belangrijke rollen op zich nemen, moet elk lid van de gemeenschap die toegangsrechten aanvraagt:
- * de Wikimedia Foundation een geldig e-mailadres sturen;
- * beschikken over de account hebben waarop zij rechten aanvragen die gekoppeld zijn aan een geldig e-mailadres;
- * de complete verificatie van het verzonden en / of gekoppelde e-mailadres (zoals het reageren op een bevestigings-e-mail verzonden naar hun verzonden e-mailadres), indien hierom wordt gevraagd; en
- * de Wikimedia Foundation informeren over elke wijziging van hun e-mailadres binnen een redelijke termijn na een dergelijke aanpassing.
(c) Vertrouwelijkheid. Om ervoor te zorgen dat gemeenschapsleden met toegangsrechten begrijpen en zich hieraan houden, is het verplicht dat zij lezen en verklaren dat zij akkoord gaan met de vertrouwelijkheidsovereenkomst waarin wordt uiteengezet:
- wat leden van de gemeenschap moeten behandelen als vertrouwelijke informatie;
- wanneer ze toegang mogen hebben tot niet-openbare informatie;
- hoe gemeenschapsleden de niet-openbare informatie over andere gebruikers kunnen gebruiken;
- wanneer en aan wie zij de niet-openbare informatie mogen bekendmaken en hoe zij anders moeten onthouden van het openbaar maken van niet-openbare informatie aan iemand, behalve zoals toegestaan volgens toepasselijk beleid;
- hoe ze hun accounts moeten beschermen tegen ongeoorloofde toegang; en
- wanneer zij openbaarmaking van niet-openbare informatie aan derden moeten melden of van ongeoorloofde toegang, gebruik of openbaarmaking van niet-openbare informatie.
(d) Privacy. In consideration of the privacy of Designated Community Members, any personal information submitted by Designated Community Members to the Wikimedia Foundation as part of their application process or otherwise under this Policy is subject to the Wikimedia Foundation's Privacy Policy and Data Retention Guidelines.
(e) Submission timeline. Any community member who has been granted access rights at the time this Policy becomes effective must meet the requirements of Sections (a) - (c) of this Policy within ninety (90) calendar days of the date this Policy becomes effective. The Wikimedia Foundation may, at its sole discretion, extend the compliance period for individual community members as needed.
Any community member who has not met the requirements of Section (a) - (c) of this Policy by the deadline above should anticipate having their access rights revoked until they have submitted the required information.
Gebruik en openbaarmaking van niet-openbare informatie
Designated Community Members provide valuable services to the Sites and its users – they fight vandalism, respond to helpdesk emails, ensure that improperly disclosed private data is removed from public view, confirm license permissions, investigate sockpuppets, improve and debug software, and much more. But Designated Community Members’ use of access rights is limited to certain circumstances and contexts. This section elucidates the situations in which access rights may be used and Nonpublic Personal Data may be disclosed to third parties.
(a) Use of access rights and Nonpublic Personal Data. All Designated Community Members may only use their access rights and the subsequent information they access in accordance with the policies that govern the tools they use to gain such access. For example, community members with access to the CheckUser tool must comply with the global CheckUser Policy, and, unless they are performing a cross-wiki check, they must also comply with the more restrictive local policies applicable to the relevant Site. Similarly, community members with access to the Suppression tool may only use the tool in accordance with the Suppression Policy. When a Designated Community Member’s access to a certain tool is revoked, for any reason, that member must destroy all Nonpublic Personal Data that they have as a result of that tool.
(b) Disclosure of nonpublic information. In the course of keeping the Sites and its users safe, Designated Community Members must sometimes disclose Nonpublic Personal Data to third parties. Disclosures of Nonpublic Personal Data are limited to:
- (i) other Designated Community Members with the same access rights, or who otherwise are permitted to access the same Nonpublic Personal Data, to fulfill the duties outlined in the applicable policy for the access tool used;
- (ii) service providers, carriers, or other third party vendors to assist in the targeting of IP blocks or the formulation of a complaint to relevant Internet Service Providers;
- (iii) law enforcement, in cases where there is an immediate and credible threat of serious bodily harm;
- (iv) authorized parties, with the express permission of the user whose nonpublic information is to be disclosed; or
- (v) the public, when it is a necessary and incidental consequence of blocking a sockpuppet or other abusive account.
While Designated Community Members may disclose Nonpublic Personal Data to third parties under the circumstances described above, they are under no obligation by the Foundation to do so. Please note, however, if a Designated Community Member chooses to disclose in a situation covered by (ii), or (iv), or if they are required by law to disclose to law enforcement, administrative bodies, or other governmental agencies, they must secure written approval from the Wikimedia Foundation by emailing check-disclosure an explanation of the proposed disclosure at least ten (10) business days prior to such anticipated disclosure.
In the event that a Designated Community Member receives a request for Personal Data from law enforcement regarding a immediate and credible threat of bodily harm, as described above in (iii), and the Designated Community Member chooses to disclose Personal Data, they are permitted to do so without pre-authorization however that Designated Community Member should immediately contact check-disclosure with an explanation of the disclosure. If the Designated Community Member chooses not to disclose Personal Data in response to an emergency request from law enforcement, that Designated Community Member should immediately email emergency with details of the request so that it can be evaluated for possible Foundation disclosure.
All other formal and informal requests for user Nonpublic Personal Data (i.e. those not covered by one of the situations described above or those not acted upon by a community member with access rights), including subpoenas, from law enforcement, government agencies, attorneys, or other third parties should be directed to the Wikimedia Foundation’s legal department at legal.