Search
View previous topic :: View next topic |
Author |
Message |
mario Site Admin
Joined: 03 Oct 2006 Posts: 7201
|
Posted: Fri Sep 20, 2019 6:56 am Post subject: Gixen user privacy and GDPR |
|
|
I started implemented routines for users to be able to delete their account and update / introduce the new Gixen privacy policy. Below is, in a nutshell, what I have in mind. As usual with Gixen, it's short and to the point, without difficult to understand lawyer language:
Privacy policy
Gixen may store the following information about users:
1) Personal information: Username, Name, Email, Address, eBay username, Transaction / Bid history, Payment history.
2) At the request of the user, the following information can be deleted: Username, Name, Email, Address (except country and zip/postal code), eBay username from all records in the Gixen database.
Note that bid and transaction history (e.g. payments made by user) will not be completely deleted for compliance, taxation, analytics and statistics reasons. They will, however, be made unidentifiable, e.g. upon account deletion Gixen will still know it made a bid on an auction, but not on whose behalf. Likewise, it will know the amount of payment made to Gixen, the country and zip code of the payer, but not his/her name, email address, full postal address, username or eBay username. Gixen has no way from deleting payment information on the payment processor side (e.g. paypal), only from its own database.
I am open to suggestions and comments before this is implemented. The introduction of this is necessary to comply with GDPR (https://en.wikipedia.org/wiki/General_Data_Protection_Regulation), but Gixen will extend its benefits to all users, EU citizens or not. |
|
Back to top |
|
|
Robyn Guest
|
Posted: Fri Sep 20, 2019 8:25 pm Post subject: |
|
|
Looks good man[/i] |
|
Back to top |
|
|
Cels Guest
|
Posted: Fri Sep 20, 2019 8:50 pm Post subject: GDPR policy |
|
|
Good to hear you're implementing GDPR.
Will you provide a means for Gixen users to inspect/check their information held by Gixen - such as name, address, payment history ? |
|
Back to top |
|
|
linencupboard Guest
|
Posted: Fri Sep 20, 2019 11:41 pm Post subject: GDPR compliance |
|
|
Sounds plain & simple to me - perfect |
|
Back to top |
|
|
Gixen Advertisements
|
Posted: Fri Sep 20, 2019 11:41 pm Post subject: GDPR compliance |
|
|
|
|
Back to top |
|
|
Twig45 Guest
|
Posted: Fri Sep 20, 2019 11:47 pm Post subject: Your Announcement |
|
|
Seems great to me. |
|
Back to top |
|
|
PK Guest
|
Posted: Sat Sep 21, 2019 12:27 am Post subject: Re: GDPR policy |
|
|
Cels wrote: | Good to hear you're implementing GDPR.
Will you provide a means for Gixen users to inspect/check their information held by Gixen - such as name, address, payment history ? |
I think you will probably need to do this to comply with GDPR. GDPR is an absolute pain for those that have to register.
Whatever you have to do to keep the great Gixen service going is fine with me and really appreciate you keeping those conditions in the statement short and sweet. So nice to actually be able to read them rather than have 183 pages just to scroll through and press an agree button.
Good man, keep smiling. |
|
Back to top |
|
|
Frans Guest
|
Posted: Sat Sep 21, 2019 3:17 am Post subject: |
|
|
GDPR was introduced in Europe to fake a commitment of the EU towards protection of data. It's a big hassle for smaller companies and doesn't really touch bigger companies whose business model is the misuse of data, like Facebook, Google, Amazon, etc.
It has a few loopholes in it to enable european attorneys to issue billable warning letters, that aspect is stricly a business model, as the whole process of lawmaking in the EU basically is steered by whatever the biggest lobbying group in that field is.
So my 2 cents advice is to keep it simple and transparent and maybe use one of the disclaimer texts for GDPR you can find at the websites of law universities for use on websites. |
|
Back to top |
|
|
funkmiester Guest
|
Posted: Sat Sep 21, 2019 3:35 am Post subject: GDPR |
|
|
ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/
I do data and analytics in the UK for a living. It's not hard. There are 7 principles and being a good service you comply with most of them in the way that Gixen works.
1) Lawful, fair and transparent-> you tell people what you do, you share how it works and are totally transparent- we trust you.
2) purpose limitation-> you only use the least amount of information to do the job that is required.
3) Data Minimisation-> likewise
4)Accuracy-> You can prompt people to update their details and, as users we can update our details when we want.
5) Storage limitation-> delete when a user leaves you don't retain any information
6) Integrity and Limitation-> Keep the info secure. Delete all details on request/account termination.
7) Accountability-> you are very open of who you are and how Gixen works so we know how to contact you (like now).
Finally is Consent. I signed up soooo long ago (years and years) I've no idea what the sign up process is now. All you have to do is ask for consent that you collect the limited info you do, to make Gixen work. You promise to store it securely and delete it on request/account termination. We, then, as users consent for Gixen to work in the way it does.
It seems overly bureaucratic for something like Given but it has genuine purpose. In the UK the Information Commissioners Office (ICO) have been handing out BIG fines to companies who take personal data and don't look after it (leaks/hacks, especially compounded by shit security/Bad internal practice) or use it for nefarious purposes (Cambridge Analytica/Facebook).
They are particularly vicious (quite rightly) with companies who try to cover up hacks/leaks.
If you ever have a data breach the best thing is to inform the ICO immediately they will probably advise how to let other partner organisations in other countries know. I've no idea about legal jurisdiction. The other thing they look for is if you have a plan in case of breach and whether you followed it. IT's basic good practice anyway. Think about the issue in advance, set a plan, follow the plan. |
|
Back to top |
|
|
atreyu Guest
|
Posted: Sat Sep 21, 2019 5:26 pm Post subject: |
|
|
Amazon keeps everyone's information forever, so does Bonanza, eBay, and PayPal. How do they get away with it? My son's seller privileges were taken away in 2009, and in 2016, SEVEN years later, he signed up to sell again with a new address, a new bank account, but using his same name, and they knew it was him and canceled his seller status only days after starting. That would mean they are keeping information on him. Not cool! |
|
Back to top |
|
|
MattBadger Guest
|
Posted: Sun Sep 22, 2019 2:57 am Post subject: |
|
|
Firstly, just to say that I love Gixen and really appreciate how it's run.
Second, a very minor comment on retaining postcodes but not the full postal address. For numerous postcodes especially in dispersed or rural areas (including ours) there's only one address under a particular postcode, so retaining the postcode inadvertently retains the full identifiable address. Not sure if that just presents a technical non-compliance with the data regs, or is even more pedantic than the regs themselves! If the former, then perhaps truncate the retained postcode to just the first half, or first five characters, etc. |
|
Back to top |
|
|
Someone Guest
|
Posted: Sun Sep 22, 2019 2:58 pm Post subject: GDPR |
|
|
Your final sentence says "Gixen has no way from deleting payment information on the payment processor side" - I think the word "from" is inappropriate and that you really mean the word "of" instead. |
|
Back to top |
|
|
booksandall Guest
|
Posted: Mon Sep 23, 2019 8:53 am Post subject: GDPR |
|
|
Hello Mario and thanks.
The main point of GDPR is to give the person/user ownership of their personal data. I think that you ought to give users the right to opt out of any use of personalized data for any purpose. I am sure that you will want to use aggregated data for your own research. However, I would prefer that you didn't sell my data to Google or whoever.
You provide a great service. Keep up the great work. Many thanks.
All the best. |
|
Back to top |
|
|
mario Site Admin
Joined: 03 Oct 2006 Posts: 7201
|
Posted: Mon Sep 23, 2019 11:18 am Post subject: |
|
|
Thank you all for the useful suggestions, I will do my best to implement all suggestions. |
|
Back to top |
|
|
andytate Guest
|
Posted: Tue Sep 24, 2019 5:16 am Post subject: Re: Gixen user privacy and GDPR |
|
|
mario wrote: |
Gixen may store the following information about users:
1) Personal information: Username, Name, Email, Address, eBay username, Transaction / Bid history, Payment history.
2) At the request of the user, the following information can be deleted: Username, Name, Email, Address (except country and zip/postal code), eBay username from all records in the Gixen database.
|
Do you think that in 2) above it should read "Personal information" as it does in paragraph 1) rather than just "information" as it does currently? This I think then helps in the distinction with the information that the following paragraph (un numbered) is talking about is NOT personal information. |
|
Back to top |
|
|
BLAGBOX Guest
|
Posted: Fri Sep 27, 2019 12:06 am Post subject: Re: GDPR |
|
|
funkmiester wrote: | ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/
I do data and analytics in the UK for a living. It's not hard. There are 7 principles and being a good service you comply with most of them in the way that Gixen works.
(7 point explanation follows). |
Thank you for that clear and consistent summary, much appreciated - you clearly don't work for Facebook, Twitter or any of the other Social media data harvesters, nor the other internet behemoths who have regularly been shown to be either riding roughshod over GPDR or at the very least bending the rules for nefarious reasons.
I trust Mario / Gixen implicitly with my data, but I'm sure it could be open to abuse, by being passed onto 3rd parties, and we all know that when a company says that your data will NOT be passed onto 3rd parties they are in the majority of cases lying through their teeth.
I'm a UK citizen, and far from Data-Paranoid - I'm quite happy for Internet related companies that I SIGN UP to to hold basic data such as name and address, emai and maybe bank/card details but ONLY where some kind of financial transaction is required. However unless the company is delivering a physical product, there is no need for them to require a telephone number for example, and very rarely is your age - or even age bracket justifiably needed, unless purchasing an age-restricted product.
In Gixen's case the financial transaction is for Subscription/Membership purposes, for an online shopping site whether it be an individual store or a giant like eBay, it may be for physical purchases.
Where I, and I suspect most people who have an issue with our data use, have concerns is once that data leaves the site for which it was given, and is used for purposes which we have not agreed.
The whole area of analytics needs far tighter control. It is fine for example for a company to monitor buying trends amongst their customers or more specifically, an online retailer - such as Amazon to suggest further items based on your own purchase history but the far wider use of selling, or even sharing, our data onto third parties without our knowledge or specific consent (as Facebook so blatantly does) is at the very basest level morally wrong and frequently now, under GPDR, illegal.
I do not, and never will have a Facebook or Twitter account, as I wouldn't trust them to help my Grandmother across the road without asking her how old she was, where she shopped, who she voted for and what role did she play in the last war!!
Yes GPDR is a pain for businesses - and for individuals, having to constantly give consent for cookies etc, but when handled simply, with good intentions, as Mario's open-ness and communications demonstrates it is at least a step in the right direction. It could be worse - I could live under a President who deems Twitter an appropriate platform to govern from, whilst trying to manipulate his rivals' data at the same time as suppressing his own, and the Truth.
Keep up the good work Mario, and stay honest. There's too few good guys left. |
|
Back to top |
|
|
rszemeti Guest
|
Posted: Fri Feb 28, 2020 5:42 am Post subject: GDPR |
|
|
One thing you shoudl do for GDPR compliance and to minimise your risk, is to delete users who have not used the service for some time ... the GDPR requires that "must only retain personal data for as long as you need it for the stated purpose" ... if a user has not logged in for say, 3 years (pick a number... ) it is better to clear the account. It helps you comply with the GDPR and it is one less user to worry about if there is a data breach ... |
|
Back to top |
|
|
mario Site Admin
Joined: 03 Oct 2006 Posts: 7201
|
Posted: Thu Mar 05, 2020 9:08 pm Post subject: |
|
|
Just to confirm - Gixen does not pass user data to any third party, except to eBay and law enforcement in case of fraud or other crime committed.
If this ever changes, I will ask for explicit user permission and indicate clear purpose. At the moment nothing comes to my mind that would require it, and there are no such plans. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|
|
© 2006 - 2023 Gixen.com. Forum powered by phpBB © 2001, 2005 phpBB Group.
|
|