Username
Password
Login is SSL protected. By clicking on "Log in Now" you agree to gixen.com terms of usage.


   SearchSearch     

Gixen user privacy and GDPR

 
Post new topic   Reply to topic    Gixen.com Forum Index -> Announcements
View previous topic :: View next topic  
Author Message
mario
Site Admin


Joined: 03 Oct 2006
Posts: 7201

PostPosted: Fri Sep 20, 2019 6:56 am    Post subject: Gixen user privacy and GDPR Reply with quote

I started implemented routines for users to be able to delete their account and update / introduce the new Gixen privacy policy. Below is, in a nutshell, what I have in mind. As usual with Gixen, it's short and to the point, without difficult to understand lawyer language:

Privacy policy

Gixen may store the following information about users:

1) Personal information: Username, Name, Email, Address, eBay username, Transaction / Bid history, Payment history.

2) At the request of the user, the following information can be deleted: Username, Name, Email, Address (except country and zip/postal code), eBay username from all records in the Gixen database.

Note that bid and transaction history (e.g. payments made by user) will not be completely deleted for compliance, taxation, analytics and statistics reasons. They will, however, be made unidentifiable, e.g. upon account deletion Gixen will still know it made a bid on an auction, but not on whose behalf. Likewise, it will know the amount of payment made to Gixen, the country and zip code of the payer, but not his/her name, email address, full postal address, username or eBay username. Gixen has no way from deleting payment information on the payment processor side (e.g. paypal), only from its own database.



I am open to suggestions and comments before this is implemented. The introduction of this is necessary to comply with GDPR (https://en.wikipedia.org/wiki/General_Data_Protection_Regulation), but Gixen will extend its benefits to all users, EU citizens or not.
Back to top
View user's profile Send private message Send e-mail
Robyn
Guest





PostPosted: Fri Sep 20, 2019 8:25 pm    Post subject: Reply with quote

Looks good man[/i]
Back to top
Cels
Guest





PostPosted: Fri Sep 20, 2019 8:50 pm    Post subject: GDPR policy Reply with quote

Good to hear you're implementing GDPR.

Will you provide a means for Gixen users to inspect/check their information held by Gixen - such as name, address, payment history ?
Back to top
linencupboard
Guest





PostPosted: Fri Sep 20, 2019 11:41 pm    Post subject: GDPR compliance Reply with quote

Sounds plain & simple to me - perfect
Back to top
Gixen
Advertisements





PostPosted: Fri Sep 20, 2019 11:41 pm    Post subject: GDPR compliance

Back to top
Twig45
Guest





PostPosted: Fri Sep 20, 2019 11:47 pm    Post subject: Your Announcement Reply with quote

Seems great to me.
Back to top
PK
Guest





PostPosted: Sat Sep 21, 2019 12:27 am    Post subject: Re: GDPR policy Reply with quote

Cels wrote:
Good to hear you're implementing GDPR.

Will you provide a means for Gixen users to inspect/check their information held by Gixen - such as name, address, payment history ?


I think you will probably need to do this to comply with GDPR. GDPR is an absolute pain for those that have to register.

Whatever you have to do to keep the great Gixen service going is fine with me and really appreciate you keeping those conditions in the statement short and sweet. So nice to actually be able to read them rather than have 183 pages just to scroll through and press an agree button.

Good man, keep smiling. Very Happy
Back to top
Frans
Guest





PostPosted: Sat Sep 21, 2019 3:17 am    Post subject: Reply with quote

GDPR was introduced in Europe to fake a commitment of the EU towards protection of data. It's a big hassle for smaller companies and doesn't really touch bigger companies whose business model is the misuse of data, like Facebook, Google, Amazon, etc.
It has a few loopholes in it to enable european attorneys to issue billable warning letters, that aspect is stricly a business model, as the whole process of lawmaking in the EU basically is steered by whatever the biggest lobbying group in that field is.
So my 2 cents advice is to keep it simple and transparent and maybe use one of the disclaimer texts for GDPR you can find at the websites of law universities for use on websites.
Back to top
funkmiester
Guest





PostPosted: Sat Sep 21, 2019 3:35 am    Post subject: GDPR Reply with quote

ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/

I do data and analytics in the UK for a living. It's not hard. There are 7 principles and being a good service you comply with most of them in the way that Gixen works.
1) Lawful, fair and transparent-> you tell people what you do, you share how it works and are totally transparent- we trust you.
2) purpose limitation-> you only use the least amount of information to do the job that is required.
3) Data Minimisation-> likewise
4)Accuracy-> You can prompt people to update their details and, as users we can update our details when we want.
5) Storage limitation-> delete when a user leaves you don't retain any information
6) Integrity and Limitation-> Keep the info secure. Delete all details on request/account termination.
7) Accountability-> you are very open of who you are and how Gixen works so we know how to contact you (like now).

Finally is Consent. I signed up soooo long ago (years and years) I've no idea what the sign up process is now. All you have to do is ask for consent that you collect the limited info you do, to make Gixen work. You promise to store it securely and delete it on request/account termination. We, then, as users consent for Gixen to work in the way it does.

It seems overly bureaucratic for something like Given but it has genuine purpose. In the UK the Information Commissioners Office (ICO) have been handing out BIG fines to companies who take personal data and don't look after it (leaks/hacks, especially compounded by shit security/Bad internal practice) or use it for nefarious purposes (Cambridge Analytica/Facebook).
They are particularly vicious (quite rightly) with companies who try to cover up hacks/leaks.
If you ever have a data breach the best thing is to inform the ICO immediately they will probably advise how to let other partner organisations in other countries know. I've no idea about legal jurisdiction. The other thing they look for is if you have a plan in case of breach and whether you followed it. IT's basic good practice anyway. Think about the issue in advance, set a plan, follow the plan.
Back to top
atreyu
Guest





PostPosted: Sat Sep 21, 2019 5:26 pm    Post subject: Reply with quote

Amazon keeps everyone's information forever, so does Bonanza, eBay, and PayPal. How do they get away with it? My son's seller privileges were taken away in 2009, and in 2016, SEVEN years later, he signed up to sell again with a new address, a new bank account, but using his same name, and they knew it was him and canceled his seller status only days after starting. That would mean they are keeping information on him. Not cool!
Back to top
MattBadger
Guest





PostPosted: Sun Sep 22, 2019 2:57 am    Post subject: Reply with quote

Firstly, just to say that I love Gixen and really appreciate how it's run.

Second, a very minor comment on retaining postcodes but not the full postal address. For numerous postcodes especially in dispersed or rural areas (including ours) there's only one address under a particular postcode, so retaining the postcode inadvertently retains the full identifiable address. Not sure if that just presents a technical non-compliance with the data regs, or is even more pedantic than the regs themselves! If the former, then perhaps truncate the retained postcode to just the first half, or first five characters, etc.
Back to top
Someone
Guest





PostPosted: Sun Sep 22, 2019 2:58 pm    Post subject: GDPR Reply with quote

Your final sentence says "Gixen has no way from deleting payment information on the payment processor side" - I think the word "from" is inappropriate and that you really mean the word "of" instead.
Back to top
booksandall
Guest





PostPosted: Mon Sep 23, 2019 8:53 am    Post subject: GDPR Reply with quote

Hello Mario and thanks.

The main point of GDPR is to give the person/user ownership of their personal data. I think that you ought to give users the right to opt out of any use of personalized data for any purpose. I am sure that you will want to use aggregated data for your own research. However, I would prefer that you didn't sell my data to Google or whoever.

You provide a great service. Keep up the great work. Many thanks.

All the best.
Back to top
mario
Site Admin


Joined: 03 Oct 2006
Posts: 7201

PostPosted: Mon Sep 23, 2019 11:18 am    Post subject: Reply with quote

Thank you all for the useful suggestions, I will do my best to implement all suggestions.
Back to top
View user's profile Send private message Send e-mail
andytate
Guest





PostPosted: Tue Sep 24, 2019 5:16 am    Post subject: Re: Gixen user privacy and GDPR Reply with quote

mario wrote:


Gixen may store the following information about users:

1) Personal information: Username, Name, Email, Address, eBay username, Transaction / Bid history, Payment history.

2) At the request of the user, the following information can be deleted: Username, Name, Email, Address (except country and zip/postal code), eBay username from all records in the Gixen database.



Do you think that in 2) above it should read "Personal information" as it does in paragraph 1) rather than just "information" as it does currently? This I think then helps in the distinction with the information that the following paragraph (un numbered) is talking about is NOT personal information.
Back to top
BLAGBOX
Guest





PostPosted: Fri Sep 27, 2019 12:06 am    Post subject: Re: GDPR Reply with quote

funkmiester wrote:
ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/

I do data and analytics in the UK for a living. It's not hard. There are 7 principles and being a good service you comply with most of them in the way that Gixen works.
(7 point explanation follows).


Thank you for that clear and consistent summary, much appreciated - you clearly don't work for Facebook, Twitter or any of the other Social media data harvesters, nor the other internet behemoths who have regularly been shown to be either riding roughshod over GPDR or at the very least bending the rules for nefarious reasons.

I trust Mario / Gixen implicitly with my data, but I'm sure it could be open to abuse, by being passed onto 3rd parties, and we all know that when a company says that your data will NOT be passed onto 3rd parties they are in the majority of cases lying through their teeth.

I'm a UK citizen, and far from Data-Paranoid - I'm quite happy for Internet related companies that I SIGN UP to to hold basic data such as name and address, emai and maybe bank/card details but ONLY where some kind of financial transaction is required. However unless the company is delivering a physical product, there is no need for them to require a telephone number for example, and very rarely is your age - or even age bracket justifiably needed, unless purchasing an age-restricted product.

In Gixen's case the financial transaction is for Subscription/Membership purposes, for an online shopping site whether it be an individual store or a giant like eBay, it may be for physical purchases.

Where I, and I suspect most people who have an issue with our data use, have concerns is once that data leaves the site for which it was given, and is used for purposes which we have not agreed.

The whole area of analytics needs far tighter control. It is fine for example for a company to monitor buying trends amongst their customers or more specifically, an online retailer - such as Amazon to suggest further items based on your own purchase history but the far wider use of selling, or even sharing, our data onto third parties without our knowledge or specific consent (as Facebook so blatantly does) is at the very basest level morally wrong and frequently now, under GPDR, illegal.

I do not, and never will have a Facebook or Twitter account, as I wouldn't trust them to help my Grandmother across the road without asking her how old she was, where she shopped, who she voted for and what role did she play in the last war!!

Yes GPDR is a pain for businesses - and for individuals, having to constantly give consent for cookies etc, but when handled simply, with good intentions, as Mario's open-ness and communications demonstrates it is at least a step in the right direction. It could be worse - I could live under a President who deems Twitter an appropriate platform to govern from, whilst trying to manipulate his rivals' data at the same time as suppressing his own, and the Truth.

Keep up the good work Mario, and stay honest. There's too few good guys left.
Back to top
rszemeti
Guest





PostPosted: Fri Feb 28, 2020 5:42 am    Post subject: GDPR Reply with quote

One thing you shoudl do for GDPR compliance and to minimise your risk, is to delete users who have not used the service for some time ... the GDPR requires that "must only retain personal data for as long as you need it for the stated purpose" ... if a user has not logged in for say, 3 years (pick a number... ) it is better to clear the account. It helps you comply with the GDPR and it is one less user to worry about if there is a data breach ...
Back to top
mario
Site Admin


Joined: 03 Oct 2006
Posts: 7201

PostPosted: Thu Mar 05, 2020 9:08 pm    Post subject: Reply with quote

Just to confirm - Gixen does not pass user data to any third party, except to eBay and law enforcement in case of fraud or other crime committed.

If this ever changes, I will ask for explicit user permission and indicate clear purpose. At the moment nothing comes to my mind that would require it, and there are no such plans.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Gixen.com Forum Index -> Announcements All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

© 2006 - 2023 Gixen.com. Forum powered by phpBB © 2001, 2005 phpBB Group.