Do Not Track Compliance Policy <br>
<br>
Version 1.0<br>
<br>
This domain complies with user opt-outs from tracking via the "Do Not Track"<br>
or "DNT" header [http://www.w3.org/TR/tracking-dnt/].
This file will always<br>
be posted via HTTPS at https://example-domain.com/.well-known/dnt-policy.txt<br>
to indicate this fact.<br>
<br>
SCOPE<br>
<br>
This policy document allows an operator of a Fully Qualified Domain Name<br>
("domain") to declare that it respects Do Not Track as a meaningful privacy<br>
opt-out of tracking, so that privacy-protecting software can better determine<br>
whether to block or anonymize communications with this domain.
This policy is<br>
intended first and foremost to be posted on domains that publish ads, widgets,<br>
images, scripts and other third-party embedded hypertext (for instance on<br>
widgets.example.com), but it can be posted on any domain, including those users<br>
visit directly (such as www.example.com).
The policy may be applied to some<br>
domains used by a company, site, or service, and not to others.
Do Not Track<br>
may be sent by any client that uses the HTTP protocol, including websites,<br>
mobile apps, and smart devices like TVs.
Do Not Track also works with all<br>
protocols able to read HTTP headers, including SPDY.<br>
<br>
NOTE: This policy contains both Requirements and Exceptions.
Where possible<br>
terms are defined in the text, but a few additional definitions are included<br>
at the end.<br>
<br>
REQUIREMENTS<br>
<br>
When this domain receives Web requests from a user who enables DNT by actively<br>
choosing an opt-out setting in their browser or by installing software that is<br>
primarily designed to protect privacy ("DNT User"), we will take the following<br>
measures with respect to those users' data, subject to the Exceptions, also<br>
listed below: <br>
<br>
1.
END USER IDENTIFIERS: <br>
<br> a.
If a DNT User has logged in to our service, all user identifiers, such as<br> unique or nearly unique cookies, "supercookies" and fingerprints are <br> discarded as soon as the HTTP(S) response is issued.
<br>
<br> Data structures which associate user identifiers with accounts may be<br> employed to recognize logged in users per Exception 4 below, but may not<br> be associated with records of the user's activities unless otherwise<br> excepted.<br>
<br> b.
If a DNT User is not logged in to our service, we will take steps to ensure <br> that no user identifiers are transmitted to us at all.
<br>
<br>
2.
LOG RETENTION: <br>
<br> a.
Logs with DNT Users' identifiers removed (but including IP addresses and<br> User Agent strings) may be retained for a period of 10 days or less,<br> unless an Exception (below) applies.
This period of time balances privacy<br> concerns with the need to ensure that log processing systems have time to<br> operate.
that operations engineers have time to monitor and fix technical<br> and performance problems.
and that security and data aggregation systems<br> have time to operate.<br>
<br> b.
These logs will not be used for any other purposes.
<br>
<br>
3.
OTHER DOMAINS: <br>
<br> a.
If this domain transfers identifiable user data about DNT Users to<br> contractors, affiliates or other parties, or embeds from or posts data to<br> other domains, we will either: <br>
<br> b.
ensure that the operators of those domains abide by this policy overall<br> by posting it at /.well-known/dnt-policy.txt via HTTPS on the domains in<br> question,<br>
<br> OR<br>
<br> ensure that the recipient's policies and practices require the recipient<br> to respect the policy for our DNT Users' data.<br>
<br> OR <br>
<br> obtain a contractual commitment from the recipient to respect this policy<br> for our DNT Users' data.<br>
<br> NOTE: if an “Other Domain” does not receive identifiable user information<br> from the domain because such information has been removed, because the<br> Other Domain does not log that information, or for some other reason, these<br> requirements do not apply.<br>
<br> c.
"Identifiable" means any records which are not Anonymized or otherwise<br> covered by the Exceptions below.<br>
<br>
4.
PERIODIC REASSERTION OF COMPLIANCE: <br>
<br> At least once every 12 months, we will take reasonable steps commensurate<br> with the size of our organization and the nature of our service to confirm<br> our ongoing compliance with this document, and we will publicly reassert our<br> compliance.<br>
<br>
5.
USER NOTIFICATION: <br>
<br> a.
If we are required by law to retain or disclose user identifiers, we will<br> attempt to provide the users with notice (unless we are prohibited or it<br> would be futile) that a request for their information has been made in<br> order to give the users an opportunity to object to the retention or<br> disclosure.<br>
<br> b.
We will attempt to provide this notice by email, if the users have given<br> us an email address, and by postal mail if the users have provided a<br> postal address.
<br>
<br> c.
If the users do not challenge the disclosure request, we may be legally<br> required to turn over their information.<br>
<br> d.
We may delay notice if we, in good faith, believe that an emergency<br> involving danger of death or serious physical injury to any person<br> requires disclosure without delay of information relating to the<br> emergency.<br>
<br>
EXCEPTIONS<br>
<br>
Data from DNT Users collected by this domain may be logged or retained only in<br>
the following specific situations:<br>
<br>
1.
CONSENT / "OPT BACK IN" <br>
<br> a.
DNT Users are opting out from tracking across the Web.
It is possible<br> that for some feature or functionality, we will need to ask a DNT User to<br> "opt back in" to be tracked by us across the entire Web.
<br>
<br> b.
If we do that, we will take reasonable steps to verify that the users who<br> select this option have genuinely intended to opt back in to tracking.<br> One way to do this is by performing scientifically reasonable user<br> studies with a representative sample of our users, but smaller<br> organizations can satisfy this requirement by other means.
<br>
<br> c.
Where we believe that we have opt back in consent, our server will<br> send a tracking value status header "Tk: C" as described in section 6.2<br> of the W3C Tracking Preference Expression draft:<br>
<br> http://www.w3.org/TR/tracking-dnt/#tracking-status-value<br>
<br>
2.
TRANSACTIONS <br>
<br> If a DNT User actively and knowingly enters a transaction with our<br> services (for instance, clicking on a clearly-labeled advertisement,<br> posting content to a widget, or purchasing an item), we will retain<br> necessary data for as long as required to perform the transaction.
This<br> may for example include keeping auditing information for clicks on<br> advertising links.
keeping a copy of posted content and the name of the<br> posting user.
keeping server-side session IDs to recognize logged in<br> users.
or keeping a copy of the physical address to which a purchased<br> item will be shipped.
By their nature, some transactions will require data<br> to be retained indefinitely.<br>
<br>
3.
TECHNICAL AND SECURITY LOGGING: <br>
<br> a.
If, during the processing of the initial request (for unique identifiers)<br> or during the subsequent 10 days (for IP addresses and User Agent strings),<br> we obtain specific information that causes our employees or systems to<br> believe that a request is, or is likely to be, part of a security attack,<br> spam submission, or fraudulent transaction, then logs of those requests <br> are not subject to this policy.
<br>
<br> b.
If we encounter technical problems with our site, then, in rare<br> circumstances, we may retain logs for longer than 10 days, if that is<br> necessary to diagnose and fix those problems, but this practice will not be<br> routinized and we will strive to delete such logs as soon as possible.
<br>
<br>
4.
AGGREGATION:<br>
<br> a.
We may retain and share anonymized datasets, such as aggregate records of<br> readership patterns.
statistical models of user behavior.
graphs of system<br> variables.
data structures to count active users on monthly or yearly<br> bases.
database tables mapping authentication cookies to logged in<br> accounts.
non-unique data structures constructed within browsers for tasks<br> such as ad frequency capping or conversion tracking.
or logs with truncated<br> and/or encrypted IP addresses and simplified User Agent strings.<br>
<br> b.
"Anonymized" means we have conducted risk mitigation to ensure<br> that the dataset, plus any additional information that is in our<br> possession or likely to be available to us, does not allow the<br> reconstruction of reading habits, online or offline activity of groups of<br> fewer than 5000 individuals or devices.
<br>
<br> c.
If we generate anonymized datasets under this exception we will publicly<br> document our anonymization methods in sufficient detail to allow outside<br> experts to evaluate the effectiveness of those methods.<br>
<br>
5.
ERRORS: <br>
<br>
From time to time, there may be errors by which user data is temporarily<br>
logged or retained in violation of this policy.
If such errors are<br>
inadvertent, rare, and made in good faith, they do not constitute a breach<br>
of this policy.
We will delete such data as soon as practicable after we<br>
become aware of any error and take steps to ensure that it is deleted by any<br>
third-party who may have had access to the data.<br>
<br>
ADDITIONAL DEFINITIONS<br>
<br>
"Fully Qualified Domain Name" means a domain name that addresses a computer<br>
connected to the Internet.
For instance, example1.com.
www.example1.com;<br>
ads.example1.com.
and widgets.example2.com are all distinct FQDNs.<br>
<br>
"Supercookie" means any technology other than an HTTP Cookie which can be used<br>
by a server to associate identifiers with the clients that visit it.
Examples<br>
of supercookies include Flash LSO cookies, DOM storage, HTML5 storage, or<br>
tricks to store information in caches or etags.<br>
<br>
"Risk mitigation" means an engineering process that evaluates the possibility<br>
and likelihood of various adverse outcomes, considers the available methods of<br>
making those adverse outcomes less likely, and deploys sufficient mitigations<br>
to bring the probability and harm from adverse outcomes below an acceptable<br>
threshold.<br>
<br>
"Reading habits" includes amongst other things lists of visited DNS names, if<br>
those domains pertain to specific topics or activities, but records of visited<br>
DNS names are not reading habits if those domain names serve content of a very<br>
diverse and general nature, thereby revealing minimal information about the<br>
opinions, interests or activities of the user.<br>