Toggle navigation autistici.org <ul>
<li>Help</li>
<li>Policy</li>
<li>About</li>
<li>Dev</li>
<li>News</li>
<li>Donate</li>
</ul>
<ul>
<li>
<b>
</b>
</li>
<li>
<b>
</b>
<ul>
<li>Italiano</li>
<li>English</li>
<li>Deutsch</li>
<li>Français</li>
<li>Español</li>
<li>Català</li>
<li>Português</li>
<li>ελληνικά</li>
</ul>
</li>
<li>
<strong>Login</strong>
</li>
</ul> Privacy Policy
<p>April 13th, 2020</p>
<p>This document forms an integral part of the Terms of Services provided by A/I-ODV.</p>
<p>The following Privacy Policy applies to all the Services offered by the non-profit
association A/I-ODV (“A/I” or the generic subject “we”) to you (the User).
Through access to our platform and the use of our Services, you agree to this
Privacy Policy together with the other Terms of Services.
A/I Services include – but are not limited to - emails, websites, blogs,
mailing lists, newsletters, irc, jabber, anonymous remailer and the nym server.</p>
<p>This document sets forth the privacy practices of A/I describing what information
we collect, the use we make of such information and the security level we provide for
this purpose.
We acknowledge and respect your legitimate expectations of privacy
concerning any communication or data transiting or stored on our information systems,
this is why our work process is structured in order to collect only the minimum possible
amount of personal information necessary.
We do not sell, provide or rent to
third parties any of the data regarding the use of our Services.</p>
<p>A/I is located at the address Corso Italia n.115, Pisa 56125, Italy.</p>
<p>Reach us at associazione@ai-odv.org if you have any questions or concerns
about this Privacy Policy.</p>
Data Collection
<p>Our organization’s overriding policy is to collect as little user information as possible
to ensure a completely private and secure user experience when using the Services,
since such information may be used in different ways and against your interest, including
activities such as fraud, invasion of privacy, identity theft or others.
We also have no technical means to access your encrypted message contents.
Our processing
of your information is limited to temporarily storing it for you to use.</p>
<p>We retain only the bare minimum of information about each user that is required to make
the service work correctly.
We do not sell or share any of it.
We will not process any of
your incoming or outgoing mail other than to protect you from viruses and spam, or when
directed to do so by you when directly contacted by you in regard to a problem, in the
troubleshooting process.</p>
<p>A/I does not retain or collect any data obtained via client fingerprint, namely the uniquely
identifying information that your web browser communicates to all web servers it visits
by allowing the site to know details about your operating system, browser information,
plugins installed, fonts installed, screen resolution and much more.</p>
<p>We require/provide a username (email address) and a password to identify and authorize the
account holder in order to access the services offered by A/I.
no personal data is required
for this process.
A/I merely selects and filters the individuals to whom the Services are
delivered by preventively asking to submit a written statement of intents before any account
request is approved.
the aforementioned statements are always evaluated by an appointee
of A/I and deleted right after the approval process is terminated.
Any further personal
information offered spontaneously by the user will not be stored and preserved if not
strictly necessary.
Every further communication between A/I and a user will take place through
the email address provided by us.</p>
<p>In order to ensure the highest security standards A/I uses only “encrypted by design” servers,
meant to protect all data with automated anonymization applied before we start processing it
(including IP addresses and other personal data).
Even when a user might engage in activities
that constitute a breach of our Terms of Services (spamming, DDoS and others), we will only be
able to recover from our servers an anonymized IP address possibly relatable to a user’s account
but not to a certain physical subject.
We store logs of user activity for a period up to 15 days
(unless otherwise specified per service).
Data regarding users’ activity helps us diagnose software issues, protect security of the
systems from intrusion, and monitor the health of the platform.</p>
<p>We use disk encryption on all data to mitigate the risk of data leaks in cases where
servers might be stolen, seized, or in any way physically tampered with.
We provide and require SSL/TLS encryption on all provided services.</p>
<p>We do not ask for any personal information in order to provide our Services, since an A/I email
account is the only identifier a user needs.
For the sake of your privacy, we discourage you to
use your real name (or other personal identifier, such as a user on another internet provider
connected to your real identity) as your username / email address, but we have no way
to determine when that is the case or not.
We do not require any additional information that is
not crucial for operation of the Services (we do not ask for additional email addresses,
phone numbers, street address or any other identifier that could correlate your
email address to your real identity).</p>
<p>Although A/I does not intentionally collect any sensitive personal information, such as
genetic data, health information, sexual preferences and others, we realize that users might
store this kind of information in their email account, websites and other part of our platform.
If you store any sensitive personal information on our servers, you are responsible for complying
with any regulatory controls regarding that data.</p>
<p>If you are a visitor of our platform or a user of our Services using a mobile phone, a tablet
or a laptop, we collect and use information about you in the same way and for the same purposes
in a consistent way, regardless of which device, application, client or browser extensions you use.</p>
<p>Services’ user data is limited to the following:</p>
Visiting A/I’s platform
<p>Whenever you interact with our platform or Services, whether you have an account or not, the
automatic exchange of information between your client and our servers will provide us with
some non-personal data, including, for example, data relating to the browser you are using
(browser type, whether it is a mobile/desktop device, OS version, preferred language),
the date and time of your visit and the referring website, but not your IP address.
None of the non-personal (meta)data allows the identification of the individual user,
as it is not associated with or linked to your personal information.</p>
Account registration
<p>It is not necessary to provide personal information in order to create an account.
All data provided in the request is deleted from our systems 15 days after the request
has been successfully granted.
We do not ask our users to set a recovery email address
and we do not take record of their password in plain text, therefore credentials
administration is not under our responsibility.
A/I will be able to communicate
with the users, if necessary, only through the email created within
the registration process.</p>
Help tickets
<p>Your communication with A/I via help tickets for support requests, bug reports or
any other issue will be saved by our staff.
The content of any help ticket you create
or comment on while authenticated will be associated with your user account.
We periodically delete old tickets that are solved or closed.
We recommend that
you refrain from communicating any personal data to us since plain-text email is not
a safe media of communication.
Help ticket queries and replies will be sent via email.</p>
Session ID and cookies
<p>When you are logged in, we keep a temporary session identifier on your computer that
your client software uses to prove your authentication state.
This is automatically
erased after you log out or if the session expires.
We do not use any third party
cookies or tracking mechanism of any kind.
Users are free to change their cookies
preferences at any time in the settings panel of their browser, being able to
control which cookies to allow, which cookie to block in the future and also
to delete cookies.
Some links may take you outside of our digital platform and are
beyond our control, redirecting you to other sites that may send their own cookies
and collect data or solicit personal information.
therefore we do not take any
responsibility for your use of third party websites.</p>
Email transit logs
<p>In order to detect abuse of our email services,
we keep track of email metadata (message sender and
recipient only) for every message that goes through our systems.
These logs are retained for 15 days.</p>
<p>Remember that even when using end-to-end PGP encryption for email messages,
the email “subject” and routing information
can be seen in clear by our servers when the email initially arrives (as well
as any other observer on the network).
this is due to inherent limitations in the email protocol and in OpenPGP.</p>
Last log in
<p>We keep record of your last successful authentication, so that it is possible for
us to disable and delete unused or abandoned accounts.</p>
Services activity
<p>We keep track of the users’ activity on our Services, but the logs we store never
contain any personally identifying information, and do not include information
related to activities outside of our platform.
A/I uses this data to help diagnose
software issues, protect the system from intrusion, and monitor the health of
the services.
We store anonymized logs of the Services' operation for a period up
to 15 days, unless otherwise specified.</p>
Data storage and use
<p>Data is stored only inside of the EU or within GDPR abiding countries.
we have direct and exclusive access to all the dedicated servers where the data
is stored.
The processing of data takes place exclusively within EU territory
and GDPR abiding countries.
Communication between all servers is encrypted
with “state of the art” protocols in order to protect any information from
unauthorized access, unauthorized alteration, destruction or disclosure of data.
We do not use any public cloud providers (as AWS, Google cloud, Digital Ocean
or the like).</p>
<p>All the data used by our services is stored in an encrypted format, and only A/I
has the keys to decrypt the data.
Furthermore, user-specific data (such as content
of email messages) is encrypted with keys that are only available to the user and
not to the operators / AI staff.
We provide and require SSL/TLS encryption on all
provided Services.
If you have a reason to believe that your interaction with our
servers is no longer secure, for example if you think that the security or your
account has been compromised, please contact us immediately.</p>
<p>We do not in any way process, analyze your behavior or personal characteristics
by profiling users or other similar practices.
We do not publish advertisements or
have any business relationships with advertisers.
A/I does not share, rent or sell
any data to any third party.
We do not send any marketing related information to
our users, also given the fact that we do not sell our Services.</p>
<p>We do not share your data to third parties unless network inter-operatable (federated)
services require certain data to function correctly (eg.
other service provider needs
to know your email address to be able to deliver a service).
In those cases, you actively
operate the choice and act of sharing the data and we have no way to stop you from
doing that.
In order to protect your privacy, we discourage you from doing that.</p>
<p>We do not access your data, emails, files etc.
stored on our servers unless needed for
troubleshooting purposes, or under suspicion of violation of our policy.</p>
<p>In the case of troubleshooting, we ask for your permission previously to the act of
accessing your data and inform you afterwards of all actions taken on the account
in the transparency report addressed to the account holder.</p>
<p>In the case of suspicion of behavior non-compliant to our policies, we might kindly
ask the user to comply or decide to erase an account permanently and without notice:
again, users are admitted conditionally to their compliance to our policy and what
we judge is their affinity to our Manifesto.</p>
<p>Anonymous, aggregated information that cannot be linked back to an individual user
may be made available to experienced researchers for the sole purpose of developing
better systems for anonymous and secure communication.
For example, we may aggregate
information on how many messages on average a group of anonymous users send and receive,
and with what frequency.</p>
<p>As stated in our ToS, A/I provides a web statistic tool as part of our Services
therefore no other similar tool or analytic is allowed.
Our tools and analytics
will never collect any personal data.
We do not directly use these tools
and analytics, but this service is available to all the users that choose to use them.</p>
<p>In order to ensure security of all the data, A/I employs various administrative,
technical and physical security measures, however it is your responsibility to exercise
caution and reason when using A/I Services.
You will be personally responsible if such
action violates any third party’s privacy or any other rights.
We will not be liable
for the consequences of your unjust activities, your deliberate and negligent actions,
as well as any circumstances that may not have been reasonably controlled or foreseen.</p>
<p>Pursuant to the Regulation (EU) 2016/679, also known as GDPR, the legal basis for our
data treatment is article 6, paragraph 1, letter b) which allows A/I to process data
to fulfill a contract or for measures preliminary to a contract.
This means that we process users’ data in order to enforce our Terms of Use or
to protect the security and integrity of the Services provided.</p>
<p>A/I will disclose user data and any information only if instructed to do so by a
fully binding request coming from the competent Italian authorities or other compelling
judicial authority.
if permitted by law, we will promptly inform the user before any data
disclosure if such a situation may arise.
Even if we may comply with electronically
delivered notices, A/I will consider mandatory any subpoena, court order, warrant or
other legal document, but only if notified according to the right procedure and receiving
an original copy by registered post or in person, with a contact eligible to receive
a formal response.
If a request is made for encrypted message content (or any other
data that has been encrypted automatically or by the user) that A/I does not possess
the ability to decrypt, the fully encrypted information will be turned over.
We may
from time to time consent to a request if there is a public interest in doing so.
but in such situations A/I will not comply with the request until all legal or other
remedies have been exhausted.
Therefore, not all requests will lead to a data disclosure.</p>
Access to your information
<p>Access to your personal data and stored files and other information you provide to any
of the Services offered by A/I is under your control.</p>
<p>We do not access your data, emails, files etc.
stored on our servers unless needed for
troubleshooting purposes, or under suspicion of breaking our policy.
In the case of
troubleshooting, we ask for your permission previously to the act of accessing your
data and inform you afterwards of all actions taken on the account in the
transparency report addressed to account holder.</p>
<p>Some of the Services provided by A/I such as Email and Jabber are operating based on
so called Federation Protocols.
This enables users signed up at different service providers
to interact with each other.
Because of the nature of the protocols (ability to send
each other messages, share files, chat) some of the data is naturally shared with other
entities.
However, sharing data with other service provider is the user’s choice and is
configured by the users in their settings per service including the decision of with
whom and what to share.
You may be shown embedded videos and link previews from other
websites while using services provided by A/I.
This may expose you to web tracking by
external services, such as (but not limited to) Facebook, Twitter, and Google.
Again,
in order to fully protect your privacy, you should hold your A/I account and other
accounts separated.
If that is not what you intend to do, your A/I email address could
become a target of data collection and profiling on other systems that are not under our
control and responsibility.
All data and files stored on services that are bound to personal
information (services that require logging in) are available for you to download for either
archival purposes or to transfer to another compatible website.</p>
<p>Please note that no method of transmission over Internet or method of electronic storage
is 100% secure, therefore A/I cannot guarantee its absolute security.
If you have
any question about security on our platform, you can contact us at
associazione@ai-odv.org for further information.
In the event that personal
information is compromised as a breach of security, A/I will promptly notify the user
and comply with applicable law.</p>
Account deletion
<p>You can choose to delete your A/I account at any time.
You can disable your email
account from your user panel.
This does not completely delete the mail address from
our system (to avoid that someone else could ask for the same address in future).
Contact us if you prefer a complete deletion.
When the email account is disabled,
the mailbox content will be automatically erased within 3 days.
Websites, mailing lists
and blogs managed by that mail account will remain active, unless you deactivate them
personally or require the deactivation to us subsequently to your act of deactivation
of your corresponding email account.
If you need to remove some personal information
from a mailing list public archive or some website/blog hosted on our platform,
we kindly ask you to contact us.
To ask for deletion of any data, we require that you
write to us from the email account connected to that data (we have no other way to verify
that you are the actual owner of the data).</p>
Your rights
<p>Under the General Data Protection Regulation (GDPR) you have certain rights with regard
to your personal data, you have the right to request from A/I to inform you about
the personal data we have collected about you, to request any change and correction or
erasure of inaccurate information, the right to restrict or object to certain processing
of your information as well as the right to request us to provide you with a copy of your
personal data in a structured, commonly used and machine readable format, and the right to
transmit (if technically feasible) your personal data to another controller.
If you have
provided consent for the processing of your data you have the right (in certain circumstances)
to withdraw that consent at any time, which will not affect the lawfulness of the
processing before your consent was withdrawn.
However, as explained previously, none of
our services require or request that any personal data is delivered to us.
Therefore,
we have never asked for your consent to process your personal data that is
in fact willingly stored by you in your personal user space and not accessed or processed
by us in any way other than the pure storage.
You can at any time dispose of all the data
you have provided to us directly, including downloading and erasing it permanently.</p>
<p>If you disagree with your data processing by A/I, you are free not to use
the A/I Services, and to discontinue using them at any time.
You may request us to stop
processing your information, in which case your data will be processed only as long as
it is necessary to effect the interruption of your use of the Services
or finalizing other legal position.</p>
<p>A/I will in no case store any data or log longer than 2 years
after the last use of the Services.</p>
<p>Besides automatic encryption, no users are subject to decisions based solely on
automated processing, including profiling, which may produce legal effects concerning
or similarly significantly affecting them.</p>
<p>Without prejudice to any other administrative or judicial procedure, every user shall
have the right to lodge a compliant with a supervisory authority, in particular in the
European State of his or her habitual residence, place of work or place of alleged
infringement if the user believes that A/I have not complied with the requirements of
the GDPR with regard to personal data.</p>
<p>AI-ODV is the controller of data for the purposes of the GDPR.
If you have any concerns as to how your data is processed you can reach us at
associazione@ai-odv.org which is our official contact email.</p>
Changes to this policy
<p>A/I reserves the right to change this policy.
We recommend you regularly review our policies
for any update.
All changes are effective as they are added to the last version of this
Privacy Policy and they will come into force as of the moment when they are published.
If we make major changes, we will notify our users in a clear and direct manner
(such as via our Newsletters).
Minor changes may only be highlighted in the footer
of our website.</p>
<p>(This is the original version / Translated in: IT)</p>
<p>If you have further doubts have a look at our FAQ or contact
us!</p>
<small>JavaScript license information</small>