EU General Data Protection Regulation compliance

Introduction

As you may know on May 25, 2018 a new law called General Data Protection Regulation becomes effective. This document contains preliminary information on this subject.

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law
on data protection and privacy for all individuals within the European Union.

For this reason we would need to adjust Privacy Policy before May 25, to reflect changes required by law.

This topic is intended to shortly explain how this affects forum users. Even though this law applies to EU citizens only, for simplicity we will have single privacy policy for everyone (as we do now).

From practical point of view nothing changes with regards to what data we store/process. We always valued your privacy and never used anything more than absolutely needed. What changes is the documentation - privacy practices under GDPR are better documented and explained in more detail.

General privacy by design principle

We value your privacy and this means that:

  • We collect as little information as absolutely necessary to be able to provide the service to you
  • We have no ads policy and we don't participate in any advertising networks
  • We don't use tracking networks

Lawful basis of processing

(aka. right to be informed under GDPR)

When you access forum anonymously (without account) we temporarily log IP address of your computer in the server logs. Processing is based on legitimate interest of server abuse prevention, maintaining network security, and spam-free operation.

When you create account on the forum, we process the following information based on contractual obligation and legitimate interest:

Information Purpose of processing
Your Email To deliver forum posts and/or notifications
To allow you to reset password if you lost it
To allow you to reply by email
Account user name To create unique forum account
To identify you on the forum and allow participation in discussion
Hashed password To secure/restrict access to forum account.
Note that we do not store password itself, just a one-way hash, a form of advanced 'checksum', which means that we do not know your forum password
IP number To prevent server abuse and maintain security
All optional profile info1 To allow you to voluntarily share this information with other members
Forum usage statistics2 To allow you to gain more trust levels on the forum (more rights/features) and protect from spam

1 All the optional information (fields: name, about me, location, web site, avatar) that you voluntarily provided/posted in your account profile page. You can remove these at any time by editing your profile. Note that you do NOT need to provide ANY other personal information than email address when registering to forum. For maximum privacy please use fictional user name and do not fill any optional fields.

2 Forum usage statistics include number of posts created and read, likes given and received, read time, etc.

Your rights

Right of access

If you created account on forum.amibroker.com you can display and download all the information we have connected to your account by displaying your account Activity page:
https://forum.amibroker.com/my/activity (Download All link)

Data portability

Data that are made accessible to the user as described above are available in portable format such as text, HTML or XML.

Right to erasure

You can request us by sending private message to delete your account if you did not post any topics/replies at all or if you already posted something, to remove all personal-identifiable data by anonymizing your account.

Right to restrict processing

As we only process data necessary to provide access to the forum, in case of forum account the only way to restrict that data processing is to remove the personal data (see "right to erasure" above).

Right to rectification

You can correct all personal information stored in your account using Profile page.

GDPR Consent

Although we process data based on contractual obligation to you and/or legitimate interest and this basis is 100% complaint with GDPR already, for maximum transparency we still would like to collect "voluntary consent" to send you optional information by email (such as digest). For new users we already added "GDPR consent" checkbox in the Sign up page.

Similar checkbox is also present in your Preferences - Profile page, so you can tick it. Users who won't tick that box by May 25 will have their preferences changed so email digest is disabled. Digests are also automatically unsubscribed if user does not visit the site for 30 days and can also be disabled immediately on "Notification" page in your profile.

In case of questions with regards to preparation to GDPR please comment below or via private message or email us directly privacy@amibroker.com

1 Like

@Tomasz, if not already done, I think it would be very useful to send this important news to all the registered users also via email, especially considering that many of them do not regularly access the forum and according to the new rules are likely to be "anonymized" in less than 30 days!

I would also "pin" this thread to keep it at the top until May 25th.

2 Likes

There are couple of issues with this law

  1. Formally only European Union citizens are subject to this law. We would need to figure out who is from E.U. Of course legislators don't care how you do that. Or you can apply new law to everyone (if you can't figure out who is who).

  2. Actually you don't need consent if you have 'legitimate interest' or 'processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract'. Obviously, you can't use forum that sends and accepts emails without storing email and creating user name. And you can't run the web server without knowing connecting machine IP number.

From what I see up to now various companies take various interpretations and many assume that previously given consent (implied by signing up) is enough. I rather wanted to err on the safe side and collect explicit consent again if possible.

1 Like

I have accepted,checked and saved for GDPR but I get the same message 'You were logged out.' and REFRESH. I refresh but I turn to the Forum Home Page. I log out and log in but nothing. Can you help me, please?

Solved. I don't know how, but now it operates. Thanks

Thanks for the update.