|
| 1 | +Do Not Track Compliance Policy |
| 2 | + |
| 3 | +Version 1.0 |
| 4 | + |
| 5 | +This domain complies with user opt-outs from tracking via the "Do Not Track" |
| 6 | +or "DNT" header [http://www.w3.org/TR/tracking-dnt/]. This file will always |
| 7 | +be posted via HTTPS at https://testing-playground.com/.well-known/dnt-policy.txt |
| 8 | +to indicate this fact. |
| 9 | + |
| 10 | +SCOPE |
| 11 | + |
| 12 | +This policy document allows an operator of a Fully Qualified Domain Name |
| 13 | +("domain") to declare that it respects Do Not Track as a meaningful privacy |
| 14 | +opt-out of tracking, so that privacy-protecting software can better determine |
| 15 | +whether to block or anonymize communications with this domain. This policy is |
| 16 | +intended first and foremost to be posted on domains that publish ads, widgets, |
| 17 | +images, scripts and other third-party embedded hypertext (for instance on |
| 18 | +widgets.example.com), but it can be posted on any domain, including those users |
| 19 | +visit directly (such as www.example.com). The policy may be applied to some |
| 20 | +domains used by a company, site, or service, and not to others. Do Not Track |
| 21 | +may be sent by any client that uses the HTTP protocol, including websites, |
| 22 | +mobile apps, and smart devices like TVs. Do Not Track also works with all |
| 23 | +protocols able to read HTTP headers, including SPDY. |
| 24 | + |
| 25 | +NOTE: This policy contains both Requirements and Exceptions. Where possible |
| 26 | +terms are defined in the text, but a few additional definitions are included |
| 27 | +at the end. |
| 28 | + |
| 29 | +REQUIREMENTS |
| 30 | + |
| 31 | +When this domain receives Web requests from a user who enables DNT by actively |
| 32 | +choosing an opt-out setting in their browser or by installing software that is |
| 33 | +primarily designed to protect privacy ("DNT User"), we will take the following |
| 34 | +measures with respect to those users' data, subject to the Exceptions, also |
| 35 | +listed below: |
| 36 | + |
| 37 | +1. END USER IDENTIFIERS: |
| 38 | + |
| 39 | + a. If a DNT User has logged in to our service, all user identifiers, such as |
| 40 | + unique or nearly unique cookies, "supercookies" and fingerprints are |
| 41 | + discarded as soon as the HTTP(S) response is issued. |
| 42 | + |
| 43 | + Data structures which associate user identifiers with accounts may be |
| 44 | + employed to recognize logged in users per Exception 4 below, but may not |
| 45 | + be associated with records of the user's activities unless otherwise |
| 46 | + excepted. |
| 47 | + |
| 48 | + b. If a DNT User is not logged in to our service, we will take steps to ensure |
| 49 | + that no user identifiers are transmitted to us at all. |
| 50 | + |
| 51 | +2. LOG RETENTION: |
| 52 | + |
| 53 | + a. Logs with DNT Users' identifiers removed (but including IP addresses and |
| 54 | + User Agent strings) may be retained for a period of 10 days or less, |
| 55 | + unless an Exception (below) applies. This period of time balances privacy |
| 56 | + concerns with the need to ensure that log processing systems have time to |
| 57 | + operate; that operations engineers have time to monitor and fix technical |
| 58 | + and performance problems; and that security and data aggregation systems |
| 59 | + have time to operate. |
| 60 | + |
| 61 | + b. These logs will not be used for any other purposes. |
| 62 | + |
| 63 | +3. OTHER DOMAINS: |
| 64 | + |
| 65 | + a. If this domain transfers identifiable user data about DNT Users to |
| 66 | + contractors, affiliates or other parties, or embeds from or posts data to |
| 67 | + other domains, we will either: |
| 68 | + |
| 69 | + b. ensure that the operators of those domains abide by this policy overall |
| 70 | + by posting it at /.well-known/dnt-policy.txt via HTTPS on the domains in |
| 71 | + question, |
| 72 | + |
| 73 | + OR |
| 74 | + |
| 75 | + ensure that the recipient's policies and practices require the recipient |
| 76 | + to respect the policy for our DNT Users' data. |
| 77 | + |
| 78 | + OR |
| 79 | + |
| 80 | + obtain a contractual commitment from the recipient to respect this policy |
| 81 | + for our DNT Users' data. |
| 82 | + |
| 83 | + NOTE: if an “Other Domain” does not receive identifiable user information |
| 84 | + from the domain because such information has been removed, because the |
| 85 | + Other Domain does not log that information, or for some other reason, these |
| 86 | + requirements do not apply. |
| 87 | + |
| 88 | + c. "Identifiable" means any records which are not Anonymized or otherwise |
| 89 | + covered by the Exceptions below. |
| 90 | + |
| 91 | +4. PERIODIC REASSERTION OF COMPLIANCE: |
| 92 | + |
| 93 | + At least once every 12 months, we will take reasonable steps commensurate |
| 94 | + with the size of our organization and the nature of our service to confirm |
| 95 | + our ongoing compliance with this document, and we will publicly reassert our |
| 96 | + compliance. |
| 97 | + |
| 98 | +5. USER NOTIFICATION: |
| 99 | + |
| 100 | + a. If we are required by law to retain or disclose user identifiers, we will |
| 101 | + attempt to provide the users with notice (unless we are prohibited or it |
| 102 | + would be futile) that a request for their information has been made in |
| 103 | + order to give the users an opportunity to object to the retention or |
| 104 | + disclosure. |
| 105 | + |
| 106 | + b. We will attempt to provide this notice by email, if the users have given |
| 107 | + us an email address, and by postal mail if the users have provided a |
| 108 | + postal address. |
| 109 | + |
| 110 | + c. If the users do not challenge the disclosure request, we may be legally |
| 111 | + required to turn over their information. |
| 112 | + |
| 113 | + d. We may delay notice if we, in good faith, believe that an emergency |
| 114 | + involving danger of death or serious physical injury to any person |
| 115 | + requires disclosure without delay of information relating to the |
| 116 | + emergency. |
| 117 | + |
| 118 | +EXCEPTIONS |
| 119 | + |
| 120 | +Data from DNT Users collected by this domain may be logged or retained only in |
| 121 | +the following specific situations: |
| 122 | + |
| 123 | +1. CONSENT / "OPT BACK IN" |
| 124 | + |
| 125 | + a. DNT Users are opting out from tracking across the Web. It is possible |
| 126 | + that for some feature or functionality, we will need to ask a DNT User to |
| 127 | + "opt back in" to be tracked by us across the entire Web. |
| 128 | + |
| 129 | + b. If we do that, we will take reasonable steps to verify that the users who |
| 130 | + select this option have genuinely intended to opt back in to tracking. |
| 131 | + One way to do this is by performing scientifically reasonable user |
| 132 | + studies with a representative sample of our users, but smaller |
| 133 | + organizations can satisfy this requirement by other means. |
| 134 | + |
| 135 | + c. Where we believe that we have opt back in consent, our server will |
| 136 | + send a tracking value status header "Tk: C" as described in section 6.2 |
| 137 | + of the W3C Tracking Preference Expression draft: |
| 138 | + |
| 139 | + http://www.w3.org/TR/tracking-dnt/#tracking-status-value |
| 140 | + |
| 141 | +2. TRANSACTIONS |
| 142 | + |
| 143 | + If a DNT User actively and knowingly enters a transaction with our |
| 144 | + services (for instance, clicking on a clearly-labeled advertisement, |
| 145 | + posting content to a widget, or purchasing an item), we will retain |
| 146 | + necessary data for as long as required to perform the transaction. This |
| 147 | + may for example include keeping auditing information for clicks on |
| 148 | + advertising links; keeping a copy of posted content and the name of the |
| 149 | + posting user; keeping server-side session IDs to recognize logged in |
| 150 | + users; or keeping a copy of the physical address to which a purchased |
| 151 | + item will be shipped. By their nature, some transactions will require data |
| 152 | + to be retained indefinitely. |
| 153 | + |
| 154 | +3. TECHNICAL AND SECURITY LOGGING: |
| 155 | + |
| 156 | + a. If, during the processing of the initial request (for unique identifiers) |
| 157 | + or during the subsequent 10 days (for IP addresses and User Agent strings), |
| 158 | + we obtain specific information that causes our employees or systems to |
| 159 | + believe that a request is, or is likely to be, part of a security attack, |
| 160 | + spam submission, or fraudulent transaction, then logs of those requests |
| 161 | + are not subject to this policy. |
| 162 | + |
| 163 | + b. If we encounter technical problems with our site, then, in rare |
| 164 | + circumstances, we may retain logs for longer than 10 days, if that is |
| 165 | + necessary to diagnose and fix those problems, but this practice will not be |
| 166 | + routinized and we will strive to delete such logs as soon as possible. |
| 167 | + |
| 168 | +4. AGGREGATION: |
| 169 | + |
| 170 | + a. We may retain and share anonymized datasets, such as aggregate records of |
| 171 | + readership patterns; statistical models of user behavior; graphs of system |
| 172 | + variables; data structures to count active users on monthly or yearly |
| 173 | + bases; database tables mapping authentication cookies to logged in |
| 174 | + accounts; non-unique data structures constructed within browsers for tasks |
| 175 | + such as ad frequency capping or conversion tracking; or logs with truncated |
| 176 | + and/or encrypted IP addresses and simplified User Agent strings. |
| 177 | + |
| 178 | + b. "Anonymized" means we have conducted risk mitigation to ensure |
| 179 | + that the dataset, plus any additional information that is in our |
| 180 | + possession or likely to be available to us, does not allow the |
| 181 | + reconstruction of reading habits, online or offline activity of groups of |
| 182 | + fewer than 5000 individuals or devices. |
| 183 | + |
| 184 | + c. If we generate anonymized datasets under this exception we will publicly |
| 185 | + document our anonymization methods in sufficient detail to allow outside |
| 186 | + experts to evaluate the effectiveness of those methods. |
| 187 | + |
| 188 | +5. ERRORS: |
| 189 | + |
| 190 | +From time to time, there may be errors by which user data is temporarily |
| 191 | +logged or retained in violation of this policy. If such errors are |
| 192 | +inadvertent, rare, and made in good faith, they do not constitute a breach |
| 193 | +of this policy. We will delete such data as soon as practicable after we |
| 194 | +become aware of any error and take steps to ensure that it is deleted by any |
| 195 | +third-party who may have had access to the data. |
| 196 | + |
| 197 | +ADDITIONAL DEFINITIONS |
| 198 | + |
| 199 | +"Fully Qualified Domain Name" means a domain name that addresses a computer |
| 200 | +connected to the Internet. For instance, example1.com; www.example1.com; |
| 201 | +ads.example1.com; and widgets.example2.com are all distinct FQDNs. |
| 202 | + |
| 203 | +"Supercookie" means any technology other than an HTTP Cookie which can be used |
| 204 | +by a server to associate identifiers with the clients that visit it. Examples |
| 205 | +of supercookies include Flash LSO cookies, DOM storage, HTML5 storage, or |
| 206 | +tricks to store information in caches or etags. |
| 207 | + |
| 208 | +"Risk mitigation" means an engineering process that evaluates the possibility |
| 209 | +and likelihood of various adverse outcomes, considers the available methods of |
| 210 | +making those adverse outcomes less likely, and deploys sufficient mitigations |
| 211 | +to bring the probability and harm from adverse outcomes below an acceptable |
| 212 | +threshold. |
| 213 | + |
| 214 | +"Reading habits" includes amongst other things lists of visited DNS names, if |
| 215 | +those domains pertain to specific topics or activities, but records of visited |
| 216 | +DNS names are not reading habits if those domain names serve content of a very |
| 217 | +diverse and general nature, thereby revealing minimal information about the |
| 218 | +opinions, interests or activities of the user. |
| 219 | + |
0 commit comments