Jump to content

GDPR compliance in KVS


Tech Support
 Share

Recommended Posts

In terms of EU enforcement of GDPR regulation:

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

 

we would like to make a statement on which personal data is stored and processed in KVS.

 

Cookies

 

KVS is using some impersonalized cookies to facilitate traffic stats calculation. These cookies store the following info:

  • Which URL user first came from.
  • Which URL user first came to.
  • Which IPs user had when navigating through site.
  • Whether user has already visited this site during last 24 hours.
  • Whether user is a registered member or not.

This info is not stored anywhere in KVS or server-side; it is stored in user's browser and can be deleted using browser functionality any time.

 

KVS database

 

KVS database stores the following information for every user:

  • Personal data that was specified by users during registration or when filling their profiles, e.g. username, display name, email, other text data users opted to specify. This information may be visible to public depending on theme design.
  • IP address and country users had during registration. This information is stored for security reasons.
  • List of all logins during last 365 days, including IP address, country and browser type. This information is stored for security reasons.
  • When using online payments, KVS will store information provided by payment system for each transaction. This information is stored for accounting reasons and doesn't contain any personal data (4.0.2 fix).

KVS is not using the information described here for any decision making, deep learning, exporting or anything else that may result in commercial benefits.

 

You can configure KVS to delete all IP / country data automatically. In order to this you should edit /admin/include/setup.php file and search for this option:

$config['safe_mode']="false";

 

 

Change this option to true, which will force KVS to delete all IPs / countries / logs stored in database:

$config['safe_mode']="true";

 

 

Deleting personal info from KVS

 

Users can choose to request their profiles to be removed from KVS powered site. This functionality is provided by member_profile_delete block and may or may not be supported by some themes. In any way if such functionality is missing users should be able to contact support for their profiles to be deleted.

 

Profiles can be deleted from admin panel only. When profile is deleted, all data connected to this profile gets fully deleted, including IPs, logs, profile data (4.0.2 fix will delete logs). Admins should decide manually how to handle content uploaded by user: it can be either deleted as well, or kept available on the site by changing this content's ownership.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...