From e88bee5a1a5cf5045609ec5b60f3a92440488eb3 Mon Sep 17 00:00:00 2001 From: Karnikaa Velumani Date: Tue, 12 Sep 2023 11:50:09 -0700 Subject: [PATCH 1/2] Update privacy policy Reference: https://docs.google.com/document/d/1-NQLpZT5qqYKrwwm4VX1cFghaB9RG7w4AcTE59q-cNc/edit?usp=sharing Co-Authored-By: Amy --- src/routes/(site)/privacy/+page.svelte | 9 +- src/routes/(site)/privacy/page.test.ts | 2 +- src/routes/(site)/privacy/policy.svelte | 189 +++++++++++++++++------- 3 files changed, 141 insertions(+), 59 deletions(-) diff --git a/src/routes/(site)/privacy/+page.svelte b/src/routes/(site)/privacy/+page.svelte index cefcfd59b..597f01e7d 100644 --- a/src/routes/(site)/privacy/+page.svelte +++ b/src/routes/(site)/privacy/+page.svelte @@ -7,13 +7,8 @@ -

Privacy Policy

-

- Our privacy policy describes how our Discord bot collects, uses, and shares your personal data. -
-
- Last updated January 16th, 2022 -

+

Privacy Policy for ACM at CSUF

+

Last updated September 19th, 2023

 diff --git a/src/routes/(site)/privacy/page.test.ts b/src/routes/(site)/privacy/page.test.ts index f45c91843..6f1ac3249 100644 --- a/src/routes/(site)/privacy/page.test.ts +++ b/src/routes/(site)/privacy/page.test.ts @@ -4,5 +4,5 @@ test.describe.configure({ mode: 'parallel' }); test('privacy page has expected h1', async ({ page }) => { await page.goto('/privacy'); - expect(await page.textContent('h1')).toBe('Privacy Policy'); + expect(await page.textContent('h1')).toBe('Privacy Policy for ACM at CSUF'); }); diff --git a/src/routes/(site)/privacy/policy.svelte b/src/routes/(site)/privacy/policy.svelte index b83cc0dda..52ce84abd 100644 --- a/src/routes/(site)/privacy/policy.svelte +++ b/src/routes/(site)/privacy/policy.svelte @@ -1,34 +1,111 @@
-
-

Welcome to ACM!

+
+

Introduction

- acmCSUF provides a social online platform, Discord, that brings passionate Titans together to - engage in multiple conversations regarding our community, the tech field, and many more. Our - Privacy Policy safeguards the privacy of all members to our server. This notice describes our - privacy policy by respecting information that is collected from said members to our server. + This privacy policy is an agreement between you, the user of our services (the “User”), and + the Association for Computing Machinery chapter at California State University, Fullerton + (henceforth “ACM”). By registering for access to all channels in the ACM Discord server (the + “Discord”), you hereby agree to all the terms of this agreement. The terms and conditions + described in this policy shall apply exclusively to usage and management of Discord bots made + by ACM (the “services”), and shall not apply to the general distribution of data from Discord + by other users or by members of ACM. The distribution of data through other means is regulated + by the Discord Terms of Service (https://discord.com/terms) + and the Discord Privacy Policy + (https://discord.com/privacy). The valid, working + version of this privacy policy shall exclusively be hosted on the ACM website (the “Website”) + at https://acmcsuf.com/privacy. This information + details the data which we collect about you, basic rights as recognized under the laws + covering the jurisdiction where ACM resides, and how to exercise your rights.

-
+

Information we collect

- Information you provide: We collect information that you - voluntarily provide, such as when you interact with our discord bot. Information that we - collect may include, but not be limited to, your email address, discord ID, first and last - name, status, and class subjects. + We may collect any information that is submitted over Discord, including but not limited to + messages sent in the ACM discord, forms submitted through ACM discord bots, Discord profile + information, and other communications made over Discord. This data may be associated with your + identity through any identifying information you provide over any channels. Any personal + information provided to another person may enter our data collections in the event that they + distribute the data over Discord or through some other means of interaction with our Discord + bots; this data shall be considered their data, but we may, at our discretion, honor requests + by a user to delete their personal information when submitted by another individual.

-
-

Our use of your information

+
+

Authority

- Data we collect automatically: When you interact with any of - our discord bots, we receive and store the given information within our database maintained by - our officers. Our officers may use such information to pool it with others in order to track - the number of members within our club, the number of members with similar classes, etc. + The right to handle requests under this agreement shall generally, as well as when explicitly + stated, be given to General Board members of ACM, as defined by ACM’s Constitution (in its + latest revision). However, at any time when General Board members have jurisdiction over an + action, they may choose (either recurring or for a specific instance) to designate authority + over a request to another member of ACM, who shall have the full authority to handle the + request(s) and action(s) as per the provisions of this policy. +

+
+ +
+

Data sale and distribution

+ +

+ ACM shall not, under any circumstances, sell your data in any way through bots created by ACM + in the Discord. This does not limit any other rights of distribution of messages directly + through Discord; ACM simply agrees not to sell data directly from collections made by our + Discord bots. We may aggregate and entirely anonymize data, and use that data for ACM + promotional purposes; we will take all reasonable measures to ensure that no data from among + our collected data with personally identifiable information is distributed. Under certain + circumstances, we may need to distribute lists of event attendees as collected by the services + to California State University, Fullerton; by registering for an event, you agree to this + distribution. We also reserve the right to distribute Discord messages using Discord bots for + ACM projects and in support of projects by students and alumni of California State University, + Fullerton. Further, the ACM Discord is considered a public forum, and all messages in it are + (to the extent allowed by law) public domain; as such, individuals may use data for purposes + outside the scope of this policy, and ACM may use the data for purposes determinable in its + sole discretion. +

+
+ +
+

Accessing your data

+ +

+ You have a right to know what data we have collected about you. In addition to the categories + listed in this document, you may directly access your data by submitting a request to a + General Board member of ACM. We will comply with this request within 45 days, or within limits + specified by local law, whichever is shorter. +

+
+ +
+

Disclosure to law enforcement

+ +

+ Except where bound by valid court order or by other enforceable, legal order from within the + United States, or as where bound by California laws requiring disclosure, we will not disclose + any information under any circumstances to any law enforcement agency, including limited + jurisdiction enforcement agencies such as the U.S. Immigration and Customs Enforcement. We + will not enforce the disclosure laws of any other jurisdiction without an order certified by a + court residing within California, whether state or federal, demanding the disclosure of the + documents, and we reserve the right to confer with legal or other counsel prior to disclosing + any data we have collected. +

+
+ +
+

Right of correction

+ +

+ You have the right to correct any information which you deem to be incorrect stored on our + servers or other databases owned by ACM. You must submit a request listing what information is + incorrect, and what it should be changed to, to a General Board member of ACM. We will comply + with the request within 45 days, or within limits specified by local law, whichever is + shorter.

@@ -36,48 +113,57 @@

Data retention

- We plan to retain personal data for as long as necessary to fulfill the purposes for which it - was collected. Data will persist in our database for however long our bot continues to - operate. Such data shall never be retrieved for distribution purposes. + We reserve the right to retain any data collected indefinitely, unless it must be deleted by + applicable laws, you request to delete it, or we lose the data. If the services are + discontinued by ACM, users will be given a 14-day notice during which they may request copies + of their data, after which point the data will be deleted.

-
-

Your data rights and choices

+
+

Amendments

- As CSUF students ourselves, we understand that users should be respected and treated equally, - and so we are giving you full control of what information you would like to provide for us. If - you would like to completely opt out of interacting with the bots, you can choose to do so. If - you would like certain information updated, then you may contact us for changes. + We may, at our sole discretion, amend the terms of this privacy policy. Changes which do not + affect the actual effects of the policy may be made at any time, without any advance notice. + Changes which affect manners of substance shall be given 14 days notice, both on the Website + and on the Discord. By continuing to use the services after the termination of the notice, you + agree to any changes made to this policy.

-
-

Changes to this privacy policy

+
+

Information for users accessing from California and other U.S. states

- We reserve the right to make updates and modifications on this Policy document at any time and - from time to time with no prior notice. Please review this document frequently and, most - importantly, before you provide us any information. The latest update will be indicated at the - top of the document. Your continued use after the changes made shall indicate your agreement - with the terms provided. + Laws in California and other U.S. states may give you extra rights and protections than laws + in other states. As we are registered and organized in California, we will extend the rights + of those accessing our services from California to all users of our services. While we are not + bound by all of the conditions of the California Consumer Privacy Act (and successor + legislation), we will generally (with the ability to, at our discretion, reduce our actions to + only those required by law) comply with it as if we were bound by it. If you would like to + exert your rights as provided by the laws of another state, you must contact us with a request + to exert those rights, as well as citations to the applicable laws for your jurisdiction.

-
-

Contacting us

+
+

+ Information for users accessing from the European Union, European Economic Area, United + Kingdom, Switzerland, and Brazil +

- Please feel free to contact us if you have any questions about acmCSUF’s Privacy Policy - by reaching out to any of our Officers via Discord or email us at - acmcsufullerton@gmail.com. + We will fully respect all rights under the European Union’s General Data Protection Regulation + (GDPR), Brazil’s Lei Geral de Proteção de Dados (LGPD), and any other applicable local laws + regarding data privacy. We are not incorporated, registered, or organized in any of these + territories, and thus laws applying to local organizations do not apply to us; however, you + still reserve your rights as would be applied to foreign organizations, including but not + limited to the right to access, rectify, erase, limit the processing, disseminate, object, and + withdraw consent over the usage of your data. We do not hold registration with any data + protection agencies, or have a designated data protection officer. We may, at our discretion, + allow users from outside these territories to exercise the same rights as users from these + territories.

@@ -92,19 +178,20 @@ section { width: min(800px, 80vw); - margin-bottom: 50px; + margin-bottom: 25px; h2 { + text-align: center; padding-bottom: 1em; } - a { - text-decoration: none; - transition: 0.25s ease-in-out; + p { + line-height: 3ch; + text-indent: 5ch; + } - &:hover { - color: var(--acm-blue); - } + a { + color: var(--acm-blue); } } } From f5cb0aca905ca48910ce6b1f07e08503a8436537 Mon Sep 17 00:00:00 2001 From: Karnikaa Velumani Date: Tue, 12 Sep 2023 12:15:24 -0700 Subject: [PATCH 2/2] Fix commas Co-Authored-By: Amy --- src/routes/(site)/privacy/policy.svelte | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/routes/(site)/privacy/policy.svelte b/src/routes/(site)/privacy/policy.svelte index 52ce84abd..718f90001 100644 --- a/src/routes/(site)/privacy/policy.svelte +++ b/src/routes/(site)/privacy/policy.svelte @@ -42,7 +42,7 @@

The right to handle requests under this agreement shall generally, as well as when explicitly - stated, be given to General Board members of ACM, as defined by ACM’s Constitution (in its + stated, be given to General Board members of ACM, as defined by ACM's Constitution (in its latest revision). However, at any time when General Board members have jurisdiction over an action, they may choose (either recurring or for a specific instance) to designate authority over a request to another member of ACM, who shall have the full authority to handle the @@ -154,8 +154,8 @@

- We will fully respect all rights under the European Union’s General Data Protection Regulation - (GDPR), Brazil’s Lei Geral de Proteção de Dados (LGPD), and any other applicable local laws + We will fully respect all rights under the European Union's General Data Protection Regulation + (GDPR), Brazil's Lei Geral de Proteção de Dados (LGPD), and any other applicable local laws regarding data privacy. We are not incorporated, registered, or organized in any of these territories, and thus laws applying to local organizations do not apply to us; however, you still reserve your rights as would be applied to foreign organizations, including but not