Google Git
Sign in
apache / privacy-website / 042a8377ea818359a5ae5135c15be87b3af3fca1 / . / output / faq / committers.html
blob: 38808fce58a3c545c6edea9e60f34e2758d43830 [file] [log] [blame]
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link rel="alternate" type="application/rss+xml" title="Apache Software Foundation - Data Privacy RSS" href="/rss.xml" />
<link rel="stylesheet" href="/css/main.css">
<title></title>
</head>
<body>
<header>
<div class="header-logo"><a href="/"><img src="/images/asf-logo.png"/></a>
<div class="header-text">ASF Data Privacy</div>
</div>
<nav>
<label for="show-menu" class="show-menu">Show Menu</label>
<input type="checkbox" id="show-menu" role="button">
<ul id="menu">
<li><a href="/">Home</a></li>
<li><a href="/policies">Policies</a></li>
<li>
<a href="#">Privacy FAQ &#9660;</a>
<ul class="hidden">
<li><a href="/faq/community.html">Community Privacy FAQ</a></li>
<li><a href="/faq/committers.html">Committers' Privacy FAQ</a></li>
<li><a href="/faq/infrastructure.html">Infrastructure Privacy FAQ</a></li>
<li><a href="/faq/software-users.html">Software Users FAQ</a></li>
</ul>
</li>
<li>
<a href="#">Guides</a>
<ul class="hidden">
<li><a href="/guides/event-photography.html">Event Photos</a></li>
</ul>
<li><a href="/matomo">Matomo</a></li>
<li><a href="http://www.apache.org/foundation/">About the ASF</a></li>
</ul>
</nav>
</header>
<main>
<h1 id="committers-faq">Committers’ FAQ</h1>
<h2 id="general-privacy-questions">General Privacy Questions</h2>
<h3 id="what-if-we-receive-a-data-removal-request">What, if we receive a data removal request?</h3>
<p>If you receive removal requests for mailing lists or of a generic kind,
please forward this message to privacy@apache.org. If you feel the email
is of a sensitive kind or did not arrive on a mailing list,
please forward this message to vp-privacy@apache.org.</p>
<p>You can reply to the original message that you have forwarded this request,
but don’t reply with any further information (confirmation of deletions etc).</p>
<p>In example:</p>
<p>“Dear sender,</p>
<p>we have forwarded your message to Apache Software Foundation privacy committee,
which will handle your request. You can always reach out to VP Data Privacy (vp-privacy@apache.org)
or to the comittee directly (privacy@apache.org) if you have further questions.</p>
<p>Kind regards,”</p>
<h2 id="project-websites">Project Websites</h2>
<h3 id="can-i-use-google-analytics">Can I use Google Analytics?</h3>
<p>The Apache Software Foundation discourages the use of Google Analytics.</p>
<p>Court decisions around Google Analytics have changed several times
in the past years and made its use uncertain. Several countries in the EU
declared <a href="https://www.mglp.eu/en/is-the-usage-of-google-analytics-within-the-eu-illegal-from-now-on/">Google Analytics cannot be used compliant to the GDPR</a>.</p>
<p>To avoid legal risks, ASF projects shall not use Google Analytics at all.</p>
<p>Instead, the Privacy team has established Matomo for the use of their projects.</p>
<h3 id="could-i-use-google-search-for-my-website">Could I use Google Search for my website?</h3>
<p>The Apache Software Foundation discourages the embed Google Search on your website.
Instead, please use privacy friendly alternatives as <a href="https://pagefind.app/">PageFind</a>.
PageFind will index your statically created website and provide search even on
large websites.</p>
<h3 id="can-i-use-web-analytics-matomo">Can I use Web Analytics (Matomo)?</h3>
<p>Yes: the Privacy Comittee has established a VM running Matomo, a GDPR compliant
web analytics software. You can ask for your site id and tracking code at privacy@apache.org</p>
<p>Please do not install and run your own instances of Matomo.</p>
<h3 id="can-i-use-scarf-to-analyse-our-downloads">Can I use Scarf to analyse our downloads?</h3>
<p>Yes: Scarf has signed a DPA with us, fully supports the GDPR and was added to our privacy terms.
It is possible to use their service.</p>
<h3 id="can-i-use-another-analyticstracking-etc-software">Can I use another analytics/tracking etc software?</h3>
<p>Before using any further tracking software please ask on privacy@apache.org</p>
<h3 id="can-i-use-hosted-versions-of-jquery-images-or-anything-else-provided-by-servers-we-dont-own">Can I use hosted versions of jQuery, images or anything else provided by servers we don’t own?</h3>
<p>Please don’t embed any content from servers which we don’t own. Every server or CDN you use will need
to be listed in our privacy policy. To avoid constant extensions to our privacy policy, please
download the content and make it available from our own hosts.
As of now, using third party CDNs does not even impose <a href="https://wicki.io/posts/2020-11-goodbye-google-fonts/">performance benefits</a></p>
<h3 id="can-i-use-google-fonts">Can I use Google Fonts?</h3>
<p>You can use Google Fonts, but please host the fonts on ASF servers.</p>
<p>ASF projects don’t have any reason to load Google Fonts from
Google servers. Even <a href="https://wicki.io/posts/2020-11-goodbye-google-fonts/">performance wise</a>,
there is no reason to use Google CDNs.</p>
<p>To prevent any data being transmitted to a third party,
<a href="https://github.com/google/fonts#self-host-fonts-available-from-google-fonts">download the fonts and host them with your project website</a>.</p>
<h3 id="can-i-embed-google-maps">Can I embed Google Maps?</h3>
<p>Yes, you can use Google Maps, but they should only activate if the user
actively wants to use them. Arrange this by showing a placeholder image first
and loading the map when the user clicks on the image. Make it clear
that users will load a Google Map with their click.</p>
<p>For an idea of how to implement this, please see: <a href="/examples/youtube-html/with-youtube-api.html">YouTube Example 1</a></p>
<h3 id="can-i-embed-videos-from-youtube-vimeo-etc">Can I embed videos (from YouTube, Vimeo, etc.)?</h3>
<p>Yes, you can embed videos on the website, but they should load
only after the user actively wants them to load. Arrange this
by showing a placeholder image first and loading the video after the user
clicks on the image. Make it clear that users who click the image
will load a video from a third party.</p>
<p>If you don’t want placeholder images, consider self-hosted videos
and using an open source player like <a href="https://github.com/sampotts/plyr">Plyr</a>.</p>
<p>For embedding videos, please see: <a href="/examples/youtube-html/with-youtube-api.html">YouTube Example 1</a>
and <a href="/examples/youtube-html/with-youtube-embeds.html">YouTube Example 2</a></p>
<h3 id="can-i-embed-social-plugins-in-example-like-buttons">Can I embed social plugins (in example Like-Buttons)?</h3>
<p>Yes, but you can only load them when users actively want them
to load. There are many open source solutions to help you manage this, like <a href="https://github.com/heiseonline/shariff">Shariff</a>.</p>
<h3 id="can-we-have-an-official-facebook-fan-page">Can we have an official Facebook fan page?</h3>
<p>No.</p>
<p>You cannot run an official ASF Facebook page.</p>
<p>The German <a href="https://www.datenschutzkonferenz-online.de/media/dskb/20190405_positionierung_facebook_fanpages.pdf">Datenschutzkonferenz decided on 2019-04-01</a> that you cannot fulfill <a href="https://gdpr-info.eu/art-5-gdpr/">Art. 5 §2</a>. Also, having a fan page would not be compatible with Art. 26.</p>
<h3 id="can-i-add-a-facebooktwitter-etc-custom-pixel-for-creating-a-custom-audience">Can I add a Facebook/Twitter etc custom pixel for creating a custom audience?</h3>
<p>No, not without approval from your user.</p>
</main>
<footer>
© 2021-2023 The Apache Software Foundation under the terms of the Apache License 2.0.
Apache, the Apache feather logo, and the Apache logo are either registered trademarks or
trademarks of The Apache Software Foundation in the United States and other countries.
</footer>
</body>
</html>