| <!doctype html> |
| <html lang="en"> |
| <head> |
| <meta charset="utf-8"> |
| <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> |
| |
| |
| <link rel="alternate" type="application/rss+xml" title="Apache Software Foundation - Data Privacy RSS" href="/rss.xml" /> |
| <link rel="stylesheet" href="/css/main.css"> |
| <title></title> |
| </head> |
| <body> |
| <header> |
| <div class="header-logo"><a href="/"><img src="/images/asf-logo.png"/></a> |
| <div class="header-text">ASF Data Privacy</div> |
| </div> |
| |
| <nav> |
| <label for="show-menu" class="show-menu">Show Menu</label> |
| <input type="checkbox" id="show-menu" role="button"> |
| <ul id="menu"> |
| <li><a href="/">Home</a></li> |
| <li><a href="/policies">Policies</a></li> |
| <li> |
| <a href="#">Privacy FAQ ▼</a> |
| <ul class="hidden"> |
| <li><a href="/faq/community.html">Community Privacy FAQ</a></li> |
| <li><a href="/faq/committers.html">Committers' Privacy FAQ</a></li> |
| <li><a href="/faq/infrastructure.html">Infrastructure Privacy FAQ</a></li> |
| <li><a href="/faq/software-users.html">Software Users FAQ</a></li> |
| </ul> |
| </li> |
| <li> |
| <a href="#">Guides</a> |
| <ul class="hidden"> |
| <li><a href="/guides/event-photography.html">Event Photos</a></li> |
| </ul> |
| <li><a href="/matomo">Matomo</a></li> |
| <li><a href="http://www.apache.org/foundation/">About the ASF</a></li> |
| </ul> |
| </nav> |
| </header> |
| |
| <main> |
| <h1 id="committers-faq">Committers’ FAQ</h1> |
| |
| <h2 id="general-privacy-questions">General Privacy Questions</h2> |
| |
| <h3 id="what-if-we-receive-a-data-removal-request">What, if we receive a data removal request?</h3> |
| |
| <p>If you receive removal requests for mailing lists or of a generic kind, |
| please forward this message to privacy@apache.org. If you feel the email |
| is of a sensitive kind or did not arrive on a mailing list, |
| please forward this message to vp-privacy@apache.org.</p> |
| |
| <p>You can reply to the original message that you have forwarded this request, |
| but don’t reply with any further information (confirmation of deletions etc).</p> |
| |
| <p>In example:</p> |
| |
| <p>“Dear sender,</p> |
| |
| <p>we have forwarded your message to Apache Software Foundation privacy committee, |
| which will handle your request. You can always reach out to VP Data Privacy (vp-privacy@apache.org) |
| or to the comittee directly (privacy@apache.org) if you have further questions.</p> |
| |
| <p>Kind regards,”</p> |
| |
| <h2 id="project-websites">Project Websites</h2> |
| |
| <h3 id="can-i-use-google-analytics">Can I use Google Analytics?</h3> |
| |
| <p>The Apache Software Foundation discourages the use of Google Analytics.</p> |
| |
| <p>Court decisions around Google Analytics have changed several times |
| in the past years and made its use uncertain. Several countries in the EU |
| declared <a href="https://www.mglp.eu/en/is-the-usage-of-google-analytics-within-the-eu-illegal-from-now-on/">Google Analytics cannot be used compliant to the GDPR</a>.</p> |
| |
| <p>To avoid legal risks, ASF projects shall not use Google Analytics at all.</p> |
| |
| <p>Instead, the Privacy team has established Matomo for the use of their projects.</p> |
| |
| <h3 id="could-i-use-google-search-for-my-website">Could I use Google Search for my website?</h3> |
| |
| <p>The Apache Software Foundation discourages the embed Google Search on your website. |
| Instead, please use privacy friendly alternatives as <a href="https://pagefind.app/">PageFind</a>. |
| PageFind will index your statically created website and provide search even on |
| large websites.</p> |
| |
| <h3 id="can-i-use-web-analytics-matomo">Can I use Web Analytics (Matomo)?</h3> |
| |
| <p>Yes: the Privacy Comittee has established a VM running Matomo, a GDPR compliant |
| web analytics software. You can ask for your site id and tracking code at privacy@apache.org</p> |
| |
| <p>Please do not install and run your own instances of Matomo.</p> |
| |
| <h3 id="can-i-use-scarf-to-analyse-our-downloads">Can I use Scarf to analyse our downloads?</h3> |
| |
| <p>Yes: Scarf has signed a DPA with us, fully supports the GDPR and was added to our privacy terms. |
| It is possible to use their service.</p> |
| |
| <h3 id="can-i-use-another-analyticstracking-etc-software">Can I use another analytics/tracking etc software?</h3> |
| |
| <p>Before using any further tracking software please ask on privacy@apache.org</p> |
| |
| <h3 id="can-i-use-hosted-versions-of-jquery-images-or-anything-else-provided-by-servers-we-dont-own">Can I use hosted versions of jQuery, images or anything else provided by servers we don’t own?</h3> |
| |
| <p>Please don’t embed any content from servers which we don’t own. Every server or CDN you use will need |
| to be listed in our privacy policy. To avoid constant extensions to our privacy policy, please |
| download the content and make it available from our own hosts. |
| As of now, using third party CDNs does not even impose <a href="https://wicki.io/posts/2020-11-goodbye-google-fonts/">performance benefits</a></p> |
| |
| <h3 id="can-i-use-google-fonts">Can I use Google Fonts?</h3> |
| |
| <p>You can use Google Fonts, but please host the fonts on ASF servers.</p> |
| |
| <p>ASF projects don’t have any reason to load Google Fonts from |
| Google servers. Even <a href="https://wicki.io/posts/2020-11-goodbye-google-fonts/">performance wise</a>, |
| there is no reason to use Google CDNs.</p> |
| |
| <p>To prevent any data being transmitted to a third party, |
| <a href="https://github.com/google/fonts#self-host-fonts-available-from-google-fonts">download the fonts and host them with your project website</a>.</p> |
| |
| <h3 id="can-i-embed-google-maps">Can I embed Google Maps?</h3> |
| |
| <p>Yes, you can use Google Maps, but they should only activate if the user |
| actively wants to use them. Arrange this by showing a placeholder image first |
| and loading the map when the user clicks on the image. Make it clear |
| that users will load a Google Map with their click.</p> |
| |
| <p>For an idea of how to implement this, please see: <a href="/examples/youtube-html/with-youtube-api.html">YouTube Example 1</a></p> |
| |
| <h3 id="can-i-embed-videos-from-youtube-vimeo-etc">Can I embed videos (from YouTube, Vimeo, etc.)?</h3> |
| |
| <p>Yes, you can embed videos on the website, but they should load |
| only after the user actively wants them to load. Arrange this |
| by showing a placeholder image first and loading the video after the user |
| clicks on the image. Make it clear that users who click the image |
| will load a video from a third party.</p> |
| |
| <p>If you don’t want placeholder images, consider self-hosted videos |
| and using an open source player like <a href="https://github.com/sampotts/plyr">Plyr</a>.</p> |
| |
| <p>For embedding videos, please see: <a href="/examples/youtube-html/with-youtube-api.html">YouTube Example 1</a> |
| and <a href="/examples/youtube-html/with-youtube-embeds.html">YouTube Example 2</a></p> |
| |
| <h3 id="can-i-embed-social-plugins-in-example-like-buttons">Can I embed social plugins (in example Like-Buttons)?</h3> |
| |
| <p>Yes, but you can only load them when users actively want them |
| to load. There are many open source solutions to help you manage this, like <a href="https://github.com/heiseonline/shariff">Shariff</a>.</p> |
| |
| <h3 id="can-we-have-an-official-facebook-fan-page">Can we have an official Facebook fan page?</h3> |
| |
| <p>No.</p> |
| |
| <p>You cannot run an official ASF Facebook page.</p> |
| |
| <p>The German <a href="https://www.datenschutzkonferenz-online.de/media/dskb/20190405_positionierung_facebook_fanpages.pdf">Datenschutzkonferenz decided on 2019-04-01</a> that you cannot fulfill <a href="https://gdpr-info.eu/art-5-gdpr/">Art. 5 §2</a>. Also, having a fan page would not be compatible with Art. 26.</p> |
| |
| <h3 id="can-i-add-a-facebooktwitter-etc-custom-pixel-for-creating-a-custom-audience">Can I add a Facebook/Twitter etc custom pixel for creating a custom audience?</h3> |
| |
| <p>No, not without approval from your user.</p> |
| |
| </main> |
| <footer> |
| © 2021-2023 The Apache Software Foundation under the terms of the Apache License 2.0. |
| |
| Apache, the Apache feather logo, and the Apache logo are either registered trademarks or |
| trademarks of The Apache Software Foundation in the United States and other countries. |
| </footer> |
| |
| </body> |
| </html> |