Page Actions

ISOGG Wiki

Privacy policy

From ISOGG Wiki

Revision date: 21 May 2018

Welcome to the International Society of Genetic Genealogy ( henceforth called, "ISOGG" ) privacy policy page. ISOGG takes your privacy seriously and will never sell, share or reveal information of our viewers ( readers ), members, or users ( registered for wiki contributions ) unless ISOGG is required to comply with a legal order.

This privacy policy has been compiled to better serve those who are concerned with how their Personally Identifiable Information ( PII ) or Personal data ( under European Union GDPR ) is being used by the International Society of Genetic Genealogy ( ISOGG ). PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. The European Union GDPR uses the term "personal data" in a similar context.

Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website. This page covers many topics, including but not limited to:

  • What is a reader, member and registered user
  • What information we collect and why
  • How we use this information
  • How to update and view your information
  • How to request removal of your information

Please read this document in its entirety as it contains information about your privacy, ISOGG practices and your rights. Our Cookie policy can be found here.

Information and definitions

ISOGG maintains a membership database and controls and operates five websites, isogg.org, ISOGG Wiki, ISOGG Y-SNP tree, ISOGG YBrowse and Journal of Genetic Genealogy. Using Google Analytics, we do collect anonymized analytic data. The use of Google Analytics by ISOGG is detailed further on our Cookie policy page.

What is a Reader - Member - User?

Readers

As a reader, you are free to browse and read content available on any of our websites. Anyone with Internet access ( not restricted from doing so) may view pages of our websites. Readers can also be members. It is not necessary to be a user to access any content on ISOGG's web properties. ISOGG does not use cookies to collect personally identifiable information from readers of our websites.

Members

As an ISOGG member, you join a network of other persons with an interest in genetic genealogy. Members are welcome to join specific mail lists and discussion groups hosted by Yahoo Groups.

Users

A user is a registered user who is authorized to contribute to or edit ISOGG's wiki. All ISOGG content found on this wiki is collaboratively developed by ISOGG members using the MediaWiki software. Only members can become a wiki user and SHOULD DO SO ONLY if the member plans to contribute content to ISOGG's wiki.

Purpose of the collection of private information

ISOGG limits the collection of personally identifiable information to a minimum for specific purposes as listed below.

When do we collect information?

  • We collect information when anyone emails and ISOGG email address or fills out our contact form
  • We collect information about you when you fill out a membership form to become a member of ISOGG
  • We collect information when a member becomes a registered user of our members only ISOGG wiki.

How do we use your information?

  • To answer requests ( questions or for information ) made by email or ISOGG's contact form.
  • To identify you as a member when joining our members only mail list hosted by Yahoo Groups.
  • To identify you as a member when requesting an account for editing on our members only wiki.

IP Addresses technical information

ISOGG's server logs always collect IP Address information. This data is used for the prevention of malicious activity and our right to ensure the security of our users and our intellectual property. IP Addresses are not considered PII.
IP addresses are collected in the form of raw server logged data. The raw server log data:-
  • is not made public.
  • is used to solve technical problems
  • is used to track down badly-behaved web spiders that overwhelm the site
  • is used to block malicious web requests
  • is necessary for the security and safety of our intellectual property
  • is rotated at intervals to minimize the security impact of storing IP addresses
  • is restricted to authorized ISOGG persons but may be viewed by the owner and their agents of our web hosting provider, Namecheap, for security assistance
  • does not need the CONSENT nor will it be sought from a user of our website as it is not PII

ISOGG email or contact form data stored

When a person sends and email or uses our contact form to send a message, request or question to ISOGG, personal identifiable information is transmitted to ISOGG. This personal data includes:
  • Name
  • Email address
  • IP address
  • other data you include in the content of the message
This data is stored on our email server, web hosting server, and in backups. In addition to storage, the data will be transmitted to the appropriate ISOGG person(s) to answer emails or contact form messages. Messages sent to ISOGG which are spam, not ISOGG relevant, or sent to ISOGG by mistake are ignored and deleted immediately.

ISOGG membership data stored

ISOGG members are asked to supply the following data along with their consent to store the data. Members who do not consent, cannot join ISOGG.
  • Name
  • Email address
  • Country
  • state/province or county ( optional )
  • affirmative ( yes/no ) verification a member is 16 years of age or older
  • questions about interest in joining mail lists hosted on Yahoo Groups ( optional )
  • questions about being a DNA project admin and the project(s) you admin ( optional )
Members are not automatically enrolled in our group mail lists. You as a new member must actively join the group mail list and wait for approval. Approval of your mail list join request is verified against your email address and name supplied on the membership join form.

User accounts and authorship

ISOGG requires those interested in editing on ISOGG's Wiki to join ISOGG as a member then apply separately for a user account on this wiki. Users that do register are identified by their chosen username. Users select a password, which is confidential and used to verify the integrity of their account. Except insofar as it may be required by law, no person ( ISOGG data administrator or user ) should or will disclose, or knowingly expose, either user passwords and/or cookies generated to identify a user. Once created, user accounts will not be removed unless a request to remove is made ( see below ). It may be possible for a username to be changed. ISOGG does not guarantee that a username will be changed on request.

Registered User Personally Identifiable Information ( PII )

The following is only valid for registered users/editors of our website's page content. If you are not a registered user, the following information does not apply to you. As a reader or a member you are free to view our websites and its pages of content. When applying for a registered user account, you will have to consent to the following personal data being stored on our web server or you will not be able to register. The following PII data is required as a registered user on ISOGG's wiki:
What Why Data Storage Required Access to Data
Your email address used to confirm account, reset your password,
receive emails from other users
database - unencrpyted Yes only you and administrators with server access
A username user attribution of edits database - unencrpyted Yes public ( contribution attribution, user page, page edits and history )
A real name user attribution of edits database - unencrpyted Yes public ( contribution attribution, user page, page edits and history )
Password account log in database - encrpyted Yes only you
Gender preference setting ( use of him or her ) database - unencrpyted No public ( contribution attribution, user page, page edits and history )

Page history

Edits or other contributions to ISOGG articles, user pages and talk pages are generally retained forever in database history. Removing text from a page does not permanently delete it from the history of the page. Normally, anyone can look at a previous version of an article and see what was there. Even if an article is "deleted", a user (administrator) entrusted with higher level of access may still see what was removed from public view. Information can be permanently deleted by individuals with access to ISOGG's servers, but aside from the rare circumstance when ISOGG is required to delete editing-history material in response to a court order or equivalent legal process, there is no guarantee any permanent deletion will happen. You should assume all information you contribute will be available permanently on this wiki unless you request removal of your user account.

User contribution

User contributions are also aggregated and publicly available. User contributions are aggregated according to their registration username and/or real name if that option by the user is chosen. Data on user contributions, such as the times at which users edited and the number of edits they have made, are publicly available via user contributions lists, page history and in aggregated forms published by other users. Such information will be available permanently on this wiki unless you request removal of your user account.

Editing

Edits to ISOGG article pages are identified with the username of the editor, and editing history is aggregated by author in a contribution list. Such information will be available permanently on this wiki unless you request removal of your user account.

Discussions

Edits to ISOGG article discussion pages are identified with the username of the editor, and editing history is aggregated by author in a contribution list. Such information will be available permanently on this wiki unless you request removal of your registered user account.

Your rights

This privacy policy has stated what personally identifiable information ISOGG will or will be collecting about you and why. You have the right to know what personally identifiable information ISOGG has collected about you while you are a member. You have the right to have your personally identifiable information forgotten by ISOGG. Software used by ISOGG has limitations and you cannot ask for your data to be anonymized or exported.

Right to know about data stored

You may fill out this {future link to form here} and request to know what membership information ISOGG has stored about you.

Right to be forgotten

You may request the right to be forgotten if you are a member or a registered ISOGG Wiki user. Use the same form, {future link to form here}, as above and check the right to be forgotten. Additional information:
  • If you are a member, your information will be:
  • removed from our database
  • you will be removed from all mail list groups you belong to, eg. Yahoo Groups
  • if you have a ISOGG Wiki account it will be merged with a generic ISOGG Wiki account, see Registered ISOGG Wiki users
  • If you are a registered ISOGG wiki member:
  • you can remain a member of ISOGG
  • request only your user account on ISOGG Wiki is forgotten
Once the removal and/or registered user is removed this action is final and not reversible. To prevent abuse of data and removal requests, all data about the request is deleted and unrecoverable after 90 days. No further communication about the request will be made once the deletion is completed.

Registered ISOGG Wiki users

As a registered user, ISOGG will extend the right to be forgotten to all registered users on the ISOGG wiki. Because of software limitations, this right will be done by merging your username into a generic username. The software used to power ISOGG's wiki does not allow a user to maintain an account and anonymity at the same time. A request to be forgotten will be honored by the following steps:
  • Your account will be merged with a generic username
  • All your contributions will be attributed to the generic username
  • Your account will be deleted
  • The MERGING and DELETION action is FINAL and NOT REVERSIBLE once completed
  • If you request a new account, your old edit attributions cannot be attributed to your new username
As a precaution against malicious activity, a confirmation request will be posted on your user talk page. You must log in and follow the instructions on the talk page to prove you were the user making the request and sent the email. Once this is complete, an administrator will merge and delete your account permanently.

Access to and release of personally identifiable information

Access
ISOGG is run by volunteer contributors. Membership records are held securely on Google servers and access is limited to a select few members of ISOGG. Some dedicated ISOGG Wiki users are chosen by the community to be given privileged access. User access levels to ISOGG Wiki are determined by the user's presence in various 'user groups'. User group rights and group members are reachable in every project from the Special:ListGroupRights page. Please see who has access to my data below.
Sharing information with other privileged users is not considered "distribution."
Release — Policy on Release of Data
It is the policy of ISOGG that personally identifiable data collected in the server logs, or through records in the ISOGG Wiki database, or through other non-publicly-available methods, may be released by ISOGG volunteers or staff, in any of the following situations:
  1. In response to a valid subpoena or other compulsory request from law enforcement,
  2. With permission of the affected user,
  3. When necessary for investigation of abuse complaints,
  4. Where the information pertains to page views generated by a spider or bot and its dissemination is necessary to illustrate or resolve technical issues,
  5. Where the user has been vandalizing articles or persistently behaving in a disruptive way, data may be released to a service provider, carrier, or other third-party entity to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers,
  6. Where it is reasonably necessary to protect the rights, property or safety of ISOGG, its users or the public.
Except as described above, ISOGG policy does not permit distribution of personally identifiable information under any circumstances.
Third-party access and notifying registered users when receiving legal process
As a general principle, the access to, and retention of, personally identifiable data is minimal and should be used only internally to serve the well-being of ISOGG. Occasionally, however, ISOGG may receive a subpoena or other compulsory request from a law-enforcement agency or a court or equivalent government body that requests the disclosure of information about a registered user, and may be compelled by law to comply with the request. In the event of such a legally compulsory request, ISOGG will attempt to notify the affected user within three business days after the arrival of such subpoena by sending a notice by email to the email address (if any) that the affected user has listed in his or her user preferences.
ISOGG cannot advise a user receiving such a notification regarding the law or an appropriate response to a subpoena. ISOGG does note, however, that such users may have the legal right to resist or limit that information in court by filing a motion to quash the subpoena. Users who wish to oppose a subpoena or other compulsory request should seek legal advice concerning applicable rights and procedures that may be available.
If ISOGG receives a court-filed motion to quash or otherwise limit the subpoena as a result of action by a user or their lawyer, ISOGG will not disclose the requested information until ISOGG receives an order from the court to do so.
Registered users are not required to provide an email address. However, when an affected registered user does not provide an email address, ISOGG will not be able to notify the affected user in private email messages when it receives requests from law enforcement to disclose personally identifiable information about the user.

Who has access to my data

ISOGG membership data
ISOGG Wiki data
Beside public data which has already been explained above, this is a list of users with additional permissions. The additional permissions for the follow users can be found on User Group Rights page.
Editors ( elevated users )
Administrators
Bureaucrats

California Online Privacy Protection Act

CalOPPA is the first state law in the United States to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. - See more at: https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3/
According to CalOPPA, we agree to the following
  • Users can visit our site anonymously.
Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website. Our Privacy Policy link includes the word 'Privacy' and can easily be found on the page specified above.
Notifications of changes to our privacy policy can be made on one or all of the following
  • On our Privacy Policy Page
  • A tweet on Twitter from ISOGG's official account, @isogg
  • An email posting on our member mail list groups
  • A post on ISOGG's Facebook group
Can ISOGG change your personal information
  • By submitting a request on ISOGG's {insert a form link here}
Does our site allow third-party behavioral tracking?
It's also important to note that we allow third-party anonymized behavioral tracking
How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies. We use 3rd party tools to add functions to our websites which might track your behavior, anonymized. Please see our Cookie policy on 3rd party functions. You may also disable cookies using your browser settings or choosing to disable them by following these instructions.

GDPR (General Data Protection Regulation)

The European Union’s GDPR that entered into force on 25 May 2018 invokes responsibilities that extend worldwide. Detailed provisions govern the processing of personal data, including the collection, storage and use of personally identifiable information of individuals who are resident in European countries even if this data is collected, stored or used outside the EU.
ISOGG endeavours to comply with all of GDPR’s requirements concerning the processing of the personal data of ISOGG members.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 16 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
ISOGG does not specifically market to or encourage children under the age of 16 years old to join ISOGG. We do not knowingly collect personally identifiable information from children under 16. If a parent or guardian becomes aware that their child has provided us with personal Information without their consent, they should contact us at [email protected].
ISOGG recognizes that there may be children under age of 16 who may register as a member. The privacy policy that apply to all members apply to those users under 16 of age.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to
  • Verify the identity of members who join ISOGG who join our members only mail list group(s) hosted by Yahoo Groups
  • Respond to contact inquiries, and/or other requests or questions submitted by our contact form
To be in compliance with CANSPAM, we agree to the following
  • Not use false or misleading subjects or email addresses.
  • Honor opt-out/unsubscribe requests quickly.
If at any time you would like to unsubscribe from receiving future emails, you can leave ( self unsubscribe ) from the mail list(s) on Yahoo Group(s). If you are having difficulties doing so, you may email us at [email protected] and we will promptly remove you from ALL mail list groups and further correspondence.

Contacting Us

If you have questions or comments about this policy or if you feel that ISOGG is not following its privacy policy please contact us at [email protected]
International Society of Genetic Genealogy
4808 Endicott Court
Salida, CA 95368
United States

Disclaimer

ISOGG believes that maintaining and preserving the privacy of user data is an important value. This privacy & cookie policy, together with other policies, resolutions, and actions by ISOGG, represents a committed effort to safeguard the security of the limited user information that is collected and retained on our servers. Nevertheless, ISOGG cannot guarantee that user information will remain private. We acknowledge that, in spite of our committed effort to protect private user information, determined individuals may still develop data-mining and other methods to uncover such information and disclose it. For this reason, ISOGG can make no guarantee against unauthorized access to information provided in the course of participating to the ISOGG wiki. ISOGG will release to the public and/or authority information concerning a breach in any security which affects the registered users of this website. This will be done in a timely manner as required to comply with any laws and/or the good faith entrusted to ISOGG to care for a registered user's PII.

References

  1. Section 3.3.3 - NIST Special Publication 800-122