From 7570972a958a77953981189bd5ffc5902a8551e9 Mon Sep 17 00:00:00 2001 From: M66B Date: Sun, 22 May 2022 11:37:18 +0200 Subject: [PATCH] Updated privacy policy --- PRIVACY.md | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 110 insertions(+), 2 deletions(-) diff --git a/PRIVACY.md b/PRIVACY.md index 5b70216c92..d32886b093 100644 --- a/PRIVACY.md +++ b/PRIVACY.md @@ -1,9 +1,11 @@ -## Privacy policy +# Privacy policy [🌎 Google Translate](https://translate.google.com/translate?hl=&sl=en&u=https%3A%2F%2Fgithub.com%2FM66B%2FFairEmail%2Fblob%2Fmaster%2FPRIVACY.md)
+## Overview + FairEmail **does not** collect any data. FairEmail **does not** send data to or store data on third party servers. @@ -22,7 +24,7 @@ Error reporting via Bugsnag **is opt-in**, see [here](https://github.com/M66B/Fa FairEmail **will not** transfer data to other apps and services and therefore adheres to the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes), including the Limited Use requirements. -Google API Services are used only to authenticate Gmail accounts though OAuth. +Google API Services are used only to authenticate Gmail accounts through OAuth. FairEmail **can use** these services if they are explicitly enabled (off by default) or are explicitly used by you: @@ -44,4 +46,110 @@ FairEmail **is** [GDPR compliant](https://gdpr.eu/) because no data is collected
+## Definitions of terms + +This section defines some terms and words. +Knowing those terms will help you understanding the following sections. + +* *Data subject* – the user of the app +* *Personal data* – any data the data subject could be identified with +* *Data controller* – the person / entity providing the app +* *Data processor* – the person / entity providing the app +* *Sub-processor* – a third party processing data +* *Data protection officer* – the person responsible for any privacy related enquiries + +
+ +## Contact details + +``` +Marcel Bokhorst +Van Doesburg-Erf 194 +3315 RG Dordrecht +the Netherlands +marcel+fairemail@faircode.eu +``` + +As FairEmail is a personal project of a single developer, the developer is both the data controller as well as the data protection officer. +For any legal issues, the place of jurisdiction is Dordrecht, the Netherlands. + +
+ +## A. General information on data processing + +### I. Scope of personal data processing + +This privacy policy / data protection declaration applies to the Android app FairEmail. + +The data processor only processes personal data insofar as absolutely required for providing a functioning email client as well as the explicitly requested services. +Users' personal data is usually only processed if required for fulfilling contractual or legal obligations or with the user's consent. + +### II Purpose of data processing + +The purpose of any data processed is to provide you with the service requested. +The app by default exclusively processes data that is necessary for the proper functioning of the app and its intended purpose of being an email client. + +### III. Data storage and data deletion + +By default, all data (both personal and non-personal) remains on the data subject's Android device for as long as not explicitly sent or shared by the data subject. +The data stored on the data subject's device can be deleted by the data subject at any time. + +### IV. Sub-processors + +The services of all sub-processors are disabled by default. +The data subject's data is sent to and processed by sub-processors if and only if explicitly enabled or requested by the data subject. + +The sub-processors are: + +* [ipinfo.io](https://ipinfo.io/) – [Privacy policy](https://ipinfo.io/privacy-policy) +* [Spamhaus](https://www.spamhaus.org/) – [Privacy policy](https://www.spamhaus.org/organization/privacy/) +* [Spamcop](https://www.spamcop.net/) – [Privacy policy](https://www.spamcop.net/fom-serve/cache/168.html) +* [Barracuda](https://www.barracudacentral.org/rbl/how-to-use) – [Privacy policy](https://www.barracuda.com/company/legal/trust-center/data-privacy/privacy-policy) +* [Thunderbird autoconfiguration](https://developer.mozilla.org/docs/Mozilla/Thunderbird/Autoconfiguration) – [Privacy policy](https://www.mozilla.org/privacy/) +* [LanguageTool](https://languagetool.org/) – [Privacy policy](https://languagetool.org/legal/privacy) +* The hoster of a domain the data subject has received an email from, if showing [favicons](https://en.wikipedia.org/wiki/Favicon) is enabled +* The hoster of a domain the data subject has received an email from, if [Brand Indicators for Message Identification](https://en.wikipedia.org/wiki/Brand_Indicators_for_Message_Identification) (BIMI) is enabled +* The data subject's email service provider, if an email account or identity is added + +### V. Permissions + +The app only requests permissions that are necessary for the expected behavior of an email app. +For more information on permissions, see [this FAQ](https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq1). + +### VI. Logging + +The app does not send any log entries to the data processor by default. +The error reporting system utilizes Bugsnag and is disabled by default. +See [this FAQ](https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq104) for more information. + +### VII. Legal basis + +FairEmail is fully [GDPR compliant](https://gdpr.eu/). The legal basis for any data processing is Art. 6 (1) a - c GDPR. + +
+ +## B. Support requests + +### I. Description and scope of data processing + +The data subject may contact the data processor to request support through channels offered by the data processor. +When the data subject contacts the data processor, any provided personal data are stored by the data controller. + +### II. Purpose of data processing + +The personal data is exclusively processed for finding a specific solution to support queries whilst recording and/or processing them. +It is essential in this respect for the data controller to be able to contact the person requesting support. + +### III. Sub-processors + +The data processor utilizes the services of the following sub-processors in order to process support requests: + +* Google LLC, if support request sent via email – [Privacy policy](https://policies.google.com/privacy?hl=en) +* XDA forums, if support requested via the FairEmail XDA forum thread – [Privacy policy](https://forum.xda-developers.com/help/privacy-policy/) + +### IV. Legal basis + +Any support requests are sent voluntarily by the data subject, including any personal data that might be attached. +As such, the explicit consent as outlined in Art. 6 (1) a GDPR forms the legal basis for processing. + Copyright © 2018-2022 Marcel Bokhorst.