Write and publish a privacy policy for https://transitous.org/ routing service #580
Comments
|
Good point, do you think the following suffices? |
Thanks a lot for the PR, it is a step in the right direction! I'm not quite sure it is enough as it is right now. Also depending on the jurisdiction transitous is hosted, it might also need an Impressum/legal notice ;) As for the GDPR compliance of the current policy, I don't think it is compliant. Too much non-necessary data is processed/stored by default, the legitimate interest seems a wrong legal basis to me and consent would be a better/more correct one IMHO (for storing the requested URL/user agent 14 days for example, which should then be opt-in). |
|
We had cases of queries crashing the routing engine reproducibly and taking the service down for multiple minutes. I think being able to debug these is necessary to run the service. Consent doesn't work here, as then it's basically random whether we actually have the necessary information or not. Currently we don't permanently log the query parameters, but I think the policy should allow temporarily enabling it for this purpose. I think we can probably reduce the storage duration if that helps. |
Personal data gets processed by the transitous.org routing service, and therefor it would be great to write and publish a privacy policy for the service.
The text was updated successfully, but these errors were encountered: