miteruzo
/
nizika_video
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
ニジカ投稿局 https://tv.nizika.tv
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
24 MiB
Tree: 23a48cef7d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '23a48cef7d'
${ noResults }
nizika_video/server/core/static/dnt-policy/dnt-policy-1.0.txt

dnt-policy-1.0.txt 10 KiB
Raw Normal View History

はじまりの大地
2 months ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218 
  1. Do Not Track Compliance Policy 

  2. 

  3. Version 1.0

  4. 

  5. This domain complies with user opt-outs from tracking via the "Do Not Track"

  6. or "DNT" header  [http://www.w3.org/TR/tracking-dnt/].  This file will always

  7. be posted via HTTPS at https://example-domain.com/.well-known/dnt-policy.txt

  8. to indicate this fact.

  9. 

  10. SCOPE

  11. 

  12. This policy document allows an operator of a Fully Qualified Domain Name

  13. ("domain") to declare that it respects Do Not Track as a meaningful privacy

  14. opt-out of tracking, so that privacy-protecting software can better determine

  15. whether to block or anonymize communications with this domain.  This policy is

  16. intended first and foremost to be posted on domains that publish ads, widgets,

  17. images, scripts and other third-party embedded hypertext (for instance on

  18. widgets.example.com), but it can be posted on any domain, including those users

  19. visit directly (such as www.example.com). The policy may be applied to some

  20. domains used by a company, site, or service, and not to others.  Do Not Track

  21. may be sent by any client that uses the HTTP protocol, including websites,

  22. mobile apps, and smart devices like TVs. Do Not Track also works with all

  23. protocols able to read HTTP headers, including SPDY.

  24. 

  25. NOTE: This policy contains both Requirements and Exceptions. Where possible

  26. terms are defined in the text, but a few additional definitions are included

  27. at the end.

  28. 

  29. REQUIREMENTS

  30. 

  31. When this domain receives Web requests from a user who enables DNT by actively

  32. choosing an opt-out setting in their browser or by installing software that is

  33. primarily designed to protect privacy ("DNT User"), we will take the following

  34. measures with respect to those users' data, subject to the Exceptions, also

  35. listed below:  

  36. 

  37. 1. END USER IDENTIFIERS:         

  38. 

  39.   a. If a DNT User has logged in to our service, all user identifiers, such as

  40.      unique or nearly unique cookies, "supercookies" and fingerprints are 

  41.      discarded as soon as the HTTP(S) response is issued.                                    

  42. 

  43.      Data structures which associate user identifiers with accounts may be

  44.      employed to recognize logged in users per Exception 4 below, but may not

  45.      be associated with records of the user's activities unless otherwise

  46.      excepted.

  47. 

  48.   b. If a DNT User is not logged in to our service, we will take steps to ensure 

  49.      that no user identifiers are transmitted to us at all.         

  50. 

  51. 2. LOG RETENTION: 

  52. 

  53.   a. Logs with DNT Users' identifiers removed (but including IP addresses and

  54.      User Agent strings) may be retained for a period of 10 days or less,

  55.      unless an Exception (below) applies. This period of time balances privacy

  56.      concerns with the need to ensure that log processing systems have time to

  57.      operate; that operations engineers have time to monitor and fix technical

  58.      and performance problems; and that security and data aggregation systems

  59.      have time to operate.

  60. 

  61.   b. These logs will not be used for any other purposes.         

  62. 

  63. 3. OTHER DOMAINS: 

  64. 

  65.   a. If this domain transfers identifiable user data about DNT Users to

  66.      contractors, affiliates or other parties, or embeds from or posts data to

  67.      other domains, we will either:         

  68. 

  69.   b. ensure that the operators of those domains abide by this policy overall

  70.      by posting it at /.well-known/dnt-policy.txt via HTTPS on the domains in

  71.      question,

  72. 

  73.     OR

  74. 

  75.      ensure that the recipient's policies and practices require the recipient

  76.      to respect the policy for our DNT Users' data.

  77. 

  78.     OR  

  79. 

  80.      obtain a contractual commitment from the recipient to respect this policy

  81.      for our DNT Users' data.

  82. 

  83.     NOTE: if an “Other Domain” does not receive identifiable user information

  84.     from the domain because such information has been removed, because the

  85.     Other Domain does not log that information, or for some other reason, these

  86.     requirements do not apply.

  87. 

  88.   c. "Identifiable" means any records which are not Anonymized or otherwise

  89.      covered by the Exceptions below.

  90. 

  91. 4. PERIODIC REASSERTION OF COMPLIANCE: 

  92. 

  93.   At least once every 12 months, we will take reasonable steps commensurate

  94.   with the size of our organization and the nature of our service to confirm

  95.   our ongoing compliance with this document, and we will publicly reassert our

  96.   compliance.

  97. 

  98. 5. USER NOTIFICATION: 

  99. 

  100.   a. If we are required by law to retain or disclose user identifiers, we will

  101.      attempt to provide the users with notice (unless we are prohibited or it

  102.      would be futile) that a request for their information has been made in

  103.      order to give the users an opportunity to object to the retention or

  104.      disclosure.

  105. 

  106.   b. We will attempt to provide this notice by email, if the users have given

  107.      us an email address, and by postal mail if the users have provided a

  108.      postal address.                                   

  109. 

  110.   c. If the users do not challenge the disclosure request, we may be legally

  111.      required to turn over their information.

  112. 

  113.   d. We may delay notice if we, in good faith, believe that an emergency

  114.      involving danger of death or serious physical injury to any person

  115.      requires disclosure without delay of information relating to the

  116.      emergency.

  117. 

  118. EXCEPTIONS

  119. 

  120. Data from DNT Users collected by this domain may be logged or retained only in

  121. the following specific situations:

  122. 

  123. 1. CONSENT / "OPT BACK IN"         

  124. 

  125.   a. DNT Users are opting out from tracking across the Web.  It is possible

  126.      that for some feature or functionality, we will need to ask a DNT User to

  127.      "opt back in" to be tracked by us across the entire Web.                                    

  128. 

  129.   b. If we do that, we will take reasonable steps to verify that the users who

  130.      select this option have genuinely intended to opt back in to tracking.

  131.      One way to do this is by performing scientifically reasonable user

  132.      studies with a representative sample of our users, but smaller

  133.      organizations can satisfy this requirement by other means.         

  134. 

  135.   c. Where we believe that we have opt back in consent, our server will

  136.      send a tracking value status header "Tk: C" as described in section 6.2

  137.      of the W3C Tracking Preference Expression draft:

  138. 

  139.      http://www.w3.org/TR/tracking-dnt/#tracking-status-value

  140. 

  141. 2. TRANSACTIONS         

  142. 

  143.    If a DNT User actively and knowingly enters a transaction with our

  144.    services (for instance, clicking on a clearly-labeled advertisement,

  145.    posting content to a widget, or purchasing an item), we will retain

  146.    necessary data for as long as required to perform the transaction. This

  147.    may for example include keeping auditing information for clicks on

  148.    advertising links; keeping a copy of posted content and the name of the

  149.    posting user; keeping server-side session IDs to recognize logged in

  150.    users; or keeping a copy of the physical address to which a purchased

  151.    item will be shipped.  By their nature, some transactions will require data

  152.    to be retained indefinitely.

  153. 

  154. 3. TECHNICAL AND SECURITY LOGGING:                   

  155. 

  156.   a. If, during the processing of the initial request (for unique identifiers)

  157.      or during the subsequent 10 days (for IP addresses and User Agent strings),

  158.      we obtain specific information that causes our employees or systems to

  159.      believe that a request is, or is likely to be, part of a security attack,

  160.      spam submission, or fraudulent transaction, then logs of those requests 

  161.      are not subject to this policy.                                   

  162. 

  163.   b. If we encounter technical problems with our site, then, in rare

  164.      circumstances, we may retain logs for longer than 10 days, if that is

  165.      necessary to diagnose and fix those problems, but this practice will not be

  166.      routinized and we will strive to delete such logs as soon as possible.         

  167. 

  168. 4. AGGREGATION:

  169. 

  170.   a. We may retain and share anonymized datasets, such as aggregate records of

  171.      readership patterns; statistical models of user behavior; graphs of system

  172.      variables; data structures to count active users on monthly or yearly

  173.      bases; database tables mapping authentication cookies to logged in

  174.      accounts; non-unique data structures constructed within browsers for tasks

  175.      such as ad frequency capping or conversion tracking; or logs with truncated

  176.      and/or encrypted IP addresses and simplified User Agent strings.

  177. 

  178.   b. "Anonymized" means we have conducted risk mitigation to ensure

  179.      that the dataset, plus any additional information that is in our

  180.      possession or likely to be available to us, does not allow the

  181.      reconstruction of reading habits, online or offline activity of groups of

  182.      fewer than 5000 individuals or devices. 

  183. 

  184.   c. If we generate anonymized datasets under this exception we will publicly

  185.      document our anonymization methods in sufficient detail to allow outside

  186.      experts to evaluate the effectiveness of those methods.

  187. 

  188. 5. ERRORS: 

  189. 

  190. From time to time, there may be errors by which user data is temporarily

  191. logged or retained in violation of this policy.  If such errors are

  192. inadvertent, rare, and made in good faith, they do not constitute a breach

  193. of this policy.  We will delete such data as soon as practicable after we

  194. become aware of any error and take steps to ensure that it is deleted by any

  195. third-party who may have had access to the data.

  196. 

  197. ADDITIONAL DEFINITIONS

  198. 

  199. "Fully Qualified Domain Name" means a domain name that addresses a computer

  200. connected to the Internet.  For instance, example1.com; www.example1.com;

  201. ads.example1.com; and widgets.example2.com are all distinct FQDNs.

  202. 

  203. "Supercookie" means any technology other than an HTTP Cookie which can be used

  204. by a server to associate identifiers with the clients that visit it.  Examples

  205. of supercookies include Flash LSO cookies, DOM storage, HTML5 storage, or

  206. tricks to store information in caches or etags.

  207. 

  208. "Risk mitigation" means an engineering process that evaluates the possibility

  209. and likelihood of various adverse outcomes, considers the available methods of

  210. making those adverse outcomes less likely, and deploys sufficient mitigations

  211. to bring the probability and harm from adverse outcomes below an acceptable

  212. threshold.

  213. 

  214. "Reading habits" includes amongst other things lists of visited DNS names, if

  215. those domains pertain to specific topics or activities, but records of visited

  216. DNS names are not reading habits if those domain names serve content of a very

  217. diverse and general nature, thereby revealing minimal information about the

  218. opinions, interests or activities of the user.