Skip to content

Latest commit

 

History

History
59 lines (50 loc) · 2.86 KB

PERSONAL_DATA_DISCLOSURE.md

File metadata and controls

59 lines (50 loc) · 2.86 KB

Overview

The purpose of this form is to disclose the types of personal data stored by each module. This information enables those hosting FOLIO to better manage and comply with various privacy laws and restrictions, e.g. GDPR.

It's important to note that personal data is not limited to that which can be used to identify a person on it's own (e.g. Social security number), but also data used in conjunction with other data to identify a person (e.g. date of birth + city + gender).

For the purposes of this form, "store" includes the following:

  • Persisting to storage - Either internal (e.g. Postgres) or external (e.g. S3, etc.) to FOLIO
  • Caching - In-memory, etc.
  • Logging
  • Sending to an external piece of infrastructure such as a queue (e.g. Kafka), search engine (e.g. Elasticsearch), distributed table, etc.

Personal Data Stored by This Module

  • This module does not store any personal data.
  • This module provides custom fields.
  • This module stores fields with free-form text (tags, notes, descriptions, etc.)
  • This module caches personal data

  • First name
  • Last name
  • Middle name
  • Pseudonym / Alias / Nickname / Username / User ID
  • Gender
  • Date of birth
  • Place of birth
  • Racial or ethnic origin
  • Address
  • Location information
  • Phone numbers
  • Passport number / National identification numbers
  • Driver’s license number
  • Social security number
  • Email address
  • Web cookies
  • IP address
  • Geolocation data
  • Financial information
  • Logic or algorithms used to build a user/profile
  • User search queries

NOTE This is not intended to be a comprehensive list, but instead provide a starting point for module developers/maintainers to use.

Privacy Laws, Regulations, and Policies

The following laws and policies were considered when creating the list of personal data fields above.


v1.0