Skip to content

Commit

Permalink
Merge pull request #1 from ukaea/develop
Browse files Browse the repository at this point in the history 
Develop
  • Loading branch information
@adam-parker1
adam-parker1 authored Jul 30, 2024
2 parents c52d9f5 + f0c240c commit ac18a82
Show file tree
Hide file tree
Showing 3 changed files with 618 additions and 1 deletion.
2 changes: 1 addition & 1 deletion templates/core/auth/login_page.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
</div>
<button class="i-button login-form-button" data-provider="{{ active_provider.title }}"
data-href="{{ url_for('auth.login_form', provider=active_provider.name) }}">
{%- trans name=active_provider.title %}Login with UKAEA credentials{% endtrans -%}
{%- trans name=active_provider.title %}Login with Indico Account{% endtrans -%}
</button>
</div>
{% set other_local_providers = providers|rejectattr('is_external')|reject('equalto', active_provider)|list %}
Expand Down
368 changes: 368 additions & 0 deletions templates/privacy_policy.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,368 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!--<title>Sample Document</title>-->
<style>
body {
font-family: Arial, sans-serif;
margin: 0;
padding: 0;
background-color: #f4f4f4;
color: #333;
display: flex;
justify-content: center;
align-items: center;
min-height: 100vh; /* Ensure the body covers the viewport height */
}

.container {
width: 80%; /* Adjust width as needed */
max-width: 800px; /* Maximum width of the content */
background-color: #fff; /* White background for the content area */
padding: 20px;
box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); /* Subtle shadow */
border-radius: 8px; /* Rounded corners */
box-sizing: border-box; /* Ensure padding is included in width */
overflow-y: auto; /* Enable vertical scrolling if needed */
}
h1, h2 {
color: #0056b3;
}
.section {
margin-bottom: 20px;
}
.section-title {
font-size: 1.2em;
margin-bottom: 10px;
border-bottom: 1px solid #ccc;
padding-bottom: 5px;
}
table {
width: 100%;
border-collapse: collapse;
margin: 20px 0;
}
table, th, td {
border: 1px solid #ddd;
}
th, td {
padding: 8px;
text-align: left;
}
th {
background-color: #f4f4f4;
}
tr:nth-child(even) {
background-color: #f9f9f9;
}
tr:hover {
background-color: #f1f1f1;
}
</style>
</head>
<body>
<div class="container">
<h1>UKAEA Indico Privacy Policy</h1>
<p><strong>Author:</strong> UK Atomic Energy Authority</p>
<p><strong>Date:</strong> July 30, 2024</p>

<div class="section">
<div class="section-title"></div>
<strong>Personal data that is processed</strong>
<table>
<tbody>
<tr>
<th><p><strong>Personal Data</strong></p></th>
<th><p><strong>Purpose</strong></p></th>
<th><p><strong>Basis</strong></p></th>
<th><p><strong>Source</strong></p></th>
</tr>
<tr>
<td><p><strong>Your Name and Title, Affiliation</strong></p></td>
<td><p>[User] To identify you; Allowing others to find you on Indico;
Pre-filling your information in events at which you register; Allowing
event managers to contact you and to generate booklets, badges and
timetables</p></td>
<td><p>Legitimate interest of UKAEA</p></td>
<td><p>User or UKAEA Account, LDAP, or Active Directory
Services</p></td>
</tr>
<tr>
<td><p><strong>Your e-mail address</strong></p></td>
<td><p>[User] To identify you as an Indico user, to provide you with the
service, for technical support and troubleshooting, to communicate with
you, to send you e-mail notifications; Allowing others to find you on
Indico; Pre-filling your information in events at which you register;
Allowing event managers to contact you and to generate booklets, badges
and timetables</p></td>
<td><p>Legitimate interest of UKAEA</p></td>
<td><p>User or UKAEA Account, LDAP, or Active Directory
Services</p></td>
</tr>
<tr>
<td><p><strong>Your user preferences (language, time zone, preferred
display and navigation settings) and favourite categories and
users</strong></p></td>
<td><p>[User] Improving your experience while using Indico, adapting the
interface to your preferences</p></td>
<td><p>Legitimate interest of UKAEA</p></td>
<td><p>User</p></td>
</tr>
<tr>
<td><p><strong>Which events you are involved in, in which categories,
and your role in them</strong></p></td>
<td><p>[Event] Allowing you to access protected contents and to manage
access rights in Indico</p></td>
<td><p>Legitimate interest of UKAEA</p></td>
<td><p>User and/or event organizers and/or category managers</p></td>
</tr>
<tr>
<td><p><strong>Which categories you manage</strong></p></td>
<td><p>[User] Access Control, allowing others to contact you so that you
grant permissions to them</p></td>
<td><p>Legitimate interest of UKAEA</p></td>
<td><p>Access privileges granted by another manager or an
administrator</p></td>
</tr>
<tr>
<td><p><strong>Any actions you perform while managing an event
(creating/removing/editing content, mails sent through Indico, etc...)
and timestamp</strong></p></td>
<td><p>[Event] To enable event managers to investigate possible
problems, to provide technical support and troubleshooting by the Indico
Service</p></td>
<td><p>Legitimate interest of UKAEA</p></td>
<td><p>Automatically detected from your interactions with the
system</p></td>
</tr>
<tr>
<td><p><strong>Your IP address, visited URLs and corresponding
timestamp</strong></p></td>
<td><p>Debugging of the Indico application, Security Auditing</p></td>
<td><p>Legitimate interest of UKAEA</p></td>
<td><p>Automatically detected from your interactions with the
system</p></td>
</tr>
</tbody>
</table>
<p>
*Legitimate interest of UKAEA: In the legitimate interests of UKAEA
supporting the professional activities of the individual or their
security and safety.
</p>

<strong>Personal data that is stored</strong>
<table>
<tbody>
<tr>
<th><p><strong>Personal Data</strong></p></th>
<th><p><strong>Retention Period</strong></p></th>
<th><p><strong>Purpose</strong></p></th>
</tr>
<tr>
<td><p><strong>All data above labelled [User]</strong></p></td>
<td><p>Lifetime of your Indico account</p></td>
<td><p>To provide you with the Indico service</p></td>
</tr>
<tr>
<td><p><strong>All data above labelled [Event]</strong></p></td>
<td><p>Until the event is deleted or the retention period of
registration data, selected by event organisers, expires.</p></td>
<td><p>To provide you with the Indico service</p></td>
</tr>
<tr>
<td><p><strong>Your IP address, visited URLs and corresponding timestamp
</strong></p></td>
<td><p>30 days after the timestamp</p></td>
<td><p>Debugging, Security Auditing and Security incident investigation
and response</p></td>
</tr>
</tbody>
</table>
<p>
Indico Service Administrators can be contacted to either:
</p>
<ul>
<li><p>anonymise and unlink user account data on request,</p></li>
<li><p>delete user account information and associated materials</p></li>
</ul>
<p>
Event Organisers can be contacted separately to remove registrations and
data according to the events privacy policy
</p>
<br><br>

<strong>Who has access to the data</strong>
<table>
<tbody>
<tr>
<th><p><strong>Personal Data</strong></p></th>
<th><p><strong>Who</strong></p></th>
<th><p><strong>Purpose</strong></p></th>
</tr>
<tr>
<td><p><strong>All data above</strong></p></td>
<td><p>Indico Service Providers</p></td>
<td><p>To provide you with the Indico service, Debugging, Security
Auditing and Security incident investigation and response, technical
support and troubleshooting</p></td>
</tr>
<tr>
<td><p><strong>Your Name if you are a category manager</strong></p></td>
<td><p>All UKAEA users with access to the category you manage</p></td>
<td><p>Provision of transparency about the responsibilities for a
category, allowing others to contact you in order to ask for
privileges</p></td>
</tr>
<tr>
<td><p><strong>Your e-mail address, Your Name, which events you are
involved in, in which categories, and your role in
them</strong></p></td>
<td><p>Indico or UKAEA Users who can access/manage the same events as
you</p></td>
<td><p>Provision of transparency about the responsibilities for an
event</p></td>
</tr>
<tr>
<td><p><strong>Your Name and Title, Affiliation, Your e-mail
address</strong></p></td>
<td><p>All users holding an Indico account</p></td>
<td><p>To allow other Indico users to find you, for example to mention
you as a participant in an event</p></td>
</tr>
</tbody>
</table>

</p>
</div>

<div class="section">
<div class="section-title"></div>
<p>
This Privacy Policy describes how UKAEA ("we", "us", or "our") collects,
uses, and protects personal information collected through the UKAEA’s
Indico instance ("Service").
</p>
</div>

<div class="section">
<div class="section-title">1. Information We Collect</div>
<p>

1.1 <strong>Personal Information</strong>: When you use the Service, we
may collect personal information that you provide voluntarily, such as
your name, email address, affiliation, and other contact details.
<br><br>

1.2 <strong>Event Information</strong>: We may also collect information
related to events you create or register for, including event titles,
dates, locations, and any additional details provided.
<br><br>

1.3 <strong>Usage Data</strong>: We may collect usage data automatically
when you access or use the Service, including your IP address, browser
type, operating system, and other technical information.
</p>
</div>

<div class="section">
<div class="section-title">2. How We Use Your Information</div>
<p>
2.1 <strong>Service Provision</strong>: We use the information collected
to provide, maintain, and improve the Service, including facilitating
event registration, managing event details, and providing support.
<br><br>

2.2 <strong>Communication</strong>: We may use your contact information
to communicate with you about events, updates, promotions, and other
relevant information related to the Service.
<br><br>

2.3 <strong>Analytics</strong>: We may use usage data for analytics
purposes to understand how users interact with the Service, diagnose
technical issues, and improve user experience.
</p>
</div>

<div class="section">
<div class="section-title">3. Data Sharing and Disclosure</div>
<p>
3.1 <strong>Third-Party Service Providers</strong>: We may share
personal information with third-party service providers who assist us in
operating the Service, such as hosting providers, payment processors,
and analytics services.
<br><br>

3.2 <strong>Legal Compliance</strong>: We may disclose personal
information when required by law or in response to valid legal requests,
such as court orders or subpoenas.
</p>
</div>

<div class="section">
<div class="section-title">4. Data Retention</div>
<p>
4.1 <strong>Retention Period</strong>: We retain personal information
for as long as necessary to fulfil the purposes outlined in this Privacy
Policy, unless a longer retention period is required or permitted by
law.
</p>
</div>

<div class="section">
<div class="section-title">5. Data Security</div>
<p>
5.1 <strong>Security Measures</strong>: We implement appropriate
technical and organizational measures to protect personal information
against unauthorized access, disclosure, alteration, or
destruction.
</p>
</div>
<div class="section">
<div class="section-title">6. Your Rights</div>
<p>
6.1 <strong>Access, Correction, and Deletion</strong>: You have the
right to access, correct, or update your personal information at any
time. Additionally, you have the right to request the deletion of your
personal information where permitted by law. You may exercise these
rights by accessing your account settings, contacting us directly, or
submitting a deletion request through the designated channels.
<br><br>

6.2 <strong>Opt-Out</strong>: You may opt out of receiving promotional
communications from us by following the unsubscribe instructions
provided in such communications or by contacting us directly.
</p>
</div>
<div class="section">
<div class="section-title">7. Children's Privacy</div>
<p>
7.1 <strong>Age Limitation</strong>: The Service is not intended for use
by individuals under the age of 13. We do not knowingly collect personal
information from children under the age of 13 without parental
consent.
</p>
</div>
<div class="section">
<div class="section-title">8. Changes to this Privacy Policy</div>
<p>
8.1 <strong>Updates</strong>: We may update this Privacy Policy from
time to time to reflect changes in our practices or legal requirements.
We will notify you of any material changes by posting the updated
Privacy Policy on the Service.
</p>
</div>
<div class="section">
<div class="section-title">9. Contact Us</div>
<p>
9.1 <strong>Questions</strong>: If you have any questions about this
Privacy Policy or our privacy practices, please contact us at <u><a
href="mailto:help@indico.ukaea.uk">help@indico.ukaea.uk</a></u>
</p>
</div>
</div>
</body>
</html>

Loading

0 comments on commit ac18a82

Please sign in to comment.