Privacy Policy of wrongthink.net

This Application collects some Personal Data from its Users.

Personal Data collected for the following purposes and using the following services:

    • Analytics

      • Matomo

        Personal Data: Cookies and Usage Data

    • Contacting the User

      • Mailing list or newsletter and Contact form

        Personal Data: email address, first name and last name

      • Phone contact

        Personal Data: phone number

    • Content commenting

      • Comment system managed directly

        Personal Data: Cookies, first name, last name and username

    • Data transfer outside the EU

      • Data transfer from the EU and/or Switzerland to the U.S based on Privacy Shield, Data transfer to countries that guarantee European standards, Data transfer abroad based on consent and Other legal basis for Data transfer abroad

        Personal Data: various types of Data

    • Displaying content from external platforms

      • Google Fonts

        Personal Data: Usage Data and various types of Data as specified in the privacy policy of the service

      • SoundCloud widget and YouTube video widget without cookies

        Personal Data: Usage Data

      • Vine widget, Vimeo video, YouTube video widget and Google Maps widget

        Personal Data: Cookies and Usage Data

    • Handling payments

      • PayPal and Stripe

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Interaction with external social networks and platforms

      • Twitter Tweet button and social widgets, Google+ +1 button and social widgets and Facebook Like button and social widgets

        Personal Data: Cookies and Usage Data

    • Location-based interactions

      • Non-continuous geolocation

        Personal Data: geographic position

    • Registration and authentication

      • Direct registration

        Personal Data: email address, gender, password and username

      • Twitter OAuth, Google OAuth, Facebook Authentication and VK Client Authorization

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Social features

      • Public profile

        Personal Data: city, company name, country, date of birth, first name, gender, last name, picture, province, state and username

      • Inviting and suggesting friends

        Personal Data: various types of Data

    • Traffic optimization and distribution

      • CloudFlare

        Personal Data: Cookies and various types of Data as specified in the privacy policy of the service

Further information about Personal Data

    • Administrators and Moderators

      The User List can be access by Administrators and Moderators. This List Contains:
      1. First & Last Name / Username of the User;
      2. Source of the of the User Account;
      3. Email of the of the User;
      4. IP of the User;
      5. Status of the Account.

      Administrators and Moderators do not see full IP addresses of users, only the owner can see that. They see IP's that are hashed. Here is an example of the
      steps that create the hash:
      1. Input: IP 192.168.1.2
      2. Input is masked with 255.255.0.0 to become 192.168.0.0
      3. Input has its 0’s replaced with x’s to become 192.168.x.x
      4. Input has SHA1(SHA1(input + secret_salt)) applied on it to become a hash.
      5. The first ten characters of the hash are taken and displayed, in this case ad3fb7678b.

    • Private Messaging

      WrongThink has a private messaging system which allows users to communicate with each other, and if configured with only the people that they have chosen.
      These messages are stored unencrypted on the server.
      The information kept is who the message was sent from, who it was sent to. The IP of the sender or receiver is not kept.
      Private messages are never deleted by the Staff, but may be deleted by the user itself.
      The Staff have no access to the private messaging system, the only way to view the messages is through looking at the database table.

    • Transparency Report and Warrant Canary

      In light of our attachment to online privacy – we would like to present our Transparency report and Warrant canary in order to inform about legal requests for information of our users.

      The idea behind a warrant canary is as follows: If WrongThink receives legal demands with a gag order, we won’t be able to tell our customers. We can however, say that we have received no such requests, and update the statement regularly. Thus, if we stop saying we have received no requests, the implicit understanding will be that we have.

      Read about Warrant Canary on Wikipedia https://en.wikipedia.org/wiki/Warrant_canary

      We will post an updated Canary statement at least every month. If the update date on the Canary is more than 6 months, you can assume we have received a warrant with a “gag order”.

      You can find our Warrant Canary here: https://wrongthink.net/site-pages/transparencyreport.

    • The Service is not directed to children under the age of 13

      Users declare themselves to be adult according to their applicable legislation. Minors may use this Application only with the assistance of a parent or guardian. Under no circumstance persons under the age of 13 may use this Application.

    • Selling goods and services online

      The Personal Data collected are used to provide the User with services or to sell goods, including payment and possible delivery.

      The Personal Data collected to complete the payment may include the credit card, the bank account used for the transfer, or any other means of payment envisaged. The kind of Data collected by this Application depends on the payment system used.

    • Privacy Shield participation: data transfers from the EU to the United States

      The Owner participates in and complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union to the United States. The Owner has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.

      If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view the Owner’s certification, please visit https://www.privacyshield.gov/ (or find the direct link to the certification list of Privacy Shield participants maintained by the Department of Commerce https://www.privacyshield.gov/list).

      What does this mean for the European User?

      The Owner is responsible for all processing of Personal Data it receives under the Privacy Shield Framework from European Union individuals and commits to subject the processed Personal Data to the Privacy Shield Principles.

      This, most importantly, includes the right of individuals to access their personal data processed by the Owner.

      The Owner also complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU, which means that it remains liable in cases of onward transfers to third parties.

      With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, the Owner is subject to the investigatory and regulatory enforcement powers of the FTC, if not stated otherwise in this privacy policy.

      The Owner is further required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

      Dispute resolution under the Privacy Shield

      In compliance with the Privacy Shield Principles, the Owner commits to resolve complaints about its collection or use of the User’s Personal Data. European Union individuals with inquiries or complaints regarding this Privacy Shield policy should first contact the Owner at the contact details supplied at the beginning of this document referring to “Privacy Shield” and expect the complaint to be dealt with within 45 days.

      In case of failure by the Owner to provide a satisfactory or timely response, the User has the option of involving an independent dispute resolution body, free of charge.

      In this regard, the Owner has agreed to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to data transferred from the EU. The User may therefore contact the Owner at the email address provided at the beginning of this document in order to be directed to the relevant DPA contacts.

      Under certain conditions – available for the User in full on the Privacy Shield website (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint) – the User may invoke binding arbitration when other dispute resolution procedures have been exhausted

Contact information

    • Owner and Data Controller

      WrongThink
      We currently don't have a company address, we will add it as soon as we have.

      Owner contact email: contact@wrongthink.net