Notes about GDPR
What is GDPR?
Table of contents |
The General Data Protection Regulation (GDPR) is a regulation of the European Union which protects European citizens’ basic right to privacy and regulates the handling of personal data. Simply put, the GDPR provides all persons about whom data is collected with the rights to:
- gain information about which personal data about them is stored and how this data is being processed (information and access to personal data),
- restrict the processing of their personal data (right to restriction of processing),
- have their collected personal data be corrected (right to rectification), and
- have their personal data be erased (right to erasure).
What is personal data?
Personal data is any information through which a person can be identified either directly or indirectly. This includes any and all potentially identifying attributes - directly identifying attributes such as:
- names,
- e-mail addresses,
- telephone numbers;
indirectly identifying attributes such as:
- location data,
- customer account numbers,
- employee identification numbers;
and online identifying attributes such as:
- IP addresses,
- cookies,
- tracking pixels.
GDPR and FirstSpirit
Editorial data
The content management system FirstSpirit stores data and documents that may be published in various publication channels. The character and amount of that data - in the following, this shall be called “editorial data” - depends on the specific uses of the product.
The vendor Crownpeak explicitly indicates that the customer is responsible for auditing editorial data to identify if it contains personal data and for taking appropriate measures. |
Personal system data
In addition to editorial data, FirstSpirit also stores personal data (contact data of editors) which is used in various places in the software, e.g. in the version history and in release workflows, such that the editor of a page may be contacted if necessary. In the following, this data shall be called “personal system data”.
Personal system data in FirstSpirit
Crownpeak Technology GmbH takes the protection and security of your data very seriously. Naturally, we adhere to the statutory data protection regulations and handle personal data and also non-personal data of our users with appropriate care. We only collect personal data when it is necessary for the security and operability of FirstSpirit.
In the following, we inform you about which personal data we collect when you use FirstSpirit and how we process this data:
1) Data for authorization and authentication of users in FirstSpirit
Why is this data necessary?
FirstSpirit works with a pervasive user and permissions system. New users are created and managed via FirstSpirit ServerManager (see Creating users). Once a user is created, it is known to the server and may log on to the server (using valid credentials) via the FirstSpirit start page. Through assignment to a project , the user receives the ability to log on to that project. Permissions for access to project contents are granted via editorial permissions within the project, either directly for the specific user or via membership of this user in a group.
This ensures that only authenticated users can gain access to FirstSpirit and that these users may edit project content only according to the permissions that are granted to them.
Where is this data being used and/or displayed?
Information about a user is displayed in various places in the software, e.g.:
- when logging on to a project,
- during the management of editorial permissions,
- in workflows,
- when changing an object via version history,
- etc.
Where is this data being stored?
The login credentials of single users are stored in the XML file user.xml (located in the subdirectory data/users within the FirstSpirit server directory). user.xml contains - among others - the names, the login names, and further data associated with the users which are authorized to access FirstSpirit.
Every time user.xml is modified, FirstSpirit automatically creates a backup of this file (in the subdirectory data/users/backup within the FirstSpirit server directory).
How long is this data being stored?
When a user is removed via ServerManager (“Delete user”), the login credentials of this user will also be removed from user.xml.
The login credentials of a deleted user will remain in the related backups and must be deleted manually if necessary. |
2) Data for error analysis and error remediation in FirstSpirit (logging)
Why is this data necessary?
FirstSpirit uses log files in order to log actions on the FirstSpirit server and within FirstSpirit client applications (e.g. SiteArchitect, ServerManager). Log files are stored in order to ensure safe operation. They can be used to analyze and remediate error states. Some of the log files used by FirstSpirit contain - among other data - IP address, login name, date, time, and request, and thusly personal data.
Where is this data being stored?
Log files are written to the subdirectory log of the FirstSpirit server directory.
If an external application server is used, log files may also be located within directories of the application server (e.g. in tomcat/logs/firstspirit.log).
How long is this data being stored?
When configured limits are reached, log files will automatically be compressed (format log.gz) and archived. Default behavior: When a log file reaches a set size of 5MB, it will be compressed and archived. This behavior may be adjusted in the configuration file fs-logging.conf.
Archived log files may be deleted or moved into the subdirectory backup of the FirstSpirit server directory via the menu entry Clean up server, “Delete log files (...)” within FirstSpirit ServerManager.
3) Data for versioning and restoration of editorial processes (repository)
Why is this data necessary?
One goal of data storage in FirstSpirit is the gapless traceability of all editorial modifications, but also the access to “system states of the past”. For this purpose, FirstSpirit provides a content repository.
Every time editorial data (e.g. an image) is changed by an editor, a new version of this object is created. Thus, the object has a version history which may be used to trace which modifications have been carried out by which persons (see Concept Version History).
Based upon versioning, it is possible to revert a project to a consistent past state in terms of its data. This historicization thus builds upon versioning, it does not, however, (primarily) serve the goal of traceability of modifications, but rather the restoration of a past project state (see revisions).
Personal data (e.g. who has carried out which modification, and when?) is being versioned in the repository as well and can thus be restored.
Where is this data being used and/or displayed?
The content repository’s data is used for all FirstSpirit functionality that is related to versioning of modifications to editorial data, e.g. in the version history, or to the restoration of editorial data, e.g. “Restore deleted objects” (see Context menu - Special (→Documentation FirstSpirit SiteArchitect)).
Where is this data being stored?
In standard installations of FirstSpirit, an embedded Berkeley database is used as storage backend (see Configuration Repository).
How long is data stored for?
All data in the content repository is stored for an unlimited period of time.
However, it is possible to:
- anonymize personal system data associated with deleted users in the repository (see below)
- archive repository data. Archived data is removed from the repository. Archives can be deleted.
How can I anonymize personal system data of deleted users in the repository?
Personal system data associated with deleted users can be anonymized in the repository.
- Permanent anonymization: To anonymize one or more users permanently, the Anonymize function can be used.
- Non-permanent anonymization: Anonymization can be activated for the relevant FirstSpirit server via the privacy.anonymizeDeletedUsersData=true option in the fs-server.conf configuration file.
The anonymization can be undone by setting privacy.anonymizeDeletedUsersData=false or removing the parameter from the fs-server.conf file.
The anonymization of personal system data only applies to deleted users, i.e., users who have been removed from the system using Delete User in ServerManager.
After anonymization, deleted users' data can no longer be accessed. In the version history and in other locations, no user name / login or {DELETED USER} are then displayed.