Catégories : association

Type d'article : collaboratif (CC by-sa)

Foreword

The General Data Protection Regulation (GDPR) came into force on May 25th 2018. Camptocamp website must therefore abide by the provisions of such Regulation 2016/679 of the European Parliament and of the Council.

The GDPR fosters responsibility rather than control : there is no more prior declaration of personal data processing to the French regulator, the CNIL. Camptocamp is thus setting processes and measures intended to ensure the best possible protection while minimizing the personal data collected.

Personal Data definition

Personal Data means any information related to an identified or directly or indirectly identifiable natural person. As they deal with their personal rights, individuals have to keep control over their Personal Data.

A natural person may be identified :

• Directly (e.g., through a name and firstname)
• Indirectly (e.g., through a phone number or a car plate number, a log-in such as a social security number, a postal or an email address, as well as a voice or image).

Identification of a natural person may be undertaken :

• Through a single piece of data (e.g., a name) ;
• Through cross-checking by combination of different pieces of data (e.g., a woman living at such address, born on such day and member of such club)

Source : https://www.cnil.fr/en/personal-data-definition

Processing Activity definition

A Processing Activity of Personal Data means an operation or set of operations which is performed on Personal Data, whatever the means implemented (such as collection, recording, organization, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or any otherwise making available, alignment or combination).

To be lawful, Processing Activity of Personal Data must be necessary in order to pursue a legitimate interest, for a specific purpose, duly defined prior to the collect of such data and their use.
Source : https://www.cnil.fr/fr/definition/traitement-de-donnees-personnelles

List of activities and Personal Data processing on camptocamp.org

	Activities	Description
R1	Account creation	It is necessary to have an account to create or modify a document (outing, route…). The process requires an email address (for account validation) as well as the definition of a log in ID and pseudonym (username) for the forum.
R2	Authentication	Allows the user to be authenticated on the website. It gives access to a contributor’s abilities (document creation, posting messages on the forum) as well as options for managing preferences (activities, region, etc.), which are saved in the account.
R3	Password Reset	A message is sent to the user’s registered email address to guide them through the password change process.
R4	Navigation on the Topoguide	The user searches for and views documents.
R5	Document Creation or Modification	Authentication is required to access these features. A document can be an outing report, itinerary description, point of interest, article, or incident/accident report. It may contain Personal Data, or personal information in comments. The user is listed among the document’s authors, and their ID appears in the document history.
R6	Forum Navigation	The discussion forum is publicly accessible for reading. Only authenticated users can post and modify their messages. A forum username (pseudonym) is displayed with each post , and in the case of quoted messages, the quoted person’s username appears as well.
R7	Photo Uploading	An authenticated contributor can upload images to associate them with documents (e.g. , outing itinerary, point of interest, article, etc.). They must choose between a collaborative license (CC-by-sa) or a personal license (CC by-nc-nd) to be granted. The user has 24 hours to delete an uploaded image if it is under a personal license.

List of personal activities

Account Creation

Purposes

This feature aims to create a new user account while ensuring that identity theft of another contributor is not possible.

Collected Data

The account creation process requires the following information:

• Email address, in order to ensure that the account is not created by a bot. This email is also essential for resetting a password and more generally for contacting the user should an issue arise with their contributions.
• Topoguide pseudonym, which stands as the user’s digital identity on the site, excluding the forum. Outings and document edit histories will display this chosen username.
• Forum pseudonym, which is the equivalent of the topoguide username for the website's forum. All user-written messages and potential quotes on the forum will be associated with this username.
• Login ID, which is a parameter determined when creating the account and cannot be modified later on. It is unique, whereas a name can be shared by multiple people.
• Password

All these parameters, except the login ID, can be changed by the user by clicking on the ‘My Account’ tab (https://www.camptocamp.org/account).

Data Retention Period of the different kinds of Personal Data

The Data is stored as long as the user does not request account closure.

Data Transfers

The Data is hosted by our service provider, Exoscale. The database is also backed up on the Gandi platform.

Authentication

Purposes

This feature aims to authenticate the user of an account.

Collected Data

The authentication process uses the login ID and password chosen by the user during account creation or when modifying account settings. No new Data is collected during this operation.

Data Retention Period of the different kinds of Personal Data

N/A

Personal Data Transfers

N/A

Password Reset

Purposes

This feature is activated from the login page (https://www.camptocamp.org/auth#to=%2F) by clicking on the ‘Forgot Password’ tab. It allows a contributor with an existing account to change their password.

Collected Data

The password reset process requires the following information:

• Email address, in order to ensure that it matches an existing account and which is used to send a link to set a new password.
• New password

All these parameters can be changed by the user in the ‘My Account’ tab (https://www.camptocamp.org/account).

Data Retention Period

The data is stored as long as the user does not request account closure.

Data Transfers

The data is hosted by our service provider, Exoscale. The database is also backed up on the Gandi platform.

Website Navigation

Purposes

The user searches for and views documents or images.

Collected Data

Logs are stored to analyze server behavior and potential malfunctions. Logged data includes: IP address, date, performed request (in URL format), browser type, response status.

Data Retention Period

The data is retained for several months.

Data Transfers

The data is hosted by our service provider, Exoscale. The database is also backed up on the Gandi platform.

Document Creation or Modification

Purposes

This feature enables the creation or modification of a document (e.g., outing report, itinerary, waypoint, article, incident/accident report, or book entry). Users must have an account and be authenticated to access these features. The user’s ID appears in the list of document authors or in the user’s history.
By default, only outings, articles, and incident/accident reports are likely to contain Personal Data under the licenses used on Camptocamp.

Collected Data

A document may contain Personal Data, such as:

• Text identifying a person (e.g., in the ‘personal comments’ field).
• Inclusion of personal information (e.g., phone number, email address, age, etc.).
• Association of a photo with a document that allows recognizing a person. All information can be changed by the user by clicking on the ‘Edit’ tab of the document. The user has 30 days to delete a document stored under an individual license (CC by-nc-nd) if they are the sole contributor (i.e., impossible for an outing with two associated contributors).

Data Retention Period

Data is retained until the user directly modifies it. However, modifications are saved in the document history. It is possible to permanently delete information by editing documents directly in the database.

Data Transfers

The Data is hosted by our service provider, Exoscale. The database is also backed up on the Gandi platform.

Forum Navigation

Purposes

The forum allows site users to discuss topics related to mountain activities and news. It includes thematic sections (e.g., skiing, mountaineering, climbing) as well as classified sections (partner searches, buying/selling equipment).

Collected Data

User messages may contain Personal Data such as :

• Text identifying a person,
• Inclusion of personal information (e.g., phone number, email address, age, etc.).

The user’s forum username (pseudonym) is displayed in the message header. If part of a message is quoted, the quoted user's forum username is also displayed in the quote header.

All messages can be edited by the user by clicking on the ‘Edit’ tab (represented by a small pencil icon in the bottom right corner). However, editing a message does not update prior quotes. Additionally, the Discourse tool allows anonymizing a user’s messages by changing the forum username in all message headers. Unfortunately, this does not yet apply to quotes.

Data Retention Period

Data is retained until the user modifies it directly.

Data Transfers

The data is hosted by our service provider, Exoscale. The database is also backed up on the Gandi platform.

Photo Uploading

Purposes

An authenticated contributor can upload images to associate them with documents (e.g., outing, itinerary, waypoint, article, etc.). They can choose to save them under a collaborative license (CC by-sa) or an individual license (CC by-nc-nd).

Collected Data

Photos may contain Personal Data, such as:

• Identification of a person through physical characteristics.
• Associated photo parameters: date, time, and location of the shot.

All photos can be modified by the user via the ‘Edit’ tab. Users have 30 days to delete an uploaded image under an individual license. If the photo was uploaded under a collaborative license or if the 30-day period has passed, the user must contact moderation to request deletion.

Data Retention Period

The above data is stored until the user modifies it directly or requests its deletion from Topoguide moderation.

Data Transfers

The data is hosted by our service provider, Exoscale. The database is also backed up on the Gandi platform.

Account Anonymization or Deletion

Due to the licenses used on Camptocamp website, complete deletion of content is generally not possible. Account deletion is carried out by merging it with an anonymous account that retains the content of all deleted accounts. The anonymization procedure requires formal validation and a 7-day withdrawal period.

After account closure, Camptocamp may archive Personal Data that identifies the account holder, which will only be accessible to authorized personnel to meet legal obligations under Article 17-3 of the GDPR.

Inactive Account Management

Definition of an Inactive Account

It is an account with no login activity for two years long. Users can check their last login date in their forum profile under the ‘Seen’ field.

Definition of an Account without Topoguide Contribution

An Account without Topoguide Contribution is an account for which there has been no creation or modification of collaborative or individual documents on the topoguide. These contributions are visible on the account's whatsnew tab (except contributions from before 2017) and on its outings page (outings do not appear in the whatsnew section).

Definition of an Account without Forum Contribution

This means an account for which there are no remaining elements (either deleted by the user or by moderation):

• no public messages (info visible on the forum profile page),
• no private messages (info available to forum administrators or in the database)
• no likes given

Inactive Account Deletion Process

1. Each year(date D), Camptocamp administrators compile a list of inactive accounts without contributions.
2. An email is then sent requesting the user to log in within 30 days, or their account will be deleted.
3. On D+30, the managers of the camptocamp.org site check among the list of inactive accounts without contribution established in §1 if there have been connections on these accounts.
   a. In the event of a connection, the account is left as is.
   b. In the absence of a connection, the account is deleted (deletion effective within 7 days).
   For inactive accounts with contributions, users are contacted yearly to remind them of their account and offer anonymization.

Management of inactive accounts with contribution(s)

Every year, the list of inactive accounts with contribution(s) is established. An email is then sent to the user to remind them of the existence of their account and possibly propose its anonymization.

Hello "name",
It's been xxx years since you last logged in to your account on the camptocamp.org website!
Feel free to visit us to see all the developments, both on the topoguide side (additions of outings, routes and others) and on the forum side (new technical discussions, search for partners, etc.).
Log back in to my account
If you don't remember your username, you can use the email address on which you received this email.
If you don't remember your password, you can reset it by clicking on the "Forgotten your password?" button on the login page above.
If you no longer wish to be part of the community and intend to disappear from the site, you can request the anonymization of your account.
We hope you enjoyed your experience on our site and that you will enjoy rediscovering your account!

Summary

In acccordance with the General Data Protection Regulation (GDPR), we inform you of the Personal Data that the Camptocamp.org site collects and processes. Camptocamp.org does not trade in the Data of its contributors. The information we collect has been voluntarily entered by the contributors, and is not transferred to third parties. The Personal Data is saved for two reasons: to build a collaborative topoguide and to ensure the proper technical functioning of the site. The topoguide specifically brings together itineraries, outings, waypoints, books and articles.
The information collected depends on the action taken by the user (connection, navigation on the topoguide or the forum, creation of a document, etc.) and is detailed in this article.
All Personal Data can be modified or deleted directly by the user:

• Account settings: email address, name, forum username and password can be modified by clicking on the ‘My account’ tab. To delete your account, you must make a request to the moderation (topo-fr@camptocamp.org).
• Personal Data (e.g. email address, telephone number) in an outing, an article, an itinerary, etc.: if you are the author or co-author of the document, you can modify or delete the information by clicking on the ‘Modify’ tab at the bottom right.
• Personal Data in a forum message (e.g. image, email address, telephone number): if you are the author, you can modify or delete the information by clicking on the ‘pencil’ pictogram below the message. In any other case, contact the forum moderation (forum@camptocamp.org) to detail your request.
• You can delete your so-called individual documents (outing, image, article) within 30 days of their creation. Once this deadline has expired, you must contact the topoguide moderation (topo-fr@camptocamp.org) to delete these documents.
• Uploaded photos: all photos where a person is recognizable can be deleted. Contact the topoguide moderation (topo-fr@camptocamp.org) to detail your request.

Upon deletion of the account and in the event of a request for deletion of data, subject to the scope of the collaborative licenses concerning the published content, Camptocamp proceeds to the anonymization of the Personal Data accessible on the site and is then authorized to keep them in archives, accessible only to authorized persons, for the duration prescribed by its legal and regulatory obligations.

The camptocamp.org website is hosted by the company Exoscale, located in Switzerland.