THIS IS FOR DISCUSSION ONLY. See also 'privacy and terms' mailing list post on legal-talk

This is unmodified, un-reviewed Boilerplate text suggested by a lawyer working with the Licensing Working Group.

The Privacy Policy written in Aug 2007 is currently "live" in so far as it is linked from the the wiki footer. We need to decide what to merge onto that page, or whether to completely rewrite based on this boilerplate text.

OpenStreetMap Privacy Policy

The OpenStreetMap Foundation (“OSMF”) values the privacy of our users, members, and others that visit and use www.openstreetmaps.org and its associated products and services (the “OSMF Service”) (collectively or individually “Users”). This Privacy Policy details OSMF’s information-handling practices with respect to information that you provide to us or that we learn from your use of the OSMF Service and tells you how we may collect, use, and in some instances share this information.

The Information OSMF Collects

User Provided Information

You may provide to OSMF what is generally called “personally identifiable” information when you register with the OSMF Service, such as _____________________________. In addition, OSMF may give you the option to provide us with certain demographic information about yourself. DISCUSS

“Cookies” Information

When you visit the OSMF Service, we may send one or more cookies – a small text file containing a string of alphanumeric characters – to your computer. OSMF uses both session cookies and persistent cookies. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the OSMF Service. By using these cookies, we can “remember” what you have done on the OSMF Service before and personalize the OSMF Service for you. These persistent types of cookies can be removed, but each web browser is a little different, so please look through your browser “Help” file to learn the correct way to modify your cookies set-up. Please note that disabling cookies may prevent you from accessing some of the functionality and site offerings available via the OSMF Service.

“Automatically Collected” Information

When you visit the OSMF Service or open one of our HTML emails, we may record certain information from your web browser by using different types of technology, including “clear gifs” or “web beacons”. This “automatically collected” information may include your Internet Protocol address (“IP Address”), web browser type, the web pages or sites that you visit just before or just after the OSMF Service, the pages you view on our site, and the dates and times that you visit. DISCUSS/CONFIRM: ANY OTHER TYPES COLLECTED?

The Way OSMF Uses Information

OSMF uses the information that we collect to provide to you all of the features and services found on the OSMF Service. We will use your email address, without further consent, for non-marketing or administrative purposes such as notifying you of major site updates.

OSMF may use all of the information that we collect from our Users to understand the usage trends and preferences, to improve the way the OSMF Service works and looks, to improve our marketing and promotional efforts, and to create new features and functionality.

OSMF may use automatically collected information and cookies information to: (a) remember your information so that you will not have to re-enter it during your visit or the next time you visit the OSMF Service; (b) provide custom, personalized advertisements, content, and information; (c) monitor the effectiveness of our marketing campaigns; and (d) monitor aggregate usage metrics such as total number of visitors and pages viewed. OSMF will not use your email address or other personally identifiable information to send promotional or marketing messages without your consent or except as part of a specific program or feature for which you will have the ability to opt-in. DICUSS/CONFIRM: IS THIS SECTION ACCURATE, AND ARE THERE OTHER WAYS YOU MAY USE COLLECTED INFORMATION?

When OSMF Discloses Information

OSMF may disclose both personally identifiable and automatically collected information to affiliated companies or other businesses or persons to process such information on our behalf, to provide website maintenance and security, to offer certain features on the OSMF Service, to assist us in improving the way the OSMF Service works and looks, and to create new features. We require that these parties agree to process such information in compliance with our Privacy Policy, we use reasonable efforts to limit their use of such information, and we require these parties to use any other appropriate confidentiality and security measures.

We may share automatically collected and other aggregate non-personally-identifiable information with interested third parties to assist them in understanding the usage patterns for certain content, services, advertisements, promotions, and/or functionality on the OSMF Service.

Except as otherwise noted in this Privacy Policy, OSMF does not share personal information about Users with third parties unless doing so is appropriate to carry out a User’s request or it reasonably believes that doing so is legally required or is in OSMF’s interest to protect its property or other legal rights or the rights or property of others. We do not share User information with other third-party organizations for their marketing or promotional use without your consent or except as part of a specific program or feature for which you will have the ability to opt-in. DISCUSS/CONFIRM: IS THIS SECTION ACCURATE WITH RESPECT TO HOW YOU MAY HANDLE DATA?

User Profile and Password

You have access to your personal information and you may update, correct, or delete your member information and email subscription preferences at any time. To protect your privacy and security, we take reasonable steps to verify your identity before granting User’s profile access. You are responsible for maintaining the secrecy of your unique password and account information at all times. discuss/confirm

Children

Consistent with the federal Children’s Online Privacy Protection Act of 1998 (COPPA), we will never knowingly request personally identifiable information from anyone under the age of thirteen (13) without requiring parental consent. Any person who provides their personal information to OSMF through the OSMF Service represents that they are 13 years of age or older.

Third-party Advertisers, Links to Other Sites

OSMF may allow other companies, called third-party ad servers or ad networks, to serve advertisements within the OSMF Service. These third-party ad servers or ad networks may use technology to send, directly to your browser, the advertisements and links that appear within the OSMF Service. They automatically receive your IP Address when this happens. They may also use other technologies (such as cookies, JavaScript, or web beacons) to measure the effectiveness of their advertisements and to personalize their advertising content.

OSMF does not provide any personally identifiable information to these third-party ad servers or ad networks without your consent or except as part of a specific program or feature for which you will have the ability to opt-in. However, please note that if an advertiser asks OSMF to show an advertisement to a certain audience or audience segment and you respond to that advertisement, the advertiser or ad-server may conclude that you fit the description of the audience they were trying to reach.

You should consult the respective privacy policies of these third-party ad servers or ad networks. OSMF’s Privacy Policy does not apply to, and we cannot control the activities of, such other advertisers or websites. DISCUSS: DOES THIS APPLY OR MAY IT APPLY IN THE FUTURE?

Our Commitment to Data Security

No data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your transmission, we make reasonable efforts to ensure security on our systems. We use secure server software (SSL) DISCUSS: NO, WE DON'T and firewalls to protect your information from unauthorized access, disclosure, alteration, or destruction. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of such firewalls and secure server software.

If OSMF learns of a security systems breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. By using the OSMF Service or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the OSMF Service. OSMF may post a notice on the OSMF Service if a security breach occurs. If this happens, you will need a web browser enabling you to view OSMF’s Service. OSMF may also send an email to you at the email address you have provided to us in these circumstances. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach (or to withdraw your consent from receiving electronic notice) you should notify us via email at ___________________.

Special Note to International Users

The OSMF Service is hosted in the United Kingdom. If you are a User accessing the OSMF Service from any other region with laws or regulations governing personal data collection, use, and disclosure, that differ from English law, please note that you are transferring your personal data to the United Kingdom which does not have the same data protection laws as other regions, and by providing your personal data you consent to:

• the use of your personal data for the uses identified above in accordance with the Privacy Policy; and

• the transfer of your personal data to the United Kingdom as indicated above.

In the Event of Merger or Sale

If OSMF should ever file for bankruptcy or have its assets sold to or merge with another entity, information OSMF receives from you through the OSMF Service is a OSMF asset and may be transferred. DISCUSS: MAY BE UNPOPULAR

Changes and Updates to this Privacy Policy

We may occasionally update this Privacy Policy. When we do, we will also revise the “Last Updated” section below. For changes to this Privacy Policy that may be materially less restrictive on our use or disclosure of personal information that you have provided to us, we will attempt to obtain your consent before implementing the change. We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting the personal information we collect. Your continued use of the OSMF Service constitutes your agreement to this Privacy Policy and any updates.

Contacting OSMF

If you have any questions, comments, or concerns about this Privacy Policy, please email us at _____________________ or write to us at: Postal Mail Address: _________________________________________.

Last Updated June 20, 2009