OSVDB is committed to protecting the privacy of users of our site. At
OSVDB, we intend to give you as much control as possible over your
personal information, including the registration data. As part of the
normal operation of this site, we collect information from you. This
Privacy Statement describes the information we collect about you and
what may happen to that information.
OSVDB will track the domains from which people visit OSVDB and analyze this
data for trends and statistics. Subject to the provisions of this
Privacy Statement, OSVDB may use accumulated data for various
purposes, including but not limited to marketing analysis, service
evaluation and planning.
Currently, OSVDB uses personal information as a basis for notifications to
users, "opt-in" emails, and in order to implement the terms
of the Terms and Conditions of Use governing the website (the
"Terms"). User names and email addresses (as well as any
additional information that a user may choose to post) are publicly
available on the OSVDB site. When users voluntarily and publicly
disclose personal information that may contain Registration Data, or
otherwise post personal information in conjunction with content
subject to an Open Source license, such personal information
necessarily will be disclosed subject to the terms of the license. An
example of such a disclosure includes, but is not limited to, a
user's disclosure of personal information as part of a message posted
to a public message forum, or a publicly-released software
application.
OSVDB may conduct surveys of other studies of its customer base and usage
for marketing and planning purposes. With respect to information
collected from such surveys or studies, and in the event that
responses are to be publicly disclosed, users will be notified at the
time they take the survey and OSVDB will disclose only aggregate
information regarding its users and not personal information
identifying any specific individual. Notwithstanding the foregoing,
in cases where surveys allow users to submit written comments, and
where OSVDB advises users of the possibility of such disclosure at
the time they take the survey, OSVDB reserves the right to disclose
text information provided by any user through such a survey, provided
that no personal information identifying that user is disclosed.
Participation in such surveys is at the user's option; OSVDB does not
conduct mandatory surveys. Circumstances under which OSVDB would
publicly disclose such aggregate information include, but are not
limited to, sharing survey results with the site population,
providing data to OSVDB advertisers on user preferences and/or
demographics, and publicizing overall usage data in press
communications.
Cookies: OSVDB employs "cookies" to provide a user with tailored
information. A "cookie" is an element of data that a
Service or site, when visited by a user, sends to that user's browser
that, in turn, may store that element on the user's hard drive or
memory. OSVDB uses cookies to better serve users who use our
Services; any cookies sent by OSVDB will be marked so that they will
be accessible only by websites subject to this Privacy Statement.
However, at his or her option, and at his or her sole expense and
responsibility, any user may block or delete our cookies from his or
her hard drive. By disabling cookies, however, certain site features
and functionality may no longer work properly, or at all.
Other Notification: In order to implement or enforce the Terms of OSVDB,
OSVDB may use personal information to contact users on an individual
basis.
At no time, unless law requires such disclosure, disclosure is necessary
to aid law enforcement, or a user specifically authorizes such
disclosure, will OSVDB disclose individual user personal information
that is not publicly available to unrelated third parties.
OSVDB contains links to other websites, whether owned or controlled by
OSVDB affiliates or unrelated third parties. Please note that the
privacy policies of these sites may differ from those of OSVDB. OSVDB
is not responsible for the privacy policies and practices of any
linked website. We encourage you to read the privacy statement of any
website you may visit.
Emails: Users may "opt-in" to receive site notifications,
newsletters or other information via email. Users may remove
themselves from such services at their discretion. Any email sent to
an "opt-in" list will include directions for how a user may
remove himself or herself from the list, or a URL where the user may
find such directions.
Profile Display: In some cases, users' personal information may be publicly
available through a user's profile display.
In such cases, users have the option to opt out of publicly displaying
their real names. In cases where site profiles allow users to display
optional information publicly, such entry and display is at the
user's discretion and may be changed at any time by the user.
Email
Display: In some cases, users may have the opportunity to use a
Service to send electronic mail to another user or email list. In
such cases, a user's valid email address and real name will be
included with such messages. In order to prevent abuse, users may not
opt-out of such a display, but may choose to refrain from using said
Service to transmit an email message.
Users can view their data on their personal profile page. When technically
feasible, users are permitted to update their personal information
directly through OSVDB Service. When such updating service is not
technically feasible, OSVDB will make reasonable efforts to assist
users in updating their personal information.
To secure site integrity, OSVDB employs measures including but not
limited to security audits, use of encryption tools and software, and
other reasonable security measures and procedures.
Internal
access to users' private and nonpublic personal information is
restricted to site administrators and individuals on a need-to-know
basis.
In the event that OSVDB becomes aware that site security is compromised
or user nonpublic information has been disclosed to unrelated third
parties as a result of external activity, including but not limited
to external security attacks, OSVDB shall take reasonable measures
which it deems appropriate, including but not limited to internal
investigation and reporting, and notification to and cooperation with
law enforcement authorities, notwithstanding other provisions of this
Statement.
If OSVDB becomes aware that a user's personal information provided to
OSVDB has been disclosed in a manner not permitted by this Privacy
Statement, OSVDB shall make reasonable efforts to notify the affected
user, as soon as reasonably possible and as permitted by law, of what
information has been disclosed, to the extent that OSVDB knows this
information.
To substantively update the Privacy Statement, we will both post the
changed version and its effective date at
http://osvdb.org/privacy.
Concurrently with any substantive change to the Privacy Statement, we
will email notice of the change to known users at least 15 days in
advance (or such shorter or longer time as mandated by law or any
judicial or government body).
Text last modified on November 25, 2003.
While
this Privacy Statement expresses OSVDB's standards for maintenance of
private data, OSVDB is not in a position to guarantee that the
standards will always be met. There may be factors beyond our control
that may result in disclosure of data. As a consequence, OSVDB
disclaims any warranties or representations relating to maintenance
or nondisclosure of private information.
