About

The forum refers to the Open (Energy) System Analysis community discussion server located at https://forum.opensay.org and supported by the discourse software.

The forum is operated by the responsible person on a server provided by the internet hosting service DiscourseHosting. The server is physically located in Frankfurt, Germany. DiscourseHosting is headquartered in the Netherlands and accredited under Dutch Business Registration #24419918.

The forum is operated on behalf of the Open (Energy) System Analysis community, a loose collection of researchers, participants in civil society organizations, interested individuals, and other parties wishing to apply systems analysis to advance environmental and social sustainability.

The forum is administered by the admins listed on the site about page. The forum only accepts postings, edits, and uploads from registered users. This content is not vetted prior to publication.

Responsible person

The responsible person for the forum is:

• name: Robbie Morrison
• email: robbie.morrison@posteo.de
• username: @robbie

What information do we collect from you?

We collect information from you when you register on our site and we gather data when you participate in the forum by reading, writing, and evaluating the content shared here.

When registering on our site, you will be asked to enter your name and email address. You may, however, visit our site without registering. Your email address will be verified by an email from us containing a unique link. If that link is visited, we know that you control the email address you first submitted.

Users can update their name and email address by later editing their profile settings.

When registered and when posting, we record the IP address that the post originated from. We also may retain server logs which include the IP address of every request to our server. This information is used solely for security and spam protection and is not used for analytics or tracking purposes.

What do we use your information for?

The forum uses names and email addresses to send notifications on new topics, mentions, or private messages on the forum, as determined by your user profile settings. These settings can be changed by you at any time.

The forum uses IP address data solely for security and spam protection.

How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information that you enter or generate though your browsing, posting, account configuration, and related activities.

DiscourseHosting run systems that are fully compliant with the European General Data Protection Regulation 2016/679 (GDPR).

All personal information is transferred to and from the forum site using the HTTP Secure (HTTPS) protocol. Remote administration of the forum is conducted using secure methods and channels.

Off‑site backups of the forum content, undertaken by admins, are encrypted and stored on removable media.

What is our data retention policy?

User profile data is stored for as long as a user account exists on the forum.

System backups are created daily by DiscourseHosting as part of their routine service.

Off‑site backups of the forum content are created by admins as required and perhaps even daily. These off‑site backups are encrypted and stored on removable media and are retained for a minimum of three months before being deleted. The exact time of deletion is dependent on the next backup process being run and stale files duly identified. The purpose of the off‑site backups is to ensure that the forum can be successfully reinstated in the event of a site failure or malicious attack.

Do we use cookies?

Yes, cookies are used. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser, given you configure this feature in your web browser. These cookies enable the site to recognize your browser and, if you have a registered account, associate your browser with your registered account.

The forum uses cookies for the following purposes:

• to identify a user’s session and protect against Cross‑Site‑Request Forgery (CSRF) attacks
• to identify whether a user is logged in to the forum
• to track whether a user has seen and dismissed the welcome message and cookie law notification banner

Data sharing with third parties

The forum uses DiscourseHosting to host this service. Personal data provided by users generated during the operation of the forum are stored on systems operated by this company.

We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties.

Accessing your data

To obtain a copy of the personal information held on you, click on the Download All button on your user profile. This feature can only be actioned once per day.

Erasing your personal data

To erase your personal data from the forum, email the responsible person with your username.

On erasure, the following information will be deleted from the forum database: your username, your unconfirmed real name, your confirmed email address, your date of birth if recorded, the current state of your user profile, any identifying photograph or avatar you may have uploaded, and any third party (such as facebook and google) authentication mechanism data you may have elected to use. In addition, any IP addresses associated with your user account will be removed.

Any postings you may have written, necessarily published under a Creative Commons Attribution CC BY 4.0 license, CC0 1.0 public domain waiver, or MIT software license as per the site Terms of Service, will be anonymized by replacing your username with a random username of the form “@anon000000”. Any files you may have uploaded to the site, necessarily published under a Creative Commons CC BY 4.0 license by default, will remain on the site and be publicly available. Please recall that you actively consented to the licensing conditions governing hosted content when you registered for the site and note that open licenses cannot subsequently be revoked by copyright holders.

To assist erasure, it is recommended that you do not add your real name in plaint text to postings and messages. The admins will attempt to delete such material but that process is error prone and very likely to be incomplete.

Off‑site backups of the forum are encrypted and stored on removable media. These files are deleted after three months or so as part of our backup rotation process. During this period however, some or all of your personal data may remain present in one or more of these archive files which exist solely to assist site security. For technical reasons, we cannot erase personal data from these backups.

We will inform you by email on completion of your request for your personal data to be erased from the forum.

Your consent

By using our site and checking the appropriate boxes on registration, you consent to our web site privacy policy and content licensing policy.

Conflict resolution

The European Commission provides a platform for online conflict resolution. We will consider using, but are not obliged to participate in, such procedures.

Changes to our privacy policy

If we decide to change our privacy policy, we will post those changes on this page.

Contact

Questions regarding this policy or the forum can be sent to the responsible person.

Document information

This document is licensed under a Creative Commons CC BY 4.0 International License. It was last updated on 11 February 2020.

▢