Cuspy Code Privacy Policy
Cuspy Code AB is currently and has always been 100% compliant with all Swedish and EU laws. This includes GDPR, which regulates privacy when doing information processing. Caveat: We will however not promise to follow all future laws, because sometimes laws are unjust and in such cases the only moral stance is to break the law. Examples: Lenin's Военный коммунизм in Russia 1918-1921, and the Nürnberger Gesetze laws in Nazi Germany 1935-1945. There are of course many, many more examples of this kind, but that's enough for this caveat.
Anyway, this is how we handle GDPR compliance at the moment:
- All IP addresses are logged for security and troubleshooting purposes, and the logs are retained according to industry standard practices, which can be anywhere from 5 weeks to 2 years, depending on the service. No third party has access to these logs.
- Cookies are set if you visit certain pages, but these are just session cookies that are required to make authentication work. No personal data is collected.
- Email addresses are logged and stored if you send an email to any domain that is served by a Cuspy Code server, or if an authorized Cuspy Code user sends an email to anyone at all. This is done for security and troubleshooting purposes, and in order to combat spam. Email content is also stored since this is necessary for email to function at all, since email is a store-and-forward protocol by design.
- There is no collection of data going on that requires consent from users.
- There are no processing activities of personal data going on, apart from the ones mentioned above, which are necessary for the services to function at all.
- When applicable, security-critical data such as passwords, as well as other sensitive data are stored hashed or encrypted according to industry standard practices. Encrypted HTTPS communication is available, using certificates provided by Let's Encrypt.
- If a data breach is discovered, it will be reported to the authorities as soon as possible after discovery, and at the latest 72 hours after discovery.
- Any person present in the EU has the right to access their own personal data held by Cuspy Code AB. Such an access request must be presented in writing on paper, signed and stamped by a Notarius Publicus, together with proof of identity, such as a photocopy of a driver's license or equivalent, and whatever further proofs that are required that links the person with the stored data. Alternatively, a valid online login can be used if one exists. Cuspy Code AB will respond within 30 days to such a request, and will provide either the requested data, or an estimate of how much it will cost to extract the data (if at all possible) and how long it will take. In the latter case, the full cost must be covered by requestor.
- Any person present in the EU has the right to erase their own personal data held by Cuspy Code AB. Such an erasure request must be presented in writing on paper, signed and stamped by a Notarius Publicus, together with proof of identity, such as a photocopy of a driver's license or equivalent, and whatever further proofs that are required that links the person with the stored data. Alternatively, a valid online login can be used if one exists. Cuspy Code AB will respond within 30 days to such a request, and will provide either an authentic statement that the data has been erased, or an estimate of how much it will cost to erase the data (if at all possible) and how long it will take. In the latter case, the full cost must be covered by requestor.