What Information We Collect and What We Do With It
Personal data: Non-personally identifiable information
Like most website operators, WMF collects personal data in the form of non-personally-identifiable information of the sort that web browsers and servers typically make available, including, but not limited to: the browser type, language preference, referring site, and date and time of each visitor request. We collect this personal data to understand how you interact with these non-wiki sites and related materials, maintain and improve these non-wiki sites and related materials, and protect against malicious users. From time to time, WMF may publicly release such personal data in aggregated or anonymized form, e.g., by publishing a report on trends in the usage of any of our sites.
Personal data: Personally identifying information
We use this information for our legitimate interests, including to understand how you interact with these non-wiki sites and related materials, maintain and improve these non-wiki sites and related materials, and protect against malicious users.
If you provide an email address, we may use it to contact you or send you surveys so that we can better understand how you use our services and how we can improve our services, or to update you about the Wikimedia Foundation, projects and activities. These surveys are always optional. Each message will contain information about how to opt-out of further emails.
Cookies and other data collection tools
With Your Permission
We may share your information for a particular purpose, if you agree, or as otherwise specified below.
Third-Party Service Providers
As hard as we may try, we can't do it all. We may share your information (including your email address and general location information) with people we work with (e.g., third-party service providers, contractors, community volunteers) in order to help maintain, better understand, or improve these non-wiki sites or other Wikimedia Projects and sites. In the course of providing their services to us, some of these third-party providers and contractors may also collect and retain user information, including but not limited to user emails and general user location information based on IP addresses, in accordance with their privacy policies and any additional requirements we may put in place with them. As necessary, we may put safeguards, such as confidentiality agreements, in place to help ensure that these service providers protect the confidentiality of your personal information.
For Legal Reasons
We may access, preserve, or disclose your personal information if we reasonably believe it necessary to satisfy a valid and legally enforceable warrant, subpoena, court order, law or regulation, or other judicial or administrative order. However, if we believe that a particular request for disclosure of a user's information is legally invalid or an abuse of the legal system and the affected user does not intend to oppose the disclosure themselves, we will try our best to fight it. We are committed to notifying you via email at least ten (10) calendar days, when possible, before we disclose your personal information in response to a legal demand. However, we may only be able to provide notice if we are not legally restrained from contacting you, there is no credible threat to bodily harm that is created or increased by disclosing the request, and you have provided us with an email address.
Transfer of WMF
To Protect You, Ourselves, or Others
To Learn and Experiment
We may share non-personal or aggregated information with researchers, scholars, academics, and other interested third parties who wish to study the Wikimedia Sites, including these non-wiki sites. Sharing this information helps them understand usage, viewing, and demographics statistics and patterns. They then can share their findings with us and our users so that we can all better understand and improve the Wikimedia Sites.
How Do We Protect Your Data?
We strive to protect your information from unauthorized access, use, or disclosure. We use a variety of physical and technical measures, policies, and procedures (such as access control procedures, network firewalls, and physical security) designed to protect our systems and your personal information. Unfortunately, there's no such thing as completely secure data transmission or storage, so we can't guarantee that our security will not be breached (by technical measures or through violation of our policies and procedures).
Accessing Your Information
WMF works hard to accurately process and maintain information. If you would like to access, correct, update, suppress, restrict or delete the personal information we have about you, object to our processing of such personal information or if you would like to request to receive an electronic copy of your personal information for purposes of transmitting it to another organization (to the extent this right to data portability is provided to you by applicable law), or if you would like to change your WMF communication preferences, you (or an authorized representative) can let us know by contacting us at firstname.lastname@example.org. While we will make reasonable efforts to comply with your request, there are certain situations where we will not grant your request (such as when we cannot adequately verify your identity to give you access to personal information, when we are legally required to retain information, or when we are not technologically able to change or delete information). Therefore, the granting of such requests remains at the sole discretion of WMF.
How Long Do We Keep Your Data?
Once we receive personal information from you, we keep it for the shortest possible interval that is consistent with the maintenance, understanding, and improvement of these non-wiki sites and our obligations under applicable U.S. law. For more information on Wikimedia's data retention policies, please see our Data Retention Guidelines.
Transfer of Information to the United States
Our Response to Do Not Track
Depending on your jurisdiction, you also may have the right to lodge a complaint with a supervisory authority competent for your country or region.
This policy was approved by Eileen Hershenov on July 24, 2018, pursuant to the Delegation of policy-making authority by the Board, and went into effect on July 30, 2018.