Stack Exchange, Inc. Official Privacy Policy |
|
|
Legally Useless Summary for Short Attention Spans. (Yes, you still have to read the real one on the right. Sorry, but you do.) |
Who We Are and What This IsThe Stack Exchange network is a set of Q&A sites dedicated to providing high-quality questions and answers, with the modest goal of making the Internet a better place. It is owned and operated by Stack Exchange Inc. |
| We really, truly care about your privacy. We may joke around, but we mean it. | We take the private nature of your personal information very seriously, and are committed to protecting it. To do that, we’ve set up procedures to ensure that your information is handled responsibly and in accordance with applicable data protection and privacy laws. We’re grateful for your trust, and we’ll act that way. |
| This will teach you what info we collect and how we use it. If you wanted to learn to play the keytar, you’re in the wrong place. | This privacy policy describes what information we collect when you visit the network, how we use that information, and what choices we offer you to access, update, and control it. This version of the policy is effective as of March 8, 2017. This policy may be revised in order to establish compliance with the forthcoming General Data Protection Regulation (GDPR). |
Privacy Shield Overview |
|
| We follow the strict Privacy Shield Framework that complies with the EU and Swiss privacy requirements. | Stack Exchange complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Stack Exchange has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. Covered entities include Stack Exchange, Inc., and Stack Exchange, Ltd. Stack Exchange is subject to the investigatory and enforcement powers of the Federal Trade Commission / Department of Transportation. |
Types of Information |
|
| “Personal” information can potentially identify who you are. | “Personal information” is any information that we could use to identify an individual. It does not include personal information that is encoded or anonymized, or publicly available information that has not been combined with non-public information. |
| “Sensitive” information can identify specific private attributes, such as ethnicity, health info, criminal history, or trade affiliations. | “Sensitive personal information” is information that meets the “personal information” criteria and also a) reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or b) concerns health or sex life, information about social security benefits, or information on criminal or administrative proceedings other than in the context of pending legal proceedings. |
How We Collect Information |
|
| We collect information two ways: Information we get from your use of the network, and information you provide to us directly. | |
| Your web browser tells us stuff like your approximate location and how you use the site. It also bakes us yummy cookies. | Information we get from your use of the network is primarily non-personally- identifying information of the sort that web browsers, servers, and services like Google Analytics* typically make available, such as the browser type, language preference, referring site, and the time of each visit. Other non-identifying information that we might have access to includes how you use the service (e.g., search queries), your approximate location, cookies, etc. |
| We try to use this non-personal info to help make better Q&A sites, and to destroy spam. We eat the cookies. | We collect this non-personally identifying information in order to better understand how visitors use the service and where possible, to improve their experience. For instance, we may monitor the most common content on the network to help identify spam. In some cases, we may publicly display information that is not personally identifying in the aggregate, (e.g., by publishing a report on trends in the usage of the network,) or may provide it to third parties for educational or similar purposes other than for sale or profit. |
| Your browser also gives us your IP address, which could identify you, but we don’t use it to do that. For real. | When you use the network, we also collect potentially personally identifying information in the form of Internet Protocol (IP) addresses. But we don’t use that information to identify you, and we handle and disclose these addresses in the same way we handle other potentially personally identifying information as described below. |
| If you register an account, you may need to give us your email and other personal info, but we’re not the boss of you and can’t make you. | Information you provide to us directly. Certain visitors to the network choose to interact with it in ways that may require them to provide us with personally identifying information. The amount and type of information that is provided depends on the nature of the interaction. For example, we ask visitors who sign up for stackoverflow.com to provide a username and email address. Employers who engage in financial transactions with talent.stackoverflow.com are asked to provide additional information, such as the personal and financial information required to process those transactions. We use a payment gateway to protect financial information we collect online and secure payment processors to carry out financial transactions. We only collect as much information as is necessary or appropriate given the type of interaction. We do not disclose personally identifying information other than as described below. And you can always refuse to supply personally identifying information, with the caveat that it may prevent you from engaging in certain activities. |
| The non-identifying content of a service request may be made public. You want to help, don’t you? | If you send us a request, such as emailing us for support, we reserve the right to publish it (absent any personally identifying information) in order to help us clarify or respond to your request or help other users. |
| If you don’t like cookies or have other dietary restrictions, please tell your browser. | A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. We use cookies to help us track visitors’ use of the network and their preferences. If you do not wish to have cookies placed on your computer, you should set your browser to refuse cookies, but should be aware that certain features of the network may not function properly without them. |
| Our servers live in the United States. So, if you send us your info, that’s where it’s going. | If you are outside the United States, you should know that any personally identifiable information you enter into the network will be transferred out of your country and into the United States, and possibly to other countries. By using the network, you consent to such transfer, and are representing that you have the right to transfer such information outside your country. |
| If you’re under 13, we want to mind our own business, not yours. | We do not knowingly collect any personally identifiable information from children under the age of 13. If you believe that a child has provided us with personally identifiable information without the consent of his or her parent or guardian, please contact us at team@stackexchange.com. If we become aware that a child under age 13 has provided us with personally identifiable information, we’ll delete it. |
Information You Choose to Display Publicly on the Network |
|
| If you decide to post personal information in the public parts of our sites, it’s… um, public. | Some users may elect to publicly post personally identifying or sensitive information about themselves in their normal use of the network. This could occur through use of the optional profile fields, in question or answer posts, or when an individual posts a job history on the Jobs site. Information like that, which is voluntarily posted in publicly visible parts of the network, is considered to be public, even if it would otherwise be considered to be personally identifying or sensitive. As such, it is not subject to the protocols listed below, because we don’t control it; you do. Additionally, voluntarily publicizing such information means that you lose any privacy rights you might normally have with regards to that information. It also increases your chances of receiving unwanted communications, like spam. |
Information You Give to Other People |
|
| We’re not responsible for any information you give other websites we link to. Sort of like how your TV maker isn’t responsible if you buy a lousy product, even if you saw it in an awesome commercial. | This Policy only applies to information collected by Stack Exchange. It does not apply to the practices of companies that we don’t own or control, or employees that we don’t manage. The network contains links to third party websites, and any information you provide to those sites will be covered by any privacy policies they may have. Please be sure to read the privacy policies of any third-party sites you visit. It is those sites’ responsibility to protect any information you give them, so we can’t be held liable for their wrongful use of your personally identifying information. |
How We Use Information We Collect |
|
| We will tell you what we’re collecting, what we’re doing with it, and when we might share it with others. (Almost never, unless you ask us to.) | Notice – Notice is what this Policy that you’re reading is all about. You are reading it, right? It’s important! When we collect your personal information, we’ll tell you how we’re using it, any types of third parties to which we might disclose it, (other than moderators or “agents,” such as vendors or contractors, who are only processing such information for us or at our direction), and the choices we offer you to limit the use of your information. |
| We’ll tell you all this stuff as soon as you register. | Notice will be provided in clear and conspicuous language when you are first asked to provide us with personal information, or as soon as practicable thereafter, and we’ll notify you before we use the information for something other than the purpose for which it was originally collected. If anything in this Policy seems unclear, please don’t hesitate to contact us at team@stackexchange.com, so we can address your question and possibly clarify this document. |
| If we change this policy, we’ll update this document to keep you in the loop. | Although most changes are likely to be minor, we may occasionally need to change this Policy. If we do update it, we’ll notify you either by posting the new policy on the network or by emailing you the changes or a link to the modified document. (See the “Choice” section below for information about how we’ll notify you if we change our policy regarding sensitive information.) In any case, the way we use information you provide will be covered by the privacy policy that was in effect at the time it was collected. |
| We mostly use your information to customize and improve your (and others’) experience. |
Here are some of the ways we may use personal information you provide us:
|
| Choice – Choice is all about making sure you have the ability to control how we share your personal information with others. We want you to be in control of your own data disclosure. To that end, we allow anonymous and pseudonymous participation, allow you to disable several features from public share settings, and to personalize your data features and share settings at: https://stackoverflow.com/users/prediction-data. We almost never share any of your personal information with non-agent third parties, with one exception, where you basically are asking us to do so: | |
| If you post a profile on Jobs, employers can see your name, and if you apply for a job, we give them your contact info. (Because they can’t hire you if they can’t contact you.) |
Users who post profiles on our Jobs site are generally doing so for the express
purpose of getting connected with potential employers. So, if you post a profile
on our Jobs site, and choose to make your profile visible to employers, your
name (which is required) and most of the other (optional) information in your profile
will be visible to employers searching for candidates. That said, your contact information
(email, phone, and address) will not be provided to employers in their candidate
searches. We will only allow employers to have access to your contact information
in two cases, both of which are under your control:
|
| Outside of when you apply for job listings, we don’t share your personal info with anyone. That could theoretically change in a merger, etc. but the buyer would still be bound by these rules. | Other than on Jobs, we won’t share your personal information with non-agent third parties unless we are required to do so by law, or if we believe in good faith that disclosure is reasonably necessary to protect our property, rights or those of third parties or the public at large. It is possible that we may, on occasion, buy or sell assets from or to other companies. If that should occur, user information is typically one of the assets that get transferred. Similarly, if Stack Exchange or most of its assets were acquired, or in the unlikely event that we go out of business or enter bankruptcy, user information could be transferred or acquired. You should be aware that such events can occur, and that if it does, the buyer may continue to use your personal and non-personal information, but only as set forth in this policy. Other than in these rare circumstances, Stack Exchange will not rent or sell potentially personally identifying information to anyone. |
| In the unlikely event that we should need to collect and transfer your sensitive information, we’ll ask first. | It’s hard to imagine that we would ever consider collecting, let alone sharing, sensitive information with a non-agent third party, but if such a day should come, we will first give you the opportunity to explicitly consent (opt-in) to such disclosure or to any use of the information for a purpose other than the one for which it was originally collected or previously authorized. |
| If you give us your email, we may email you. But probably not very often. We’re busy, too. | If you are a registered user of the network and have supplied your email address, we may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with the network. We generally use the network to communicate this type of information, so we expect to keep this type of communication to a minimum. If we do send you information that you did not expressly request, we will provide you with a way to request that you don’t get any similar notices (opt-out). |
| Anyone that has access to your info will be required to treat it like we do. |
Onward Transfer – Prior to providing agents with any personal information,
we will obtain assurances that they will safeguard it in accordance with this policy.
Examples of assurances that may be provided include:
|
| In the unlikely event that we should discover that an agent is using personal information in way that conflicts with this policy, we will take all reasonable steps to stop them immediately. | |
| In cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US Privacy Shield, Stack Exchange remains liable. | |
| We promise to work hard to keep your info safe, and to restrict who can access it. | Security – All records containing personal or financial information are considered to be our property and are afforded confidential treatment at all times. We work hard to protect against the unauthorized access, use, alteration or destruction of personal or financial information. All such electronic information is stored on restricted database servers, and is generally kept until such time as you may ask us to edit or delete it, as described below. We only disclose such information to our employees, agents or affiliates that a) need to know that information in order to process it for us or to provide other services, b) have agreed not to disclose it to others, and c) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. |
| We want to keep your data accurate and up to date, so… | Data Integrity – In addition to assuring you that we will protect your personal information, we also want to make sure that it is reliable, accurate, and up-to-date. In order to do that, we provide: |
| …we’ll provide it to you to review. Within reason. | Access – Upon request, we will provide you with reasonable access to the personal information we collect about you. You will have the opportunity to correct, update, modify or delete this information by sending an e-mail to team@stackexchange.com. Please note that some information may remain in our records even after you request deletion of your information as permitted by the Privacy Shield Principles. Additionally, there may be limits to the amount of information we can practically provide. For example, we may limit an individual’s access to personal information where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy or where doing so would violate others’ rights. |
| Enforcement – We will conduct internal audits of our compliance with this privacy policy, including an annual self-assessment. Our employees take your privacy as seriously as we do, and we will take all reasonable measures against any employee found to be in violation of this policy. | |
| If you have any concerns about your privacy, we genuinely want to know about it. | In compliance with the Privacy Shield Principles, Stack Exchange, Inc. and covered affiliates and subsidiaries commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us (Stack Exchange, Inc.) at: team@stackexchange.com. |
| In the really, really, super-unlikely event that we can’t help, you can contact PrivacyTrust. | Stack Exchange, Inc. has further committed to refer unresolved Privacy Shield complaints to the PrivacyTrust Shield Program, an alternative dispute resolution provider located in the United Kingdom. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.privacytrust.com/drs/stackexchange OR PrivacyTrust, Communications House, 26 York Street, London, W1U 6PZ, for more information or to file a complaint. The services of PrivacyTrust Privacy Shield Program are provided at no cost to you. |
| Alternatively, if you are unhappy with how we deal with your complaint, or the outcome of our resolution, you may by right invoke binding arbitration or refer your complaint to a data panel. | |
How to Contact Us |
|
| We’re here if you need us. | If you have any questions about this policy or our site in general, please contact us at team@stackexchange.com. |
| Our Data Protection Officer is Adam Francoeur. | |
| Who writes letters? Like with stamps and stuff? Ugh. |
Written Inquiries can be sent to:
Stack Exchange, Inc. |
Employees’ & Prospective Employees’ Information |
|
|
Working here rocks. We have insanely great health insurance, reimburse employees’
gym membership, and give employees free |
In accordance with the Privacy Shield principles, Stack Exchange, Inc., commits to cooperate with EU Data
Protection Authorities (DPAs) and comply with the advice given by such authorities with regard to human
resources data transferred from the EU in the context of the employment relationship.
This section covers any ways in which personal information we collect from employees or applicants might be treated differently than user information. You can probably stop here if you not an employee or interested in applying for a job with Stack Exchange. But maybe you should be interested: Who wouldn’t want to work with an amazingly talented team dedicated to making the Internet a better place to get expert answers to questions, especially at a company with free lunches, top-notch benefits, and a CEO who has literally written the book on how to make great workplaces for building amazing software. The more I think about it, the more I think maybe you should click here after all: https://stackexchange.com/about/hiring. And if you do, be sure to review the following non-comprehensive list of ways that we may use information provided to us by employees or applicants: |
|
If you do work or apply to work here, here’s how we handle your personal information.
The lawyers say I have to remind you again that you really need to read the long version on the right. Which hurts my feelings a little, but is still probably good advice. |
|
| * Google Analytics is a registered trademark of Google, Inc. |
