Skip to main content

DSGVO / GDPR

Last Modified: 2018-06-14

Information for Podcasters / Users of Podlove Publisher

What User Data is used or accessible to other services?

If the Bitlove Module is active, requests to bitlove.org are made.

Both Podlove Subscribe Button and Podlove Web Player may be served via GitHub (Github privacy statement). You can choose to not use our CDN to serve these applications in the module settings.

If Tracking/Analytics is enabled, user IP addresses are used to determine their geographic location. IP addresses are not saved, but anonymized and then hashed together with the User Agent to generate a request id, which is saved. The User Agent is saved as well but cannot be connected to the user since the user IP is never saved.

This information aims to inform you, the user of Podlove Publisher.

IP Addresses

If you are using Podlove Publisher Tracking/Analytics, an update to version 2.7.5 or higher is recommended.

Tracking uses a request_id to be able to determine when two requests came from the same user and should be counted as one unique access. This request_id is a has made of the request IP address and user agent. Unfortunately it is not possible to anonymize IP addresses without skewing download statistics. However, since the request IDs are only used for grouping in the same hour, they can be anonymized after a day without losing tracking accuracy. Once a day, all request_ids older than 24 hours are salted in a way that makes it impossible to restore the original IP address.

Second, you need to deal with the existing request_ids. There is a new "DSGVO" section under "Tools" with a button that will rehash all existing request_ids with a randomly generated salt. That way it will become unfeasible to determine the original IP address but your analytics will stay the same.

In case you have a lot of downloads (let's say much more than 50.000), you may want to do this via command line because that will be much quicker than via the tools section. You need wp-cli, then simply call wp eval 'podlove_rehash_tracking_request_ids();'. On a multisite, pass the blog id as a parameter: wp eval 'podlove_rehash_tracking_request_ids(42);'.

Text Snippets for your Privacy Page

Feel free to copy the following text into your sites disclaimer to inform your users. Remove the sections that don't apply to you if you're not using some module.

This is not legal advice.

If you have improvement suggestions for these texts, please let us know in the forums: community.podlove.org.

English

Bitlove

This website uses bitlove.org to provide downloads via bittorrent.

When you access pages of this website that contain bitlove functionality, your browser connects directly to Bitlove's servers.

Podlove

Both Podlove Subscribe Button and Podlove Web Player are served by keycdn.com (keycdn GDPR statement).

Podlove Publisher tracks download statistics. IP adresses are used to determine an estimated geographic location (city or state level).

IP addresses are stored temporarily (up to 48 hours) as part of a request id. This is necessary because the podcast owner needs to know how often episodes are downloaded to prove the viability of her/his endeavours.

To determine a realistic download number, the system must be able to recognise repeated access to the same file by the same user. The only reliable way to achieve this is by considering the IP address in combination with the User Agent. Using an anonymised IP address is not possible because it would lead to wrong results. An access to the same file by the same user on different days can be considered separate downloads, therefore it is necessary to store IPs for only up to 48 hours.

After 48 hours request ids are salted in a way that makes it impossible to restore the original IP address.

The User Agent is stored as well.

Deutsch

Bitlove

Diese Website verwendet bitlove.org, um Downloads via BitTorrent anzubieten.

Wenn Sie Seiten dieses Internetangebots, die Bitlove-Funktionalität enthalten, aufrufen, wird von Ihrem Browser eine direkte Verbindung zu Servern von Bitlove hergestellt.

Podlove

Sowohl Podlove Subscribe Button als auch Podlove Web Player werden von keycdn.com (keycdn GDPR-Stellungnahme) ausgeliefert.

Podlove Publisher erfasst Downloadstatistiken. IP-Adressen werden benutzt, um die geographische Verortung zu schätzen (Stadt / Land).

IP-Adressen werden kurzzeitig (bis zu 48 Stunden) als Teil einer Request-ID gespeichert. Das ist notwendig, damit der/die Podcast-Betreiber/in die Tragfähigkeit seiner/ihrer Bemühungen nachvollziehen kann.

Um realistische Downloadzahlen zu ermitteln, muss das System erneuten Zugriff auf die gleiche Datei vom selben Nutzer erkennen können. Der einzige verlässliche Weg, dies zu erreichen, ist, die IP-Adresse zusammen mit dem User-Agent zu betrachten. Eine anonymisierte IP-Adresse zu benutzen ist nicht möglich, da dies zu falschen Ergebnissen führen würde. Ein Zugriff auf die gleiche Datei vom selben Nutzer an verschiedenen Tagen kann als separater Download betrachtet werden. Darum genügt es, IP-Adressen lediglich für bis zu 48 Stunden vorzuhalten.

Nach 48 Stunden werden Request-IDs anonymisiert. Dadurch ist es unmöglich, die ursprünglich enthaltene IP-Adresse wiederherzustellen.

Der User-Agent des genutzten Browsers wird auch gespeichert.