From df6e43eac56bec25700c000ef6762cbfdb9f6670 Mon Sep 17 00:00:00 2001 From: Rasika Perera Date: Fri, 16 Mar 2018 13:49:53 +0530 Subject: [PATCH] Adding privacy policy and cookie policy --- .../cdmf.page.cookie-policy/cookie-policy.hbs | 167 +++++++++++++++ .../cookie-policy.json | 6 + .../privacy-policy.hbs | 193 ++++++++++++++++++ .../privacy-policy.json | 6 + .../app/pages/cdmf.page.register/register.hbs | 4 +- .../cdmf.page.sign-in.login-do/login-do.hbs | 4 +- 6 files changed, 376 insertions(+), 4 deletions(-) create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.cookie-policy/cookie-policy.hbs create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.cookie-policy/cookie-policy.json create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.privacy-policy/privacy-policy.hbs create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.privacy-policy/privacy-policy.json diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.cookie-policy/cookie-policy.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.cookie-policy/cookie-policy.hbs new file mode 100644 index 00000000000..abaf293f3ca --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.cookie-policy/cookie-policy.hbs @@ -0,0 +1,167 @@ +{{! + Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + + WSO2 Inc. licenses this file to you under the Apache License, + Version 2.0 (the "License"); you may not use this file except + in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +}} +{{#zone "title"}}{{! to override parent page title }}{{/zone}} +{{unit "cdmf.unit.ui.title" pageTitle="Consent Page"}} + +{{#zone "content"}} +
+
+ +

COOKIE POLICY

+ +
+

About WSO2 IoT Server

+

WSO2 IoT Server 3.3.0 is a complete solution that enables device manufacturers and enterprises to + connect and manage their devices, build apps, manage events, secure devices and data, and visualize + sensor data in a scalable manner.

+

It also offers a complete and secure Enterprise Mobility Management (EMM/MDM) solution that aims to + address mobile computing challenges faced by enterprises today. Supporting iOS, Android, and Windows + devices, it helps organizations deal with both Corporate Owned, Personally Enabled (COPE) and + employee-owned devices with the Bring Your Own Device (BYOD) concept.

+

WSO2 IoT Server 3.3.0 comes with advanced analytics, enabling users to analyze speed, proximity, and + geo-fencing information of devices including details of those in motion and stationary state.

+

+

Cookie Policy

+

IoT Server uses cookies to provide you with the best user experience, and to securely identify you. + You can disable cookies if you so wish . However you might not be able to access some of the services + if you disable cookies.

+

What is a cookie?

+

A browser cookie is a small piece of data that is stored on your device to help websites and mobile + apps remember things about you. Other technologies, including Web storage and identifiers associated + with your device, may be used for similar purposes. In this policy, we use the term “cookies” to + discuss all of these technologies.

+

How does WSO2 IoT Server 3.3.0 process cookies?

+

WSO2 IoT Server 3.3.0 uses cookies to store and retrieve information on your browser. This + information is used to provide a better user experience. Some cookies serve the purpose of allowing a + user to log in to the system, maintain sessions, and keep track of activities within the login + session.

+

Some cookies in WSO2 IoT Server 3.3.0 are used to personally identify you. However, the cookie + lifetime ends once your session ends, i.e., after you log-out, or after the session expiry time has + elapsed.

+

Some cookies are simply used to give you a more personalised web experience, and these cannot be used + to identify you or your activities personally.

+

This Cookie Policy is part of the IoT Server Privacy Policy. +

+

What does WSO2 IoT Server 3.0.0 use cookies for?

+

Cookies are used for two purposes in WSO2 IoT Server 3.3.0.

+
    +
  1. To identify you and provide security
  2. +
  3. To provide a satisfying user experience.
  4. +
+ +

Preferences

+

WSO2 IoT Server 3.3.0 uses cookies to remember your settings and preferences and to auto-fill the + fields to make your interactions with the site easier.

+

These cookies can not be used to personally identify you.

+ +

Security

+
    +
  1. WSO2 IoT Server 3.3.0 uses selected cookies to identify and prevent security risks. For example, + WSO2 IoT Server 3.3.0 may use cookies to store your session information to prevent others from + changing your password without your username and password. +
  2. +
  3. WSO2 IoT Server 3.3.0 uses session cookie to maintain your active session.
  4. +
  5. WSO2 IoT Server 3.3.0 may use a temporary cookie when performing multi-factor authentication and + federated authentication. +
  6. +
  7. WSO2 IoT Server 3.3.0 may use permanent cookies to detect the devices you have logged in + previously. This is to to calculate the risk level associated with your current login + attempt. Using these cookies protects you and your account from possible attacks. +
  8. +
+

Performance

+

WSO2 IoT Server 3.3.0 may use cookies to allow Remember Me functionalities.

+

Analytics

+

WSO2 IoT Server 3.3.0 as a product does not use cookies for analytical purposes.

+

Third party cookies

+

Using WSO2 IoT Server 3.3.0 may cause third-party cookie to be set in your browser. WSO2 IoT Server + 3.3.0 has no control over how any of them operate. The third-party cookies that maybe set + include:

+
    +
  1. Any social login sites. For example, third-party cookies may be set when WSO2 IoT Server 3.3.0 + is configured to use “social” or “federated” login, and you opt to login with your “Social + Account”. +
  2. +
  3. Any third party federated login.
  4. +
+

WSO2 strongly advises you to refer the respective cookie policies of such sites carefully as WSO2 has + no knowledge or use on these cookies.

+

What type of cookies does WSO2 IoT Server 3.3.0 use?

+

WSO2 IoT Server 3.3.0 uses persistent cookies and session cookies. A persistent cookie helps WSO2 IS + 3.3.0 to recognize you as an existing user so that it is easier to return to WSO2 or interact with + WSO2 IS 3.3.0 without signing in again. After you sign in, a persistent cookie stays in your browser + and will be read by WSO2 IoT Server 3.3.0 when you return to WSO2 IoT Server 3.3.0.

+

A session cookie is a cookie that is erased when the user closes the Web browser. The session cookie + is stored in temporarily and is not retained after the browser is closed. Session cookies do not + collect information from the user’s computer.

+

How do I control my cookies?

+

Most browsers allow you to control cookies through settings. However, if you limit the given ability + for websites to set cookies, you may worsen your overall user experience since it will no longer be + personalized to you. It may also stop you from saving customized settings like login information. + Most likely, disabling cookies will make it unable for you to use authentication and authorization + functionalities offered by WSO2 IoT Server 3.3.0.

+

If you have any questions or concerns regarding the use of cookies, please contact the entity or + individuals (or their data protection officer, if applicable) running this WSO2 IoT Server 3.3.0 + instance.

+

What are the cookies used?

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cookie NamePurposeRetention
JSESSIONIDTo keep your session data in order to give you a good user experience.Session
commonAuthIdUsed to authenticate the the logged in session.Session
samlssoTokenIdUsed to map the logged in user with the SAML token.Request
requestedURIThe URI you are accessing.Session
+

Disclaimer

+

This cookie policy is only for illustrative purposes of the product WSO2 IoT Server 3.3.0. The + content in the policy is technically correct at the time of the product shipment. The + entity,organization or individual that runs this WSO2 IoT Server 3.3.0 instance has full authority + and responsibility with regard to the effective Cookie Policy. WSO2, its employees, partners, and + affiliates do not have access to and do not require, store, process or control any of the data, + including personal data contained in WSO2 IoT Server 3.3.0. All data, including personal data is + controlled and processed by the entity, organization or individual running WSO2 IoT Server 3.3.0. + WSO2, its employees partners and affiliates are not a data processor or a data controller within the + meaning of any data privacy regulations. WSO2 does not provide any warranties or undertake any + responsibility or liability in connection with the lawfulness or the manner and purposes for which + WSO2 IoT Server 3.3.0 is used by such entities, organizations or persons.

+
+
+
+{{/zone}} \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.cookie-policy/cookie-policy.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.cookie-policy/cookie-policy.json new file mode 100644 index 00000000000..b531aa03193 --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.cookie-policy/cookie-policy.json @@ -0,0 +1,6 @@ +{ + "version": "1.0.0", + "layout": "uuf.layout.sign-in", + "uri": "/cookie-policy", + "isAnonymous": true +} \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.privacy-policy/privacy-policy.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.privacy-policy/privacy-policy.hbs new file mode 100644 index 00000000000..bb65e7be653 --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.privacy-policy/privacy-policy.hbs @@ -0,0 +1,193 @@ +{{! + Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + + WSO2 Inc. licenses this file to you under the Apache License, + Version 2.0 (the "License"); you may not use this file except + in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +}} +{{#zone "title"}}{{! to override parent page title }}{{/zone}} +{{unit "cdmf.unit.ui.title" pageTitle="Consent Page"}} + +{{#zone "content"}} +
+
+ +

PRIVACY POLICY

+ +
+

About WSO2 IoT Server

+

WSO2 IoT Server is a complete solution that enables device manufacturers and enterprises to connect + and manage their devices, build apps, manage events, secure devices and data, and visualize sensor + data in a scalable manner.

+

It also offers a complete and secure Enterprise Mobility Management (EMM/MDM) solution that aims to + address mobile computing challenges faced by enterprises today. Supporting iOS, Android, and Windows + devices, it helps organizations deal with both Corporate Owned, Personally Enabled (COPE) and + employee-owned devices with the Bring Your Own Device (BYOD) concept.

+

WSO2 IoT Server comes with advanced analytics, enabling users to analyze speed, proximity, and + geo-fencing information of devices including details of those in motion and stationary state.

+

Privacy Policy

+

This policy describes how WSO2 IoT Server 3.3.0 captures your personal information, the purposes of + collection, and information about the retention of your personal information. +

Please note that this policy is for reference only, and is applicable for the software as a product. + WSO2 Inc. and its developers have no access to the information held within WSO2 IoT Server + 3.3.0.Please see the Disclaimer section for more information. Entities, organisations or individuals + controlling the use and administration of WSO2 IoT Server 3.3.0 should create their own privacy + policies setting out the manner in which data is controlled or processed by the respective entity, + organisation or individual. +

What is personal information?

+

WSO2 IoT Server 3.3.0 considers anything related to you and by which you may be identified as your + personal information.

+

Signing in to WSO2 IoT Server 3.3.0

+
    +
  1. Your user name (except in cases where the user name created by your employer is under + contract) +
  2. +
  3. IP address used to log in
  4. +
  5. Email address
  6. +
+

Enrolling a device with WSO2 IoT Server 3.3.0

+
    +
  • Your device ID (e.g., phone or tablet), mobile number, IMEI number, and IMSI number
  • +
  • Your device’s location
  • +
  • Your device’s application list, and memory usage
  • +
  • Your device’s usage statistics, such as RAM, battery level, connected hotspot details, and + memory usage +
  • +
+

However, WSO2 IoT Server 3.3.0 also collects the following information that is not considered + personal information, but is used only for statistical purposes. The reason for this is that + this information can not be used to track you. +

    +
  • City/Country from which you originated the TCP/IP connection
  • +
  • Time of the day that you logged in (year, month, week, hour or minute)
  • +
  • Type of device that you used to log in (e.g., phone or tablet)
  • +
  • Operating system and generic browser information
  • +
+

Collection of personal information

+

WSO2 IoT Server 3.3.0 collects your information only to serve your access requirements. For example: +

    +
  • WSO2 IoT Server 3.3.0 uses your IP address to detect any suspicious login attempts to your + account. +
  • WSO2 IoT Server 3.3.0 uses attributes like your first name, last name, etc., to provide a rich + and personalized user experience. +
  • WSO2 IoT Server 3.3.0 uses your security questions and answers only to allow account recovery. +
  • +
+

Tracking Technologies

+

WSO2 IoT Server 3.3.0 collects your information by:

+
    +
  • Collecting information from the user profile page where you enter your personal data.
  • +
  • Tracking your IP address with HTTP request, HTTP headers, and TCP/IP.
  • +
  • Tracking your geographic information with the IP address.
  • +
  • Tracking your login history with browser cookies. Please see our cookie policy + for more + information. +
  • +
+

Use of personal information

+

WSO2 IoT Server 3.3.0 will only use your personal information for the purposes for which it was + collected (or for a use identified as consistent with that purpose).

+

WSO2 IoT Server 3.3.0 uses your personal information only for the following purposes.

+
    +
  • To provide you with a personalized user experience. WSO2 IoT Server 3.3.0 uses your name and + uploaded profile pictures for this purpose. +
  • +
  • To protect your account from unauthorized access or potential hacking attempts. WSO2 IoT Server + 3.3.0 uses HTTP or TCP/IP Headers for this purpose. +
  • +
  • +

    This includes:

    +
      +
    1. IP address
    2. +
    3. Browser fingerprinting
    4. +
    5. Cookies
    6. +
    +
  • +
  • Derive statistical data for analytical purposes on system performance improvements. WSO2 IoT + Server 3.3.0 will not keep any personal information after statistical calculations. Therefore, + the statistical report has no means of identifying an individual person. +
  • +
  • WSO2 IoT Server 3.3.0 may use:
  • +
  • +
      +
    1. IP Address to derive geographic information
    2. +
    3. Browser fingerprinting to determine the browser technology or/and version
    4. +
    +
  • +
+

Disclosure of personal information

+

WSO2 IoT Server 3.3.0 only discloses personal information to the relevant applications (also known as + “Service Providers”) that are registered with WSO2 IoT Server 3.3.0. These applications are + registered by the identity administrator of your entity or organization. Personal information is + disclosed only for the purposes for which it was collected (or for a use identified as consistent + with that purpose) as controlled by such Service Providers, unless you have consented otherwise or + where it is required by law.

+

Legal process

+

Please note that the organisation, entity or individual running WSO2 IoT Server 3.3.0 may be + compelled to disclose your personal information with or without your consent when it is required by + law following due and lawful process.

+

Storage of personal information

+

Where your personal information is stored

+

WSO2 IoT Server 3.3.0 stores your personal information in secured databases. WSO2 IoT Server 3.3.0 + exercises proper industry accepted security measures to protect the database where your personal + information is held.WSO2 IoT Server 3.3.0 as a product does not transfer or share your data with any + third parties or locations.

+

WSO2 IoT Server 3.3.0 may use encryption to keep your personal data with an added level of + security.

+

How long your personal information is retained

+

WSO2 IoT Server 3.3.0 retains your personal data as long as you are an active user of our system. You + can update your personal data at any time using the given self-care user portals.

+

WSO2 IoT Server 3.3.0 may keep hashed secrets to provide you with an added level of security. This + includes:

+
    +
  • Current password
  • +
  • Previously used passwords
  • +
+

How to request removal of your personal information

+

You can request the administrator to delete your account. The administrator is the administrator of + the tenant you are registered under, or the super-administrator if you do not use the tenant + feature.

+

Additionally, you can request to anonymize all traces of your activities that WSO2 IoT Server 3.3.0 + may have retained in logs, databases or analytical storage.

+

More information

+

Changes to this policy

+

Upgraded versions of WSO2 IoT Server 3.3.0 may contain changes to this policy. Revisions to this + policy will be packaged within such upgrades and would only apply to users who choose to use upgraded + versions.

+

Your choices

+

If you are already have an user account within WSO2 IoT Server 3.3.0 ; you have the right to + deactivate your account if you find that this privacy policy is unacceptable to you.

+

If you do not have an account and you do not agree with our privacy policy, you can chose not to + create one.

+

Contact us

+

Please contact WSO2 if you have any question or concerns regarding this privacy policy.

+

https://wso2.com/contact/

+

Disclaimer

+

WSO2, its employees, partners, and affiliates do not have access to and do not require, store, + process or control any of the data, including personal data contained in WSO2 IoT Server 3.3.0. All + data, including personal data is controlled and processed by the entity or individual running WSO2 + IoT Server 3.3.0. WSO2, its employees partners and affiliates are not a data processor or a data + controller within the meaning of any data privacy regulations. WSO2 does not provide any warranties + or undertake any responsibility or liability in connection with the lawfulness or the manner and + purposes for which WSO2 IoT Server 3.3.0 is used by such entities or persons.

+

This privacy policy is for the informational purposes of the entity or persons running WSO2 IoT + Server 3.3.0 and sets out the processes and functionality contained within WSO2 IoT Server 3.3.0 + regarding personal data protection. It is the responsibility of entities and persons running WSO2 IoT + Server 3.3.0 to create and administer its own rules and processes governing users’ personal data, + Please note that the creation of such rules and processes may change the use, storage and disclosure + policies contained herein. Therefore users should consult the entity or persons running WSO2 IoT + Server 3.3.0 for its own privacy policy for details governing users’ personal data.

+
+
+
+{{/zone}} \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.privacy-policy/privacy-policy.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.privacy-policy/privacy-policy.json new file mode 100644 index 00000000000..2f12cb7da97 --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.privacy-policy/privacy-policy.json @@ -0,0 +1,6 @@ +{ + "version": "1.0.0", + "layout": "uuf.layout.sign-in", + "uri": "/privacy-policy", + "isAnonymous": true +} \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.register/register.hbs b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.register/register.hbs index 0baf1156e06..bcfa99eb090 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.register/register.hbs +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.register/register.hbs @@ -64,7 +64,7 @@