forked from searxng/searxng
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial creation of an info page on the topic "Privacy Policy". [1] searxng#1285 (comment) Suggested-by: @nicfab [1] Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
- Loading branch information
Showing
5 changed files
with
228 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -13,3 +13,4 @@ User information | |
| search-syntax | ||
| configured_engines | ||
| about | ||
| privacy-policy | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| .. _privacy-policy: | ||
|
|
||
| .. include:: privacy-policy.md | ||
| :parser: myst_parser.sphinx_ | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,217 @@ | ||
| # Privacy Policy | ||
|
|
||
| We provide this information for SearXNG's instances installed on servers in the | ||
| Economic European Area (EEA) or outside the EEA for those who consult the | ||
| {{link('SearXNG website', 'search')}} or submit queries. So that you know, this | ||
| information applies only to this SearXNG instance **and not to other websites | ||
| the user may consult through links**. | ||
|
|
||
| When data subjects or SearXNG providers are in the EEA, the [EU Regulation | ||
| 2016/679 (GDPR)](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN) | ||
| applies. | ||
|
|
||
| Indeed, according to Article 3(2) of the GDPR, we underline whether SearXNG's | ||
| instances are installed on servers, not in the EEA, but the service is offered | ||
| to users in the EEA, Regulation 2016/679 applies. | ||
|
|
||
| > Article 3 | ||
| > Territorial scope | ||
| > | ||
| > 1. This Regulation applies to the processing of personal data in the context | ||
| > of the activities of an establishment of a controller or a processor in the | ||
| > Union, regardless of whether the processing takes place in the Union or | ||
| > not. | ||
| > | ||
| > 2. This Regulation applies to the processing of personal data of data subjects | ||
| > who are in the Union by a controller or processor not established in the | ||
| > Union, where the processing activities are related to: | ||
| > | ||
| > (a) the offering of goods or services, irrespective of whether a payment of | ||
| > the data subject is required, to such data subjects in the Union; or | ||
| > | ||
| > (b) the monitoring of their behaviour as far as their behaviour takes place | ||
| > within the Union. | ||
| > | ||
| > 3. This Regulation applies to the processing of personal data by a controller | ||
| > not established in the Union, but in a place where Member State law applies | ||
| > by virtue of public international law. | ||
| ## Data controller | ||
|
|
||
| The data controller is `{name of the instance maintaner}` - (`{maintainer's | ||
| email}`). | ||
|
|
||
| ## How does SearXNG protect privacy? | ||
|
|
||
| SearXNG protects the privacy of its users in multiple ways regardless of the | ||
| type of instance (private or public). Removal of private data from search | ||
| requests comes in three forms: | ||
|
|
||
| 1. Removal of private data from requests going to search services. | ||
|
|
||
| 2. Not forwarding anything from third-party services through search services | ||
| (e.g., advertisement). | ||
|
|
||
| 3. Removal of private data from requests going to the result pages. Removing | ||
| private data means not sending cookies to external search engines and | ||
| generating a random browser profile for every request. Thus, it does not | ||
| matter if a public or private instance handles the request because it is | ||
| anonymized in both cases. IP addresses will be the IP of the | ||
| instance. However, the SearXNG admin can configure it to use a proxy or Tor. | ||
| [Result proxy](https://github.com/asciimoo/morty) is supported, too. SearXNG | ||
| does not serve ads or tracking content, unlike most search services. So | ||
| private data is not forwarded to third parties who might monetize it. Besides | ||
| protecting users from search services, referring pages and search queries are | ||
| hidden from visited result pages. | ||
|
|
||
| ## What's happened when you send a query through a SearXNG instance? | ||
|
|
||
| We reproduce the steps below: | ||
|
|
||
| 1. You send your query from a SearXNG instance; | ||
|
|
||
| 2. The SearXNG instance sends your query to the search engines set by default on | ||
| every specific SearXNG instance (All the SearXNG instances (private and | ||
| public) might differ because it depends on the settings chosen by the admin. | ||
| However, you can view and modify what the engines set by default via | ||
| {{link('Preferences => Engines', 'preferences')}}). | ||
|
|
||
| 3. The search engines (for instance, DDG or Qwant) that receive your query | ||
| elaborate on it and send the response to the SearXNG instance. | ||
|
|
||
| ## Is your data or personal data transmitted to search engines? | ||
|
|
||
| **The answer is NO, and precisely:** | ||
|
|
||
| 1. **None of your data nor personal data is transmitted** from the SearXNG instance except: | ||
|
|
||
| - Your query; | ||
| - The language you selected on the SearXNG instance; | ||
| - The technical parameters are needed to form the same query. | ||
|
|
||
| 2. **No metadata is transmitted**. | ||
|
|
||
| **In the end, only**: | ||
|
|
||
| - your query, | ||
| - the language you selected on the SearXNG instance and | ||
| - the technical parameters needed to form the same query | ||
|
|
||
| are transmitted to search engines. | ||
|
|
||
| ## Can the search engines see your data or install cookies or other stuff on your browser? | ||
|
|
||
| **The answer is: No, they cannot.** | ||
|
|
||
| Indeed, the search engines (for example, DDG or qwant) that receive your query | ||
| through the SearXNG instance: | ||
|
|
||
| 1. Do not know from where (IP or location) your query comes and see your IP | ||
| since they are talking only with the SearXNG instance; | ||
|
|
||
| 2. Acquire only the IP of the SearXNG instance you used for your query. | ||
|
|
||
| 3. Cannot send your browser cookies or other data to track you since the search | ||
| engines that receive your query are only connected to the SearXNG instance | ||
| and not your web browser. | ||
|
|
||
| ## What data is collected | ||
|
|
||
| This SearXNG instance receives only your IP but does not collect it. | ||
|
|
||
| **Each user is responsible for the content they intend to submit as a query**. | ||
|
|
||
| ### Who can access the data, and for what activities? | ||
|
|
||
| None neither the server administrator (instance) can access Personally | ||
| Identifiable Information (PII) nor data of the queries but only - for technical | ||
| needs - system logs without the possibility of retrieving any personal data | ||
| anyway. | ||
|
|
||
| ## The purposes of the processing | ||
|
|
||
| When data subjects or SearXNG providers are in the EEA, the GDPR applies. | ||
| Still, the purpose is to provide all access to the SearXNG instance by allowing | ||
| users to submit queries and read and consult the search results. | ||
|
|
||
| Furthermore, the purposes are also related to server maintenance and system and | ||
| application upgrades. | ||
|
|
||
| The optional, explicit, and voluntary sending of electronic mail to the | ||
| addresses indicated on the footer of this site involves the acquisition of the | ||
| sender's address necessary for the replies and any other personal data contained | ||
| in the message. These data are processed to respond to messages sent and handle | ||
| related requests. Failure to provide personal data for communications with us or | ||
| send requests will prevent evading them. We store data for the time strictly | ||
| necessary for the purposes related to data processing. | ||
|
|
||
| ## Legal basis for the processing | ||
|
|
||
| When data subjects or SearXNG providers are in the EEA, the GDPR applies. | ||
| Still, the processing of personal data is based on consent - according to | ||
| Article 6, par. 1, letter a) of EU Regulation 2016/679 - expressed by the user | ||
| by browsing this website, choosing the preferences, and submitting queries, thus | ||
| accepting this information. | ||
|
|
||
| Consent is optional, and the user can withdraw at any time by request sent by | ||
| email to `{maintainer's email}`¡, specifying that, in this case, whether the | ||
| user does not consent, they cannot consult this website. | ||
|
|
||
| Regarding server maintenance and system and application upgrades, the legal | ||
| basis is the legitimate interest according to Article 6, letter f) of the EU | ||
| Regulation 2016/679. | ||
|
|
||
| The processing of personal data is necessary to pursue the data controller's | ||
| legitimate interest in providing information about studies and research, | ||
| according to article 6, par. 1, letter f) of EU Regulation 2016/679, in | ||
| compliance with the provisions of the same Regulation. | ||
|
|
||
| ## Cookies | ||
|
|
||
| The only cookies are only **functional ones** and, therefore, no profiling or | ||
| tracking activities. | ||
|
|
||
| **Thus, this site does not use cookies other than functional cookies solely for | ||
| the functional purposes described above, and their installation does not require | ||
| the user's consent**. | ||
|
|
||
| ## Data recipients | ||
|
|
||
| We don't communicate personal data collected from this website following its | ||
| consultation to recipients or categories of recipients. | ||
|
|
||
| ## Period for storing personal data | ||
|
|
||
| This website does not collect nor store user data. | ||
|
|
||
| ## Transferring personal data to a third country or international organization | ||
|
|
||
| When data subjects or SearXNG providers are in the EEA, the GDPR applies. | ||
| Still, the data controller, the administrator of SearXNG's instance, does not | ||
| transfer any personal data outside the European Economic Area (EEA) if SearXNG | ||
| is installed on the server located within the European Economic Area. | ||
|
|
||
| ## Security measures | ||
|
|
||
| The SearXNG instance maintainer adopts appropriate security measures to prevent | ||
| unauthorized access, disclosure, modification, or unauthorized destruction of | ||
| data. Your data in the communication session with this website are protected by | ||
| a Secure Sockets Layer (SSL) certificate that uses a cryptographic presentation | ||
| protocol, encrypting the information. | ||
|
|
||
| ## Data subjects' rights | ||
|
|
||
| When data subjects or SearXNG providers are in the EEA, the GDPR applies. | ||
| Still, users (data subjects) who access the service provided by this instance | ||
| may exercise the rights according to Articles 15 to 22 of EU Regulation | ||
| 2016/679. You can lodge all requests to exercise these rights by writing to | ||
| `{maintainer's email}`. | ||
|
|
||
| ## Right to lodge a complaint | ||
|
|
||
| When data subjects or SearXNG providers are in the EEA, the GDPR applies. | ||
| Still, whether a data subject considers that the processing of personal data | ||
| relating to them as performed via this SearXNG instance infringes the | ||
| Regulation, they have the right to lodge a complaint with the competent | ||
| Supervisory Authority (Data Protection Authority) according to Article 77 of the | ||
| EU Regulation 2016/679. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters