Wikimedia Foundation Confidentiality Agreement for Nonpublic Information
The Wikimedia Foundation approved a new Access to nonpublic personal data policy on 6 November 2018. In accordance with this policy, volunteers with access to nonpublic personal data (such as VRT volunteers, CheckUsers, Oversighters, and Stewards) are required to sign this confidentiality agreement in order to maintain or receive their access to nonpublic personal data. Instructions on how to sign the agreement are available. The Foundation shall not grant Foundation volunteer NDA recognition to applicant(s) for volunteer roles if the applicants live in jurisdictions that block(ed) access to Wikimedia projects AND there is reason to believe that their domicile is known to others than the individual applicant(s) and the Foundation. Exemptions may be granted in individual cases following a request for review by the Legal department. Granting such NDAs would put the applicant(s) as well as other volunteers relying on the Foundation's platform at undue risk. All NDA-based access rights granted to users fulfilling both criteria in the proposed adjustment shall be revoked at the point of policy adjustment. NOTE: The document intentionally states "X years of age" as the documents actually being signed may say either 16 years of age or 18 years of age depending on the role of the person signing it. The documents on Legalpad which volunteers are signing reflect the correct age for that specific document. |
Confidentiality Agreement - nonpublic personal data
You provide critical and valuable services and support to the Wikimedia movement, and the success of our projects depends on authorized Wikimedia community members like you. In return, you may be entrusted with confidential nonpublic personal data, including private user information. This agreement between you and the Wikimedia Foundation reflects our mutual commitment to protecting that information. By digitally signing and submitting this document you certify that you are at least X years of age and acknowledge that you have reviewed and agree to this confidentiality agreement, which is between you and the Wikimedia Foundation.
Nonpublic personal data. Nonpublic personal data is private information, including private user information, which you receive either through the use of tools provided to you as an authorized Wikimedia community member or from other such members. Nonpublic personal data includes "personal information" as defined by the Wikimedia Privacy Policy, IP addresses, and other personally identifying information that are not otherwise publicly available. It does not include information about a user that that user has made public on the Wikimedia projects.
Exceptions to nonpublic personal data. Nonpublic personal data does not include any information which (a) was publicly available at the time of disclosure; (b) became publicly available after disclosure without breach of this policy by you; (c) was in your possession before disclosure, as evidenced by your written records, and was not part of an earlier confidential provision of a Wikimedia policy; or (d) is required by law to be disclosed by you, but you promise to give the Wikimedia Foundation prompt notice of such legal requirement and comply with any protective order imposed on such disclosure.
Authorized community members. Authorized community members are Wikimedia users who are entrusted, through a valid community- or foundation-run process, with information covered by the Wikimedia Privacy Policy. This includes community members with access to any tool that permits them to view nonpublic information about other users or members of the public, community members with the ability to access content or user information which has been removed from administrator view, and volunteer developers with access to nonpublic personal data. Authorized Wikimedia community members may include, for example, oversighters, checkusers, volunteer developers, and other similar authorized roles.
Protection of nonpublic personal data. You agree to:
- Comply with the Privacy Policy; the Access to nonpublic personal data Policy; and any other applicable and nonconflicting community policy relating to nonpublic information;
- Refrain from disclosing nonpublic personal data to anyone, except as permitted under those policies;
- Reasonably safeguard your account against unauthorized access and use;
- Engage in the access, use, and disclosure of nonpublic personal data only as needed and allowed in your role as an authorized Wikimedia community member; and
- Email
check-disclosurewikimedia.org
an explanation of the nonpublic personal data you wish to disclose to outside parties such as law enforcement at least 10 days prior to the date of your anticipated disclosure.
Violation. You agree that, in case of a violation of this agreement, including improper access, use, or disclosure of nonpublic personal data:
- You will notify the Wikimedia Foundation of the violation immediately;
- You will delete or otherwise destroy all nonpublic personal data in your possession and control, if instructed by the Wikimedia Foundation;
- Your access to nonpublic personal data may be terminated; and
- The Wikimedia Foundation may pursue available legal remedies, including injunctive relief or, in the case of willful intent, monetary damages.
Other provisions. You also agree that:
- This agreement does not create an employment, agency, partnership, or joint venture relationship between you and the Wikimedia Foundation;
- You may not transfer or assign your rights or obligations under this agreement;
- You are solely responsible for how you access and use nonpublic personal data, and your activity or account may be reviewed by other authorized users or the Wikimedia Foundation; and
- The laws of the State of California and the United States of America will govern this agreement (without reference to conflict of laws principles).
Interface
By typing your name below, clicking the check box, and clicking the "Sign Document" ("Sign Document") button below, you acknowledge that you have reviewed and agree to this confidentiality agreement between you and the Wikimedia Foundation. Among other things, you must:
- (1) Keep nonpublic personal data, as defined in this confidentiality agreement, confidential;
- (2) Obtain prior written approval from the Wikimedia Foundation if you determine such information should be disclosed to any outside parties, such as law enforcement;
- (3) Comply with the Wikimedia Privacy Policy and the Access to nonpublic personal data Policy; and
- (4) Provide to the Wikimedia Foundation a valid email address linked to the account under which you have or are applying for access rights.
Miscellaneous text for translation purposes
By typing your name below, clicking the check box, and clicking the "Sign Document" ("Sign Document") button below, you acknowledge that you have reviewed and agree both to this confidentiality agreement between you and the Wikimedia Foundation as well as the VRT confidentiality agreement. Among other things, you must:
General Confidentiality Agreement - Nonpublic personal data
VRTS Users Confidentiality Agreement - Nonpublic personal data
Submit