Data Request Process

From Miraheze Meta, Miraheze's central coordination wiki

Shortcut:
GDPR

This document describes Miraheze's Data Request Process. This document is very much unfinished.

How to request data

In order to assert your right of access, right of rectification, or right of erasure in regards to your personal data, please follow the process below. If you're trying to get an export or backup of a wiki, please use Special:DataDump on your wiki instead.

Before requesting a correction of personal data, please consider visiting your preferences page to amend data there. If it's data on a wiki page, please try to edit the page with the correct data first. Miraheze is entirely run by volunteers, so if this can resolve your issue, it will be faster and better for everyone.

To initiate a request regarding personal data, please send an email to privacy(at)miraheze.org. This email should contain:

  • The specific type of data request you are requesting. This should include words like "copy", "correction", or "deletion", to make it clear exactly what you are requesting.
  • If you are requesting a copy of data about you, please specify which types of data you want, or all data.
  • If you are requesting a correction of data, please include what the incorrect data is, as well as what you wish the data to be changed to. Label both clearly.
  • If you are requesting erasure of data, please specify which data you want deleted, or all data. Let us know if you also want your account locked.

Any errors in your request can lead to delay in processing.

You may be asked to verify your email account on Miraheze, to ensure that we do not send data to a person who is not the owner of an account.

Many requests, such as account name changes, that do not need to be discussed privately may also be requested via Special:GlobalRenameRequest, at your discretion.

How Miraheze will process your request

We have a limit of 30 days to process each request, but should try to do so faster. Requests from European and South Korean residents and citizens should be prioritized, as the local regulations require response within a certain time limit.

Information about the request should be restricted to Miraheze staff, unless the request was made in a public channel. Personally identifiable information should remain private, as described in Section 7 of the Privacy Policy.

The first thing we should do is get a copy of everything that is stored in the user table. You'll need to gather all of the IPs recorded by that user, so go ahead and compile a list of revisions made by the user on every wiki.

A list of extensions that may store PII:

  • < tbd >

Matomo stores data without the last byte of the IPv4 header, so it is reasonably hard to assume that any IP is associated with a particular user. As such, we don't need to consider Matomo for the request.