Privacy Policy

Privacy Policy

Welcome to the National Gravity Reference Station (LOGG) website (the "Site"). We respect your privacy. This page explains what personal data we collect, why, how long we keep it, and your rights regarding that data.

1. Scope

This policy applies to all visitors and members of the Site. It does not cover external websites that we may link to; please review their respective privacy policies.

2. What we collect

• Member account data: name, email, password (stored as a one-way salted hash), affiliation (optional), date of registration.
• Contact / data application form: name, email, optional phone, message content, submission time.
• Server access logs: IP address, browser User-Agent, timestamps of HTTP requests; admin login attempts (success and failure) including IP and User-Agent.
• Necessary cookies: PHP session cookie (login state), CSRF token, visitor counter increment marker. We do not use third-party tracking, analytics or advertising cookies.

3. Why we collect (purpose)

• To operate the member system (registration, login, password reset, email verification).
• To respond to enquiries submitted through contact / data application forms.
• To safeguard the Site (rate-limiting, abuse detection, audit of administrative access).
• To meet operational and statistical reporting obligations to the Ministry of the Interior.

4. Retention period

• Member accounts: retained for as long as the account remains active. Members may request deletion at any time.
• Contact / data application forms: retained for up to 5 years for record-keeping.
• Server access logs and admin-login audit logs: retained for at least 90 days; longer if required for security investigation.

5. Sharing and transfer

We do not sell, rent or trade personal data. We disclose personal data only:

• To the Ministry of the Interior (commissioning agency) and its designated operating contractors (ITRI, NCTU) for operating the Site;
• When required by Taiwanese law, court order or governmental request;
• To investigate suspected abuse or security incidents.

6. Your rights (Personal Data Protection Act, Article 3)

You may at any time request to: review, obtain a copy, supplement / correct, or request deletion of your personal data; request that we stop collecting, processing or using your personal data.

To exercise these rights, please contact us via the Contact page.

7. Security

Passwords are stored as bcrypt hashes; data is transmitted over HTTPS; CSRF protection is applied to all state-changing requests; admin login attempts (success and failure) are logged for audit. We apply reasonable technical and organisational measures, but no online service is 100% secure.

8. Cookies

We use only "strictly necessary" cookies that are required for the Site to operate (session login, CSRF protection, visitor counter). We do not use Google Analytics, Facebook Pixel, advertising trackers or similar third-party cookies. If we add such tools in the future, we will update this policy and present an explicit consent banner.

9. Updates to this policy

We may update this policy from time to time. The "last updated" date below reflects the most recent revision.

Last updated: 2026-06-06