Project:Privacy policy

From Gangplank
Revision as of 00:04, 1 February 2021 by HR (talk | contribs) (Created page with "== Name and address of the controller == The controller for the purpose of the EU GDPR (General Data Protection Regulation) and other national data protection laws of the Mem...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Name and address of the controller

The controller for the purpose of the EU GDPR (General Data Protection Regulation) and other national data protection laws of the Member States, as well as other data protection regulations, is:

Todo: Name

Todo: Email

General information about data processing

Extent of the processing of personal data

We collect and use personal information from our users only to the extent necessary to provide a functional website, content and services. The collection and use of personal data from our users takes place only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for factual reasons, and processing the data is permitted by law.

Legal basis for the processing of personal data

When we obtain the consent of the data subject for processing personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data necessary for completing a contract, in which the data subject is a party, Art. 6 para. 1 lit. b of the GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual actions.

When the processing of personal data is required to fulfil a legal obligation to which our project is subjected, Art. 6 para. 1 lit. c of the GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d of the GDPR serves as the legal basis.

If processing is necessary to safeguard the factual interests of our project or a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh those interests, Art. 6 para. 1 lit. f of the GDPR serves as the legal basis for processing.

Deletion of data and storage duration

The personal data of the data subject will be deleted or blocked as soon as the reason for storage expires. In addition, data storage may occur when required by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Restriction or deletion of data also occurs when a storage period prescribed by the aforementioned standards expires, unless there is a need for longer storage of the data, for entering or fulfilment of a contract.

Accessing the website and creation of log files

Description and extent of data processing

Each time our website is accessed, our system automatically collects data and information from the requesting computer. The following data is collected:

  1. Information about the user's web browser and its version;
  2. the user's operating system;
  3. the user's IP address;
  4. the date and time of access;
  5. Websites from which the user's system reaches our website;
  6. Websites that are accessed by the user's system through our website.

The data is also stored in our systems' log files. Storage of this data together with other personal data of the user does not occur.

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f of the GDPR.

Reason for data processing

Temporary storage of the IP address by the system is necessary to deliver the website to the user's computer. To do this, the user's IP address must be stored for the duration of the session.

Storage in log files occurs to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. Analysis of the data for marketing purposes does not take place in this context.

For these purposes, our factual interest in the processing of data is according to Art. 6 para. 1 lit. f of the GDPR.

Duration of storage

The data will be deleted as soon as it is not needed to achieve the purposes for which it was collected. In the case of data collection used to providing the website, this takes place when the respective session is completed.

For data storage in log files, this takes place after fourteen days at the latest. Longer storage is possible. In this case, the IP addresses of the users are deleted or obfuscated, so that linking the data to the requesting client is no longer possible.

Option to object and remove data

The collection of data for accessing the website and the storage of the data in log files is essential for the operation of the website. There is consequently no option for users to opt-out of this data collection.

Usage of cookies

Description and extent of data processing

Our website uses cookies. Cookies are text files that are stored in or by the web browser on the user's computer systems. When a user visits a website, a cookie may be stored in the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is revisited.

We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser can be identified even across multiple sessions. Only a random ID is stored in the cookie and transmitted.

In addition, some services offered through our web servers use cookies to store custom settings across sessions. These are in particular: Jitsi (the specified user name is stored), OpenGrok (search preferences), WordPress (user name, URL and email address) and EtherPad (user name and text colour assigned to it). It is not necessary to provide a username in order to use these services.

When accessing our website, users are informed by a banner about the use of cookies for analysis purposes, and users are referred to this privacy policy. In this context, there is also information of how browser settings can be changed to prevent the storage of cookies.

Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f of the GDPR.

Reason for data processing

The reason for using cookies is to simplify the use of the websites. Some features of our website cannot be provided without the use of cookies. For these, it is necessary that the browser can be recognized across multiple sessions.

We require cookies for the following:

  1. To keep logins active.
  2. To preserve individual settings such as user names or search preferences.

The user data collected via those technically necessary cookies will not be used to create user profiles.

For these purposes, our factual interest in the processing of personal data is pursuant to Art. 6 para. 1 lit. f of the GDPR.

Duration of storage, and option to object and remove data

Cookies are stored on the users's computer and transmitted by the computer to our website. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your web browser, you can disable or restrict the transmission of cookies. Cookies that have been saved already can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may though not be possible to use all the features of our website in full.

Notifications and mailing lists

Description and extent of data processing

Our website provides the opportunity to subscribe to free notification services or mailing lists. When a user signs up for the notification service or a mailing list, the data from the registration dialog or the email is sent to us, such as the email address being used. In addition, the following data is collected upon registration:

  1. IP address of the requesting computer
  2. Date and time of the registration confirmation

For processing the data, your consent is obtained during the registration process and a reference is made to this privacy policy.

Regarding data processing used to send notifications or emails from a mailing list, no transfer of the data to third parties takes place. The data will be used exclusively for sending notifications or emails from a mailing list.

Legal basis for data processing

The legal basis for processing data after registration by the user is the consent from the user, according to Art. 6 para. 1 lit. a of the GDPR.

Reason for data processing

The collection of the user's email address serves to deliver notifications or emails from the mailing list. The collection of the date and time of the registration confirmation serves as proof of registration (opt-in).

Duration of storage

The data will be deleted as soon as it is not needed to achieve the purposes for which it was collected. The date of the registration confirmation and the email address of the user will be stored for as long as the subscription to the notifications or mailing list is active. Other personal data collected during the registration process will normally be deleted after a period of five weeks.

Option to object and remove data

Subscriptions to notifications or mailing lists can be terminated by the affected user at any time. For this purpose, there is detailed information in every notification or email.

Registration

Description and extent of data processing

On our website, we offer users the opportunity to register by providing personal information (for example: Bugzilla, the wiki, WebSingleSignOn, Pootle, AskBot). The data is entered into a dialog box, and transmitted to us and stored. A transfer of data to third parties does not take place. The following data is collected as part of the registration process: a username, and an email address. Details like the name ("real name") or further personal information is always voluntary.

At the time of registration, the following data is also stored:

  1. The user's IP address
  2. The date and time when the registration took place

As part of the registration process, the user's consent to process this data is obtained.

Legal basis for data processing

The legal basis for processing the data is the consent of the user, according to Art. 6 para. 1 lit. a of the GDPR.

Reason for data processing

User registration is required for the provision of certain content and services on our website.

For specific notification of the user's changes;

To prevent abuse;

Duration of storage

The data will be deleted as soon as it is not needed to achieve the purposes for which it was collected.

This is the case for the data collected during the registration process when the registration on our website is canceled or modified.

Option to object and remove data

As a user, you have the option to cancel the registration at any time. You can change or modify the data stored about you at any time. You will find this information in the confirmation email for your application, as well as on the login page of the service. An email with relevant information to privacy@documentfoundation.org is also sufficient.

Email contact

Description and extent of data processing

On our website, it is possible to contact us via the provided email address. In this case, the user's personal data transmitted by email will be stored.

There is no disclosure of the data to third parties. The data is used exclusively to process the conversation.

Legal basis for data processing

The legal basis for processing the data is consent of the user, according to Art. 6 para. 1 lit. a of the GDPR.

The legal basis for processing the data that is transmitted when sending an email is Article 6 (1) lit. f of the GDPR. If the email contact aims to conclude a contract, then the additional legal basis for processing is Art. 6 para. 1 lit. b of the GDPR.

Reason for data processing

The processing of personal data of the contact via email serves only for processing the communication.

Duration of storage

The data will be deleted as soon as it is not needed to achieve the purposes for which it was collected. This is the case for personal data sent by email, if the respective email is no longer required. In addition, statutory storage requirements may apply.

Option to object and remove data

The user has the option – at any time – to revoke his consent to the processing of his personal data. If the user contacts us by email, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue. All you need to do is send an mail with relevant information to privacy@documentfoundation.org.

All personal data stored in the course of communication will be deleted in this case.

Integration of third party services

Type and extent

Our websites use third party services. They are integrated dynamically into web pages. These services can set cookies from the respective providers on your computer, and also execute JavaScript code.

Use of YouTube components with advanced privacy mode

On our websites, we use components (videos) from the company YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Here we use the option provided by YouTube "- extended privacy mode -".

When you visit a page that has an embedded video, it will connect to the YouTube servers and display the content by notifying your browser on the website.

According to information provided by YouTube, in "- enhanced privacy mode -" data is only transmitted to the YouTube server when watching the video, in particular which of our web pages you have visited. If you are logged in to YouTube at the same time, this information will be associated with your membership account on YouTube. You can prevent this by logging out of your account before visiting our website.

Additional information about YouTube's privacy is provided by Google at the following link:

https://www.google.de/intl/de/policies/privacy/

Use of Vimeo components

We use components of the Vimeo service on our website. Vimeo is a service of Vimeo LCC, 555 West 18th Street, NY, New York 10011, USA. Each time you visit a web page which has such a component, this component causes the browser you are using to download a corresponding representation of the component from Vimeo. When you visit our site and you are logged in to Vimeo, Vimeo recognises, through the information gathered by the component, which specific site you are visiting and assigns this information to your personal Vimeo account. If, for instance, you click the "Play" button or leave a comment, this information will be transmitted to your personal Vimeo account and stored there. In addition, the fact that you have visited our site is passed on to Vimeo. This happens regardless of whether you, for instance, click on the component, or leave comments, or not.

If you wish to stop this transmission and storage of data about you and your behaviour on our website through Vimeo, you must log out of Vimeo before you visit our site. The privacy notices of Vimeo provide more detailed information, in particular for the collection and use of data by Vimeo: https://vimeo.com/privacy

Legal basis for data processing

The legal basis for the processing of personal data using cookies is in Article 6 (1) lit. f of the GDPR.

Reason for data processing

The reason for the usage is to make the websites easier to use. Some features of our website can not be offered without the use of third-party components.

Duration of storage, and option to object and remove data

Cookies are stored on the users's computer and transmitted by the computer to our website. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your web browser, you can disable or restrict the transmission of cookies. Cookies that have been saved already can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the features of our website in full.

If additional JavaScript code is executed, you can also prevent this. To do this, you must disable the JavaScript feature in your web browser. However, please note that in this case you will not be able to use the associated services, or only to a limited extent.

Rights of the affected person

If your personal data is processed, you are an affected person in the sense of the GDPR, and you have the following rights:

Right of access

You may ask the controller to confirm if personal data concerning you is processed by us.

If such processing is taking place, you can request information from the controller about the following:

  1. the purposes for which the personal data is processed;
  2. the categories of personal data which are being processed;
  3. the recipients (or categories of recipients) to whom the personal data has been disclosed, or is still being disclosed;
  4. the planned duration of the storage of your personal data or, if specific information is not available, the criteria for determining the duration of storage;
  5. the existence of a right to correct or delete your personal data, a right to restrict the processing by the controller, or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the source of the data, if the personal data has not been collected from the data subject by the controller;
  8. the existence of automated decision-making, including profiling according to Art. 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved, as well as the implications and intended effects of such processing on the data subject.

You have the right to request information about whether your personal information is transferred to a third country or an international organization. In this context, you can request the appropriate guarantees in accordance with. Art. 46 of the GDPR regarding the transfer.

Right to correction

You have a right to correction and/or completion from the controller, if the personal data being processed is incorrect or incomplete. The controller must make the correction without delay.

Right to restriction of processing

You may request a restriction on the processing of your personal data under the following conditions:

  1. if you contest the accuracy of your personal information, for a period of time that enables the controller to verify the accuracy of your personal information;
  2. the processing is unlawful, and you refuse the deletion of the personal data, and instead request that use of the personal data is restricted;
  3. the controller no longer requires personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
  4. if you have filed an objection against processing, pursuant to Art. 21 (1) of the GDPR, and it is not yet certain whether the factual reasons of the controller outweigh your reasons.

If processing of personal data concerning you is restricted, this data may only be used (apart from storage) with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons of public interest importance in the Union or a Member State.

If the limitations of the processing of your personal data were restricted according to the aforementioned criteria, the controller will inform you before lifting those limitations.

Right to deletion

Deletion obligations

You may demand that the controller deletes your personal information without delay, and the controller is required to delete that information immediately if one of the following reasons is true:

  1. Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You revoke your consent to the processing, which was based on Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a of the GDPR, and there is no other legal basis for processing.
  3. You object to the processing in accordance with Article 21 (1) of the GDPR, and there are no factual reasons for the processing, or you object to the processing in accordance with Article 21 (2) of the GDPR.
  4. Your personal data is processed unlawfully.
  5. The deletion of your personal data is required to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
  6. Your personal data was collected in relation to information society services offered pursuant to Art. 8 (1) of the GDPR.

Information to third parties

If the controller has made your personal data public, and is obliged to delete it according to Article 17 (1) of the GDPR, he shall take appropriate measures, including technical ones, to inform data controllers who process the personal data, that you, the affected person, have requested that deletion of all links to such personal information or copies of such personal information, taking into account available technology and implementation costs.

Exceptions

The right to deletion does not exist if the processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. to fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of official authority assigned to the controller;
  3. for reasons of public interest in the field of public health accordin to Art. 9 (2) lit. h and i and

Art. 9 (3) of the GDPR;

  1. for archival purposes of public interest, scientific or historical research purposes, or for statistical purposes according to Art. 89 (1) of GDPR, to the extent that the right referred to in subparagraph (a) is likely to render impossible (or seriously affect) the realisation of the objectives of the processing, or
  2. to assert, exercise or defend legal claims.

Right to be informed

If you have claimed the right to correct, delete or restrict processing to the controller, he is obliged to notify all recipients to whom your personal data has been disclosed of this correction, deletion or restriction, unless: this proves to be impossible or involves a disproportionate effort.

You have a right to be informed by the controller about these recipients.

Right to data portability

You have the right to receive personal data that you provided to the controller in a structured, standard and machine-readable format. In addition, you have the right to transfer this data to another person without interference by the controller who was provided the personal data, so long as

  1. the processing is based on consent according to Art. 6 para. 1 lit. a of the GDPR or Art. 9 para. 2 lit. a of the GDPR, or on a contract according to Art. 6 para. 1 lit. b of the GDPR and
  2. the processing is done using automated procedures.

In exercising this right, you also have the right that your personal data is transmitted directly from one controller to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the controller.

Right to object

You have the right at any time, for reasons that arise from your particular situation, to object to the processing of your personal data, in accordance with Art. 6 para. 1 lit. e or f of the GDPR; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless he can demonstrate compelling factual grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, to exercise your right to object utilising automated procedures that use technical specifications.

Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent, until the revocation.

Right to complain to a supervisory authority

If you believe that the processing of your personal data violates the GDPR, you have the right, without prejudice to any other administrative or judicial remedy, to complain to a supervisory authority, in particular in the member Member State of your residence, place of work or place of alleged infringement.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the option of a judicial remedy pursuant to Art. 78 of the GDPR.

Credits

This privacy policy was originally published by The Document Foundation (TDF) at https://www.libreoffice.org under the Creative Commons Attribution-Share Alike 3.0 License. Changes were made to fit the policy for our purpose.