Project:Privacy policy/en

From Gangplank
< Project:Privacy policy
Revision as of 12:34, 16 April 2021 by HR (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Name and address of the controller

The controller for the purpose of the EU GDPR (General Data Protection Regulation) and other national data protection laws of the Member States, as well as other data protection regulations, is:

Bruno Pocheron
privacy@gangplank.group

General information about data processing

Extent of the processing of personal data

We collect and use personal information from our users only to the extent necessary to provide a functional website, content and services.

Legal basis for the processing of personal data

When we obtain the consent of the data subject for processing personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data necessary for completing a contract, in which the data subject is a party, Art. 6 para. 1 lit. b of the GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual actions.

When the processing of personal data is required to fulfil a legal obligation to which our project is subjected, Art. 6 para. 1 lit. c of the GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d of the GDPR serves as the legal basis.

If processing is necessary to safeguard the factual interests of our project or a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh those interests, Art. 6 para. 1 lit. f of the GDPR serves as the legal basis for processing.

Deletion of data and storage duration

The personal data of the data subject will be deleted or blocked as soon as the reason for storage expires. In addition, data storage may occur when required by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Restriction or deletion of data also occurs when a storage period prescribed by the aforementioned standards expires, unless there is a need for longer storage of the data, for entering or fulfilment of a contract.

Accessing the website and creation of log files

Description and extent of data processing

Each time our website is accessed, our system automatically collects data and information from the requesting computer. The following data is collected:

  1. Information about the user's web browser and its version;
  2. the user's operating system;
  3. the user's IP address;
  4. the date and time of access;
  5. Websites from which the user's system reaches our website;
  6. Websites that are accessed by the user's system through our website.

The data is also stored in our systems' log files. Storage of this data together with other personal data of the user does not occur.

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f of the GDPR.

Reason for data processing

Temporary storage of the IP address by the system is necessary to deliver the website to the user's computer. To do this, the user's IP address must be stored for the duration of the session.

Storage in log files occurs to ensure the functionality of the website. In addition, the data is used to ensure the security of our information technology systems. Analysis of the data for marketing purposes does not take place in this context.

For these purposes, our factual interest in the processing of data is according to Art. 6 para. 1 lit. f of the GDPR.

Duration of storage

The data will be deleted as soon as it is not needed to achieve the purposes for which it was collected. In the case of data collection used to providing the website, this takes place when the respective session is completed.

For data storage in log files, this takes place after fourteen days at the latest.

Usage of cookies

Description and extent of data processing

Our website uses cookies. Cookies are text files that are stored in or by the web browser on the user's computer systems. When a user visits a website, a cookie may be stored in the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is revisited.

We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser can be identified even across multiple sessions. Only a random ID is stored in the cookie and transmitted.

Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f of the GDPR.

Reason for data processing

The reason for using cookies is to simplify the use of the websites. Some features of our website cannot be provided without the use of cookies. For these, it is necessary that the browser can be recognized across multiple sessions.

We require cookies for the following:

  1. To keep logins active.
  2. To preserve individual settings such as user names or search preferences.

For these purposes, our factual interest in the processing of personal data is pursuant to Art. 6 para. 1 lit. f of the GDPR.

Duration of storage

Cookies are stored on the users's computer and transmitted by the computer to our website. These cookies are automatically deleted after the browser is closed.

Notifications and mailing lists

Description and extent of data processing

Our website provides the opportunity to subscribe to free notification services or mailing lists. When a user signs up for the notification service or a mailing list, the data from the registration dialog or the email is sent to us, such as the email address being used. In addition, the following data is collected upon registration:

  1. IP address of the requesting computer
  2. Date and time of the registration confirmation

For processing the data, your consent is obtained during the registration process and a reference is made to this privacy policy.

Regarding data processing used to send notifications or emails from a mailing list, no transfer of the data to third parties takes place. The data will be used exclusively for sending notifications or emails from a mailing list.

Legal basis for data processing

The legal basis for processing data after registration by the user is the consent from the user, according to Art. 6 para. 1 lit. a of the GDPR.

Reason for data processing

The collection of the user's email address serves to deliver notifications or emails from the mailing list. The collection of the date and time of the registration confirmation serves as proof of registration (opt-in).

Duration of storage

The data will be deleted as soon as it is not needed to achieve the purposes for which it was collected. The date of the registration confirmation and the email address of the user will be stored for as long as the subscription to the notifications or mailing list is active.

Option to object and remove data

Subscriptions to notifications or mailing lists can be terminated by the affected user at any time. For this purpose, there is detailed information in every notification or email.

Registration

Description and extent of data processing

On our website, we offer users the opportunity to register by providing personal information (for example the wiki). The data is entered into a dialog box, and transmitted to us and stored. A transfer of data to third parties does not take place. The following data is collected as part of the registration process: a username, and an email address. Details like the name ("real name") or further personal information is always voluntary.

At the time of registration, the following data is also stored:

  1. The user's IP address
  2. The date and time when the registration took place

As part of the registration process, the user's consent to process this data is obtained.

Legal basis for data processing

The legal basis for processing the data is the consent of the user, according to Art. 6 para. 1 lit. b of the GDPR.

Reason for data processing

User registration is required for the provision of certain content and services on our website.

For specific notification of the user's changes;

To prevent abuse;

Duration of storage

The data will be deleted as soon as it is not needed to achieve the purposes for which it was collected.

This is the case for the data collected during the registration process when the registration on our website is canceled or modified.

Email contact

Description and extent of data processing

On our website, it is possible to contact us via the provided email address. In this case, the user's personal data transmitted by email will be stored.

Legal basis for data processing

The legal basis for processing the data that is transmitted when sending an email is Article 6 (1) lit. f of the GDPR.

Reason for data processing

The processing of personal data of the contact via email serves only for processing the communication.

Duration of storage

The data will be deleted as soon as it is not needed to achieve the purposes for which it was collected. This is the case for personal data sent by email, if the respective email is no longer required. In addition, statutory storage requirements may apply.

Rights of the affected person

If your personal data is processed, you are an affected person in the sense of the GDPR, and you have the following rights:

Right of access

You may ask the controller to confirm if personal data concerning you is processed by us.

If such processing is taking place, you can request information from the controller about the following:

  1. the purposes for which the personal data is processed;
  2. the categories of personal data which are being processed;
  3. the recipients (or categories of recipients) to whom the personal data has been disclosed, or is still being disclosed;
  4. the planned duration of the storage of your personal data or, if specific information is not available, the criteria for determining the duration of storage;
  5. the existence of a right to correct or delete your personal data, a right to restrict the processing by the controller, or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the source of the data, if the personal data has not been collected from the data subject by the controller;
  8. the existence of automated decision-making, including profiling according to Art. 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved, as well as the implications and intended effects of such processing on the data subject.

You have the right to request information about whether your personal information is transferred to a third country or an international organization. In this context, you can request the appropriate guarantees in accordance with. Art. 46 of the GDPR regarding the transfer.

Right to correction

You have a right to correction and/or completion from the controller, if the personal data being processed is incorrect or incomplete. The controller must make the correction without delay.

Right to restriction of processing

You may request a restriction on the processing of your personal data under the following conditions:

  1. if you contest the accuracy of your personal information, for a period of time that enables the controller to verify the accuracy of your personal information;
  2. the processing is unlawful, and you refuse the deletion of the personal data, and instead request that use of the personal data is restricted;
  3. the controller no longer requires personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
  4. if you have filed an objection against processing, pursuant to Art. 21 (1) of the GDPR, and it is not yet certain whether the factual reasons of the controller outweigh your reasons.

If processing of personal data concerning you is restricted, this data may only be used (apart from storage) with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons of public interest importance in the Union or a Member State.

If the limitations of the processing of your personal data were restricted according to the aforementioned criteria, the controller will inform you before lifting those limitations.

Right to deletion

Deletion obligations

You may demand that the controller deletes your personal information without delay, and the controller is required to delete that information immediately if one of the following reasons is true:

  1. Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You revoke your consent to the processing, which was based on Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a of the GDPR, and there is no other legal basis for processing.
  3. You object to the processing in accordance with Article 21 (1) of the GDPR, and there are no factual reasons for the processing, or you object to the processing in accordance with Article 21 (2) of the GDPR.
  4. Your personal data is processed unlawfully.
  5. The deletion of your personal data is required to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
  6. Your personal data was collected in relation to information society services offered pursuant to Art. 8 (1) of the GDPR.

Information to third parties

If the controller has made your personal data public, and is obliged to delete it according to Article 17 (1) of the GDPR, he shall take appropriate measures, including technical ones, to inform data controllers who process the personal data, that you, the affected person, have requested that deletion of all links to such personal information or copies of such personal information, taking into account available technology and implementation costs.

Exceptions

The right to deletion does not exist if the processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. to fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of official authority assigned to the controller;
  3. for reasons of public interest in the field of public health according to Art. 9 (2) lit. h and i and

Art. 9 (3) of the GDPR;

  1. for archival purposes of public interest, scientific or historical research purposes, or for statistical purposes according to Art. 89 (1) of GDPR, to the extent that the right referred to in subparagraph (a) is likely to render impossible (or seriously affect) the realisation of the objectives of the processing, or
  2. to assert, exercise or defend legal claims.

Right to be informed

If you have claimed the right to correct, delete or restrict processing to the controller, he is obliged to notify all recipients to whom your personal data has been disclosed of this correction, deletion or restriction, unless: this proves to be impossible or involves a disproportionate effort.

You have a right to be informed by the controller about these recipients.

Right to data portability

You have the right to receive personal data that you provided to the controller in a structured, standard and machine-readable format. In addition, you have the right to transfer this data to another person without interference by the controller who was provided the personal data, so long as

  1. the processing is based on consent according to Art. 6 para. 1 lit. a of the GDPR or Art. 9 para. 2 lit. a of the GDPR, or on a contract according to Art. 6 para. 1 lit. b of the GDPR and
  2. the processing is done using automated procedures.

In exercising this right, you also have the right that your personal data is transmitted directly from one controller to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the controller.

Right to object

You have the right at any time, for reasons that arise from your particular situation, to object to the processing of your personal data, in accordance with Art. 6 para. 1 lit. e or f of the GDPR; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless he can demonstrate compelling factual grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, to exercise your right to object utilising automated procedures that use technical specifications.

Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent, until the revocation.

Right to complain to a supervisory authority

If you believe that the processing of your personal data violates the GDPR, you have the right, without prejudice to any other administrative or judicial remedy, to complain to a supervisory authority, in particular in the member Member State of your residence, place of work or place of alleged infringement.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the option of a judicial remedy pursuant to Art. 78 of the GDPR.

Attribution

This privacy policy was originally published by The Document Foundation (TDF) at https://www.libreoffice.org under the Creative Commons Attribution-Share Alike 3.0 License. Changes were made to fit the policy for our purpose.