Scope of This Notice
Our Commitment to Privacy
Your privacy is important to the Foundation. To better protect your privacy and to comply with various laws and regulations, we have provided this policy explaining our information practices and the choices you can make about the way your personal information is collected, used and disclosed. To make this policy easy to find, we have made it available on our homepage and at many of the locations where personally-identifiable information may be requested.
The Information We Collect
The Foundation collects personal data when:
- you sign up as a Foundation Supporter or otherwise donate to the Foundation;
- you visit any Foundation website;
- you use one of the Foundation’s mailing lists;
- you use one of the Foundation’s code repositories;
- you use one of the Foundation’s IRC channels;
- register to, present at, and/or attend, our events and conferences, or at our booths when we are present at someone else’s conference/event
- enter into a contract with us;
- sign up for job alerts on our websites, submit a job application, a CV, cover letter, or social media profile to a job vacancy, attend an interview, assessment, or meeting;
- register for, and update an online account with us (including if you access through Facebook, LinkedIn, Twitter, Google, or an open IP provider);
- you participate in surveys and evaluations;
- ‘follow’, ‘like’, post to, or interact with, our social media accounts, including Facebook, LinkedIn, Twitter, Instagram, and Google+;
- you submit questions or comments to us.
This policy applies to the Foundation’s general operations, supporter program, websites and events.
The information you provide to us will include (depending on the circumstances):
- Identity and contact data: title, names, addresses, email addresses, phone numbers or your signature.
- Account profile data: a username/display name, password, user preferences and, if you sign up through a social media account, certain information about that account.
- Conference registration details: the company/organization you work for, job title/position, language preferences, your name, your email, your age, your gender, your job function, your experience, your opinions and why you are attending the conference and what you hope to learn, your accessibility needs.
- Financial data: payment details, which may include billing addresses, credit/debit card details and bank account details.
- Employment and background data: if you apply for employment on our sites, your academic and work history, qualifications, skills, projects and research that you are involved in, references, proof of your entitlement to work in the relevant country, your national security number, your passport or other identity document details, your current level of remuneration (including benefits), and any other such similar information that you may provide to us.
- Visual and audio information about yourself: e.g. a photo or video footage, or sound recording.
- Sensitive information: information about your race or ethnicity, religious beliefs, sexual orientation, health and whether or not you have any disability. You can find out more about how we use the sensitive information below in the “Special Categories of Data” section.
- Any other information that you choose to share with us: for example, any information that you provide via correspondence, when you fill out our survey(s), that you share via our website or social media accounts linked to our website, or any information that you choose to provide in person at events, meetings, or over the phone.
In certain circumstances, we will receive information about you from other sources, including third parties. For example, we may receive personal information from any of the following, who may be based inside and/or outside the EU:
- Other website or service users.
- Event attendees.
- Your agents or representatives who are acting on your instructions.
- Organizations with whom we provide co-branded events, websites, products, and services.
- Fraud detection agencies.
- Your current and former employers, recruitment agencies, and referees.
- Service providers including our website developers, IT support providers, cloud services providers, payment services providers, billing service providers, contractors, consultants, advertising agencies and platforms, digital performance monitoring and management providers, advertising analytics providers, recruitment agencies, survey tool providers, event ticket retailers, event management platform service providers, HR service providers, couriers, instant messaging service providers.
- Social media plugins. By providing your social media account details you are authorizing that third-party provider to share with us certain information about you.
- Publicly available sources such as LinkedIn.
We might also receive information about you from other third parties if you have indicated to such third parties that you would like to hear from us.
Special Categories of Data
Special categories of particularly sensitive personal information require higher levels of protection. These so-called “special categories of data” include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Depending on the circumstances, we will also collect information about criminal convictions and offenses.
We need to have further justification for collecting, storing and using this type of personal information. We process special categories of personal information in the following circumstances:
- in limited circumstances, with your explicit written consent
- where it is necessary to carry out our legal obligations or exercise rights in connection with employment
- where it is necessary for reasons of substantial public interest, such as for equal opportunities monitoring
- where it is necessary in relation to legal claims
- where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent
- where you have already made the information public.
For example, we may collect special categories of information:
- when you apply to work for us (for diversity and equal opportunities records, to support your needs and facilitate access to our premises, and to carry out background checks);
- when you attend our events, visit our premises, or apply for a scholarship or funding from us (to make any necessary arrangements for your attendance, monitor diversity, and to investigate claims about breaches of our Conference Code of Conduct).
In limited circumstances, we may request your written consent to allow us to use certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
Using (Processing) Your Personal Data
The Foundation uses the personal data you provide to:
- To provide access to our website in a manner convenient and optimal (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner, or where we have a legal obligation to prevent unauthorised access).
- To process and fulfill your donation to the Foundation (on the basis of performing our contract with you).
- To process and facilitate transactions and payments, and recover money owed to us (on the basis of performing our contract with you, and on the basis of our legitimate interest to recover debts due).
- To monitor your account and use of services to prevent and identify unlawful content use and violations of our policies (on the basis of our legitimate interests to operate a safe and lawful business, or where we have a legal obligation to do so).
- To identify and authenticate you (on the basis of your consent where we have requested it, or on the basis of our legitimate interest to ensure that users are verifiable)
- To enable you to communicate with other users (on the basis of your consent where we have requested it, or on the basis of performing our contract with you).
- To attribute data and content you produce directly and indirectly in our public-facing services (on the basis our legitimate interests to create a public record of the data and content produced by the Foundation’s services; and to maintain the integrity of that data and content for historical, scientific, and research purposes.)
- To conduct business with you or your employer, including to contact you and manage and facilitate our business relationship with you and your employer (on the basis of performing our contract with you, and our legitimate interest in running our business).
- To work with you and undertake projects with you, including to process any proposals that you submit to us (on the basis of our contract with you, and our legitimate interest in running our business).
- To provide access to, and administer scholarship and funding programs (on the basis of your consent where we have requested it, on the basis of performing our contract with you, and our legitimate interest in making our products and services accessible to a range of individuals with diverse backgrounds).
- For recruitment, including to process any job applications you submit to us, whether directly or via an agent or recruiter including sharing your information with our third-party recruitment agencies (on the basis of our legitimate interest to recruit new employees or contractors).
- To carry out marketing and let you know about our news, events, products or services that we believe may interest you, including sharing your information with our marketing services providers (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so).
- For research activities, including the production of statistical reports (on the basis of our legitimate interest in making our products and services accessible to a range of individuals with diverse backgrounds).
- To answer your questions (on the basis of consent)
- To maintain our servers (on the basis of our legitimate interest in maintaining an efficient business operation)
- To interact with users on social media platforms (on the basis of our legitimate interest in promoting our brand and communicating with interested individuals).
- To protect, investigate, and deter against fraudulent, unauthorized, or illegal activity (on the basis of our legitimate interests to operate a safe and lawful business, or where we have a legal obligation to do so).
- To enable us to comply with our policies and procedures and enforce our legal rights, and to protect the rights, property or safety of our employees and volunteers and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business, or where we have a legal obligation to do so).
As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties. Where we refer to our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interests we have specified in the section above. Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your Rights” below.
Sharing Your Personal Data
Unless you consent, the Foundation will never process or share the personal data you provide to us except as described below.
- To attribute your contributions to mailing lists, source repositories, Etherpads, wikis, forums, and IRC channels.
- As required to provide service (as a consequence of uses already described in this Privacy Statement)
- Sponsors, partners and collaborators, such as those organizations with whom we host co-branded events.
- Our service providers who are acting as processors and who assist us with our administrative or business functions, or in the provision of any of our products/services to you.
- For research activities, including the production of statistical reports (such aggregated information is used to describe our services and is not used to contact the subjects of the report).
- Regulators and governmental bodies like the IRS, HMRC, and other authorities and regulators acting as processors or joint controllers who require reporting of processing activities in certain circumstances.
- Other third parties including legal, professional or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) where necessary to enable us to enforce our legal rights or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law
We receive personal information from third-party services when you donate to us via online payment mechanisms. We do not sell or distribute this information to third parties. The Foundation uses this information to acknowledge your donation and send you occasional solicitations and newsletters. Donors can opt out of all contact or specify only print or e-mail contact by emailing email@example.com. Donor names are posted on our Sponsors and Supporters page as a recognition of their support, as well as listed in our annual report. At the time of the donation, the donor can ask to be anonymous, so that their name will not be publicly recognized.
The Foundation may send you e-mail to authorize accounts you create on our sites, to inform you of important upcoming Foundation events, to send occasional solicitations in connection with our donor programs as described above or in response to your questions. For your protection, the Foundation may contact you in the event that we find an issue that requires your immediate attention. The Foundation processes your personal data in these cases to fulfill and comply with its contractual obligations to you, to provide the services you have requested, and to ensure the security of your account.
Cookies and Other Browser Information
The Foundation’s online services automatically capture IP addresses. We use IP addresses to help diagnose problems with our servers, to administer our website, and to help ensure the security of your interaction with our services.
Our Commitment to Data Security
We will keep your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For information on the length of time that any particular piece of information may be kept, please contact firstname.lastname@example.org.
Public Forums Reminder
The Foundation often makes mailing lists, source repositories, Etherpads, wikis, websites, forums and IRC logs available to the public. Please remember that any information that is disclosed in these areas becomes public information. Please think carefully about your desired level of anonymity before you disclose personal information. Although we value individual ideas and encourage free expression, the Foundation reserves the right to take necessary action to preserve the integrity of these areas, such as removing any posting that is vulgar or inappropriate. It is in the Foundation’s legitimate business interests to provide all users with an accurate record of data and content provided in the public forums it maintains and uses; to maintain the integrity of that data and content for historical, scientific, and research purposes; and to provide an environment for the free exchange of ideas relevant and constructive to the development and propagation of free software.
Our Commitment to Children’s Online Privacy
Out of special concern for children’s privacy, the Foundation does not knowingly accept online personal information from children under the age of 13. The Foundation does not knowingly allow children under the age of 13 to become registered members of our sites. The Foundation does not knowingly collect or solicit personal information about children under 13.
In the event that the Foundation ever decides to expand its intended site audience to include children under the age of 13, those specific web pages will, in accordance with the requirements of the Children’s Online Privacy Protection Act (COPPA), be clearly identified and provide an explicit privacy notice addressed to children under 13. In addition, the Foundation will provide an appropriate mechanism to obtain parental approval, allow parents to subsequently make changes to or request removal of their children’s personal information, and provide access to any other information as required by law.
Additionally, EU residents under the age of 16 should not submit their personal data for subscribing to our email solicitations and we will delete any such data if we become aware of it.
About Links to Other Sites
This site contains links to other sites. The Foundation does not control the information collection of sites that can be reached through links from gnome.org, guadec.org, gnome.asia, flatpak.org or its sub-domains. If you have questions about the data collection procedures of linked sites, please contact those sites directly.
The Foundation is based in the United States of America. We transact business throughout the world and have operations, processes and systems that cross borders.
- only transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- where we use providers based in the US, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US; or
- where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe (the so-called European Commission’s Standard Contractual Clauses).
We may transfer your personal information to countries in the following regions outside of the EEA: North America and Asia. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Where the EU General Data Protection Regulation 2016/679 (“GDPR”) applies to the processing of your personal data, especially when you access the website from a country in the European Economic Area (“EEA”), you have the following rights, subject to some limitations, against the Foundation:
- The right to access your personal data;
- The right to rectify the personal data we hold about you;
- The right to erase your personal data;
- The right to restrict our use of your personal data;
- The right to object to our use of your personal data;
- The right to receive your personal data in a usable electronic format and transmit it to a third party (also known as the right of data portability); and
- The right to lodge a complaint with your local data protection authority.
If you would like to exercise any of these rights, you may do so by emailing email@example.com Please understand, however, the rights enumerated above are not absolute in all cases.
Where the GDPR applies, you also have the right to withdraw any consent you have given to uses of your personal data. If you wish to withdraw consent that you have previously provided to the Foundation, you may do so emailing firstname.lastname@example.org. However, the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
The Foundation will undertake best efforts to provide these rights to people outside of the EEA as well.
How to Access, Modify or Update Your Information
The Foundation gives you the ability to access, modify or update your personal data at any time. On sites where you can create accounts, you may log in and make changes to your login information (change your password), your contact information, your general preferences and your personalization settings. If necessary, you may also contact us and describe the changes you want to be made to the personal data you have previously provided by emailing email@example.com.
If you wish to remove your personal data from the Foundation, you may contact us at firstname.lastname@example.org and request that we remove this information from the Foundation’s systems. Other locations where you may have used your personal data as an identifier (e.g. list postings in the archives, wiki change history, repository changelogs, and IRC logs) will not be altered.
How to Contact Us
If you have any questions about any of these practices or the Foundation’s use of your personal information, please feel free to contact us by email, or by mail at:
21c Orinda Way
Orinda, CA 94563
The Foundation will work with you to resolve any concerns you may have about this policy.
Changes to this Privacy Statement
Attribution and License