Privacy Policy for the GNOME Foundation

Scope of This Notice

This Privacy Policy is intended to describe the GNOME Foundation’s privacy practices and provide information about the choices you have regarding the ways in which information collected by the GNOME Foundation is used and disclosed. The GNOME Foundation is referred to in this document as the “Foundation”.

Our Commitment to Privacy

Your privacy is important to the Foundation. To better protect your privacy and to comply with various laws and regulations, we have provided this policy explaining our information practices and the choices you can make about the way your personal information is collected, used and disclosed. To make this policy easy to find, we have made it available on our homepage and at many of the locations where personally-identifiable information may be requested.

The Information We Collect

This Privacy policy applies to all information collected by or submitted to the Foundation, including personal data. “Personal data” is data that can be used to identify an individual.

The Foundation collects personal data when:

  • you sign up as a Foundation Supporter or otherwise donate to the Foundation;
  • you visit any Foundation website;
  • you use one of the Foundation’s mailing lists;
  • you use one of the Foundation’s code repositories;
  • you use one of the Foundation’s IRC channels;
  • register to, present at, and/or attend, our events and conferences, or at our booths when we are present at someone else’s conference/event
  • enter into a contract with us;
  • sign up for job alerts on our websites, submit a job application, a CV, cover letter, or social media profile to a job vacancy, attend an interview, assessment, or meeting;
  • register for, and update an online account with us (including if you access through Facebook, LinkedIn, Twitter, Google, or an open IP provider);
  • you participate in surveys and evaluations;
  • ‘follow’, ‘like’, post to, or interact with, our social media accounts, including Facebook, LinkedIn, Twitter, Instagram, and Google+;
  • you submit questions or comments to us.

This policy applies to the Foundation’s general operations, supporter program, websites and events.

The information you provide to us will include (depending on the circumstances):

  • Identity and contact data: title, names, addresses, email addresses, phone numbers or your signature.
  • Account profile data: a username/display name, password, user preferences and, if you sign up through a social media account, certain information about that account.
  • Conference registration details: the company/organization you work for, job title/position, language preferences, your name, your email, your age, your gender, your job function, your experience, your opinions and why you are attending the conference and what you hope to learn, your accessibility needs.
  • Financial data: payment details, which may include billing addresses, credit/debit card details and bank account details.
  • Employment and background data: if you apply for employment on our sites, your academic and work history, qualifications, skills, projects and research that you are involved in, references, proof of your entitlement to work in the relevant country, your national security number, your passport or other identity document details, your current level of remuneration (including benefits), and any other such similar information that you may provide to us.
  • Visual and audio information about yourself: e.g. a photo or video footage, or sound recording.
  • Sensitive information: information about your race or ethnicity, religious beliefs, sexual orientation, health and whether or not you have any disability. You can find out more about how we use the sensitive information below in the “Special Categories of Data” section.
  • Any other information that you choose to share with us: for example, any information that you provide via correspondence, when you fill out our survey(s), that you share via our website or social media accounts linked to our website, or any information that you choose to provide in person at events, meetings, or over the phone.

In certain circumstances, we will receive information about you from other sources, including third parties. For example, we may receive personal information from any of the following, who may be based inside and/or outside the EU:

  • Other website or service users.
  • Event attendees.
  • Your agents or representatives who are acting on your instructions.
  • Organizations with whom we provide co-branded events, websites, products, and services.
  • Fraud detection agencies.
  • Your current and former employers, recruitment agencies, and referees.
  • Service providers including our website developers, IT support providers, cloud services providers, payment services providers, billing service providers, contractors, consultants, advertising agencies and platforms, digital performance monitoring and management providers, advertising analytics providers, recruitment agencies, survey tool providers, event ticket retailers, event management platform service providers, HR service providers, couriers, instant messaging service providers.
  • Social media plugins. By providing your social media account details you are authorizing that third-party provider to share with us certain information about you.
  • Publicly available sources such as LinkedIn.

We might also receive information about you from other third parties if you have indicated to such third parties that you would like to hear from us.

Special Categories of Data

Special categories of particularly sensitive personal information require higher levels of protection. These so-called “special categories of data” include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Depending on the circumstances, we will also collect information about criminal convictions and offenses.

We need to have further justification for collecting, storing and using this type of personal information. We process special categories of personal information in the following circumstances:

  • in limited circumstances, with your explicit written consent
  • where it is necessary to carry out our legal obligations or exercise rights in connection with employment
  • where it is necessary for reasons of substantial public interest, such as for equal opportunities monitoring
  • where it is necessary in relation to legal claims
  • where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent
  • where you have already made the information public.

For example, we may collect special categories of information:

  • when you apply to work for us (for diversity and equal opportunities records, to support your needs and facilitate access to our premises, and to carry out background checks);
  • when you attend our events, visit our premises, or apply for a scholarship or funding from us (to make any necessary arrangements for your attendance, monitor diversity, and to investigate claims about breaches of our Conference Code of Conduct).

In limited circumstances, we may request your written consent to allow us to use certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

Using (Processing) Your Personal Data

The Foundation uses the personal data you provide to:

  • To provide access to our website in a manner convenient and optimal (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner, or where we have a legal obligation to prevent unauthorised access).
  • To process and fulfill your donation to the Foundation (on the basis of performing our contract with you).
  • To process and facilitate transactions and payments, and recover money owed to us (on the basis of performing our contract with you, and on the basis of our legitimate interest to recover debts due).
  • To monitor your account and use of services to prevent and identify unlawful content use and violations of our policies (on the basis of our legitimate interests to operate a safe and lawful business, or where we have a legal obligation to do so).
  • To identify and authenticate you (on the basis of your consent where we have requested it, or on the basis of our legitimate interest to ensure that users are verifiable)
  • To enable you to communicate with other users (on the basis of your consent where we have requested it, or on the basis of performing our contract with you).
  • To attribute data and content you produce directly and indirectly in our public-facing services (on the basis our legitimate interests to create a public record of the data and content produced by the Foundation’s services; and to maintain the integrity of that data and content for historical, scientific, and research purposes.)
  • To manage our relationship with you, which will include notifying you about changes to our terms of service or privacy policy, and asking you to leave a review or take a survey (on the basis of performing our contract with you, to comply with our legal obligations, and our legitimate interest in keeping our records updated and study how our website and services are used).
  • To conduct business with you or your employer, including to contact you and manage and facilitate our business relationship with you and your employer (on the basis of performing our contract with you, and our legitimate interest in running our business).
  • To work with you and undertake projects with you, including to process any proposals that you submit to us (on the basis of our contract with you, and our legitimate interest in running our business).
  • To provide access to, and administer scholarship and funding programs (on the basis of your consent where we have requested it, on the basis of performing our contract with you, and our legitimate interest in making our products and services accessible to a range of individuals with diverse backgrounds).
  • For recruitment, including to process any job applications you submit to us, whether directly or via an agent or recruiter including sharing your information with our third-party recruitment agencies (on the basis of our legitimate interest to recruit new employees or contractors).
  • To carry out marketing and let you know about our news, events, products or services that we believe may interest you, including sharing your information with our marketing services providers (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so).
  • For research activities, including the production of statistical reports (on the basis of our legitimate interest in making our products and services accessible to a range of individuals with diverse backgrounds).
  • To answer your questions (on the basis of consent)
  • To maintain our servers (on the basis of our legitimate interest in maintaining an efficient business operation)
  • To interact with users on social media platforms (on the basis of our legitimate interest in promoting our brand and communicating with interested individuals).
  • To protect, investigate, and deter against fraudulent, unauthorized, or illegal activity (on the basis of our legitimate interests to operate a safe and lawful business, or where we have a legal obligation to do so).
  • To enable us to comply with our policies and procedures and enforce our legal rights, and to protect the rights, property or safety of our employees and volunteers and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business, or where we have a legal obligation to do so).

As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties. Where we refer to our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interests we have specified in the section above. Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your Rights” below.

Sharing Your Personal Data

Unless you consent, the Foundation will never process or share the personal data you provide to us except as described below.

  • To attribute your contributions to mailing lists, source repositories, Etherpads, wikis, and IRC channels.
  • As required to provide service (as a consequence of uses already described in this Privacy Statement)
  • Sponsors, partners and collaborators, such as those organizations with whom we host co-branded events.
  • Our service providers who are acting as processors and who assist us with our administrative or business functions, or in the provision of any of our products/services to you.
  • For research activities, including the production of statistical reports (such aggregated information is used to describe our services and is not used to contact the subjects of the report).
  • Regulators and governmental bodies like the IRS, HMRC, and other authorities and regulators acting as processors or joint controllers who require reporting of processing activities in certain circumstances.
  • Other third parties including legal, professional or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) where necessary to enable us to enforce our legal rights or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law

Donations

We receive personal information from third-party services when you donate to us via online payment mechanisms. We do not sell or distribute this information to third parties. The Foundation uses this information to acknowledge your donation and send you occasional solicitations and newsletters. Donors can opt out of all contact or specify only print or e-mail contact by emailing info@gnome.org. Donor names are posted on our Sponsors and Supporters page as a recognition of their support, as well as listed in our annual report. At the time of the donation, the donor can ask to be anonymous, so that their name will not be publicly recognized.

Receiving E-Mail

The Foundation may send you e-mail to authorize accounts you create on our sites, to inform you of important upcoming Foundation events, to send occasional solicitations in connection with our donor programs as described above or in response to your questions. For your protection, the Foundation may contact you in the event that we find an issue that requires your immediate attention. The Foundation processes your personal data in these cases to fulfill and comply with its contractual obligations to you, to provide the services you have requested, and to ensure the security of your account.

Cookies and Other Browser Information

The Foundation’s online services automatically capture IP addresses. We use IP addresses to help diagnose problems with our servers, to administer our website, and to help ensure the security of your interaction with our services.

As part of offering and providing customizable and personalized services, the Foundation uses cookies to store and sometimes track information about you. A cookie is a small amount of data that is sent to your browser from a Web server and stored on your computer’s hard drive. All sections of Foundation websites where you are prompted to log in or that are customizable require your browser to accept cookies.

Generally, we use cookies to remind us of who you are and to access your account information (stored on our computers) in order to provide a better and more personalized service. This cookie is set when you register or “sign in” and is modified when you “sign out” of our services.

If you do not want your personal information to be stored by cookies, you can configure your browser so that it always rejects these cookies or asks you each time if you accept them or not. However, you must understand that the use of cookies may be necessary to provide certain services, and by choosing to reject cookies will reduce the performance and functionality of the site. Your browser documentation includes instructions explaining how to enable, disable or delete cookies at the browser level (usually located in the “Help”, “Tools” or “Edit” facility).

Our Commitment to Data Security

The Foundation trains its administrators on our privacy policy guidelines and makes our privacy policy available to our partners. Our websites use Secure Socket Layer (SSL) technology, which encrypts your personal data when you send your personal information on our website. In addition, the Foundation and its partners enter into agreements which require that care and precautions be taken to prevent loss, misuse, or disclosure of your personal data.

We will keep your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For information on the length of time that any particular piece of information may be kept, please contact info@gnome.org.

Public Forums Reminder

The Foundation often makes mailing lists, source repositories, Etherpads, wikis, and IRC logs available to the public. Please remember that any information that is disclosed in these areas becomes public information. Please think carefully about your desired level of anonymity before you disclose personal information. Although we value individual ideas and encourage free expression, the Foundation reserves the right to take necessary action to preserve the integrity of these areas, such as removing any posting that is vulgar or inappropriate. It is in the Foundation’s legitimate business interests to provide all users with an accurate record of data and content provided in the public forums it maintains and uses; to maintain the integrity of that data and content for historical, scientific, and research purposes; and to provide an environment for the free exchange of ideas relevant and constructive to the development and propagation of free software.

Our Commitment to Children’s Online Privacy

Out of special concern for children’s privacy, the Foundation does not knowingly accept online personal information from children under the age of 13. The Foundation does not knowingly allow children under the age of 13 to become registered members of our sites. The Foundation does not knowingly collect or solicit personal information about children under 13.

In the event that the Foundation ever decides to expand its intended site audience to include children under the age of 13, those specific web pages will, in accordance with the requirements of the Children’s Online Privacy Protection Act (COPPA), be clearly identified and provide an explicit privacy notice addressed to children under 13. In addition, the Foundation will provide an appropriate mechanism to obtain parental approval, allow parents to subsequently make changes to or request removal of their children’s personal information, and provide access to any other information as required by law.

Additionally, EU residents under the age of 16 should not submit their personal data for subscribing to our email solicitations and we will delete any such data if we become aware of it.

About Links to Other Sites

This site contains links to other sites. The Foundation does not control the information collection of sites that can be reached through links from gnome.org, guadec.org, gnome.asia, flatpak.org or its sub-domains. If you have questions about the data collection procedures of linked sites, please contact those sites directly.

International Transfers

The Foundation is based in the United States of America. We transact business throughout the world and have operations, processes and systems that cross borders.

If you reside in the European Union, please be advised that your personal data will be processed outside of the European Economic Area (EEA). We will take all steps necessary to ensure that your information is adequately protected and processed in accordance with this Privacy Policy, including but not limited to:

We may transfer your personal information to countries in the following regions outside of the EEA: North America and Asia. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Your Rights

Where the EU General Data Protection Regulation 2016/679 (“GDPR”) applies to the processing of your personal data, especially when you access the website from a country in the European Economic Area (“EEA”), you have the following rights, subject to some limitations, against the Foundation:

  • The right to access your personal data;
  • The right to rectify the personal data we hold about you;
  • The right to erase your personal data;
  • The right to restrict our use of your personal data;
  • The right to object to our use of your personal data;
  • The right to receive your personal data in a usable electronic format and transmit it to a third party (also known as the right of data portability); and
  • The right to lodge a complaint with your local data protection authority.

If you would like to exercise any of these rights, you may do so by emailing info@gnome.org Please understand, however, the rights enumerated above are not absolute in all cases.

Where the GDPR applies, you also have the right to withdraw any consent you have given to uses of your personal data. If you wish to withdraw consent that you have previously provided to the Foundation, you may do so emailing info@gnome.org. However, the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

The Foundation will undertake best efforts to provide these rights to people outside of the EEA as well.

How to Access, Modify or Update Your Information

The Foundation gives you the ability to access, modify or update your personal data at any time. On sites where you can create accounts, you may log in and make changes to your login information (change your password), your contact information, your general preferences and your personalization settings. If necessary, you may also contact us and describe the changes you want to be made to the personal data you have previously provided by emailing info@gnome.org.

If you wish to remove your personal data from the Foundation, you may contact us at info@gnome.org and request that we remove this information from the Foundation’s systems. Other locations where you may have used your personal data as an identifier (e.g. list postings in the archives, wiki change history, repository changelogs, and IRC logs) will not be altered.

How to Contact Us

If you have any questions about any of these practices or the Foundation’s use of your personal information, please feel free to contact us by email, or by mail at:

Foundation Privacy
GNOME Foundation
#117
21c Orinda Way
Orinda, CA 94563
USA

The Foundation will work with you to resolve any concerns you may have about this policy.

Changes to this Privacy Statement

The Foundation reserves the right to change this policy from time to time. If we do make changes, the revised Privacy Policy will be posted on this site. A notice will be posted on our homepage for 30 days whenever this privacy statement is changed in a material way. This Privacy Policy was last amended on June 12, 2018.

Attribution and License

This Privacy Policy is licensed under Attribution-ShareAlike 4.0 International (CC BY-SA 4.0). It is a derivative work of https://sfconservancy.org/privacy-policy/