Privacy Statement for Software Freedom Conservancy
Scope of This Notice
This Privacy Statement is intended to describe the Software Freedom Conservancy’s privacy practices and provide information about the choices you have regarding the ways in which information collected by Software Freedom Conservancy is used and disclosed. Software Freedom Conservancy is referred to in this document as “Conservancy”.
Our Commitment to Privacy
Your privacy is important to Conservancy. To better protect your privacy and to comply with various laws and regulations, we have provided this Statement explaining our information practices and the choices you can make about the way your personal information is collected, used and disclosed. To make this Statement easy to find, we have made it available on our homepage and at many of the locations where personally-identifiable information may be requested
The Information We Collect
This Privacy Statement applies to all information collected by or submitted to Conservancy, including personal data. “Personal data” is data that can be used to identify an individual.
Conservancy collects personal data when:
- you sign up as a Conservancy Sustainer or otherwise donate to Conservancy;
- you visit any Conservancy web site;
- you use one of Conservancy’s Mailman sites or lists, hosted at lists.sfconservancy.org or lists.copyleft.org;
- you use one of Conservancy’s Forgejo sites or repositories, hosted at f.sfconservancy.org;
- you use one of Conservancy’s Etherpad sites, hosted at pad.sfconservancy.org;
- you use one of Conservancy’s wiki sites or partner wiki sites, hosted at npoacct.sfconservancy.org or copyleft.org;
- you use one of Conservancy’s project or partner project IRC channels, #npoacct and #copyleft on the Freenode IRC network;
- you participate in surveys and evaluations;
- you submit questions or comments to us.
Conservancy’s member projects may also collect data and have their own privacy policies which specify what they do with the data they collect. This policy applies to Conservancy’s general operations, Sustainer program and websites.
When you visit any Conservancy web site (including the specific sites named above), we collect your IP address to maintain our servers, estimate de-identified visitor patterns, and attribute changes to public resources like wikis and Etherpad documents.
When you subscribe or post to a Mailman mailing list, Mailman will collect your email address and (optionally) name. When you post to a list, Mailman will additionally archive all the information in your email, including all headers, which typically include your IP address.
When you create an account on a Kallithea site, it collects your email address for authentication. In may also collect your name (to identify your contributions to others) and your SSH public key (optional - to authenticate you when you push changes to source repositories).
When you push commits to a Kallithea source repository, it collects the name(s) and email address(es) information included in the source commits to identify them for archival purposes.
When you use Conservancy’s Etherpad site, you may optionally provide your email address to receive emails about changes to documents you are interested in.
When you use a wiki, you may optionally create and sign in to an account to edit pages on the wiki and have those edits attributed to you publicly.
When you join or send messages to any of the IRC channels listed above, that activity is logged and published publicly for others interested in the project. This logging includes the network identifier assigned to your connection by Freenode.
Conservancy may also collect personal data from individuals (with their consent) at conventions, trade shows and expositions. The types of personal data collected may include (but are not limited to):
- your first and last name;
- your title and your company’s name;
- your home, billing, or other physical address (including street name, name of a city or town, state/province);
- your country code;
- your e-mail address;
- your telephone number;
- any other identifier that permits Conservancy to make physical or online contact with you;
Using (Processing) Your Personal Data
Conservancy uses the personal data you provide to:
- create and maintain your accounts;
- identify and authenticate you;
- attribute data and content you produce directly and indirectly in our public-facing services;
- answer your questions;
- send you information;
- for research activities, including the production of statistical reports (such aggregated information is not used to contact the subjects of the report);
- send you surveys;
- maintain our servers.
We also use this personal data to provide you with information related to your account and the educational materials, software and services you acquire from us, to better understand your needs and interests, to improve what we do for you and the public, to personalize communications, and to comply with or fulfill any contractual obligations to you. It is in Conservancy’s legitimate business interests to provide you with the information, communications, and services you request; to create a public record of the data and content produced by Conservancy’s services; and to maintain the integrity of that data and content for historical, scientific, and research purposes.
Sharing Your Personal Data
Unless you consent, Conservancy will never process or share the personal data you provide to us except as described below.
Conservancy may share your personal data with third parties under any of the following circumstances:
- To attribute your contributions to mailing lists, source repositories, Etherpads, wikis, and IRC channels.
- As required to provide service, and for e-mail housing (as a consequence of uses already described in this Privacy Statement). It is in Conservancy’s legitimate business interest to provide all users an accurate record of data and content provided by Conservancy’s services, and to maintain the integrity of that data and content for historical, scientific, and research purposes. This data and content may include but is not limited to email, code changes, comments, and artifacts.
- We may use stamps.com to mail items to you, such as Sustainer t-shirts, in which case we will give stamps.com the details needed to perform its services, such as your name, address, email address, phone number, and contents of the package. This information will then be subject to stamps.com’s privacy policy.
- As required by law (such as responding to a valid subpoena, warrant, audit, or agency action, or to prevent fraud).
- For research activities, including the production of statistical reports (such aggregated information is used to describe our services and is not used to contact the subjects of the report).
Donations
We receive personal information from third party services when you donate to us via online payment mechanisms. We do not sell or distribute this information to third parties. Conservancy uses this information to acknowledge your donation and send you occasional solicitations and newsletters. Donors can opt out of all contact or specify only print or e-mail contact by emailing privacy@sfconservancy.org. Donor names are posted on our Sponsors & Sustainers page as a recognition of their support. At the time of the donation, the donor can ask to be anonymous, so that their name will not be publicly recognized.
Receiving E-Mail
Conservancy may send you e-mail to authorize accounts you create on our sites, to inform you of important upcoming Conservancy events, to send occasional solicitations in connection with our donor programs as described above or in response to your questions. For your protection, Conservancy may contact you in the event that we find an issue that requires your immediate attention. Conservancy processes your personal data in these cases to fulfill and comply with its contractual obligations to you, to provide the services you have requested, and to ensure the security of your account.
Cookies and Other Browser Information
Conservancy’s online services automatically capture IP addresses. We use IP addresses to help diagnose problems with our servers, to administer our website, and to help ensure the security of your interaction with our services.
As part of offering and providing customizable and personalized services, Conservancy uses cookies to store and sometimes track information about you. A cookie is a small amount of data that is sent to your browser from a Web server and stored on your computer’s hard drive. All sections of sfconservancy.org where you are prompted to log in or that are customizable require your browser to accept cookies.
Generally, we use cookies to remind us of who you are and to access your account information (stored on our computers) in order to provide a better and more personalized service. This cookie is set when you register or “sign in” and is modified when you “sign out” of our services.
If you do not want your personal information to be stored by cookies, you can configure your browser so that it always rejects these cookies or asks you each time if you accept them or not. However, you must understand that the use of cookies may be necessary to provide certain services, and choosing to reject cookies will reduce the performance and functionality of the site. Your browser documentation includes instructions explaining how to enable, disable or delete cookies at the browser level (usually located in the “Help”, “Tools” or “Edit” facility).
Our Commitment to Data Security
Conservancy trains its administrators on our privacy policy guidelines and makes our privacy policy available to our partners. Our website uses Secure Socket Layer (SSL) technology, which encrypts your personal data when you send your personal information on our website. In addition, Conservancy and its partners enter into confidentiality agreements which require that care and precautions be taken to prevent loss, misuse, or disclosure of your personal data.
Public Forums Reminder
Conservancy often makes mailing lists, source repositories, Etherpads, wikis, and IRC logs available to the public. Please remember that any information that is disclosed in these areas becomes public information. Please think carefully about your desired level of anonymity before you disclose personal information. Although we value individual ideas and encourage free expression, Conservancy reserves the right to take necessary action to preserve the integrity of these areas, such as removing any posting that is vulgar or inappropriate. It is in Conservancy’s legitimate business interests to provide all users an accurate record of data and content provided in the public forums it maintains and uses; to maintain the integrity of that data and content for historical, scientific, and research purposes; and to provide an environment for the free exchange of ideas relevant and constructive to the development and propagation of software freedom.
Our Commitment to Children’s Online Privacy
Out of special concern for children’s privacy, Conservancy does not knowingly accept online personal information from children under the age of 13. Conservancy does not knowingly allow children under the age of 13 to become registered members of our sites. Conservancy does not knowingly collect or solicit personal information about children under 13.
In the event that Conservancy ever decides to expand its intended site audience to include children under the age of 13, those specific web pages will, in accordance with the requirements of the Children’s Online Privacy Protection Act (COPPA), be clearly identified and provide an explicit privacy notice addressed to children under 13. In addition, Conservancy will provide an appropriate mechanism to obtain parental approval, allow parents to subsequently make changes to or request removal of their children’s personal information, and provide access to any other information as required by law.
Additionally, EU residents under the age of 16 should not submit their personal data for subscribing to our email solicitations and we will delete any such data if we become aware of it.
About Links to Other Sites
This site contains links to other sites. Conservancy does not control the information collection of sites that can be reached through links from sfconservancy.org. If you have questions about the data collection procedures of linked sites, please contact those sites directly.
Your Rights and Choices in the EEA and Around the World
Where the EU General Data Protection Regulation 2016/679 (“GDPR”) applies to the processing of your personal data, especially when you access the website from a country in the European Economic Area (“EEA”), you have the following rights, subject to some limitations, against Conservancy:
- The right to access your personal data;
- The right to rectify the personal data we hold about you;
- The right to erase your personal data;
- The right to restrict our use of your personal data;
- The right to object to our use of your personal data;
- The right to receive your personal data in a usable electronic format and transmit it to a third party (also known as the right of data portability); and
- The right to lodge a complaint with your local data protection authority.
If you would like to exercise any of these rights, you may do so by mailing privacy@sfconservancy.org. Please understand, however, the rights enumerated above are not absolute in all cases.
Where the GDPR applies, you also have the right to withdraw any consent you have given to uses of your personal data. If you wish to withdraw consent that you have previously provided to Conservancy, you may do so by mailing privacy@sfconservancy.org. However, the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Conservancy will undertake best efforts to provide these rights to people outside of the EEA as well.
How to Access, Modify or Update Your Information
Conservancy gives you the ability to access, modify or update your personal data at any time. On sites where you can create accounts (Mailman, Kallithea, and wikis), you may log in and make changes to your login information (change your password), your contact information, your general preferences and your personalization settings. If necessary, you may also contact us and describe the changes you want made to the personal data you have previously provided by mailing privacy@sfconservancy.org.
If you wish to remove your personal data from Conservancy, you may contact us at privacy@sfconservancy.org and request that we remove this information from the Conservancy System. Other locations where you may have used your personal data as an identifier (e.g. list postings in the archives, wiki change history, repository changelogs, and IRC logs) will not be altered.
How to Contact Us
If you have any questions about any of these practices or Conservancy’s use of your personal information, please feel free to contact us by email, or by mail at:
Conservancy Privacy Ombudsperson
Software Freedom Conservancy
137 Montague St, STE 380
Brooklyn, NY 11201
Conservancy will work with you to resolve any concerns you may have about this Statement.
Changes to this Privacy Statement
Conservancy reserves the right to change this policy from time to time. If we do make changes, the revised Privacy Statement will be posted on this site. A notice will be posted on our homepage for 30 days whenever this privacy statement is changed in a material way. This Privacy Statement was last amended on December 22, 2020.
Attribution and License
This Privacy Policy is licensed under Attribution-ShareAlike 4.0 International (CC BY-SA 4.0). It is a derivative work of
- Red Hat’s Privacy Policy for the Fedora Project, used under CC Attribution-Share Alike 3.0 Unported
- The Free Software Foundation’s Privacy Policy, used under Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
- WordPress.org’s Privacy Policy, used under Attribution-ShareAlike 2.5 Generic (CC BY-SA 2.5)