kgess-mirror/codeberg-org
1
0
Fork 0
mirror of https://codeberg.org/Codeberg/org.git synced 2026-01-11 19:58:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix wording links & review comments

Browse source
This commit is contained in:
Panagiotis "Ivory" Vasilopoulos 2025-03-30 13:38:13 +02:00 committed by Moritz Marquardt
parent b2fd0a3ddc
commit e3602d81eb
1 changed files with 40 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
PrivacyPolicy.md
View file

@ -21,41 +21,46 @@ Germany
If you want to report a privacy violation through third party content hosted on Codeberg, please contact our moderation team: [abuse@codeberg.org](mailto:abuse@codeberg.org)
Should you wish to report a complaint or if you feel that Codeberg e. V. has not addressed your concern in a satisfactory manner, you may contact the responsible Information Commissioner's Office: <https://www.datenschutz-berlin.de/>
Should you wish to report a complaint or if you feel that Codeberg e. V. has not addressed your concern in a satisfactory manner, you may contact the responsible Information Commissioner's Office: <https://www.datenschutz-berlin.de>
## 3 Data Processing Reasons & Legal Basis
### 3.1 Data of Platform Users
When using Codeberg as a platform, we need to process the following data for the respective reasons:
When accessing Codeberg.org and its services, the following information is processed by Codeberg e. V. for the reasons outlined below:
1. Account details (username, email address, name, linked accounts), for the purpose of providing you with an account on our platform.
- Data is recorded during registration at <https://codeberg.org/user/cbrgp/CpxzumI>.
1. Account details (username, e-mail addresses, name, linked accounts), for the purpose of providing you with an account on our platform.
- Data is recorded during account registration on Codeberg.org.
- Data can be changed on the user account page at <https://codeberg.org/user/settings>.
- Pseudonyms can be used in the public profile, there is no requirement to use real personal information besides a working email address.
- Pseudonyms can be used in the public profile, there is no requirement to use real personal information besides a reachable e-mail address.
- Legal basis for processing this data is the user's consent to either share the data on our platform or to receive notifications (§ 6.1.a DSGVO).
2. Voluntarily provided author details (name & email address) when using e.g. the third-party software "Git" (<https://git-scm.com/>) to create/upload "commits" to Codeberg, for the purpose of being able to reconstruct the original authorship of uploaded code for copyright & licensing reasons.
2. Voluntarily provided author details (name, e-mail address) when using e.g. the third-party software "Git" (<https://git-scm.com>) to create/upload "commits" to Codeberg, for the purpose of being able to reconstruct the original authorship of uploaded code for copyright & licensing reasons.
- Data is provided voluntarily by the user, usually during setup, and is then automatically included in newly created commits.
- Legal basis for processing this data is the Open Source license of the project as a legal contract (§ 6.1.b DSGVO).
- Attention: Open Source licenses are non-revokable and not time-limited! The author details will never have to be deleted, as keeping them is required by most Open Source licenses as a legal contract. Also, users of the software may have a legitimate interest in keeping the authorship records to prove who granted them the license.
3. Payment information (name as well as the provider-specific identifier like IBAN or email address), for the purpose of processing donations.
- Data is recorded upon donation by the corresponding third party chosen as a payment method during donation at <https://donate.codeberg.org/> or for the payment of membership fees, e.g. during membership application at <https://join.codeberg.org>.
- Legal basis for processing this data is to fulfil legal obligations for processing the donation (§ 6.1.c DSGVO).
- Legal basis for processing this data is the open-source license of the project as a legal contract (§ 6.1.b DSGVO).
- Attention: All licenses approved by Codeberg are irrevocable and not time-limited, to the extent permitted by copyright law. Such licenses are considered to be legal contracts. As a distributor of open-source content, Codeberg e. V. reserves the right to maintain a copy of commit authorship records indefinitely. Additionally, Codeberg e. V. reserves the right to distribute such authorship records to all parties that wish to download, view or otherwise inspect content published using an allowed license. Such parties possess a legitimate interest to this information, as commit authorship records are necessary for adhering to the legal terms stipulated by the licenses approved by Codeberg e. V..
3. Payment information (IBAN number, legal name, e-mail address), for the purpose of processing donations and membership fees.
- For the purpose of submitting donations, users and other juridical persons can appoint a third-party payment processor to submit donations. A list of payment methods is listed at <https://donate.codeberg.org>.
- Data is recorded by the appointed third-party payment processor, as stipulated by the processor's Terms and Conditions and Privacy Policy.
- Codeberg e. V. records identifiers provided by the third-party payment processor. Such identifiers can include an IBAN number, legal name, e-mail address or other data.
- Payment information (IBAN number, real or company name) is recorded upon the submission of a membership application at <https://join.codeberg.org>
- Legal basis for processing this data is to fulfil legal obligations for processing donations and membership fees (§ 6.1.c DSGVO).
4. Technical metadata for the purpose of providing the platform services and avoiding misuse of our resources.
- Data is processed during regular use of our website, and includes the IP address of the requesting computer, the browser and operating system you are using, the date and time of access, the Uniform Resource Locators (URL) requested on our website, as well as the previously visited website (referrer URL). This information is stored anonymously and is not associated with your personal data.
- Further metadata includes technically necessary cookies to identify the session of a logged-in user or to protect users from so-called CSRF attacks. Codeberg does NOT use cookies or other techniques for user-targeted analytics or advertisements, which is the reason why you do not see a cookie banner on our platform.
- Further metadata includes technically necessary cookies to identify the session of a logged-in user or to protect users from so-called CSRF attacks. Codeberg does NOT use cookies or other techniques for user-targeted analytics or advertisements.
- Legal basis for processing this data is a legitimate interest of the platform operator (§ 6.1.f DSGVO).
5. Repository contents, including issues, comments and contents of private repositories, are NOT directly treated as personal data processed by Codeberg. It is the responsibility of a repository's owner to not store any personal data here, or to obey the GDPR when specifically using it to store personal data, especially of other persons.
5. Repository contents, including issues, comments and contents of private repositories, are NOT treated as personal data processed by Codeberg.
- It is the responsibility of a user to not store any personal information on services provided by Codeberg e. V.
- Users must respect the terms of the GDPR or other privacy regulations applicable in their jurisdiction when using Codeberg's services to personal data, especially of other persons.
### 3.2 Data of Association Members
When you're a member of Codeberg e. V., we need to process the following data for the respective reasons:
Codeberg e. V. processes and stores the following information of its association members for the reasons outlined below:
1. Membership details (name, email address, postal address), for the purpose of managing the association and pursuing our association purposes.
- Data is recorded during registration at <https://join.codeberg.org/>.
1. Membership details (name, e-mail addresses, postal address), for the purpose of managing the association and pursuing our association purposes.
- Data is recorded during registration at <https://join.codeberg.org>.
- Legal basis for processing this data is to fulfil contractual obligations arising from the association membership (§ 6.1.b-c DSGVO).
2. Payment information, for the purpose of processing membership
- Data is recorded during registration at <https://join.codeberg.org/>.
- Data is recorded during registration at <https://join.codeberg.org>.
- Legal basis for processing this data is to fulfil contractual obligations arising from the association membership (§ 6.1.b-c DSGVO).
3. Photos from e.g. events & meetings, for example for social media or our blog
- Requires explicit consent by everyone depicted on those pictures (or, for minors, their legal guardians according to §8 DSGVO).
@ -63,34 +68,36 @@ When you're a member of Codeberg e. V., we need to process the following data fo
## 4 Data Handling by Association Bodies & Third Parties
Personal data may only be processed by the association bodies which are responsible for the respective tasks. This specifically means that:
Personal data may only be processed by the association bodies which are responsible for the following tasks. This specifically means that:
1. The members of the *executive board* and *presidium* can process membership details & payment information in order to fulfil their duties according to the bylaws.
2. The *cash auditors* can access bank statements and other financial details, but must only use the data to fulfil the task of auditing the association's finances.
3. The *moderation team* can access private repositories & additional metadata required to investigate potential violations of our terms.
4. The appointed *infrastructure admins* can potentially access all resources stored on our servers, as required for maintaining our infrastructure neccessary to provide Codeberg's services, as well as to provide tooling to support association members in their association work.
5. Every *association member* could in some cases have a legitimate interest to contact other members (e.g. due to § 37 BGB), and then must legally be given a list of members including a way of contacting them (e.g. through their email address).
1. Members of the *executive board* and *presidium* can process membership details & payment information in order to fulfill their duties, as outlined by the Bylaws.
2. *Cash auditors* can access bank statements and other financial details. Such data may only be used for fulfilling the task of auditing the association's finances.
3. Codeberg's *Moderation Team* can access private repositories & additional metadata required to investigate potential violations of our terms.
4. *Infrastructure administrators* can access all resources and personal information stored on our servers. This is required for maintaining the infrastructure necessary for providing Codeberg e. V.'s services.
5. An *association member* may have a legitimate interest to contact other association members (e.g. due to § 37 BGB). If a legitimate interest is established, Codeberg e. V. reserves the right to provide an association member with a list of association members, as well as their contact information (e.g. an e-mail address).
6. Tasks involving processing personal data may be delegated to other people within the association by the responsible person.
Third parties may be involved with processing personal data under a specific data processing agreement. We limit this to internet services providers (who will only have access to encrypted data streams) and payment processors, a full list can be provided upon request.
Third parties may be involved with processing personal data under a specific data processing agreement. A full list of third-parties can be provided upon request.
This is limited to Internet Service Providers (that can only access encrypted data streams) and payment processors (described in § 3 of this document).
## 5 Data Retention
1. Account details are stored until the deletion of the account.
2. Membership details & payment data are stored for 10 years after the membership has ended.
3. Technical metadata like IP addresses may not be stored for more than 7 days.
4. Personal data may exist in encrypted backups for up to 1 year, but will be purged upon the restoration of the backup if the data retention period is exceeded.
5. In general, all personal data is stored as long as required according to German law.
3. Technical metadata like IP addresses may not be stored for more than 7 days or as required by German law.
4. Personal data may exist in encrypted backups for up to 1 year, or as required by German law. If the data retention period is exceeded, affected personal data will be purged upon the restoration of a backup.
5. In general, all personal data is stored as long as required by German law.
## 6 Data Subject Rights
As a subject of personal data processing, you have the following rights:
1. **The right to access:** you can request copies of your personal data.
2. **The right to rectification:** you can request that Codeberg e. V. corrects any information you believe is inaccurate, or completes any information you believe is incomplete.
3. **The right to erasure:** you can request that Codeberg e. V. erases your personal data, under the condition that the retention and processing of the information is not required by law and is not neccessary due to the reasons outlined in § 6 GDPR.
4. **The right to restrict processing:** you can request that Codeberg e. V. restricts the processing of your personal data, under certain conditions.
5. **The right to object to processing:** you can object to and withdraw consent to Codeberg e. V. processing your personal data, under certain conditions.
6. **The right to data portability:** you can request that Codeberg e. V. transfers the data that we have collected to another organization, or directly to you, under certain conditions.
1. **Right to access:** You can request copies of your personal data.
2. **Right to rectification:** you can request that Codeberg e. V. corrects any information you believe is inaccurate, or completes any information you believe is incomplete.
3. **Right to erasure:** you can request that Codeberg e. V. erases your personal data, under the condition that the retention and processing of the information is not required by law and is not neccessary due to the reasons outlined in § 6 GDPR.
4. **Right to restrict processing:** you can request that Codeberg e. V. restricts the processing of your personal data, under certain conditions.
5. **Right to object to processing:** you can object to and withdraw consent to Codeberg e. V. processing your personal data, under certain conditions.
6. **Right to data portability:** you can request that Codeberg e. V. transfers the data that we have collected to another organization, or directly to you, under certain conditions.
7. **If you make a request, we have one month to respond to you.** If you would like to exercise any of these rights, please use the contact information listed in (2) of this privacy policy.
> ***TODO:*** Check whether the form is okay. Feedback der Anwältin: "Die Rechte der Betroffenen müssen ausgeschrieben werden", ggf. noch mal nachfragen.