kgess-mirror/codeberg-org
1
0
Fork 0
mirror of https://codeberg.org/Codeberg/org.git synced 2026-01-16 23:12:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
codeberg-org/PrivacyPolicy.md

6.4 KiB
Raw Blame History

Privacy Policy

1 General Information

We don't want to need your data. We therefore want to be fully transparent about how we use it, and are always open to viable suggestions on how to reduce your data footprint on our servers. We try to use privacy-friendly open source software and not rely on third parties whenever possible in our modern world, both as a provider of our public FOSS forge and as a German non-profit organization.

This document helps to achieve that goal by outlining our responsibilities and duties regarding the processing of your personal data and inform you about your rights according to § 13 DSGVO.

2 Contact

Controller (legally responsible association body):
Codeberg e. V.
Executive Board
Arminiusstraße 2 - 4
10551 Berlin
Germany

Data Protection Officer: privacy@codeberg.org

If you want to report a privacy violation through third party content hosted on Codeberg, please contact our moderation team: abuse@codeberg.org

Should you wish to report a complaint or if you feel that Codeberg e. V. has not addressed your concern in a satisfactory manner, you may contact the responsible Information Commissioner's Office: https://www.datenschutz-berlin.de/

3 Data Processing Reasons & Legal Basis

3.1 Data of Platform Users

When using Codeberg as a platform, we need to process the following data for the respective reasons:

  • Account details (username, email address, name, linked accounts), technical metadata like IP addresses, as well as other voluntarily provided details, for the purpose of providing the platform services.
  • Payment information, for the purpose of processing donations.

Legal basis for processing this data is the use of our services respective the creation & continued use of an account according to our terms of service, respective a voluntary donation (§ 6.1.b DSGVO).

3.2 Data of Association Members

When you're a member of Codeberg e. V., we need to process the following data for the respective reasons:

  • Membership details (postal address etc.), for the purpose of managing the association and pursuing our association purposes.
  • Payment information, for the purpose of processing membership fees.

Legal basis for processing this data is the association membership (§ 6.1.b DSGVO).

Photos from e.g. events & meetings might be shared, for example on social media or our blog, but require explicit consent by everyone depicted on those pictures (or, for minors, their legal guardians according to §6.1.a DSGVO).

4 Data Handling by Association Bodies & Third Parties

Personal data may only be processed by the association bodies which are responsible for the respective tasks. This specifically means that:

  • The members of the executive board can process all membership details & payment information in order to fulfil their duties according to the bylaws.
  • The cash auditors can access bank statements and other financial details, but must only use the data to fulfil the task of auditing the association's finances.
  • The moderation team can access private repositories & additional metadata required to investigate potential violations of our terms.
  • The appointed infrastructure admins can potentially access all resources stored on our servers, as required for maintaining our infrastructure neccessary to provide Codeberg's services, as well as to provide tooling to support association members in their association work.
  • Every association member must legally be able to acquire a list of contact details (e.g. email address) of all association members.
  • Tasks involving processing personal data may be delegated to other people within the association by the responsible person.

Some third parties might be involved with processing personal data under a specific data processing agreement. The full list is attached below.

5 Data Retention

  • Account details are stored at most until the deletion of the account.
  • Membership details are stored at most until 3 years after the membership has ended.
  • Technical metadata like IP addresses may not be stored for more than 7 days.
  • Personal data may exist in encrypted backups for up to 10 years, but will be purged upon the restoration of the backup if the data retention period is exceeded.
  • In general, personal data is stored according to German law.

6 Data Subject Rights

As a subject of personal data processing, you have the following rights:

  • The right to access: you can request copies of your personal data.
  • The right to rectification: you can request that Codeberg e. V. corrects any information you believe is inaccurate, or completes any information you believe is incomplete.
  • The right to erasure: you can request that Codeberg e. V. erases your personal data, under the condition that the retention and processing of the information is not required by law and is not neccessary due to the reasons outlined in § 6 GDPR.
  • The right to restrict processing: you can request that Codeberg e. V. restricts the processing of your personal data, under certain conditions.
  • The right to object to processing: you can object to and withdraw consent to Codeberg e. V. processing your personal data, under certain conditions.
  • The right to data portability: you can request that Codeberg e. V. transfers the data that we have collected to another organization, or directly to you, under certain conditions.
  • If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please use the contact information listed in (2) of this privacy policy.

Appendix: Full list of third parties involved with processing personal data under a specific data processing agreement

Third Party Purpose Processed Data
Deutsche Skatbank Bank Account Payment Data
Hetzner Online GmbH Fallback Server Hosting User Data & Technical Metadata
Individual Network Berlin e.V. (IN-Berlin) Network & Colocation Technical Metadata
Gandi (?) Domain Registrar & DNS Resolver DNS Requests
Stripe, Inc. Payment Processing Payment Data (only for payments through Stripe)
PayPal (Europe) S.à r.l. et Cie, S.C.A. Payment Processing Payment Data (only for payments through PayPal)
Association Liberapay Payment Processing Payment Data (only for payments through LiberaPay)

No personal data was shared due to requests by law enforcement.