openpower.foundation/content/policy/privacy.md

17 KiB

title date draft
Privacy Policy 2021-12-09 false

OpenPOWER Foundation ("OpenPOWER," "we", "our", or "us") respects your privacy and is committed to protecting it in accordance with this policy.
This policy outlines the way in which we manage any personal data obtained through the OpenPOWER Foundation websites, such as but not limited to openpower.foundation, www.openpowerfoundation.org (the "Website") or otherwise provided by or about individuals ("you", "your") in the course of you joining or receiving the services under our membership program, attending our events or subscribing to our mailing list (our "Services").

This policy explains:

  • What personal data we collect about you in the course of your engagement with our Services, why we collect it, who it goes to and how long we keep it for;
  • How we use your personal data;
  • How we protect your personal data; and
  • Your legal rights in respect of your personal data, including how to access and update the information we hold about you.

Please note that some of the provisions here will only apply if you are based in the EU.

The relevant sections of the policy are listed below:

  • About us
  • What information do we collect about you?
  • Why do we collect your personal data and on what grounds?
  • Marketing communications
  • Who do we share your information with?
  • Will my data be sent abroad?
  • How long do you keep my personal data?
  • Your rights in respect of your personal data
  • Cookies and other technologies
  • Third party links on the Website
  • Changes to this policy
  • Contact us

By continuing to use the OpenPOWER Website and our Services, you agree to our use of your personal data on the terms outlined in this policy.

About Us

For the purposes of applicable data protection laws, the OpenPOWER Foundation with its registered address at 445 Hoes Lane Piscataway, NJ 08854 ("OpenPOWER", "we", "us" or "our") is the controller of your data. This means that we are the primary entity who decides the purposes and means for dealing with your personal data.

Working Groups and Committees

Although we are headquartered in the US, OpenPOWER is a global membership organization operated through various Working Groups and the Technical Steering Committee which are run by our Members ("Members").
This means some of your personal data (primarily your member profile and the data you have provided) may be shared with the OpenPOWER community.

What information do we collect about you?

We collect several types of information from and about our Members, Website users, and email subscribers, including :

  • Personal data we collect directly from you :
    • Information required signing up for and administering membership, e.g. title, name, contact details, company name, job title, newsletter settings and time zone.
    • Information provided to us if you contact us or make an enquiry, such as records and copies of your correspondence (including e-mail addresses) if you contact us electronically, including through the Contact Us page of our Website.
    • Information we receive from you when you sign up to OpenPOWER conferences and events including financial and transaction data (e.g. bank account and payment card details)
    • Information about your internet connection, the equipment you use to access our Website and usage details.
    • Information you provide us when you connect or engage with us via social media platforms, including but not limited to [LinkedIn, Twitter, Facebook or YouTube] (Social Media Platforms).
    • Annonymized information that is about you but individually does not identify you, such as OpenPOWER events you have registered for and OpenPOWER Work Groups you participate in.
  • Information received from other sources :
    • Technical information regarding your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data.
    • Publically available details, such as contact details on your personal website or Social Media Platforms.
    • Information that you or another representative provides in connection with a Membership application, Membership agreement, or Membership profile or status, which shall include your contact information and marketing preferences.
    • Any relevant personal data that you may have submitted to our affiliate partners (including Linux Foundation, VanTosh) (Affiliate Partners) or other service providers in the course of them providing the Services on our behalf.

You may also provide information to be published or displayed (hereinafter, "posted") on areas of the Website, our affiliate websites (including Linux Foundation, VanTosh and other partner Platforms) (Affiliate Partners) and Social Media Platforms that are visible to other Website users, Members, or other participants in Working Groups that you participate in (collectively, User Contributions). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, although our Members are bound by confidentiality provisions, we cannot control the actions of our Members, Website users or Affiliate Partners with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Why do we collect your personal data and on what grounds?

We will only use your personal data if we have a permitted lawful basis to do so.

Generally we collect your personal data because is it necessary for :

  • Performing our contract for the Services with you;
  • The pursuit of our legitimate interests (as set out below); or
  • Complying with our legal obligations

We may also rely on your consent to use your personal data for:

  • Keeping you informed of OpenPOWER events, work products and offers, e.g. through our Working Group individual emails and daily digest (see "Marketing Communications")

You have the right to withdraw your consent to these activities at any time, which will mean (unless another lawful basis applies to your data) that we will cease to process the affected data after consent is withdrawn. However, please note this may result in us being unable to provide you with certain features of the Website and/or Services.

The primary purpose for which we collect information about you is to provide you with Services you have requested from us (i.e. to perform our contract with you).

We also collect information about you for the following purposes :

  • To perform our contract with you
    • To provide members with their membership benefits
    • To process your communications, your membership of and subscription to the Website and to enable your use of the Website and the Services
    • For supplying Services to you
    • For continuity of service, (e.g. to restore your membership if you are coming back after a long break). This will be in accordance with our data retention practices (see “How long do you keep my personal data?” below)
    • To provide you with information or Services that you request from us
    • For handling member contacts, queries, complaints or disputes
  • For our legitimate interests :
    • For market research and analytical purposes, e.g. to improve our understanding of membership and event attendance trends and profiles
    • For improving existing Services and developing new products and Services
    • For promoting, marketing and advertising our Services
    • Protecting OpenPOWER and our members/customers by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to OpenPOWER
    • To effectively handle any legal claims or regulatory enforcement actions taken against OpenPOWER
    • To generally run the Website and for internal operations, in order to provide you with an up to date, efficient and reliable service
    • Making important communications about your membership
    • Maintaining our membership database
  • To comply with our legal obligations :
    • To help prevent fraudulent activity, including on your account (for example, if we collect your card details we will check these details with credit agencies and reserve the right to refuse to make available the Website and/or our Services if, for example, the card details provided are reported to be fraudulent or credit agencies report the activities as being fraudulent)
    • To comply with our legal and regulatory obligations (including under applicable data protection laws)
    • For preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies
    • To fulfil our duties to our members.

Marketing Communications

If you have consented to receive marketing messages about our goods and services, we will use your information to send you such messages by email. If you do not want us to use your information in this way, please check the relevant box available in proximity to when and where we collect your data.
If you have previously consented, you may revoke your consent by adjusting your user preferences in your account profile or clicking on the "unsubscribe" or "unwatch" link at the bottom of any marketing message.
Please note that you may not opt out of receiving messages that are transactional in nature rather than marketing messages (e.g., messages regarding the status of your Membership and are service related)

Who do we share your information with?

We may disclose aggregated non-personal information about our Members and Website users. This is information that does not identify you or any individual.

We may disclose personal data that we collect or you provide as described in this privacy policy with the following third parties :

  • Our Affiliate Partners who we use to provide the Services to you.
  • Contractors, service providers and other third parties we use to support our business and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them.
  • Third parties we may be required to disclose such personal data to in order to comply with our legal obligations or enforce our legal rights, e.g. any relevant authority or enforcement body and fraud protection and credit risk reduction agencies.
  • Any potential or actual third party buyer of our operations and/or assets in the event that we sell, trade or license ownership of any part of the OpenPOWER business or assets (including management of the Website).

Will my data be sent abroad?

As our contacts database is based and hosted in the US, any personal data you submit to us will be held here. Additionally, OpenPOWER members are based in multiple different countries and may be affiliated with multiple, cross-border Working Groups. If you are based in the EU, this means your personal data may be transferred outside of the European Economic Area to another jurisdiction. Where this is the case and we are responsible for making such a transfer, we will ensure that these are made subject to appropriate safeguards as required by applicable data protection laws, to ensure that a similar degree of protection is afforded to your personal data. These will include the use of EU Commission approved standard contractual clauses or transfers of countries deemed to provide an adequate level of protection for personal data by the European Commission.
You can obtain further information about the safeguards in place for your international transfers of personal data by contacting us.

How long do you keep my personal data?

We keep your data for as long as it's necessary to meet the relevant purposes for which we've collected your data, including for the purpose of satisfying any legal, accounting or reporting requirements. To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm, from unauthorised use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements. Details of retention periods for different aspects of your personal data will be available and can be requested from us by Contacting Us. In some circumstances you can ask us to delete your data: see "Your rights in respect of your personal data" below for further information. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your rights in respect of your personal data

The following section applies only if you are based in the EU. In certain circumstances you have rights under data protection laws in relation to the personal data we hold about you.

You can request to :

  • Access information held about you.
  • Rectify any incorrect or incomplete data we hold about you. It is both in our interest and yours that any personal data we hold about you is accurate, complete and current. If the data we hold about you is inaccurate in any way, please contact us to have your personal data corrected. You can update any incorrect contact information yourself by contacting admin@openpowerfoundation.org.
  • Delete, restrict or remove the data we hold about you.
  • Transfer the data we hold about you to another party.
  • Object to any further processing of your data. You can make all such requests via email to admin@openpowerfoundation.org.

We will endeavour to respond to your requests within one month and free of charge. Please note that in respect of all these rights, we reserve the right to:

  • Refuse your request based on the exemptions set out in the applicable data protection laws
  • Request for proof of your ID to process the request or request further information
  • Charge you a reasonable administrative fee for any repetitive, manifestly unfounded or excessive requests

If we refuse your request to exercise these rights, we will give reasons for our refusal and allow you to challenge our decision. If you have any concerns about how we handle your data, please contact us. If you are not satisfied after we've tried to resolve your issue, you'll be entitled to lodge a complaint with the data protection regulator for your country of residence.

Security of your data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Cookies and other Technologies

In common with many websites, we use "cookies" to help us gather and store information about visitors to our websites. A cookie is a small data file that our server sends to your browser when you visit the site. The use of cookies helps us to distinguish you from other users of the Website and assist your use of certain aspects of the site. You can delete cookies at any time or you can set your browser to reject or disable cookies, however if you do this you may not be able to access all or parts of our site. You can obtain information about how to manage cookies by clicking "help" on your browsers menu or visiting www.aboutcookies.org. Details of the cookies that we set, or are set by third parties, on our websites can be found in our cookie policy : https://openpowerfoundation.org/cookie-policy/

The Website may contain links to other websites not owned and operated by OpenPOWER, for example, Social Media Platforms and Affiliate Partner websites. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Changes to this Policy

We may from time to time review and amend this Privacy Policy to take into account changes in law, technology and our operations. We will post any changes to this Privacy Policy on the Website from time to time and, where appropriate, notify you by e-mail. Please periodically review this Privacy Policy before using the Website as continued use of the Website shall indicate your acceptance of any changes. All personal data held by us will be governed by the most recent Privacy Policy posted on the Website.

Contact us

If you have any queries relating to this privacy notice (including any requests to exercise your legal rights in respect of your data), you can contact us through the Contact Us page of our Website.