privacy-policy.md 12.6 KB
Newer Older
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
1
2
3
DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT
This is revision 1, effective since ISO DATE HERE.

4
5
Arch Linux Privacy Policy
=========================
6

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
7
8
9
This policy describes how Arch Linux collects, uses, protects and discloses user information
collected by Arch Linux services, and provides information about the choices you have regarding the
ways in which your personal information is manipulated.
10

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
11
12
13
The scope of this privacy policy extends to all public as well as internal services operated by
Arch Linux, including in particular all web services provided on the `archlinux.org` domain and its
subdomains.
14
15

For convenience, Arch Linux is referred to in this document as "Arch".
16

17
18
19
20
_Table of contents_:

[[_TOC_]]

21
22
Our commitment to privacy and data security
-------------------------------------------
23

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
24
25
26
Arch values your privacy. To better protect your privacy, we have provided this policy explaining
our information practices and the choices you can make about the way your personal information is
collected, used and disclosed.
27

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
28
29
30
31
32
Arch staff members and service administrators are familiar with our privacy policy guidelines. Our
websites enforce [Transport Layer Security](https://en.wikipedia.org/wiki/Transport_Layer_Security)
(TLS), which encrypts the communication channel you use when you send your personal information to
our websites. Arch is committed to provide its services from secure systems to prevent unauthorized
access to your personal information.
33

34
35
The information we collect
--------------------------
36

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
37
38
This privacy policy applies to all information collected by or submitted to Arch services,
including personal data. "Personal data" is data that can be used to identify an individual.
39

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
40
41
42
Arch collects certain information for statistical and security purposes whenever you access an Arch
service. This includes standard information that web browsers typically make available to the web
servers, notably:
43
44
45
46
47
48

- the pages you visited on our websites,
- the date and time you access a website,
- the name and version of your browser,
- your public IP address.

49
50
Arch collects personal data when:

51
52
53
- you create a user account,
- you post comments on the boards, AUR, bug tracker or mailing lists,
- you create content on the wiki,
54
- you submit packages to the AUR.
55

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
56
57
Arch may also collect personal data from individuals (with their consent) who participate and/or
contribute to Arch. The types of personal data collected may include (but are not limited to):
58

59
60
61
62
- your first and last name,
- your username,
- your country code,
- your e-mail address,
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
63
64
- any information that Arch collects online from you and maintains in association with your account,
  such as:
65
    - your system password for the forums, wiki, or bug tracker,
66
67
68
69
70
71
72
73
74
    - your GPG key ID,
    - your SSH public key,
    - your IRC nickname,
    - your IP address,
    - your language preference,
    - your timezone,
    - your geographic coordinates (longitude/latitude),
    - your disclosed affiliation(s).

75
76
Publicly available personal data
--------------------------------
77

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
78
79
Some personal data attached to Arch accounts is made public by default _if you opt to include it in
your profile_. Specifically:
80
81
82
83

- your GPG key ID (if defined);
- your location (if defined)
- your website, blog, or other affiliations (if defined).
84

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
85
86
87
If you wish for this information to be kept private, you can opt-out of displaying this information
publicly in your account profile. If you choose to opt-out, Arch will still have access to this
information, but it will not be displayed to others, and will be considered private.
88

89
90
Using (processing) your personal data
-------------------------------------
91
92
93

Arch uses the personal data you provide to:

94
95
96
97
98
- create and maintain your accounts;
- identify and authenticate you;
- attribute data and content you produce directly and indirectly in our public-facing services;
- answer your questions;
- send you information;
99
100
- for research activities, such as the production of statistical reports (such aggregated
  information is not used to contact the subjects of the report).
101

102
103
Sharing your personal data
--------------------------
104

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
105
106
Unless you consent, Arch will never process or share the personal data you provide to us except as
described below.
107
108
109

Arch may share your personal data with third parties under any of the following circumstances:

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
110
111
112
113
114
115
116
117
- Your publicly available personal data in the Arch account system, as described above, is
  accessible by anyone unless you, as the account holder, opt out as already described in this
  privacy policy.
- As required by law (such as responding to a valid subpoena, warrant, audit, or agency action,
  or to prevent fraud).
- For research activities, including the production of statistical reports (such aggregated
  information is used to describe our services and is not used to contact the subjects of the
  report).
118

119
120
Receiving e-mail
----------------
121

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
122
123
124
125
126
Arch may send you e-mail about your account, to communicate with you about your accounts, or in
response to your questions. For your protection, Arch may contact you in the event that we find an
issue that requires your immediate attention. Arch processes your personal data in these cases to
fulfill and comply with its contractual obligations to you, to provide the services you have
requested, and to ensure the security of your account.
127

128
129
Cookies and other browser information
-------------------------------------
130

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
131
Arch's online services automatically capture IP addresses. We use IP addresses to help diagnose
132
problems with our servers, to administer our websites, and to help ensure the security of your
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
133
134
135
136
interaction with our services. Your IP address is used to help identify you and your location, in
order to provide you data and content from our services as quickly as possible. It is in the
interests of the Arch community to maximize the efficiency and effectiveness of its services for
all users.
137

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
138
139
140
141
142
As part of offering and providing customizable and personalized services, Arch websites use cookies
to store and sometimes track information about you. A cookie is a small amount of data that is sent
to your browser from a web server and stored on your computer's hard drive. All websites provided
by Arch where you are prompted to log in or that are customizable require your browser to accept
cookies.
143
144
145

Generally, we use cookies to:

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
146
147
148
149
150
151
152
153
154
155
156
157
158
159
1. Remind us of who you are and to access your account information (stored on our computers) in
   order to provide a better and more personalized service. This cookie is set when you register or
   "sign in" and is modified when you "sign out" of our services.
2. Estimate audience size. Each browser accessing an Arch website is given a unique cookie that is
   used to determine the extent of recurrent usage and usage by a registered user versus by an
   unregistered user.
3. Measure certain traffic patterns, which areas of Arch's network of websites you have visited,
   and your visiting patterns in the aggregate. We use this research to understand how our
   infrastructure needs to scale to meet demand.

If you do not want your personal information to be stored by cookies, you can configure your
browser so that it always rejects these cookies or asks you each time if you accept them or not.
However, you must understand that the use of cookies may be necessary to provide certain services
(see 1. above), and choosing to reject cookies will reduce the performance and functionality of the
160
161
service. Your browser documentation includes instructions explaining how to enable, disable or
delete cookies at the browser level (usually located in the "Help", "Tools" or "Edit" facility).
162

163
164
Public forums reminder
----------------------
165

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
166
Arch makes its public services, including [wiki](https://wiki.archlinux.org/),
nl6720's avatar
nl6720 committed
167
[IRC chat rooms](https://wiki.archlinux.org/title/Arch_IRC_channels),
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
168
169
170
171
172
173
174
[bulletin boards](https://bbs.archlinux.org/), [mailing lists](https://lists.archlinux.org/),
[bug tracker](https://bugs.archlinux.org/), [AUR](https://aur.archlinux.org/) and a
[GitLab instance](https://gitlab.archlinux.org/), available to its users. Please remember that _any
information_ that is disclosed in these areas becomes __public information__. Exercise caution when
deciding to disclose your personal data. Although we value individual ideas and encourage free
expression, Arch reserves the right to take necessary action to preserve the integrity of these
areas, such as removing any posting that is vulgar or inappropriate. See our
175
[Code of conduct](code-of-conduct.md) for what is acceptable behavior.
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
176
177
178
179
180
181

It is in the interest of the Arch community to provide all users an accurate record of data and
content provided in the public forums it maintains and uses; to maintain the integrity of that data
and content for historical, scientific, and research purposes; and to provide an environment for
the free exchange of ideas relevant and constructive to the development and propagation of open
source software.
182

183
184
About links to other sites
--------------------------
185

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
186
187
188
Arch websites contain links to other sites. Arch does not control the information collection of
sites that can be reached through links from Arch websites. If you have questions about the data
collection procedures of linked sites, please contact those sites directly.
189

190
191
Your rights under GDPR in the EEA
---------------------------------
192

193
194
195
196
Where the [EU General Data Protection Regulation](
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN)
2016/679 ("GDPR") applies to the processing of your personal data, especially when you access an
Arch service from a country in the European Economic Area ("EEA"), you have the following rights,
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
197
subject to some limitations, against Arch:
198

199
200
201
202
203
- The right to access your personal data;
- The right to rectify the personal data we hold about you;
- The right to erase your personal data;
- The right to restrict our use of your personal data;
- The right to object to our use of your personal data;
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
204
205
- The right to receive your personal data in a usable electronic format and transmit it to a third
  party (also known as the right of data portability); and
206
- The right to lodge a complaint with your local data protection authority.
207

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
208
209
210
211
If you would like to exercise any of these rights, please contact the administrators of the forum,
wiki, or bug tracker where your information is stored. Please understand, however, the rights
enumerated above are not absolute in all cases. Nor does this extend to public information (see the
[Public forums reminder](#public-forums-reminder) section).
212

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
213
214
215
216
Where the GDPR applies, you also have the right to withdraw any consent you have given to uses of
your personal data. If you wish to withdraw consent that you have previously provided to Arch, you
may do so via email to the relevant administrators. However, the withdrawal of consent will not
affect the lawfulness of processing based on consent before its withdrawal.
217

218
219
How to access, modify or update your information
------------------------------------------------
220

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
221
222
223
224
Arch gives you the ability to access, modify or update your personal data at any time. You may log
in and make changes to your login information (change your password), your contact information,
your general preferences and your personalization settings. If necessary, you may also contact us
and describe the changes you want made to the personal data you have previously provided via email.
225

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
226
227
228
229
If you wish to remove your personal data from Arch, you may contact us via email and request that
we remove this information from the relevant Arch account system. Other locations where you may
have used your personal data as an identifier (e.g. forum or bug tracker comments, list postings in
the archives, wiki change history, and spec changelogs) will not be altered.
230

231
232
How to contact us
-----------------
233

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
234
235
236
If you have any questions about any of these practices or Arch's use of your personal information,
please feel free to contact us at [privacy@archlinux.org](mailto:privacy@archlinux.org), and we
will work with you to resolve any concerns you may have about this policy.
237

238
239
Changes to this policy
----------------------
240

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
241
242
Arch reserves the right to change this policy from time to time. If we do make changes, the revised
policy will be posted on this site and a notice will be posted to our
nl6720's avatar
nl6720 committed
243
[home page](https://archlinux.org/) whenever this privacy statement is changed in a material
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
244
245
way. Your continued use of Arch services after any change in this policy will constitute your
acceptance of such change.
246

247
248
Credits
-------
249

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
250
251
252
253
254
This document is based on the
[Fedora Project's Privacy Policy](https://fedoraproject.org/wiki/Legal:PrivacyPolicy), used under
the terms of the [CC BY-SA 3.0](https://creativecommons.org/licenses/by-sa/3.0/) license.
This document is licensed under the terms of
[CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/).