Privacy Policy

Effective: 26 July 2022

 The purposes of Linux Foundation Europe, a Belgian private stichting headquartered in Belgium ("LF Europe"), are to:

• support the collaborative development, availability and adoption of open source software, hardware and networking and other technologies and the collaborative development, availability and adoption of open protocols and standards (individually and collectively, “Open Technology”);
• host various projects pursuing the development of Open Technology and other technical assets, materials and processes (each such project, which itself may include any number of projects, a “Project”);
• provide enablement and support to Projects to assist their development activities; and
• undertake such other lawful activity as permitted by law and as consistent with the mission, purpose and tax status of LF Europe.

This Privacy Policy describes our policies and procedures about the collection, use, disclosure and sharing, and other processing of your personal data when you use our websites (e.g., linuxfoundation.eu) and participate in or use our Project sites (collectively, the “Sites”). This Privacy Policy applies to activities by LF Europe and its Projects.

Capitalized terms that are not defined in this Privacy Policy have the meaning given them in our Terms of Use. In this Privacy Policy, “personal data” has the meaning attributed thereto under the General Data Protection Regulation of the European Union and/or the Data Protection Act
 2018 (as applicable, the “GDPR”), and for individuals in other jurisdictions “personal data” means information relating to an identified or identifiable natural person. Your use of our Sites, and any dispute over privacy, is subject to this Policy and our Terms of Use, including its applicable limitations on damages and the resolution of disputes. The LF Europe Terms of Use
 are incorporated by reference into this Policy.

As described herein, The Linux Foundation, an Oregon non-profit corporation, provides support and performs services for LF Europe as a managed services provider with regards to Projects and other activities of LF Europe. When you attend or sponsor LF Europe events, purchase training or certification exams, participate in or contribute to Projects, access and use the LFX platform or your LF Login account, subscribe to project newsletters and technical mailing lists, or otherwise engage with LF Europe, your personal data may be shared with The Linux Foundation in connection with enabling such activities, and The Linux Foundation is a separate
 controller of your data with regards to such activities. For purposes of such activities, The Linux Foundation is a joint controller with LF Europe of your personal data. The Linux Foundation’s privacy policy is available at https://linuxfoundation.org/privacy-policy/.

Personal Data That LF Europe Collects

We collect personal data directly from individuals, from third parties, and automatically through the Sites. You do not have to provide us your personal data. However, if you choose not to disclose certain personal data, we will not be able to provide you with access to certain services or features, including participation in certain aspects of our Open Technology Projects.

Your Contributions to Open Technology Projects

Attribution, Provenance and Integrity. When you contribute source code, documentation or other content to one of our Projects (whether on your own behalf or through contributions made as part of your employment services to your employer), we collect and store the personal data and content that you contribute. This includes the contents of those contributions, as well as data
 required to confirm the provenance of intellectual property contained in those contributions, and personal data that you make publicly available in the record of the contribution pursuant to sign-offs under the Developer Certificate of Origin (https://developercertificate.org/). Some
 Projects require additional agreements or personal data pursuant to their intellectual property policies; in such cases we collect and store personal data related to your acceptance of those agreements. We may also collect personal data relating to your participation in technical, governance or other Project-related meetings.

Other Project-related Content

The content you provide in relation to Projects also includes materials that you make publicly available in connection with Project development, collaboration and communication, such as on mailing lists, blogs, Project wiki pages and issue trackers, and related services.

Registration for Project Resources and LF Europe Resources. You can register to receive access to various resources provided by us and our Projects regarding the Open Technology ecosystem, Open Technology project development, collaboration and best practices. This
 includes providing us with personal information such as your email address and name to receive newsletters, mailing list postings and social media postings, to view webinars, and to access other resources made available by us and our Projects.

Your Content. We collect and store the personal data and content that you post to the Sites, including your questions, answers, comments, forum postings, and responses to surveys. Please see the section on Publicly Available Information for how the personal data you post will
 be viewed on our Sites.

Communications. When youcommunicate with us (via email, phone, through the Sites or otherwise), we may maintain a record of your communication.

Automatically Collected Data. In addition, LF Europe may automatically collect the following information about individuals’ use of the sites or services through cookies, web beacons, and
 other technologies: your domain name; your browser type and operating system; web pages you view; when you open certain emails we send; links you click; your IP address; your country of location; the length of time you visit our Sites and or use our services; and the referring URL, or the webpage that led you to our Sites. We may combine this information with other information that we have collected about you, including, where applicable, your user name, name, and other personal data. Please see our cookie policy at
 https://linuxfoundation.eu/policies/cookie-policy/ for more information about our use of cookies.

De-identified Data. We may de-identify and aggregate certain data we collect such that the data no longer identifies or can be linked to a particular individual data subject (“De-identified Data”). We may use this data to improve our Services, analyze trends, publish market research,
 and for other marketing, research or statistical purposes, and may disclose such data to third parties for these specific purposes.

Purposes and Legal Bases for Our Using of Your Personal Data

Purposes and Legitimate Interests
LF Europe uses the personal data we collect for our legitimate business interests, which include the following purposes:

• Providing our Sites and Services. To provide the Services and our Sites (including Project Sites), to communicate with you about your use of our Sites and Services, to
   respond to your inquiries, provide troubleshooting of the Sites and for other purposes to support individuals and the community.
• Operating our Open Technology Projects. To enable communication between and among Open Technology developers in the community; to facilitate and document Project governance and technical decision making; to maintain, and make  publicly available on a perpetual basis, records regarding intellectual property provenance and license compliance for Project contributions; and for related activities to further LF Europe’s purposes, including fostering an ecosystem that supports the collaborative and
   public development of Open Technology Projects as set forth in the preamble of this Privacy Policy. See the “Attribution, Provenance and Integrity” section above for more
   information.
• Personalization. To tailor the content and information that we may send or display to you
   on our Sites and in our Services, to offer location customization and personalized help and instructions and to otherwise personalize your experiences.
  • Marketing and Promotions. For marketing and promotional purposes, such as to send you news and newsletters, special offers, and promotions, or to otherwise contact you about Projects, Services, events, trainings or other information we think may interest you related to LF Europe, and, subject to applicable law, our affiliates and related
     entities.
• Advertising. For targeting advertising to you on our Sites and third-party sites and measuring the effectiveness and reach of ads and services (through third-party ad
   networks and services).
• Analytics. To gather metrics to better understand how individuals access and use our Sites and Services and participate in our Projects; to evaluate and improve the Sites, including personalization, to develop new services; and to understand metrics regarding
   the community health of our Projects.
• Compliance. To comply with legal obligations and requests. For example, to comply with
   laws that compel us to disclose personal data to public authorities, courts, law enforcement or regulators, maintain records for a certain period, or maintain records
   demonstrating enforcement and sublicensing of our trademarks and those of our Projects.
• Business and Legal Operations. As part of our general business and legal operations (e.g., accounting, record keeping, and for other business administration purposes), and as necessary to establish, exercise and defend (actual and potential) legal claims.
• Prevent Misuse. Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Use or this Privacy Policy.

Sharing of Personal Data

 We disclose personal data as set forth below, and where individuals have otherwise consented:

• Publicly Available Information, including Your Contributions to Open Technology Projects.  User names, other user ids, email addresses and other attribution information related to the personal data and contributions that an individual posts in conjunction with
   or subject to an Open Technology license are publicly available in the relevant Project repositories. Your contributions to Open Technology Projects, and certain of your other Content such as comments and messages posted to public forums, are available to
   other participants and users of our Projects and of our Services, and may be viewed publicly. In some cases you may be able to provide Project or contribution-related personal data directly to third-party sites and services; these third parties are
   independent data controllers and their use of your personal data is subject to their own policies.
• Service Providers. We may share your personal data with third party service providers who use this personal data to perform services for us, such as payment processors, hosting providers, auditors, advisors, contractors and consultants. In addition, The Linux Foundation performs services for LF Europe as a managed services provider with regards to Projects. In such cases, LF Europe may share with The Linux Foundation the same types of data as described above, doing so in the furtherance of performing services for those Projects. Additionally, if you register to participate in offerings such as events, training, certification exams, the LFX platform, or other offerings supported and  enabled by The Linux Foundation, we may share your personal data with The Linux Foundation and/or you may provide it to The Linux Foundation directly. The Linux Foundation’s privacy policy is available at https://www.linuxfoundation.org/privacy/.
• Affiliates. The personal data collected about you may be accessed by or shared with related entities and affiliates of LF Europe, whose use and disclosure of your personal data is subject to this Privacy Policy, unless an affiliate or related entity has its own
   separate privacy policy.
• Organizational Events.  We may disclose or transfer personal data as part of any merger, sale, and transfer of our assets, or restructuring of all or part of our business operations, bankruptcy, or similar event, including in negotiations, due diligence, and
   integrations related to such transactions.
• Legally Required.  We may disclose your personal data if we are required to do so by law (including to law enforcement in the U.S. and other jurisdictions).
• Protection of Rights.  We may disclose personal data where we believe it necessary to respond to claims asserted against us or, comply with legal process (e.g., subpoenas or warrants), enforce or administer our agreements and terms, for fraud prevention, risk
   assessment, investigation, and protect the rights, property or safety of LF Europe, visitors to its sites, participants in its Projects, or others.
• Anonymized and Aggregated Data.  We may share aggregate or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.

Cookies, Tracking, and Interest-Based Ads

 We and our third-party providers use cookies, clear GIFs/pixel tags, JavaScript, local storage, log files, and other mechanisms to automatically collect and record information about your usage and browsing activities on our Site and across third party sites or online services. We
 may combine this information with other information we collect about individuals. Below, we provide a brief summary these activities. For more detailed information about these mechanisms and how we collect activity information, see our Cookie Policy.

• Cookies. These are small files with a unique identifier that are transferred to your browser through our websites. They allow us to remember individuals who are logged in, to understand how individuals navigate through and use the Sites, and to display personalized content and targeted ads (including on third party sites and applications).
• Pixels, web beacons, clear GIFs. These are tiny graphics with a unique identifier, similar in function to cookies, which we track browsing activities. We use these in our emails to let us know when they have been opened or forwarded, so we can gauge the effectiveness of our communications.
• Analytics Tools. We may use internal and third-party analytics tools, including Google Analytics. The third-party analytics companies we work with may combine the information collected with other information they have independently collected from otherwebsites and/or other online products and services. Their collection and use of information is subject to their own privacy policies.

Please note that LF Europe does not respond to browser “do not track” signals or other similar mechanisms intended.

Targeted Ads. As discussed in our Cookie Policy, we may work with third party advertisers to display more relevant ads on our website and on third party sites; these third parties may display ads to you based on your visit to our Sites and other third party sites. For more
 information about this and how you can opt out of such ads, please see our Cookie Policy.

Data Security We have implemented commercially reasonable precautions designed to protect the personal data we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee 100% security.

You should take steps to protect against unauthorized access to your passwords, phone, and computer by, among other things, signing off after using a shared computer, choosing robust passwords that nobody else knows or can easily guess, not using a password for more than one site or service, and keeping your log-ins and passwords private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity. You must promptly notify us if you become aware that any personal data provided by or submitted to our Sites or through our Services is lost, stolen, or used without permission at privacy@linuxfoundation.eu.

Marketing Choices
You may opt out or revoke your consent to receive direct marketing emails from us by using unsubscribe or opt out mechanisms included in our marketing emails or by emailing privacy@linuxfoundation.eu. You may also unsubscribe from mailing lists via the applicable mailing list’s subscription website or, in some cases, by using the unsubscribe mechanisms included in such emails.

Retention of Your Personal Data
We generally keep personal data only for as long as required to fulfill the purposes for which it was collected. However, in some circumstances, we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal, tax and
 accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required. In specific circumstances, we may also retain your personal data for longer periods of time corresponding
to a statute of limitation, so that we have an accurate record of your dealings with us in the event of any complaints or challenges.

International Transfers
If your data is subject to the GDPR, you should note that as described above, your personal data may be transferred to the United States where The Linux Foundation is located. The United States has not been deemed by the European Commission or the Secretary of State of
 the United Kingdom to ensure an adequate level of protection.  However, we have put in place Standard Contractual Clauses approved by the European Commission and the Secretary of State of the United Kingdom (“Standard Contractual Clauses”) which protect personal data
 transferred between LF Europe and affiliated or related entities as well as The Linux Foundation, its managed service provider. In addition, if personal data is transferred to third party service providers located outside the European Union or the United Kingdom, we will take
 steps to ensure that your personal data receives the same level of protection as if it remained within the European Union or the United Kingdom, including by entering into data transfer agreements, or using the Standard Contractual Clauses. You have a right to obtain details of the
 mechanism under which your personal data is transferred outside of the European Union or the United Kingdom by contacting gdpr@linuxfoundation.eu.

Children’s Privacy
Except as specifically indicated within a Site, we do not knowingly collect or solicit personal data from anyone under the age of 13 (or under the age of 14 for anyone living in Spain or South Korea), or knowingly allow such persons to register. If we become aware that we have collected personal data from a child under the relevant age without parental consent, we take steps to delete that personal data.

Links to Third Party Sites and Services
The Sites may contain links to third party sites or online services. We are not responsible for the practices of such third parties, whose information practices are subject to their own policies and procedures, not to this Privacy Policy.

Your Rights

 If your personal data is subject to the GDPR:

Access and Amendment. You may contact our privacy coordinator, as set forth below, to access or amend your personal data.

Additional Rights. Individuals in the European Union and the United Kingdom (and other jurisdictions where applicable) have additional rights under applicable law:

• to obtain a copy of your personal data together with information about how and on what legal basis that personal data is processed;
• to rectify inaccurate personal data (including to have incomplete personal data completed);
• to erase your personal data (in limited circumstances, such as where it is no longer necessary in relation to the purposes for which it was collected or processed);
• to restrict processing of your personal data under certain circumstances;
• to export certain personal data in machine-readable format to a third party (or to you) when we justify our processing on the basis of your consent or the performance of a contract with you and the processing is carried out by automated means;
• to withdraw your consent to our processing of your personal data (where that processing is based on your consent), without affecting the lawfulness of processing based on consent before its withdrawal;
• to obtain, or see a copy of the appropriate safeguards under which your personal data is transferred to a third country or international organization; and
• to object to our use and processing of your personal data that is conducted on the basis of a legitimate interest. You also have the right to object at any time to any processing of your personal data for direct marketing purposes, including profiling for marketing
   purposes.

Lodging a Complaint. You also have the right to lodge a complaint with your local supervisory authority for data protection, or privacy regulator. A list of data protection supervisory authorities is available here.

Submitting a Request. To exercise the above rights or contact us with questions or complaints regarding our treatment of your personal data, contact us at gdpr@linuxfoundation.eu. Please note that we may request proof of identity, and we reserve the right to charge a fee where
 permitted by law, especially if your request is manifestly unfounded or excessive. We will respond to your request within all applicable timeframes pursuant to applicable law.

California Privacy Rights

California law permits individuals who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal data (if any) for their direct marketing purposes in the prior calendar year, as well as the types of personal data disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an email to privacy@linuxfoundation.eu. We may ask you to very your California residency.

Contact Us

If you have any questions about our practices or this Privacy Policy, please contact us at privacy@linuxfoundation.eu, or write to us at: Linux Foundation Europe, Attn: Legal,Kunstlaan  56, 1000 Brussel (België) Belgium.

Changes to the Privacy Policy

 This Policy is current as of the effective date set forth above. If we change our privacy policies and procedures, we will post those changes on this page and/or continue to provide access to a copy of the prior version. If we make any changes to this Privacy Policy that materially change how we treat your personal data, we will endeavor to provide you with reasonable notice of such changes, such as via prominent notice on our Sites or to your email address of record, and where required by law, we will obtain your consent or give you the opportunity to opt out of such changes.