From ce1156dab0c7601fc2d1f912d904c39fe01136fa Mon Sep 17 00:00:00 2001 From: Mathieu Tortuyaux Date: Fri, 9 Aug 2024 10:41:25 +0200 Subject: [PATCH] content: add privacy policy Signed-off-by: Mathieu Tortuyaux --- content/faq.md | 4 ++ content/privacy-policy.md | 131 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 135 insertions(+) create mode 100644 content/privacy-policy.md diff --git a/content/faq.md b/content/faq.md index 5ca6e6db..bf53c44e 100644 --- a/content/faq.md +++ b/content/faq.md @@ -49,3 +49,7 @@ We will continue to actively develop and support Flatcar Container Linux; updati ### What is the significance of the Flatcar Container Linux name? A [flatcar](https://en.wikipedia.org/wiki/Flatcar) is the flat, open railcar used to transport containers. + +### Where is the Flatcar privacy policy? + +Flatcar privacy policy can be found at this link: https://www.flatcar.org/privacy-policy diff --git a/content/privacy-policy.md b/content/privacy-policy.md new file mode 100644 index 00000000..35260eab --- /dev/null +++ b/content/privacy-policy.md @@ -0,0 +1,131 @@ ++++ +draft = false +title = "Privacy Policy" +description = "Describes the ways Flatcar Container Linux gathers, uses, discloses, and manages user, customer or client's data" ++++ + +# Privacy Policy – Flatcar Container Linux + +This Privacy Statement applies to personal data collected by Flatcar Container Linux (“Flatcar Container Linux”, “we”, “our”, or “us”) through its website ([https://www.flatcar.org/](https://www.flatcar.org/)) and social network profiles operated by us (collectively, the **“Sites”**), any of our products or services that you can access, download, or use via the Sites (collectively, the **“Services”**), or when you otherwise interact with us. You can recognize a website operated by us when we post a direct link to this Privacy Policy. + +With this privacy policy, we inform you about the personal data we collect when you visit our Sites or use our Services and how we process it. Thereby, we also fulfil our obligation to inform you pursuant to Article 13 General Data Protection Regulation (GDPR). + +## I. Identity of the controller + + Flatcar Container Linux + Email: flatcar-linux-user@googlegroups.com + +## II. Purposes of processing, its legal basis and the period for which the data will be stored + +### 1. General use of the Sites + +Generally, we do not store personal data while you use our Sites with the exception that our webserver registers all connections to the Sites automatically and collects the following technical information about your visit: + +* IP address; +* Name of the files accessed; +* Information about the transmission; +* Date and time of the connection; +* Amount of data transmitted; +* Referrer; +* Operating system and +* Web browser/user agent. + +We process this data to establish a connection to your device over the Internet. We store the aforementioned data in log files in order to ensure the security and integrity of our IT systems. The respective purposes of the processing also constitute our legitimate interests we pursue with it (Art. 6 par. 1 lit. f) GDPR). + +### 2. Flatcar Container Linux + +We operate the Flatcar Container Linux project, a Linux distribution designed for container workloads supported by us, and a service providing operating system updates. In this context, we collect IP addresses and certain telemetry data [especially: ip addresses] in order to perform the contract with you providing the updates for our operating system, and to help us better understand usage patterns (e.g. how many users are running which version). The processing for such purposes is based on Art. 6 par. 1 lit. b) GDPR. We retain the respective data for 180 days and delete them thereafter. + +### 3. Contact + +You can contact us, for example, by writing an email. In such case, we will process the personal data you provide us with in order to answer your request. This may include especially your name, email address, subject of your message and the message itself. We will retain your messages until we have fulfilled your request. Afterwards, we will delete it immediately. The processing for such purposes is based on Art. 6 par. 1 lit. f) GDPR, while the purposes of the processing also constitute our legitimate interests we pursue with it. + +## III. Recipients and transfers to third countries + +If we are not able to provide services ourselves, we use external service providers. These service providers are primarily providers of IT services, such as our web host, e-mail provider or telecommunications provider. + +If not specifically mentioned elsewhere in this privacy policy, we do not transfer your data to third countries. + +## IV. Rights of the data subject + +If the respective requirements are met, the GDPR grants you certain rights as a data subject. + +**Art. 15 GDPR – Right of access:** You shall have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain information. + +**Art. 16 GDPR – Right to rectification:** You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. + +**Art. 17 GDPR – Right to erasure:** You shall have the right to obtain from us the erasure of personal data concerning you without undue delay. + +**Art. 18 GDPR – Right to restriction of processing:** You shall have the right to obtain from us the restriction of processing. + +**Art. 20 GDPR – Right to data portability:** You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you shall have the right to transmit those data to another controller without hindrance from us. You shall also have the right to have the personal data transmitted directly from us to another controller, where technically feasible. + +**Art. 77 GDPR – Right to lodge a complaint with a supervisory authority:** Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. + +## V. Especially right to object and withdrawal of consent + +**Art. 21 GDPR – Right to Object**: You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on legitimate interests or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller + +In such case, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or where the processing is necessary for the establishment, exercise or defence of legal claims. + +Where personal data are processed for direct marketing purposes, you shall have the right to object at any time for such marketing, which includes profiling to the extent that it is related to such direct marketing. + +If you wish to object to any processing of data, you may send us an email to one of our aforementioned email addresses. + +**Art. 7 par. 3 GDPR – Withdrawal of Consent**: If you have given us your consent, you have the right to withdraw your consent at any time. In case of withdrawal, all data processing based on your consent before your withdrawal will remain lawful. + +## VI. Obligation to provide us with personal data + +You have no statutory or contractual obligation to provide us with any personal data. However, we may not be able to provide you with our services if you decide not to do so. + +## VII. Existence of automated individual decision-making, including profiling + +We do not use automated individual decision-making, including profiling pursuant to Art. 22 GDPR, which produces legal effects concerning you or similarly significantly affects you. + +## VIII. Internet specific processing or use of personal data + +### 1. Google Fonts + +Our Sites use the service Google Fonts by Google to display optimized external fonts. + +When you access our Sites, a connection to Google is established from which Google can identify the websites from which the request has been sent and to which IP address the fonts are being transmitted for display. Google Fonts does not set any cookies and your requests for fonts are separate from and do not contain any credentials you send to google.com while using other Google services that are authenticated, such as Gmail. + +The legal basis for the processing of the data mentioned above is Art. 6 par. 1 lit. f) GDPR. The purpose of the processing also constitutes the legitimate interest to provide you with optimized fonts. + +You can find further information at: [https://developers.google.com/fonts/faq](https://developers.google.com/fonts/faq) and in the Google data protection declaration: [https://policies.google.com/privacy?hl=de](https://policies.google.com/privacy?hl=de). + +### 2. Awesome Fonts + +We use the service Awesome Fonts, provided by Fonticons, Inc., for the uniform display of fonts. When you visit a website, your browser caches the required web fonts to display text and fonts correctly. If your browser does not support web fonts, a standard font is used by your computer. + +For this purpose, the browser you use must connect to the servers of Fonticons, Inc. This allows Fonticons, Inc. to know that your IP address has been used to access our website. The use of web fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 par. 1 lit. f) DSGVO. + +You can find further information about Font Awesome at [https://fontawesome.com/help](https://fontawesome.com/help) + +and in the privacy policy of Fonticons, Inc.: [https://fontawesome.com/privacy](https://fontawesome.com/privacy). + +### 3. Social Networks + +We have profiles on social networks. Our social media accounts complement our Sites and provide you with the opportunity to interact with us. As soon as you access our social media profiles in the social networks, the terms and conditions and the data processing policies of the respective operators apply. + +We generally have no influence on the data processing on the social networks. The data collected about you while using the services are processed by the networks and may be transferred to countries outside the European Union. Information about which data are processed by the social networks and for which purposes the data are used can be found in the privacy policy of the respective network listed below. We use the following social networks: + +**Twitter** +* Twitter International Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. +* Privacy Policy: [www.twitter.com/en/privacy](http://www.twitter.com/en/privacy) +* Privacy-Shield: [www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active](https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active) +* Opt-Out Options: [www.twitter.com/personalization](https://www.twitter.com/personalization) + +**YouTube** +* YouTube LLC as subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. +* Privacy Policy: [policies.google.com/privacy?hl=en&gl=de](https://policies.google.com/privacy?hl=en&gl=de) +* Privacy-Shield: [www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active](https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active) +* Opt-Out Options: [adssettings.google.com/authenticated](https://adssettings.google.com/authenticated) + +**Mastodon** +* Mastodon gGmbH, Mühlenstraße 8a, 14167 Berlin, Germany. +* Privacy Policy: [https://mastodon.social/privacy-policy](https://mastodon.social/privacy-policy) + +We process personal data as a controller, when you send us requests via the social media accounts. We process this data to answer your requests which also constitutes our legitimate interest (Art. 6 par. 1 lit. f) GDPR). + +_August 2024_