Last Updated: November 5, 2021
For purposes of the General Data Protection Regulation ("GDPR"), Open Sats is the controller of your personal information. Where processing of personal information is undertaken by our affiliates, subsidiaries and related entities, they are a joint controller with Open Sats Initiative for your personal information.
Personal Information That Open Sats Collects
We collect personal information directly from individuals, from third parties, and automatically through the Sites and Services. You do not have to provide us your personal information. However, if you choose not to disclose certain information, we will not be able to provide you with access to certain services or features, including registering on the Sites, registration for training, events, or other programs, or participation in certain aspects of our open-source projects.
Registration Information. We collect personal information when you register for an account or register to participate in an Open Sats event or Program:
Account and Profile Information. Users may sign up for, request, or order our Services and may register to receive materials on our Sites. Users may also create a login, which is a single sign-on account which is used for common access to many of our Services. Personal information collected on the Sites includes community forum content, profiles, photographs, names, unique identifiers, information about your current and past employment affiliations, contact information (address, telephone number, email address, preferred pronoun, etc.), and transaction information (to the extent you share that information). In order to access certain personalized services on the Sites, you may be asked to also create and store a username and password for an account from Open Sats. In order to improve the functioning of the website and our subsequent communications to users we may also ask users to provide additional optional information regarding your interests, demographics, experience and detailed contact preferences.
Donations. To register for and participate in the Open Sats Projects and related Services, users must have an active login ID and account (see above for information collected related to account registration). Open Sats may collect the following information related to financial contributions and :Depending on the Community Bridge Services in which users participate, we may also collect additional information relating to their use of those Services, including:
- Donations: We collect information about financial contributions made, as well as and funds received through the Sites. Open Sats generally only records the result of the transaction and any references to the transaction record provided by the third-party site. For example, when users make financial contributions to projects, we collect and process the donation amount, allocation to certain projects, and identifiers used to associate that donation with the donor and project in the project's open and transparent public ledger (unless otherwise agreed to by the donor and Open Sats. We also collect disbursement amount and category, recipient name and email, and identifiers related to disbursements of project funds for projects. Further, we use third-party services including Stripe to facilitate funding and disbursements. If applicable, the third-party site may collect payment information directly to facilitate a transaction.
Events Registration. When you register for an Open Sats event (training, conference, or other event) to participate as an attendee, a speaker or a sponsor, we collect personal information that includes name, company, contact information, and other information. We may also collect other optional personal information such as likes, interests, preferred pronoun, dietary restriction, size preferences for conference attire gifts and other background information. In addition, if you provide it, we may collect (1) personal information about disabilities, medical conditions and allergies in order to provide appropriate accommodations for attendees, and (2) personal information about your citizenship, date of birth, and passport details if you request assistance from us with obtaining a visa letter to travel to one of our events.
For in-person events requiring attendees to be vaccinated against COVID-19, in order to provide a safer environment for attendees and staff, we may collect information to verify your identity and COVID-19 vaccination status. We may collect this information via direct verification of identity and vaccination status documents by Open Sats staff or third-party contractors, and/or through the use of third-party vaccination status apps and service providers.
Training and Certification Exam Registration. When you participate in one of our training or certification programs, we collect registration-related personal information that includes name, company, certifications, contact information, and other information depending on the circumstances.
Registration for Projects. You can register to receive access to various information provided by Open Sats and its free and open-source Projects relating to the open-source ecosystem, open source project development, collaboration and best practices. This includes providing us with personal information such as your email address and name to receive newsletters, mailing list postings and social media postings, to view webinars, and to access other resources made available by Open Sats and its Projects.
Your Contributions to Open Source Projects.
Project Integrity and Credit for Attribution. When you contribute source code, documentation or other content to one of our Projects (whether on your own behalf or through a third party entity), we collect and store the information and content that you contribute. This includes the contents of those contributions, as well as information required to confirm the provenance of intellectual property contained in those contributions, and personal information that you make publicly available in the record of the contribution pursuant to sign-offs under the a Certificate of Origin as Follows:
Developer's Certificate of Origin:
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I have the right to submit it under the open-source license indicated in the file; or
(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open-source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or
(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.
(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. [end]
Some Projects require additional agreements or information pursuant to their intellectual property policies; in such cases we collect and store information related to your acceptance of those agreements. We may also collect information relating to your participation in technical, governance, or other Project-related meetings.
Other Project-related Content. The content you provide in relation to Projects also includes materials that you make publicly available in connection with Project development, collaboration and communication, such as on mailing lists, blogs, Project pages and issue trackers, and related services.
Your Content. We collect and store the information and content that you post to the Sites, including your questions, answers, comments, forum postings, and responses to surveys.
Communications. When you communicate with us (via email, phone, through the Sites or otherwise), we may maintain a record of your communication.
Payment Information. To participate in or purchase Services (including registering for events, training and certification exams), users may be asked to be directed to a third-party site, such as Stripe, to pay for their purchases. If applicable, the third-party site may collect payment information directly to facilitate a transaction. Open Sats generally only records the result of the transaction and any references to the transaction record provided by the third-party site.
Automatically Collected Information. In addition, Open Sats may automatically collect the following information about users' use of the Sites or Services through cookies, web beacons, and other technologies: your domain name; your browser type and operating system; web pages you view; when you open certain emails we send; links you click; your IP address; your country of location; the length of time you visit our Sites and or use our Services; and the referring URL, or the webpage that led you to our Sites. We may combine this information with other information that we have collected about you, including, where applicable, your user name, name, and other personal information.
Basis for Use of Personal Information:
Purposes and Legitimate Interests
Open Sats uses the personal information we collect for our legitimate non-proft and charitable business interests, which include the following purposes:
- Providing our Sites and Services. To provide the Services and our Sites, to communicate with you about your use of our Sites and Services, to respond to your inquiries, provide support and maintenance of the Sites and for other purposes to support users and the community.
- Operating our Open-Source Projects. To enable communication between and among open source developers in the community; to facilitate and document Project governance and technical decision-making; to maintain, and make publicly available on a perpetual basis, records regarding intellectual property provenance and license compliance for Project contributions; and for related activities to further Open Sats's core purpose of fostering an ecosystem that supports the collaborative and public development of free and open source software projects. See the "Project Integrity and Credit for Attribution" section above for more information.
- Maintain our Training and Certification Programs. To maintain records about who has attended or registered to attend educational or training programs.
- Event Administration. To plan, organize, and facilitate access to events and related services and activities, and to carry out informative and safe events for participants, including attendees, speakers and sponsors. If you provide us information about disabilities, medical conditions and allergies, we will use this information in order to provide appropriate accommodations for attendees and to ensure their health and safety; we will not use this information for other purposes, unless required by law or as necessary to defend our legal rights. For in-person events requiring attendees to be vaccinated against COVID-19, we use information regarding your COVID-19 vaccination status to provide a safer environment for attendees and staff, in order to confirm vaccination status before permitting access to the event venue space.
- Personalization. To tailor the content and information that we may send or display to you on our Sites and in our Services, to offer location customization and personalized help and instructions and to otherwise personalize your experiences.
- Marketing and Promotions. For marketing and promotional purposes, such as to send you news and newsletters, special offers, and promotions, or to otherwise contact you about Projects, Services, events, trainings or other information we think may interest you related to Open Sats, and, subject to applicable law, our affiliates, subsidiaries and managed services entities.
- Advertising. For targeting advertising to you on our Sites and third-party sites and measuring the effectiveness and reach of ads and services (through third-party ad networks and services).
- Analytics. To gather metrics to better understand how users access and use our Sites and Services and participate in our Projects; to evaluate and improve the Sites, including personalization, to develop new services; and to understand metrics regarding the community health of our Projects. If a user voluntary provides and explicitly consents to our processing of personal information regarding their demographics and socioeconomics, we process such personal information for the specific purposes for which you have consented, which may include for the purpose of compiling, analyzing and disclosing aggregate statistics regarding diversity of participation in open source projects and communities.
- Compliance. To comply with legal obligations and requests. For example, to comply with laws that compel us to disclose information to public authorities, courts, law enforcement or regulators, maintain records for a certain period, or maintain records demonstrating enforcement and sublicensing of our trademarks and those of our Projects.
- Business and Legal Operations. As part of our general charitable and non-profit business and legal operations (e.g., accounting, record keeping, and for other business administration purposes), and as necessary to establish, exercise and defend (actual and potential) legal claims.
Sharing of Personal Information
We disclose personal information as set forth below, and where individuals have otherwise consented:
- Publicly Available Information, including Your Contributions to Open-Source Projects. User names, other user ids, email addresses and other attribution information related to the information and contributions that a user posts in conjunction with or subject to an Open Source license are publicly available in the relevant Project source code repositories. Your contributions to Open-Source Projects, and certain of your other Content such as comments and messages posted to public forums, are available to other participants and users of our Projects and of our Services, and may be viewed publicly. In some cases you may be able to provide Project or contribution-related information directly to third-party sites and services; these third parties are independent data controllers and their use of your personal information is subject to their own policies.
- Service Providers. We may share your information with third party service providers who use this information to perform services for us, such as payment processors, hosting providers, auditors, advisors, contractors and consultants.
- Event Participants. If you register for an event, we may ask for your consent to share your personal information with third party sponsors and other participants. We will not share your event information with third parties without your consent. For in-person events requiring attendees to be vaccinated against COVID-19, we may use third-party service providers to validate your identity and COVID-19 vaccination status.
- Training and Program Sponsors. If you participate in one of our education, certification, or training programs that a third party has sponsored or engaged us to provide to you and others (for example, your employers), we may receive attendee list information from them and may share information about your completion of the program, including confirmation of your participation and your certification exam results, as applicable; these third parties are independent data controllers and their use of your personal information is subject to their own policies. You may also elect to provide third parties (e.g., your employers or your prospective employers) with information that will enable them to look up your certification exam status; if you do so, we may share your certification exam status with such third parties.
- Legally Required. We may disclose your information if we are required to do so by law (including to law enforcement in the U.S. and other jurisdictions).
- Protection of Rights. We may disclose information where we believe it necessary to respond to claims asserted against us or, comply with legal process (e.g., subpoenas or warrants), enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation, and protect the rights, property or safety of Open Sats, its Users, participants in its events or Projects, or others.
- Anonymized and Aggregated Information. We may share aggregated information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.
Cookies, Tracking, and Interest-Based Ads
- Cookies. These are small files with a unique identifier that are transferred to your browser through our websites. They allow us to remember users who are logged in, to understand how users navigate through and use the Sites, and to display personalized content and targeted ads (including on third party sites and applications).
- Pixels, web beacons, clear GIFs These are tiny graphics with a unique identifier, similar in function to cookies, which we track browsing activities.
- Analytics Tools. We may use internal and third-party analytics tools. The third-party analytics companies we work with may combine the information collected with other information they have independently collected from other websites and/or other online products and services. Their collection and use of information is subject to their own privacy policies.
We have implemented commercially reasonable precautions designed to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, Open Sats provides no guarantee that any security measure will be completely and totally secure.
We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity. We ask you to promptly notify us if you become aware that any information provided by or submitted to our Sites or through our Services is lost, stolen, or used without permission at firstname.lastname@example.org.
You may opt out of or withdraw your consent to receive direct marketing emails from us by using the unsubscribe or opt out mechanisms included in our marketing emails or by emailing email@example.com. You may also unsubscribe from mailing lists via the applicable mailing list's subscription website or, in some cases, by using the unsubscribe mechanisms included in such emails.
Retention of Your Personal Information
We generally keep personal information only for as long as required to fulfill the purposes for which it was collected. However, in some circumstances, we may retain personal information for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required. In specific circumstances, we may also retain your personal information for longer periods of time corresponding to a statute of limitation, so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
Scope. This section applies to individuals in the European Union "EU" (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, to the extent applicable, Switzerland).
Data Controller. Open Sats is the data controller for the processing of Personal data related to donor and non-profit accounts and information on our Sites. You can find our contact information below.
Open Sats is the data processor with respect to processing personal information related to donations and any interaction with Projects. If you wish to exercise one of the below rights with respect to your contribution (whether financial or to a Project) please contact us.
Your Rights. Pursuant to the GDPR, to the extent Open Sats is a data controller of your Personal data, you have the following rights in relation to your personal data, under certain circumstances:
Right of access : If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
Right to rectification : If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your personal data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal data so you can contact them directly.
Right to erasure : You may ask us to delete or remove your personal data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal data with so you can contact them directly.
Right to restrict processing : You may ask us to restrict or 'block' the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal data so you can contact them directly.
Right to data portability : You have the right to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by automated means. We will give you your personal data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
Right to object : You may ask us at any time to stop processing your personal data, and we will do so:
If we are relying on a legitimate interest to process your personal data (unless we demonstrate compelling legitimate grounds for the processing or if we are processing your personal data for direct marketing) and if we are processing your personal data for direct marketing, we may keep minimum information about you in a suppression list in order to ensure your choices are respected in the future and to comply with data protection laws (such processing is necessary for our and your legitimate interest in pursuing the purposes described above).
Right to withdraw consent : If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
Right to lodge a complaint with the data protection authority : If you have a concern about our privacy practices, including the way we handled your personal data, you can report it to the data protection authority that is authorized to hear those concerns.
Please see the section below with our contact information on how to reach Open Sats to exercise your rights.
International Transfers of Personal Data. Because Open Sats is a non-profit organization that is not subject to the jurisdiction of the United States Federal Trade Commission, it is not eligible for certification under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks ("Frameworks") as set forth by the U.S. Department of Commerce regarding the processing of personal data transferred from the EU, United Kingdom, and Switzerland to the U.S. (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway). However, Open Sats commits to process Personal data transferred from the EU to the United States in accordance with the principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability, as described below.
Accountability for Onward Transfers. We may be accountable for the personal data transfer to third-party service providers. If we are and our third-party service providers process personal data in a manner inconsistent with these principles, we are responsible and liable for the harm caused, unless we prove that we are not responsible for the event giving rise to the damage.
Data Integrity and Purpose Limitation. We take reasonable steps to ensure that personal data is reliable for its intended use, and that it is accurate, complete and current for as long as we retain it. We will retain the data as long as necessary for the following purposes: delivering the Services, engaging in customer service, complying with legal obligations, auditing, performing security and fraud prevention, responding to legal and regulatory inquiries, and preserving or defending our legal rights or those of other users or third parties.
Access. EU users have certain rights to access, correct, amend, or delete personal data where it is inaccurate, or has been processed in violation of these principles. Please see the "Your Rights" section above for more information on the rights of users in the EU (and, to the extent applicable, users in Switzerland).
Recourse, Enforcement, Liability. Open Sats commits to resolve complaints about our processing of your personal data. European Union, United Kingdom, and Swiss users with inquiries or complaints regarding our processing of Personal data should first contact Open Sats as follows:
Attention: Information Security
We will respond to such inquiries or complaints within thirty (30) days.
Open Sats does not knowingly collect or solicit personal information from anyone under the age of sixteen (16), or knowingly allow such persons to register. If we become aware that we have collected personal information from a child under the relevant age without parental consent, we take steps to delete that information. Where we specifically indicate that we collect personal information from children under sixteen (16), we will obtain the parent or guardian's consent and provide adequate notice.
Links to Third Party Sites and Services
The Sites may contain links to third party sites or online services. Please refer to the privacy policies of the relevant third-party websites or services to find out more about how they process and handle personal information.
California Privacy Rights
Only to the extent that Open Sats meets the minimum thresholds as required under California law to be subject to the California Privacy Rights Act of 2020, residents of California will be able to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the types of personal information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an email to firstname.lastname@example.org. We reserve the right to ask for verification of your California residence and deny this request if Open Sats believes it is not subject to this requirement.