The goal of this page is to provide information regarding data processing at FSFE. It is still a work in progress and we are constantly improving the information. In case you have any questions about it, please get in contact with [email protected].
The FSFE e.V., Schönhauser Allee 6/7 Stairway 2, 5. floor 10119 Berlin Germany, is controller for all those processings, the most effective ways to contact the association are on our contact page.
| Service | Processing | What data is processed? | Why is the data processed? | What legal permission do we have according to Article 6 of GDPR? | Who has access? | What is our Data retention policy? |
|---|---|---|---|---|---|---|
| FSFE website | Users visiting the website | Source IP addresses | The web server needs the public IP addresses to serve the pages, we also use those data for debugging and security purposes | Legitimate Interest | System Hackers | We store the data for 14 days |
| FSFE website | Signing the Upcycling Android open letter | Email and name, country, ZIP code, comment; information is voluntary |
To display signature of the open letter; to give updates about the campaign(specific consent) To add the signature to the public list(specific consent) |
Consent Link to privacy policy |
The public list is accessible to everyone UpA coordinator and Sysadmin for others information |
The campaign's duration |
PMPC website |
Users visiting the website | Source IP, Date, HTTP request, User-agent. The source IP is the IP address of our reverse proxy, not a personnal information |
The web server needs the public IP addresses to serve the pages, we also use those data for debugging and security purposes | Legitimate Interest | Sysadmin | We store data for 7 days |
PMPC website |
Signing the open letter | Email and name,country, ZIP code, comment; information is voluntary |
To display signature of the open letter; to give updates about the campaign(specific consent) To add the signature to the public list(specific consent) |
Consent Link to privacy policy |
The public list is accessible to everyone PMPC coordinator and Sysadmin for others information |
The campaign's duration |
art13 savecodeshare.eu |
Signing the open letter | Name, email, country; information is voluntary |
To display signature of the open letter; to give updates about the campaign (specific consent) |
Consent Link to privacy policy |
Signatures will be handed over to the Members of the European Parliament and the EU Council Sysadmin access everything |
Data is stored for the container lifetime (i.e. the campaign's duration) Data may be kept by the Members of the European Parliament and the EU Council for an unknown time |
art13 savecodeshare.eu |
Visiting the website | IP addresses, SQL statements for error messages contain personal information The IP is the IP address of our reverse proxy, not a personnal information |
The web server needs the public IP addresses to serve the pages, we also use those data for debugging and security purposes | Legitimate interest | system administrators | We store data for 7 days |
deviceneutrality.org |
Visiting the website | IP addresses The IP is the IP address of our reverse proxy, not a personnal information |
The web server needs the public IP addresses to serve the pages, we also use those data for debugging and security purposes | Legitimate interest | system administrators | We store data for 7 days |
Blogs |
User visiting the website | IP addresses | The web server needs the public IP addresses to serve the pages, we also use those data for debugging and security purposes | Legitimate Interest | albert, max.mehl, linus, tobiasd, floriansnow | We store data for 14 days |
Wiki |
User visiting the website | Source IP addresses | The web server needs the public IP addresses to serve the pages, we also use those data for debugging and security purposes | Legitimate Interest | Wikicare takers, system-hackers | We store data for 14 days |
Project Call |
Contact information from this form | Name, Email-Address, Local Group Name, Project Plan | Get in contact about incoming requests | Contract | FSFE Council | Data is stored for 6 months after the request |
If you do not click on any external buttons to external sides, data will not be transferred.
| Service | Processing | What data is processed? | Why is the data processed? | What legal permission do we have according to Article 6 of GDPR? | Who has access? | What is our Data retention policy? |
|---|---|---|---|---|---|---|
Community Database and LDAP server |
FSFE account management | Name, email address, username, password hash | Managing access to FSFE's online services | Legitimate interest | Community database administrator | Data is stored as long as the account exists |
Community data maintenance |
Birthday, sex, preferred language, postal address, secondary email address | Managing FSFE's community of contributors | Consent | Community database administrator | Data can be changed or deleted at any time by the subject | |
Wiki |
FSFE Wiki | Account data (Name or Username, Pseudonym, email address from the FSFE account, optionally jabber ID), a dedicated personal page (optional), attribution for all contributions |
Wiki management and attribution of work | Contract | Public pages are accessible to everyone, other pages may have limited access depending on ACL | As long as the account exist (to be confirmed 1) As the account is the base to attribution of contribution, we do not delete account without the data subject request. |
Wiki |
FSFE Docs | Account data (Name or Username, Pseudonym, email address from the FSFE account, optionally jabber ID), a dedicated personal page (optional), attribution for all contributions |
Wiki management and attribution of work | Contract | Public pages are accessible to everyone, other pages may have limited access depending on ACL | As long as the account exist (to be confirmed 1) As the account is the base to attribution of contribution, we do not delete account without the data subject request. |
Gitea |
FSFE Gitea contributions | Emails and usernames of registered users and the files they work with; webserver logs (source IPs) | For authentication and operation of the platform; attribution of contribution; webserver logs for debugging | Contract | contribution are public, logs are accessible only to Service maintainers, system administrators | As long as the account exist (to be confirmed 1) 1 week for logs |
FSFE Survey |
Survey Data | Data entered by survey participants | For evaluating the survey. | Consent | Members of FSFE team working on the project from which the survey is part of and system administrators | Until end of project |
| Server logs | webserver logs (user agent) | For evaluating the survey. | Consent | System Administrators | 1 week | |
FSFE website |
Translators of the website | name or pseudonym of translators of each page | To attribute translation to its translators whenever they accept to be cited | Consent | public information | Attribution is kept as long as the translation exist |
Reimbursements |
Financial reimbursements for expenses | All communication around the reimbursement including payment data | Reimbursing (paid and volunteer) contributors for their expenses | Contract | Financial team, parties involved in the payment processing, tax consultant, public authorities | Data is stored according to statutory storage periods |
| Processing | What data is processed? | Why is the data processed? | What legal permission do we have according to Article 6 of GDPR? | Who has access? | What is our Data retention policy? |
|---|---|---|---|---|---|
Promotion material orders | Order information from this form |
Answering of incoming requests, sending packages, and requesting feedback | Contract | FSFE office staff and financial team | Data is stored for 13 months after the order |
Generating statistics about promotion material orders |
Legitimate interest | ||||
Payment information in case a donation is made along with the order |
Accounting | Legal requirements | Financial team, parties involved in the payment processing, tax consultant, public authorities | Data is stored according to statutory storage periods | |
Merchandise orders |
Order information from this form | Answering of incoming requests, and sending packages | Contract | FSFE office staff and financial team. | Data is stored for 13 months after the order |
Payment information |
Accounting | Legal requirements | Financial team, parties involved in the payment processing, tax consultant, public authorities | Data is stored according to statutory storage periods | |
Registration for participation in FSFE events |
Information entered into each event registration form | To organize each FSFE event | Consent | FSFE office staff and financial team | Data is stored for 1 month after the end date of each FSFE event |
Payment information |
Accounting | Legal requirements | Financial team, parties involved in the payment processing, tax consultant, public authorities | Data is stored according to statutory storage periods | |
Registration for Legal Network membership |
Information entered into this form | To determine eligibility for Legal Network membership | Consent | FSFE office staff, Legal Team | Data is stored as long as the subject is a member of the Legal Network |
| Processing | What data is processed? | Why is the data processed? | What legal permission do we have according to Article 6 of GDPR? | Who has access? | What is our Data retention policy? |
|---|---|---|---|---|---|
All Donations |
Name, email address, date of payment, payment method, amount | Processing the donation, accounting | Legal requirements | Community database administrator, financial team, parties involved in the payment processing, tax consultant, public authorities | Data is stored according to statutory storage periods |
Supporter contributions |
Name, email address, date/method/amount of last payment, automatic renewal status | Reminding supporters of the next contribution | Contract | Community database administrator | Data is processed as long as the subject participates in FSFE's supporter program |
Donations for which a donation receipt is requested |
Name, postal address, date of payment, amount, date of donation receipt | Issuing donation receipts | Legal requirements | Community database administrator, financial team, tax consultant, public authorities | Data is stored according to statutory storage periods |
Donations >= 480 € per year or 40 € per month |
Name, donation category | Maintaining the public donors list for reasons of transparency and recognition | Consent | This data is public | As long as the FSFE exists or until the person revoke his or her consent |
| Service | Processing | What data is processed? | Why is the data processed? | What legal permission do we have according to Article 6 of GDPR? | Who has access? | What is our Data retention policy? |
|---|---|---|---|---|---|---|
Community emails |
Emails from the FSFE to its communiy | Name, email address, preferred language (optional), sex (optional, to allow for correct grammar), postal address (optional, to allow for region-specific information) | Keeping the FSFE community informed | Consent | Community database administrator | Consent can at any time be revoked by the subject |
Mailman |
Mailing lists (https://lists.fsfe.org/mailman/listinfo) | Email address, full name or pseudonym (if the person choose to insert one), subscription details, logging see the official Mailman page | To manage the mails going from and to the list the individual subscribed to. | Consent (for each mailing list) | Mails on the mailing list may have different level of publicity from public (archive included) to restricted to a given group (see description of the list for more information) ADMIN-TECH,List-Admins,team@ may have access to all mails |
Posts and subscriptions are stored for 1 year, bounces and errors are stored for 1 month, messages sent by Mailman itself are stored for 1 week, digests are stored for 4 months |
Newsletter |
Newsletter | Email addresses, preferred language | To send the newsletter in the good language | Consent | Sysadmin, PR team | As long as subscribed. |
Freescout |
Tickets processing | All communication around the tickets, in the format of emails exchanged | Answering of incoming requests. | Consent | FSFE core team. | The time to close the issue raised + X months (To Be determined 1) |
Discourse |
Webserver | IP Addresses, post timings, usernames, posts | IP addresses are collected by discourse to prevent and block spam | Consent | system administrators + service maintainers | Data is stored for the container lifetime |
CARE Team |
CoC and sanction management (To be confirmed 2) | Depending on the situation, identification data (name/pseudo/description), contact (emails, phone number) etc. | Data are processed to solve CoC infringement It may imply to enforce sanction like banishment of mailing-list or events |
Legitimate interest | CARE Team | The time needed to solve the situation. Information regarding blacklisted individuals are kept for the time of the sanction. |
| Service | Processing | What data is processed? | Why is the data processed? | What legal permission do we have according to Article 6 of GDPR? | Who has access? | What is our Data retention policy? |
|---|---|---|---|---|---|---|
Email server |
Emails processing and forwarding | Email addresses + logs (send, receive emails, hostnames, IP addresses of messages sent through SMTP, etc) | To manage the forward email service and assure a basic level of spam control | Consent for providing emails and legitimate interest for spam control | albert, max.mehl, linus, tobiasd | 1 month |
Matrix |
Massage processing | Account rosters, logs (connect, disconnect, messages process and possibly stored temporally on the server (offline storage + muc preview), status messages, with debug logging up to who talks to whom) | Debugging purposes | Consent for accessing the service | system administrators | 2 weeks |
Jabber / XMPP |
Massage processing | Account rosters, logs (connect, disconnect, messages process and possibly stored temporally on the server (offline storage + muc preview), status messages, with debug logging up to who talks to whom) | Debugging purposes | Consent for accessing the service | system administrators | 2 weeks |
Blogs |
Writing your blog | Your account (Username, nickname, email addresses, more is optional), your articles, log data | To provide a platform for blogs | Contract | article publicity depends on the owner choosing sysadmin |
Until you delete your blog or we discontinue the service |
| Service | Processing | What data is processed? | Why is the data processed? | What legal permission do we have according to Article 6 of GDPR? | Who has access? | What is our Data retention policy? |
|---|---|---|---|---|---|---|
Finance Archive |
Storage of financial and employee records | Transaction data from all bank accounts, includes names of all people who send or receive money to/from FSFE. | To do our accounting | Legal requirements (we have to keep them for 10 years by law) | Financial team, tax consultant, legal authorities. | Information older than X>10 (11?) years are deleted after the annual closure of our accounts (to be confirmed 2) |
Finance Archive |
(not an independent processing) | SSH connections are logged (IP Addresses + username) | for debugging and security purposes | not applicable (not an independent processing) | coordinator and deputy coordinator system administration team , finance team | 1 month |
FSFE website |
Per diem calculator (used for travels reimbursement) | The data entered in the form | To help staffers to calculate allowance | Contract (employment/Intern contract) | Website administrators can access log (to be confirmed 1) | The data is not stored |
Weekly timelogs |
Communication weekly activities in encrypted mail | Data about time spent on different activities | To keep track of overtime and remaining vacation days | Contract (employment/Intern contract) | Mails encrypted to FSFE Council members | Data should be deleted after accounting for the year is done. |
Nextcloud |
Nextcloud Account management | Emails and usernames of registered users and the files they work with; calendar and contact entries; webserver logs (user agent) | Main working tool for everyday tasks (from sharing documents to calendar and conatact management) | Contract (employment/Intern contract) | Service maintainers, system administrators | account: (missing information 3) Data: unlimited / until user deletes data; logs of data: until service update |
Nextcloud |
(not an independent processing) | webserver logs (user agent) | Security and debugging | not applicable (not an independent processing) | Service maintainers, system administrators | logs: 1 month |
Freescout |
Job and internship applications | Job and internship applications are stored as Freescout tickets, after a decision the ticket with attachments will be deleted | Answering and reviewing applications | Consent | FSFE council members and staff. We may share the application with advisors and members | Your personal data will be deleted 3 months after we have made our > decision. |
By default, we apply the following principles to assure the security of your data: