As stated in Section F of our Terms of Service, Recording.org.org serves an international community, and so we are committed to complying with any applicable data protection laws and regulations, such as the EU's General Data Protection Regulation(GDPR).
Human Readable Summary
In plain language, regulations such as GDPR define the following roles, rights, and responsibilities:
Data Subject - this is you, the end user.
Data Controller - this is us, the Recording.org Association as the owners and operators of Recording.org.org and its sub-sites.
Data Processor - any other organization that processes personal data on behalf of the Data Controller.
Rights of the Data Subject
Right to be Informed - A data subject has the right to know whether personal information is being processed; where; and for what purpose.
This information is outlined in the section below titled "Information We Collect About You" and "How we Use Your Information".
Right to Access - A data subject has a right to access the information about them that is stored by the Data Controller.
This information is outlined in the section below titled "Information We Collect About You" and "How we Use Your Information".
Right to Rectification - A data subject has the right to correct any errors in the data about them. This can be done by editing your user account, or contacting Recording.org directly.
Right to Restrict Processing - A data subject has the right to request that data not be processed, and yet also not be deleted by the Data Controller.
Right to Object - A data subject has the right to opt out of marketing, processing based on legitimate interest, or processing for research or statistical purposes.
Right to be Forgotten - Also known as the right to revoke consent, the right to be forgotten states that a data subject has the right to request erasure of data, the cessation of processing by the controller, and halting processing of the data by third party processors.
The conditions for this, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent.
It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.
This information is outlined in the sections below titled "Accessing and Correcting Your Information".
Data Portability - A data subject has the right to receive a copy of their data in a 'commonly used and machine readable format.'
This information is outlined in the sections below titled "Your Choices About Use and Disclosure of Your Information" and "Accessing and Correcting Your Information".
Responsibilities of the Data Controller and Data Processors
Privacy by Design - 'The controller shall..implement appropriate technical and organisational measures..in an effective way.. in order to meet the requirements of this Regulation and protect the rights of data subjects'. Article 23 of the GDPR calls for controllers to hold and process only the data absolutely necessary for the completion of its duties, as well as limit the access to personal data to those who need it to carry out these duties.
Breach Notification - The Data Controller must notify the appropriate data processing authority and any affected end user of any breach that might result in 'risk to the rights and freedoms of individuals' within 72 hours of becoming aware of the breach.
A Data Processor must notify the Data Controller of any breach 'without undue delay.'
Data protection officer - A Data Controller or Processor must appoint a Data Protection Officer when: a Data Controller represents a public authority; or the core operations of the Controller require regular and systematic monitoring of Subjects on a large scale; or when the Controller's core operations depend on processing a large scale of special categories of data (including but not limited to health data, criminal conviction information, etc).
Recording.org core operations do not require the Association to establish a Data Protection Officer.
Information We Collect About You
We collect several types of information from and about you, including:
1. Your email address and password. We treat this information as "Personally Identifiable Information" or "PII". We never store passwords in plain text format, only secure password hashes.
2. Non-personally identifiable information, information about your computer system or device, your preferences, your online activity, and your location information ("Non-Personally Identifiable Information" a "Non-PII"). Non-PII, by itself, does not identify you, but it can be combined with other information in way that allows you to be identified. If this happens, we will treat the combined information as PII.
We may collect information from or about you in the following ways:
Information Provided by You. We collect information provided by you when you (1) create your public profile; (2) communicate with us or request information about or from us by e-mail or other means; (3) participate in our online forums or post content on this Website ("User Contributions"), (4) fill out forms or fields on this Website; (5) sign-up for any of our newsletters, materials or our services on this Website or other sites; or (6) participate in our online surveys or questionnaires.
Automatic Information Collection. We also use automatic data collection technologies to collect and store certain information about your equipment, browsing actions and patterns when you interact with this Website through your computer or mobile device. In addition, we may allow third party ad networks to use automatic data collection technologies to collect similar information about you for purposes of providing interest-based ads.
When you purchase an ad, membership or donate on Recording.org, we will collect additional information about you, such as your name, address, etc. We treat this information as nonpublic, "Personally Identifiable Information" or "PII".
All credit card transactions happen via payment services such as, Square, Chargify, Braintree, Authorize.net or PayPal. We do not store any credit card information you provide during purchase. We recommend that you review the privacy and security policies of these payment services to determine how they handle information they may collect from or about you.
We may collect additional information from and about you when you visit certain *.Recording.org modules and perform certain activities. Detailed information per site below.
Your Recording.org site may send anonymous usage stats including your website's ip address and information about your currently installed modules and their versions to updates.Recording.org when checking for available updates. Statistics may be aggregated so that the updates system could identify changes in the use of modules over the lifetime of each anonymized site. Those statistics do not contain personally identifiable information and are used for providing usage data on Recording.org.org project pages, as well as anonymized reports shared via blog posts and other channels.
Your public profile that you create on this Website will be visible to all users of this Website. Your User Contributions are posted on this Website and transmitted to others at your own risk. Please see our Terms of Service for more information concerning User Contributions.
Service providers and partners
We use a number of service providers to help us operate the site and provide high quality user experience to our visitors. Some of those providers can access Non-PII about you via automatic data collection technologies.
We use GSuite for Recording.org email and office functions. You can review the GSuite security and trust standards here.
We use Audience Insight tools for anonymous traffic only, wrapped in our own implementation of Do-Not-Track, including - LinkedIn Insights, Twitter Audience Insights, and Facebook Audience Insights.
We use advertising networks, including CarbonAds, which implement audience tracking in a way tha trespects Do-Not-Track configuration.
Automatic Information Collection Technologies
The information that we collect about your equipment, browsing actions and patterns includes, but is not limited to, traffic data, location data, logs, the resources that you access, search queries, as well as information about the computer or device you are using and the Internet connection, including your IP address, operating system and browser type.
This automatically collected information typically does not include PII, but we may maintain it or associate it with your personal information collected in other ways. Collection of this type of information helps us to improve this Website and to deliver a better and more personalized service by enabling us to, among other things: (1) estimate our audience size and usage patterns; (2) store information about your preferences, allowing us to customize this Website according to your individual interests; (3) speed up your searches; and (4) recognize you when you return to this Website.
The automatic collection technologies we or our service providers use for this automatic information collection may include:
Cookies (or browser cookies). This Website may use two types of cookies (small data files placed on the hard drive of your computer when you visit a website): a "session cookie," which expires immediately when you end your browsing session and a "persistent cookie," which stores information on your hard drive so when you end your browsing session and return to this website later, the cookie information is still available.
Web Beacons. Pages of this Website and any e-mails sent to you may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened our e-mails.
Third Party Advertising Partners and Interest-Based Ads
Links to Third Party Websites and Social Media Widgets
This Website and some of our electronic communications to you, may contain links to other websites that are owned and operated by third parties. Links to third parties from this Website are not an endorsement by us. We do not control, and are not responsible for, the privacy and security practices of these third parties. We recommend that you review the privacy and security policies of these third parties to determine how they handle information they may collect from or about you.
This Website may also include social media features, such as the Facebook Like button, Google Plus, and Twitter widgets. These features may collect information about your IP address and the page you are visiting on this Website, and they may set a cookie to make sure the feature functions properly. Your interactions with these features and the information from or about you collected by them are governed by the privacy policies of the companies that provide them.
How We Use Your Information
We use your information, including any PII, to:
Provide information and services requested by you;
Provide service and support, such as sending confirmations, invoices, and administrative messages, and customer support, including responding to your requests and questions and troubleshooting and resolving problems or complaints;
Verify the information you provide to us;
Communicate with you;
Understand and anticipate your use of or interest in, our services, and content, and the products, services, and content offered by others;
Develop and display products, services, and content tailored to your interests on our websites and other websites;
Provide you with promotional materials and Newsletters in case you opt-in to receive those;
Measure the overall effectiveness of our online, content, and programming, and other activities;
Manage our business and operations;
Protect the security and integrity of this Website;
Carry out our obligations and enforce our rights arising from any contracts entered into between you and us;
Use or post user contributions as permitted in our Terms of Service; and
Fulfill any other purposes for which you provide your information and for any other purpose as described to you at the time your information is collected or for which your consent is given.
Disclosure of Your Information
We may disclose and share aggregated non-PII about you at our discretion.
We may disclose or share your PII only in limited circumstances:
With any Recording.org Association employee or agent for support of our internal and business operations or to respond to a request made by you.
We may disclose information we collect from or about you when we believe disclosure is appropriate to comply with the law, to enforce agreements, or to protect the rights, property, or safety of users of this Website, the Association, or other persons or organizations.
Some sponsors get a list of attendee names, but it does not include any contact information. We request that sponsors only contact people via the public profiles on the event site or D.O as people have opted in to being public.
We do not distribute anyone's email addresses to sponsors.
If you're getting "spam" type solicitations from companies or aggressive inquiries, feel free to let us know at https://recording.o…
Children's Personal Information
We do not knowingly collect personal information from children under 16 without prior verifiable parental consent. If we learn that a child under the age of 16 has submitted personally identifiable information online without parental consent, we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others).
If you believe that a child under the age of 16 has provided us with personal information without verification of parental consent, please contact us at recording@recording….
Your Choices About Use and Disclosure of Your Information
We strive to provide you with choices regarding our use of your personal information. Below are some mechanisms that provide you with control over your information:
Promotional and Informational e-mails. We do not send any promotional or informational emails without your opt-in first. If you do not wish to receive promotional e-mails from us, follow the unsubscribe process at the bottom of the promotional e-mail.
Note that even if you opt-out, you may still receive transactional e-mails from us (e.g., e-mails related to the completion of your registration, abandoned cart reminders, correction of user data, password reset requests, notification/alert/reminder e-mails that you have requested, and any other similar communications essential to your transactions on this Website).
Google Analytics. You can opt out from Google Analytics tracking via your browser privacy settings or by using a browser addon.
Audience Extension. You can opt out from Audience Extension retargeting by Perfect Audience either via your browser privacy settings or by using the following link. Note that authenticated users are excluded from this tracking automatically.
Accessing and Correcting Your Information
The appropriate method(s) for accessing your information, if any, will depend on which of our websites and services you have visited or used. Depending on the website and service, you may have the ability to view or edit some of your information online, by logging into the website and visiting your account profile page. If you remove information from your user profile, it will stay in backups on our servers for 2 weeks, after which it will be completely removed.
To request access to, correct, or delete any personal information that you have provided to us you may contact us at recording@recording…. You may also request a notice disclosing the categories of personal information we have shared with third parties for their direct marketing purposes during the preceding calendar year by contacting recording@recording…
We cannot delete your personal information except by also deleting your account. We also may not accommodate a request to change or delete information if we believe the change would violate any law or legal requirements, be contrary to our Terms of Service or any other applicable agreement between you and us, or cause the information to be incorrect.
Upon deletion all private and personally identifying information from your profile will be deleted. The data will stay in backups on our servers for 2 weeks, after which it will be completely removed.
Public content you created, such as issues, forum posts, projects, documentation page revisions, etc. won’t be deleted. All this content will be attributed to ‘Anonymous’ user.
Once deleted, your account is gone and can not be restored.
Personally Identifiable Information (PII) Committed to Repositories
All users acknowledge that some personal identifiable information may be included in code repositories, in particular: names and email addresses associated with commit history.
In accordance with regulations such as GDPR, it is Recording.org's position that there is an overriding public interest in the availability of the data included in and associated with commits to our repositories. Because commits to these repositories are decentralized and irrevocable, all users waive the right to be forgotten from repository history, as well as the right to revoke future consent.
If a user wants to protect their PII from being committed to repositories they are encouraged to use a pseudonym and the Recording.org no-reply email address in their git configuration.
Protection of Your Information
We use reasonable security measures to protect your information collected through this Website. We do not store passwords in plain text format, only secure password hashes. However, no method of transmission or electronic storage is 100% safe, and we cannot guarantee absolute security. Therefore, your use of this Website is at your own risk and we do not promise or guarantee, and you should not expect, that your information will always and absolutely remain private and secure. We are not responsible for the circumvention of any privacy settings or security measures contained on or concerning this Website. You are also responsible for taking reasonable steps to protect your personal information against unauthorized disclosure or misuse.
Visiting this Website from Outside the United States