Privacy Policy | Arch Linux Terms

Privacy Policy | Arch Linux Terms
Arch Linux
Packages
Forums
Wiki
GitLab
Security
AUR
Version: 2021-07-18
1. Privacy Policy
The Arch Linux Team (hereinafter referred to as "Arch" or "we") operates the website and its services
available on the Internet at
including the respective sub-directories (hereinafter
referred to as the "website").
With this privacy policy, we would like to inform you which data will be processed in which form when
you visit the website or use its services. Where the GDPR applies, we hereby also comply with our duty
to inform you in accordance with Art. 13 and Art. 14 of the EU-General Data Protection Regulation
(GDPR).
2. Controller
The controller for the data processing on our website is the Arch Linux Team.
Email:
privacy@archlinux.org
3. Purposes, legal bases and storage period
3.1. General use of the platform
The web server of our hosting service provider automatically records the accesses to our website.
Therefore, when you visit our website, you transmit certain technical data to us, namely:
IP address,
accessed content,
information about the transmission,
date of access,
the amount of data transmitted,
the referrer,
the web browser/user agent.
Where the GDPR applies, the processing of the IP address when establishing a connection is based on
Art. 6 par. 1 lit. b) GDPR to provide the website you requested.
Our host also creates so-called log files to maintain system security, in order to guarantee the security
and integrity of our IT systems. These purposes also represent the legitimate interest for which the
processing is carried out (Art. 6 par. 1 lit. f) GDPR). We store the log files for a period of 91 days and
delete them afterwards.
3.2. Registering for a user account
Some of our services require that you sign up and create a user account. For this purpose we will
collect and process your user name, email address and a password. We will send you a validation
email to the email address you have provided. Where the GDPR applies, the legal basis for the
processing is Art. 6 para. 1 lit. b) GDPR.
When you use our services we will collect certain information from you and associate it with your
account, such as:
your password for
the accounts service
AUR
the forums
wiki
security tracker
archweb
GitLab
, or
the bugtracker
your GPG key ID,
your SSH public key,
your IRC nickname,
your IP address,
your language preference,
your timezone,
your geographic coordinates (longitude/latitude),
your disclosed affiliation(s).
We generally process your personal data for as long as you have an account with us and delete it
afterwards.
4. Services of the website
Our website offers you a range of services for which we process certain personal data:
4.1. Forums (
bbs.archlinux.org
You can read in our forums without giving us any personal data. However, if you wish to participate by
posting entries, we will ask you to sign up for an account. In this case, we will collect your user name,
email address and a captcha question. You are able to select if you wish that other users could see
your email address and if other users shall be able to send you mails via the forums mail function.
Furthermore, you can set location options as time zone and language preference.
We process your data to provide you with the account, the forums and the respective functions. The
captcha question is required to avoid abuse by spammers using automated tools to post their content
and links to many sites. We process your location options and language preferences to provide you
with the according account settings.
When you post comments, we display certain information about your user account next to your post
such as user name, registration date, and country of origin (if you add these personal details in your
user account).
Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In case you
delete your account, we store your entries based on our legitimate interest of a consistent forums
according to Art. 6 para. 1 lit. f) GDPR, but we anonymize the author of your entries.
4.2. Wiki (
wiki.archlinux.org
You can read in our wiki without giving us any personal data. However, if you wish to participate
creating entries, we will ask you to sign up for an account. In this case, we will collect your user name,
email address and a captcha question. You are able to select if you wish that other users could see
your email address and if other users shall be able to send you mails via the wikis mail function.
Furthermore, you can set location options as time zone and language preference.
We process your data to provide you with the account, the wiki and the respective functions. The
captcha question is required to avoid abuse by spammers using automated tools to post their content
and links to many sites. We process your location options and language preferences to provide you
with the according account settings.
When you contribute entries, we display certain information about your user account next to your
entries such as user name, registration date, and country of origin (if you add these personal details in
your user account).
Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In case you
delete your account, we store your entries based on our legitimate interest of a consistent wiki
according to Art. 6 para. 1 lit. f) GDPR.
4.3. Bug tracker (
bugs.archlinux.org
You can browse our bug tracker without giving us any personal data. However, if you wish to
report a bug, we require you to register with us first. When you register a reporting account, we
collect your user name, your real name, email address and optionally jabber ID, your notifications
preferences and time zone. The obligatory registration data are required to enable you to log in to
your account and to use the reporting services. When you report a bug, we display your user name along
with the bug you reported.
Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In case you
delete your account, we store your entries based on our legitimate interest of a consistent bug report
according to Art. 6 para. 1 lit. f) GDPR.
4.4. Arch User Repository (
aur.archlinux.org
You can make use of the package instruction without giving us any personal data. However if you wish
to participate by posting comments or submitting packaging instructions we will ask you to sign up for
an account. When you register with us for a user account, we collect your user name, email address, a
backup email address (optional) and a captcha question. You may choose whether other registered
AUR users can see your email address. If you hide your email address, it is visible to members of the
Arch Linux staff only. Optionally, you may enter your real name, your homepage, IRC nick, PGP key
fingerprint and set location options as time zone and language preference as well as notification
settings.
We require your data to enable you to log in to your account and to use the AUR actively. The captcha
question is required to avoid abuse by spammers using automated tools to post their content and links
to many sites. We will show your personal details next to the packages you submitted. We process
your location options and language preferences to provide you with the according account settings.
When you submit or maintain packages, we display certain information about your user account next to
the respective package such as your user name.
Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In case you
delete your account, we retain your user name and email address based on our legitimate interest of a
consistent documentation of the submitted packages, Art. 6 para. 1 lit. f) GDPR.
4.5. GitLab (
gitlab.archlinux.org
We also use a self-managed GitLab instance available at gitlab.archlinux.org for repository
management, code reviews, issue tracking, activity feeds and wikis. You can read our GitLab public
groups without registration. However, if you wish to participate creating content, we will ask you to sign
up for an account. In this case, we will collect your user name, email address and a captcha question.
We process your data to provide you with the account, the GitLab instance and the respective
functions. The captcha question is required to avoid abuse by spammers using automated tools to post
their content and links to many sites. We process your location options and language preferences to
provide you with the according account settings.
Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In case you
delete your account, we retain your user name and email address based on our legitimate interest of a
consistent documentation in our GitLab instance, Art. 6 para. 1 lit. f) GDPR.
4.6. Collaboration pads (
md.archlinux.org
You can use our collaboration pads and contribute in our work. In this case, we collect your email
address, a password and your contributions to the collaboration pads. We process your data to enable
you to participate in our collaboration pads. You can delete your contributions at any time in your
account.
Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In case you
delete your account, we will retain your contributions based on our legitimate interest of a consistent
collaboration pad according to Art. 6 para. 1 lit. f) GDPR.
4.7. Mailing lists (
lists.archlinux.org
You can subscribe to our mailing lists. In this case, we collect your email address, a password, your
language and other preferences and optionally your name. We process your data to enable you to
participate in our mailing lists. You can unsubscribe at any time on your subscription page.
Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.
4.8. Arch IRC channels
You can use our Arch IRC channels. To avoid spam you need to be registered in order to join. We
process your personal data to provide you with the IRC channel’s functions. For information on the
registration process, please see our corresponding wiki page at:
. The IRC channels are provided by
Libera Chat. We have no influence on the processing of your data by Libera Chat. For information on
the processing of your personal data, please see
5. Contact
We offer you the opportunity to contact us via email. We will then process your email address and, if
applicable, your name, a subject and the content of your request to answer your enquiry due to our
legitimate interests (Art. 6 para. 1 lit. f) GDPR).
We will store your enquiry as long as we have lawful bases for processing the data. Where the GDPR applies, we may store data in accordance
unless legal provisions prevent deletion. Where the GDPR applies, we may store data in accordance
with Art. 6 para. 1 lit. f) GDPR where it is necessary for the purpose of providing evidence or to comply
with legal retention periods in accordance with Art. 6 para. 1 lit. c) GDPR. If the request is made within
the framework of an existing or prospective contractual relationship with us, the storage period shall be
based on the underlying contractual relationship.
6. Donations
You can donate to Arch Linux as a member project of the Software in the Public Interest, Inc. (SPI) as
non-profit corporation using via Click&Pledge or via SPI directly using PayPal or Credit Card payment.
For further information, please see the SPI donation website at:
. We
publish the past donors on the website
This processing is based on your consent (Art. 6 Abs. 1 lit. a) GDPR) until your withdrawal or until we
end this publication of past donors. You have the right to withdraw consent at any time, without
affecting the lawfulness of processing based on consent before its withdrawal e.g. by sending us an
email.
7. Storage period
Unless explicitly stated otherwise, we will process and store your personal data for as long as it is
required for the respective purpose and delete it thereafter.
8. Categories of recipients
We use external service providers if we are unable to provide services ourselves or if it is not
reasonable to do so. These external service providers are primarily providers of IT services, such as
our hosting service provider Hetzner (Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen,
Germany).
9. General rights of data subjects
The GDPR guarantees you certain rights, which you can assert against us - if the legal requirements
are met.
9.1. Art. 15 GDPR - Right of access
You have the right to obtain confirmation from us as to
whether personal data relating to you are being processed and, if so, what these data are and the
detailed circumstances of the processing.
9.2. Art. 16 GDPR - Right of rectification
You have the right to ask us to rectify incorrect personal
data concerning you immediately. You also have the right to request the completion of incomplete
personal data, including by means of a supplementary declaration, taking into account the
purposes of the processing.
9.3. Art. 17 GDPR - Right to deletion
You have the right to demand that we delete any personal data relating to you immediately.
9.4. Art. 18 GDPR - Right to restriction of processing
You have the right to request us to restrict processing.
9.5. Art. 20 GDPR - Right to data portability
You have the right, in the event of processing based
on consent or for the fulfilment of a contract, to receive the personal data concerning you which
you have provided us with in a structured, common and machine-readable format and to transfer
this data to another responsible party without hindrance from us or to have the data transferred
directly to the other responsible party, insofar as this is technically feasible.
9.6. Art. 77 GDPR in conjunction with Section 19 BDSG - Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority at
any time, in particular in the Member State in which you are resident, your place of work or place
of the alleged infringement if you consider that the processing of personal data relating to you
infringes data protection law.
10. In particular right to object and right to withdraw consent
10.1. Art. 21 GDPR - Right to object
You have the right to object at any time, for reasons arising
from your particular situation, to the processing of personal data concerning you which is
necessary on the basis of a legitimate interest on our part or in order to carry out a task in the
public interest, or which is carried out in the exercise of official authority.
If you object, we will no longer process your personal data unless we can prove compelling
legitimate grounds for processing that override your interests, rights and freedoms, or unless the
processing serves to assert, exercise or defend legal claims.
If we process your personal data for direct marketing purposes, you have the right to object to the
processing at any time. If you object to processing for direct marketing purposes, we will no
longer process your personal data for these purposes.
In order to exercise your right of objection, you can, for example, send us an email to the email
address mentioned above.
10.2. Withdrawal of consent
If you have given us your informed consent, you have the right to withdraw your consent at any time. In this case, all data processing that we have carried out until
your withdrawal remains lawful.
11. Obligation to provide data
You have no contractual or legal obligation to provide us with personal data. However, we then might
not be able to offer you the requested services.
12. The existence of automated decision-making (including profiling)
We will not make you subject to any automated decision-making, including profiling in accordance with
Art. 22 para. 1 and 4 GDPR, which has legal effects on you or affects you.
13. Internet-specific data processing and cookies
On some sub-directories of our website, cookies are set in your browser. Cookies are small text files
that are stored on your hard drive and are assigned to the browser you are using. The provider who
sets the cookie can collect certain information through the cookie. The only purpose of the cookies set
on our website is to enable you to use the website and its functions safely. The legal basis for the
processing is our legitimate interests in the aforementioned purpose according to Art. 6 para. 1 lit. f)
GDPR. The cookies are necessary for the services you have requested.