Differences between revisions 41 and 42

FSFE Data processing

The goal of this page is to provide information regarding data processing at FSFE.

Area	Processing	Service	What data is processed?	Why is the data processed?	What legal authorization do we have according to Article 6 of GDPR?	Who has access?	What is our Data retention policy?
Supporter management	Storage of supporter data	Account Managing Software (AMS)	Only that which is included in the community database no separate information.	-	-	-	-
FSFE campaign art13	Webserver	art13 savecodeshare.eu	IP addresses, SQL statements for error messages contain personal information	Error message are used for debugging, the webserver needs to know the source IP address	consent Link to privacy policy	system administrators	Data is stored for the container lifetime
Blog	User visiting the website	Blogs		Error message are used for debugging, the web server needs to know the source IP address
Supporter Management	Donations	Community Database	Data for our donors: information about donations transferred, information about automatic donation renewal status, information about donation receipts issued, emails if opted in	Donor liaison, including the creation of donation receipts.	Legal requirements	Community database administrator (currently: Reinhard), system administrators.	Data is automatically deleted if the registration is not confirmed (through payment of a donation or through approval by a team coordinator) within 6 weeks after signup. Upon explicit request, data is anonymised Donation data are stored for 10 years
Supporter Management	Donations	Community Database	emails if opted in	Donor liaison, including the creation of donation receipts.	Consent	Community database administrator (currently: Reinhard), system administrators.	Data is automatically deleted if the registration is not confirmed (through payment of a donation or through approval by a team coordinator) within 6 weeks after signup. Upon explicit request, data is anonymised Donation data are stored for 10 years
Supporter Management	Supporter accounts	Community Database	Data for our, supporters, staff, contractors, and volunteers: registration status, blacklisting status, name, birthday, sex, preferred language, postal address, primary and secondary email address, opt-in information for communication, username and password (hashed) for FSFE services, information about fellowship cards received, data modification history. Italic information is voluntary.	Maintenance of access to FSFE's online services. Statistical queries.	Consent	Community database administrator (currently: Reinhard), system administrators.	Data is automatically deleted if the registration is not confirmed (through approval by a team coordinator) within 6 weeks after signup. Upon explicit request, data is anonymised.
Discourse	Webserver	Discourse	IP Addresses, post timings, usernames	IP addresses are collected by discourse to prevent and block spam	Consent	system administrators + service maintainers	Data is stored for the container lifetime
DNS	DNS queries	DNS	Logging IP Addresses for errors and for example denied queries, more if debug logging is temporary necessary. With debug logging disabled the DNS queries are not stored, only processed	Legal obligation	Debugging purposes	System administrators	1 month
Finance accounting	Storage of financial records	Finance repo	Transaction data from all bank accounts, includes names of all people who send or receive money to/from FSFE.	To do our accounting	Legal requirements	Financial team, tax consultant, legal authorities.	Currently none defined. Data must be kept at least 10 years by law.
Finance accounting	SSH connections	Finance repo	IP Addresses + username logging	debugging purposes	consent	Albert, Francesca, Matthias, Max, Polina, Ulrike	1 month
FSFE campaign	Emails processing	Forms API	No personal data stored in the logs, but the service processes emails	The service needs the email of the users submitting a form so the emails can reach them	Consent	system administrators	Data is stored for the container lifetime
		Friendica
GDPR process
Code hosting	Accounts management	Gitea	Emails and usernames of registered users and the files they work with; webserver logs (source IPs)	For authentication and operation of the platform; webserver logs for debugging	Consent	Service maintainers, system administrators	None; 1 week for logs
Code hosting	Webserver	Gitea	web server logs (source IPs)	ogs for debugging	Consent	Service maintainers, system administrators	1 week for logs
		IRC Cloaks
Communication	Message processing	Jabber / XMPP	Account rosters, logs (connect, disconnect, messages process and possibly stored temporally on the server (offline storage + muc preview), status messages, with debug logging up to who talks to whom)	Debugging purposes	Consent	system administrators	2 weeks
Account management	Authentication and queries	LDAP	ldap queries are logged to syslog (we log who tries to login on what service and when)	Security and debugging purposes	consent	System administrators	1 month
Surveys	Webserver	Limesurvey	Public IP addresses are processed by the web server	The web server needs the public IP addresses to serve requests	Consent	System administrators	Nothing is stored
		Link shortener
Email	Emails processing and forwarding	Email server	Email addresses + logs (send, receive emails, hostnames, IP addresses of messages sent through SMTP, etc)	To manage the forward email service and assure a basic level of spam control	Consent for providing emails and legitimate interest for spam control	Albert Jonas Matthias Max Paul fellowship@klaproth	1 month
Email	Mailing list	Mailman	Email address, full name (if the person choose to insert it), subscription details, logging see Mail and the official Mailman page	The mailing list service needs to know email addresses to achieve its goal	Consent	ADMIN-TECH,List-Admins,team@	Posts and subscriptions are stored for 1 year, bounces and errors are stored for 1 month, messages sent by Mailman itself are stored for 1 week, digests are stored for 4 months
Email		Mailtrain + ZoneMTA	Email address, full name, subscription details				Data is stored for the container lifetime
Organisation	Nextcloud Account management	Nextcloud	Emails and usernames of registered users and the files they work with; calendar and contact entries; webserver logs (user agent)	Proposer operation of service; debugging	Consent	Service maintainers, system administrators	Data: unlimited / until user deletes data; logs: until service update
Organisation	Webserver	Nextcloud	webserver logs (user agent)	Proposer operation of service; debugging	Consent	Service maintainers, system administrators	Data: unlimited / until user deletes data; logs: until service update
		Nlformat script
		OpenVPN
Management of tickets	Tickets processing	OTRS	All communication around the tickets, in the format of emails exchanged Internship applications are stored as OTRS tickets We store promo orders information from this form	Answering of incoming requests.	Consent	All members of the team which is responsible for the kind of request.	None.
		Personell management
		Planet
FSFE campaign PMPC	Users visiting the webiste	PMPC website	Source IP, Date, HTTP request, User-agent	The web server needs the public IP addresses to serve requests	Consent. Link to privacy policy	Sysadmin	The campaign's duration
FSFE campaign PMPC	Signing the open letter	PMPC website	Email and name, country, ZIP code, comment	To display signature of the open letter and to give updates about the campaign	consent. Link to privacy policy	Sysadmin	The campaign's duration
Event registration	Data entered in surveys	Registration system	Can be configured per event. For LLW, it is name, email address, affiliation, position, telephone number, ticket type, postal address, VAT Id, promotion code used, information about dinner attendance, dieatary preferences (!), participation in mentor system.	Necessary to organise the event.	Fulfillment of a contract.	Ulrike + Polina + ? + System administrators	None defined yet.
Certificates	Certificate processing (openssl)	SSL certificates	Personal information of the person requesting them, email addresses and names (or whatever data is inserted by the person who is doing the certificate request)	Because the CA needs to know who requested a certificate	Consent	System administrators	Data are stored as long as the certificate exists
Code hosting	svn use	Subversion	No personal information are stored. Public IP addresses are processed by the webserver	The webserver needs the public IP addresses to serve requests	Consent	System administrators	-
FSFE website	Webserver	Webserver + build system
FSFE website	Per diem calculator (used for travels reimbursement)	FSFE website	The data entered in the form	To help staffers to calculate allowance	Consent	Website administrators	The data is not stored
Wiki	Webserver	Wiki	Source IP addresses	Debugging and security purposes		Wikicare takers, system-hackers	We store data for 14 days

-  ⇤ ← Revision 41 as of 2018-05-09 09:54:03 → 
  Size: 8276
  Editor: max.mehl
  Comment: add nextcloud
+   ← Revision 42 as of 2018-05-09 11:40:47 → ⇥
  Size: 10388
  Editor: vincent
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 5:
-||'''Service'''||'''What data is processed?'''||'''Why is the data processed?'''||'''What legal authorization do we have according to [[https://gdpr-info.eu/art-6-gdpr/|Article 6]] of GDPR?'''||'''Who has access?'''||'''What is our Data retention policy?'''||
||Account Managing Software (AMS)||Only that which is included in the community database no separate information.|| - || - || - || - ||
|| art13 savecodeshare.eu|| IP addresses, SQL statements for error messages contain personal information|| Error message are used for debugging, the webserver needs to know the source IP address || consent [[https://wiki.fsfe.org/Activities/Privacy/PolicyDraft/Art13|Link to privacy policy]] || system administrators || Data is stored for the container lifetime ||
||Blogs|| ||Error message are used for debugging, the web server needs to know the source IP address|| || || ||
||Community Database||Data for our donors, supporters, staff, contractors, and volunteers: registration status, blacklisting status, name, ''birthday'', ''sex'', ''preferred language'', ''postal address'', primary ''and secondary'' email address, opt-in information for communication, information about donations transferred, information about automatic donation renewal status, information about donation receipts issued, ''username and password (hashed) for FSFE services'', information about fellowship cards received, data modification history. ''Italic'' information is voluntary.||(1) Donor liaison, including the creation of donation receipts.<<BR>>(2) Sending out information emails to those who opted in.<<BR>>(3) Maintenance of access to FSFE's online services.<<BR>> (4) Statistical queries.||(1) Legal requirements and legitimate interest.<<BR>>(2) Explicit consent.<<BR>>(3) ?<<BR>>(4) Legitimate interest.||Community database administrator (currently: Reinhard), system administrators.||Data is automatically deleted if the registration is not confirmed (through payment of a donation or through approval by a team coordinator) within 6 weeks after signup. Upon explicit request, data is anonymised.||
||Discourse||IP Addresses, post timings, usernames|| IP addresses are collected by discourse to prevent and block spam|| Consent || system administrators + service maintainers || Data is stored for the container lifetime ||
||DNS|| Logging IP Addresses for errors and for example denied queries, more if debug logging is temporary necessary. With debug logging disabled the DNS queries are not stored, only processed || Legal obligation || Debugging purposes || System administrators || 1 month ||
||Docker environment||Docker containers activities. No personal data|| - || - || - || - ||
||docker status service||Docker containers activities. No personal data|| - || - || - || - ||
||Drone||Building scripts. No personal data|| - || - || - || - ||
||Finance accounting||Transaction data from all bank accounts, includes names of all people who send or receive money to/from FSFE.||To do our accounting||Legal requirements||Financial team, tax consultant, legal authorities.||Currently none defined. Data must be kept at least 10 years by law.||
||Finance repo|| IP Addresses + username logging || debugging purposes || consent || Albert, Francesca, Matthias, Max, Polina, Ulrike || 1 month ||
||Forms API|| No personnal data stored in the logs, but the service processes emails || The service needs the email of the users submitting a form so the emails can reach them||Consent|| system administrators || Data is stored for the container lifetime ||
||Friendica|| || || || || ||
+|| '''Area''' || '''Processing''' ||'''Service'''||'''What data is processed?'''||'''Why is the data processed?'''||'''What legal authorization do we have according to [[https://gdpr-info.eu/art-6-gdpr/|Article 6]] of GDPR?'''||'''Who has access?'''||'''What is our Data retention policy?'''||
|| Supporter management || Storage of supporter data ||Account Managing Software (AMS)||Only that which is included in the community database no separate information.|| - || - || - || - ||
|| FSFE campaign art13 || Webserver || art13 savecodeshare.eu|| IP addresses, SQL statements for error messages contain personal information|| Error message are used for debugging, the webserver needs to know the source IP address || consent [[https://wiki.fsfe.org/Activities/Privacy/PolicyDraft/Art13|Link to privacy policy]] || system administrators || Data is stored for the container lifetime ||
|| Blog || User visiting the website||Blogs|| ||Error message are used for debugging, the web server needs to know the source IP address|| || || ||
|| Supporter Management|| Donations || Community Database||Data for our donors: information about donations transferred, information about automatic donation renewal status, information about donation receipts issued, emails if opted in|| Donor liaison, including the creation of donation receipts.||Legal requirements ||Community database administrator (currently: Reinhard), system administrators.||Data is automatically deleted if the registration is not confirmed (through payment of a donation or through approval by a team coordinator) within 6 weeks after signup. Upon explicit request, data is anonymised<<BR>>Donation data are stored for 10 years||
|| Supporter Management|| Donations || Community Database|| emails if opted in|| Donor liaison, including the creation of donation receipts.|| Consent ||Community database administrator (currently: Reinhard), system administrators.||Data is automatically deleted if the registration is not confirmed (through payment of a donation or through approval by a team coordinator) within 6 weeks after signup. Upon explicit request, data is anonymised<<BR>>Donation data are stored for 10 years||
|| Supporter Management|| Supporter accounts || Community Database||Data for our, supporters, staff, contractors, and volunteers: registration status, blacklisting status, name, ''birthday'', ''sex'', ''preferred language'', ''postal address'', primary ''and secondary'' email address, opt-in information for communication, username and password (hashed) for FSFE services, information about fellowship cards received, data modification history. ''Italic'' information is voluntary.|| Maintenance of access to FSFE's online services.<<BR>> Statistical queries.|| Consent||Community database administrator (currently: Reinhard), system administrators.||Data is automatically deleted if the registration is not confirmed (through approval by a team coordinator) within 6 weeks after signup. Upon explicit request, data is anonymised.||
||Discourse || Webserver || Discourse||IP Addresses, post timings, usernames|| IP addresses are collected by discourse to prevent and block spam|| Consent || system administrators + service maintainers || Data is stored for the container lifetime ||
|| DNS || DNS queries ||DNS|| Logging IP Addresses for errors and for example denied queries, more if debug logging is temporary necessary. With debug logging disabled the DNS queries are not stored, only processed || Legal obligation || Debugging purposes || System administrators || 1 month ||
|| Finance accounting || Storage of financial records || Finance repo||Transaction data from all bank accounts, includes names of all people who send or receive money to/from FSFE.||To do our accounting||Legal requirements||Financial team, tax consultant, legal authorities.||Currently none defined. Data must be kept at least 10 years by law.||
|| Finance accounting || SSH connections ||Finance repo|| IP Addresses + username logging || debugging purposes || consent || Albert, Francesca, Matthias, Max, Polina, Ulrike || 1 month ||
|| FSFE campaign || Emails processing || Forms API|| No personal data stored in the logs, but the service processes emails || The service needs the email of the users submitting a form so the emails can reach them||Consent|| system administrators || Data is stored for the container lifetime ||
|| || ||Friendica|| || || || || ||
-Line 20:
+Line 19:
-||Gitea||Emails and usernames of registered users and the files they work with; webserver logs (source IPs)||For authentication and operation of the platform; webserver logs for debugging || Consent || Service maintainers, system administrators || None; 1 week for logs ||
||IRC Cloaks|| || || || || ||
|| Jabber / XMPP || Account rosters, logs (connect, disconnect, messages process and possibly stored temporally on the server (offline storage + muc preview), status messages, with debug logging up to who talks to whom) || Debugging purposes || Consent || system administrators || 2 weeks ||
|| LDAP || ldap queries are logged to syslog (we log who tries to login on what service and when) || Security and debugging purposes || consent || System administrators || 1 month ||
|| Limesurvey|| No personal information are stored. Public IP addresses are processed by the webserver || The webserver needs the public IP addresses to serve requests || Consent || System administrators || Nothing is stored ||
|| Link shortener|| || || || || ||
|| Email || Email addresses + logs (send, receive emails, hostnames, IP addresses of messages sent through SMTP, etc) || To manage the forward email service and assure a basic level of spam control || Consent for providing emails and legitimate interest for spam control || Albert Jonas Matthias Max Paul fellowship@klaproth || 1 month ||
||Mailing lists || Email address, full name (if the person choose to insert it), subscription details, logging see Mail and the [[https://wiki.list.org/DOC/What%20log%20files%20%28logs%29%20does%20Mailman%20write|official Mailman page]] || The mailing list service needs to know email addresses to achieve its goal || Consent || ADMIN-TECH,List-Admins,team@ || Posts and subscriptions are stored for 1 year, bounces and errors are stored for 1 month, messages sent by Mailman itself are stored for 1 week, digests are stored for 4 months ||
||Mailtrain + ZoneMTA|| Email address, full name, subscription details || || || || Data is stored for the container lifetime ||
||Nextcloud|| Emails and usernames of registered users and the files they work with; calendar and contact entries; webserver logs (user agent)||Proposer operation of service; debugging || Consent || Service maintainers, system administrators || Data: unlimited / until user deletes data; logs: until service update ||
||Nlformat script|| || || || || ||
||OpenVPN|| || || || || ||
||OTRS||All communication around the tickets, in the format of emails exchanged<<BR>> Internship applications are stored as OTRS tickets<<BR>> We store promo orders information from [[https://fsfe.org/contribute/spreadtheword|this]] form ||Answering of incoming requests.|| Consent ||All members of the team which is responsible for the kind of request.||None.||
||Personell management|| || || || || ||
||Planet|| || || || || ||
||PMPC website|| Source IP, Date, HTTP request, User-agent|| To display signature of the open letter and to give updates about the campaign || consent. [[https://publiccode.eu/privacy/|Link to privacy policy]] || Sysadmin || The campaign's duration ||
||Registration system||Can be configured per event. For LLW, it is name, email address, affiliation, position, telephone number, ticket type, postal address, VAT Id, promotion code used, information about dinner attendance, dieatary preferences (!), participation in mentor system.||Necessary to organise the event.||Fulfillment of a contract.||Ulrike + Polina + ? + System administrators||None defined yet.||
||SSL certificates || Personal information of the person requesting them, email addresses and names (or whatever data is inserted by the person who is doing the certificate request) || Because the CA needs to know who requested a certificate|| Consent || System administrators || Data are stored as long as the certificate exists ||
||Subversion || No personal information are stored. Public IP addresses are processed by the webserver || The webserver needs the public IP addresses to serve requests || Consent || System administrators || - ||
||Webserver + build system|| || || || || ||
||FSFE website|| Per diem calculator (used for travels reimbursement). The data is only processed, not stored || To help staffers to calculate allowance || Consent || Website administrators || The data is not stored||
||Wekan||Technical logs, no personal data|| - || - || - || - ||
||Wiki|| Source IP addresses || Debugging and security purposes || ||Wikicare takers, system-hackers || We store data for 14 days||
+|| Code hosting|| Accounts management || Gitea||Emails and usernames of registered users and the files they work with; webserver logs (source IPs)||For authentication and operation of the platform; webserver logs for debugging || Consent || Service maintainers, system administrators || None; 1 week for logs ||
|| Code hosting|| Webserver || Gitea || web server logs (source IPs)|| ogs for debugging || Consent || Service maintainers, system administrators ||1 week for logs ||
|| || ||IRC Cloaks|| || || || || ||
|| Communication || Message processing || Jabber / XMPP || Account rosters, logs (connect, disconnect, messages process and possibly stored temporally on the server (offline storage + muc preview), status messages, with debug logging up to who talks to whom) || Debugging purposes || Consent || system administrators || 2 weeks ||
|| Account management || Authentication and queries || LDAP || ldap queries are logged to syslog (we log who tries to login on what service and when) || Security and debugging purposes || consent || System administrators || 1 month ||
|| Surveys || Webserver || Limesurvey|| Public IP addresses are processed by the web server || The web server needs the public IP addresses to serve requests || Consent || System administrators || Nothing is stored ||
|| || || Link shortener|| || || || || ||
|| Email || Emails processing and forwarding || Email server || Email addresses + logs (send, receive emails, hostnames, IP addresses of messages sent through SMTP, etc) || To manage the forward email service and assure a basic level of spam control || Consent for providing emails and legitimate interest for spam control || Albert Jonas Matthias Max Paul fellowship@klaproth || 1 month ||
|| Email  || Mailing list || Mailman || Email address, full name (if the person choose to insert it), subscription details, logging see Mail and the [[https://wiki.list.org/DOC/What%20log%20files%20%28logs%29%20does%20Mailman%20write|official Mailman page]] || The mailing list service needs to know email addresses to achieve its goal || Consent || ADMIN-TECH,List-Admins,team@ || Posts and subscriptions are stored for 1 year, bounces and errors are stored for 1 month, messages sent by Mailman itself are stored for 1 week, digests are stored for 4 months ||
|| Email || ||Mailtrain + ZoneMTA|| Email address, full name, subscription details || || || || Data is stored for the container lifetime ||
|| Organisation|| Nextcloud Account management || Nextcloud|| Emails and usernames of registered users and the files they work with; calendar and contact entries; webserver logs (user agent)||Proposer operation of service; debugging || Consent || Service maintainers, system administrators || Data: unlimited / until user deletes data; logs: until service update ||
|| Organisation|| Webserver || Nextcloud|| webserver logs (user agent) ||Proposer operation of service; debugging || Consent || Service maintainers, system administrators || Data: unlimited / until user deletes data; logs: until service update ||
|| || ||Nlformat script|| || || || || ||
|| || ||OpenVPN|| || || || || ||
|| Management of tickets|| Tickets processing || OTRS ||All communication around the tickets, in the format of emails exchanged<<BR>> Internship applications are stored as OTRS tickets<<BR>> We store promo orders information from [[https://fsfe.org/contribute/spreadtheword|this]] form ||Answering of incoming requests.|| Consent ||All members of the team which is responsible for the kind of request.||None.||
|| || ||Personell management|| || || || || ||
|| || ||Planet|| || || || || ||
|| FSFE campaign PMPC || Users visiting the webiste||PMPC website|| Source IP, Date, HTTP request, User-agent||  The web server needs the public IP addresses to serve requests || Consent. [[https://publiccode.eu/privacy/|Link to privacy policy]] || Sysadmin || The campaign's duration ||
|| FSFE campaign PMPC || Signing the open letter ||PMPC website|| Email and name, country, ZIP code, comment || To display signature of the open letter and to give updates about the campaign || consent. [[https://publiccode.eu/privacy/|Link to privacy policy]] || Sysadmin || The campaign's duration ||
|| Event registration || Data entered in surveys || Registration system || Can be configured per event. For LLW, it is name, email address, affiliation, position, telephone number, ticket type, postal address, VAT Id, promotion code used, information about dinner attendance, dieatary preferences (!), participation in mentor system.||Necessary to organise the event.||Fulfillment of a contract.||Ulrike + Polina + ? + System administrators||None defined yet.||
|| Certificates || Certificate processing (openssl) || SSL certificates || Personal information of the person requesting them, email addresses and names (or whatever data is inserted by the person who is doing the certificate request) || Because the CA needs to know who requested a certificate|| Consent || System administrators || Data are stored as long as the certificate exists ||
|| Code hosting || svn use || Subversion || No personal information are stored. Public IP addresses are processed by the webserver || The webserver needs the public IP addresses to serve requests || Consent || System administrators || - ||
|| FSFE website || Webserver || Webserver + build system|| || || || || ||
|| FSFE website || [[https://fsfe.org/internal/pd|Per diem calculator]] (used for travels reimbursement) || FSFE website || The data entered in the form || To help staffers to calculate allowance || Consent || Website administrators || The data is not stored||
|| Wiki || Webserver || Wiki|| Source IP addresses || Debugging and security purposes || ||Wikicare takers, system-hackers || We store data for 14 days||

Diff for "TechDocs/DataProcessingTransparency"

FSFE Data processing