Service

Processing

What data is processed?

Why is the data processed?

What legal authorization do we have according to Article 6 of GDPR?

Who has access?

What is our Data retention policy?

FSFE website

Users visiting the website

??

PMPC website

Users visiting the website

Source IP, Date, HTTP request, User-agent

The web server needs the public IP addresses to serve requests

Legitimate Interest

Sysadmin

The campaign's duration (to be confirmed 1)

PMPC website

Signing the open letter

Email and name, country, ZIP code, comment
Italic information is voluntary

To display signature of the open letter;
to give updates about the campaign (specific consent) <BR>> To add the signature to the public list (specific consent)

consent Link to privacy policy

The public list is accessible to everyone
PMPC coordinator
Sysadmin for others information

The campaign's duration

art13 savecodeshare.eu

Signing the open letter

Name, email, country
Italic information is voluntary

To display signature of the open letter;
to give updates about the campaign (specific consent)

consent Link to privacy policy

Signatures will be handed over to the Members of the European Parliament and the EU Council
system administrators

Data is stored for the container lifetime (i.e. the campaign's duration)
Data may be kept by the Members of the European Parliament and the EU Council for an unknown time

art13 savecodeshare.eu

Visiting the website

IP addresses, SQL statements for error messages contain personal information

Error message are used for debugging, the webserver needs to know the source IP address

Legitimate interest

system administrators

Data is stored for the container lifetime (? 2)

Blogs

User visiting the website

IP addresses

Error message are used for debugging, the web server needs to know the source IP address

Legitimate Interest

(missing information 3)

(missing information 3)

Wiki

Webserver

Source IP addresses

Debugging and security purposes

Legitimate Interest

Wikicare takers, system-hackers

We store data for 14 days

Service

Processing

What data is processed?

Why is the data processed?

What legal authorization do we have according to Article 6 of GDPR?

Who has access?

What is our Data retention policy?

Webserver + build system

Webserver

Wiki

FSFE Wiki

Account data (Name, Pseudonym, email address from the supporter account, optionally jabber ID), a dedicated supporter page (optional), attribution for all contributions

Wiki management and attribution of work

Contract of services or Consent (to be confirmed)

Public pages are accessible to everyone, other pages may have limited access depending on ACL (cf. https://wiki.fsfe.org/TechDocs/Wiki)

As long as the account exist (to be confirmed 1)

Gitea

FSFE Gitea contributions

Emails and usernames of registered users and the files they work with; webserver logs (source IPs)

For authentication and operation of the platform; attribution of contribution; webserver logs for debugging

Contract of services or Consent (to be confirmed)

contribution are public, logs are accessible only to Service maintainers, system administrators

Contribution is kept as long as the account exists (to be confirmed 2); 1 week for logs

Blogs

Writing your blog

Your account (Username, nickname, email addresses, more is optional), your articles, log data

To provide a platform for our supporter's blogs

Contract

article publicity depends on the owner choosing
sysadmin

Until you delete your blog or we discontinue the service

FSFE website

Translators of the website

name or pseudonym of translators of each page

To attribute translation to its translators whenever they accept to be cited

consent

public information

Attribution is kept as long as the translation exist

Service

Processing

What data is processed?

Why is the data processed?

What legal authorization do we have according to Article 6 of GDPR?

Who has access?

What is our Data retention policy?

Community Database

Donations

Data regarding our donors: information about donations transferred, automatic donation renewal status, donation receipts issued, emails if opted in

Donor liaison, including the creation of donation receipts.

Legal requirements

Community database administrator, system administrators.

(To be confirmed 1) 10 years the data necessary for accounting; as long as you are a donor plus 1 year for data allowing us to contact you; as long as you don’t opted out, the data to automatically renew your donation if you asked for it.

Community Database

Emails of donors

emails if opted in

Donor liaison, including the creation of donation receipts.

Consent

Community database administrator, system administrators.

none

FSFE website

Donors page

All data showed in thankgnus*.xhtml

To display a list of our donors, to respect our transparency commitment and thanks our donors

Consent

This data is public

As long as the FSFE exist or until the person revoke his or her consent

Community Database

Supporters account

Data for our, supporters, staff, contractors, and volunteers: registration status, blacklisting status, name, birthday, sex, preferred language, postal address, primary and secondary email address, opt-in information for communication, username and password (never in clear-text) for FSFE services, information about fellowship cards received, data modification history. Italic information is voluntary.

Supporter management
Access management to FSFE's online services.
Statistical queries.

Consent for supporters and volunteers
Contract for staff and contractors

Community database administrator, system administrators.

Data is automatically deleted if the registration is not confirmed (through approval by a team coordinator) within 6 weeks after signup. Upon explicit request, data is anonymised.

OTRS

Promo orders

We store promo orders information from this form

Answering of incoming requests and sending packages

Consent

FSFE office staff and finance team.

None

OTRS

Merchandise orders

We store merchandise orders information from this form

Answering of incoming requests and sending packages

Consent

FSFE office staff and finance team.

None

Service

Processing

What data is processed?

Why is the data processed?

What legal authorization do we have according to Article 6 of GDPR?

Who has access?

What is our Data retention policy?

Email server

Emails processing and forwarding

Email addresses + logs (send, receive emails, hostnames, IP addresses of messages sent through SMTP, etc)

To manage the forward email service and assure a basic level of spam control

Consent for providing emails and legitimate interest for spam control

Albert Jonas Matthias Max Paul fellowship@klaproth

1 month

Mailman

Maing lists

Email address, full name (if the person choose to insert it), subscription details, logging see Mail and the official Mailman page

The mailing list service needs to know email addresses to achieve its goal

Consent

ADMIN-TECH,List-Admins,team@

Posts and subscriptions are stored for 1 year, bounces and errors are stored for 1 month, messages sent by Mailman itself are stored for 1 week, digests are stored for 4 months

QuickML

Emails processing

Forms API

No personal data stored in the logs, but the service processes emails

The service needs the email of the users submitting a form so the emails can reach them

Consent

system administrators

Data is stored for the container lifetime

Mailtrain + ZoneMTA

Emails processing

Email address, full name, subscription details

Data is stored for the container lifetime

OTRS

Tickets processing

All communication around the tickets, in the format of emails exchanged

Answering of incoming requests.

Consent

FSFE core team.

None.

Discourse

Webserver

IP Addresses, post timings, usernames

IP addresses are collected by discourse to prevent and block spam

Consent

system administrators + service maintainers

Data is stored for the container lifetime

Friendica

IRC Cloaks

Jabber / XMPP

Massage processing

Account rosters, logs (connect, disconnect, messages process and possibly stored temporally on the server (offline storage + muc preview), status messages, with debug logging up to who talks to whom)

Debugging purposes

Consent

system administrators

2 weeks

Service

Processing

What data is processed?

Why is the data processed?

What legal authorization do we have according to Article 6 of GDPR?

Who has access?

What is our Data retention policy?

Finance Archive

Storage of financial and employee records

Transaction data from all bank accounts, includes names of all people who send or receive money to/from FSFE.

To do our accounting

Legal requirements (we have to keep them for 10 years by law)

Financial team, tax consultant, legal authorities.

Information older than X>10 (11?) years are deleted after the annual closure of our accounts (to be confirmed 2)

Finance Archive

(not an independent processing)

SSH connections are logged (IP Addresses + username)

for debugging and security purposes

not applicable (not an independent processing)

coordinator and deputy coordinator system administration team , finance team

1 month

FSFE website

Per diem calculator (used for travels reimbursement)

The data entered in the form

To help staffers to calculate allowance

Contract (employment/Intern contract)

Website administrators can access log (to be confirmed 1)

The data is not stored

Nextcloud

Nextcloud Account management

Emails and usernames of registered users and the files they work with; calendar and contact entries; webserver logs (user agent)

Main working tool for everyday tasks (from sharing documents to calendar and conatact management)

Contract (employment/Intern contract)

Service maintainers, system administrators

account: (missing information 3) Data: unlimited / until user deletes data; logs of data: until service update

Nextcloud

(not an independent processing)

webserver logs (user agent)

Security and debugging

not applicable (not an independent processing)

Service maintainers, system administrators

logs: until service update

OTRS

Job and internship applications

Job and internship applications are stored as OTRS tickets, after a decision the ticket with attachments will be deleted

Answering and reviewing applications

Consent

FSFE council members and staff. We may share the application with advisors and members

(missing information 4).

Service

Processing

What data is processed?

Why is the data processed?

What legal authorization do we have according to Article 6 of GDPR?

Who has access?

What is our Data retention policy?

Newsletter and Press lists

Information about who did what including names and where things happened

To inform the public about Free Software

Nlformat script

Service

Processing

What data is processed?

Why is the data processed?

What legal authorization do we have according to Article 6 of GDPR?

Who has access?

What is our Data retention policy?

DNS

DNS queries

Logging IP Addresses for errors and for example denied queries, more if debug logging is temporary necessary. With debug logging disabled the DNS queries are not stored, only processed

Legal obligation

Debugging purposes

System administrators

1 month

SSL certificates

Certificate processing (openssl)

Personal information of the person requesting them, email addresses and names (or whatever data is inserted by the person who is doing the certificate request)

Because the CA needs to know who requested a certificate

Consent

System administrators

Data are stored as long as the certificate exists

OpenVPN

Personell management

Subversion

svn use

No personal information are stored. Public IP addresses are processed by the webserver

The webserver needs the public IP addresses to serve requests

Consent

System administrators

-

Registration system

Data entered in surveys

Can be configured per event. For LLW, it is name, email address, affiliation, position, telephone number, ticket type, postal address, VAT Id, promotion code used, information about dinner attendance, dieatary preferences (!), participation in mentor system.

Necessary to organise the event.

Fulfillment of a contract.

finance team + + System administrators

None defined yet.

LDAP

Authentication and queries

ldap queries are logged to syslog (we log who tries to login on what service and when)

Security and debugging purposes

consent

System administrators

1 month

Limesurvey

Webserver

Public IP addresses are processed by the web server

The web server needs the public IP addresses to serve requests

Consent

System administrators

Nothing is stored

Link shortener

Planet