Skip to content

Latest commit

 

History

History
142 lines (79 loc) · 10.9 KB

privacy-policy.md

File metadata and controls

142 lines (79 loc) · 10.9 KB
layout Title permalink is_markdown
default
Privacy Policy - Heart of Clojure
/privacy-policy
true

Last updated: 18 March 2019

Introduction

We take the protection of our users (“User/you/your”) personal data very seriously and strictly comply with applicable data protection laws and regulations. In our privacy policy below (“Privacy Policy”) we provide you with an overview of what data we collect for what purpose and how we ensure the protection of the data.

The controller is Gaiwan GmbH, c/o Arne Brasseur, Kinzigstr. 26, 10247 Berlin/Germany (“we/us/our”).

In general Gaiwan GmbH aims to only store, process, or share the minimum information necessary. The less we know about you, the better. We do need to know certain things in order to provide services, communicate with you, or meet legal requirements. In this document you can find a complete overview of what we collect and store.

Information gathering and usage

This privacy policy pertains to all online assets and services that are part of the official Heart of Clojure conference organization. These are:

We also make use of third party services to collect, store, and process information. These are:

The following sections describe the data gathered for each service, and how it is used.

We do not store cookies in the user's browser, tracking or otherwise. No third party cookies are stored.

When a user submits the form to sign up to our mailinglist, then this information is submitted to, and stored in MailChimp, as described below.

The Heart of Clojure website is hosted by Github, which may log HTTP requests including IP addresses.

When a user submits a talk proposal using the CFP app then we ask for and store: name, email address, social media profiles, location. This data is stored on Heroku (Heroku security information and privacy policy).

When a user uses social logins (Twitter or Github OAuth, henceforth "login provider") then a subset of their profile information at the login provider is made accessible to the CFP app and stored. Refer to the consent screen provided by the login provider for details.

This data is shared with our team of reviewers and with the program committee in order to put together a conference program. We only keep this information as long as necessary to complete this task. The CFP app instance including any stored data is destroyed one month after the conference is over, or sooner.

Email addresses of submitters may be imported into MailChimp for the express purpose of keeping people informed on the status of the CFP process. These are kept in separate email lists, and deleted when the CFP process is completed. We do not sign people up to our newsletter without explicit consent to do so.

The CFP app is hosted on Heroku, which may log HTTP requests including IP addresses.

Registering for the activities app requires a user name, email address, and profile picture. This data is stored on Heroku (Heroku security information and privacy policy).

When a user uses social logins (Twitter or Github OAuth, henceforth "login provider") then a subset of their profile information at the login provider is made accessible to the activities app and stored. Refer to the consent screen provided by the login provider for details.

The information provided in the activities app, including profile information and activity sign-ups are publicly accessible.

The activities app instance and all its data are destroyed one month after the conference finishes, or sooner.

The CFP app is hosted on Heroku, which may log HTTP requests including IP addresses.

When a user signs up for our mailing list then their name and email address are stored by MailChimp. We use this to send email newsletter related to the Heart of Clojure conference.

When an email address is provided on a different service on order to perform a specific task or process, then we can import this address into MailChimp to communicate about this task or process.

For example: we may import the email addresses of people who submitted to the CFP, in order to keep them informed about the status of the CFP, or we may import email addresses of ticket holders to notify them of important information related to their ticket, such as venue changes. These imported addresses are kept separate from the regular newsletter subscriptions, and deleted when no longer needed, at the latest one month after the conference finishes.

Heart of Clojure tickets are sold through Tito, payment is processed by Stripe. Through Tito we collect name, email, and various preferences related to the event.

Ticket holders agree to receive one or more emails containing coupons and discounts codes they can claim ("digital swag"), offered by our sponsors. We send these emails on behalf of our sponsors, we do not share personal information about ticket holders with sponsors directly.

We preserve the right to share personal information of ticket holders with third parties to comply with regulations. This may include insurance providers, providers of accounting and tax related services, and government agencies in Germany and Belgium.

Your Data

Gaiwan GmbH uses third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run Heart of Clojure. You retain all rights to your data; we will never share your personal data with a third-party without your prior authorization, and we will never sell data to third-parties. We transfer data with third-parties necessary to our ability to provide our services, all of whom are GDPR-compliant and provide the necessary safeguards required if they are outside of the EU.

Your rights

For further information on your rights, to withdraw consent, or to ask for deletion of your data, you can contact us at [email protected].

Right of access

You have the right to be informed at any time and free of charge about the personal data stored about you.

Right to rectification

You have the right to rectify inaccurate personal data about you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed (for example, by providing an additional statement).

Right to be forgotten

You have the right to have us delete any personal data concerning you that we store. We have the obligation to erase your personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
  • The User withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing
  • The User objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the User objects to the processing pursuant to Article 21(2) of the GDPR
  • The personal data have been unlawfully processed
  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which we are subject
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR

Right to data portability

You have the right to ask for and receive the personal data we store about you in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance by the controller to whom the personal data have been provided, provided that the processing is based on a consent or on a contract to which the data subject is a party and that the processing is carried out by means of automated procedures.

Furthermore, in exercising your right to data portability, you have the right to have personal data transmitted directly from one controller to another where technically feasible — and when doing so does not affect the rights and freedoms of others.

Right to withdraw consent

You have the right to withdraw your consent regarding the use, processing or transmission of your data at any time in writing or by email to us.

In the event of consent withdrawal, we will no longer process and immediately delete your stored data. This does not apply if we can prove compelling grounds for processing that are worthy of protection and which outweigh your interests, rights and freedoms or in case the processing serves to assert, exercise or defend legal claims. For example, we will continue to use data if it is still necessary for tax purposes.

Duration of Storage

We store your data as long as necessary to organize Heart of Clojure, or as long as it is needed for legal or tax filing purposes.

All personal information is deleted within one month after the end of the conference, unless longer retention is required for legal or tax filing purposes.

Ad servers

We do not partner with or have special relationships with any ad server companies.

Security

All data and information transmitted with Gaiwan GmbH is secured by the SSL protocol.

Links to Other Websites

Our website contains links to other websites. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third-party. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit Personal Information from you. Other sites follow different rules regarding the use or disclosure of the Personal Information you submit to them. We are not responsible for the content, privacy and security practices, and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to read the privacy policies or statements of the other websites you visit.

Changes

If our information practices change in the future, we will post the policy changes to our website to notify you of these changes, indicating the date of the latest revision. We will only use data collected from the time of the policy change forward for these new purposes. If you are concerned about how your information is used, you should check back at our website periodically.