Privacy Policy of R Consortium, Inc.
Effective Date: September 20, 2018
The R Consortium, Inc. (“R Consortium”) is a group organized under an open source governance and foundation model to support the worldwide community of users, maintainers and developers of R software. This Privacy Policy describes our policies and procedures about the collection, use, disclosure and sharing of your personal information or personal data when you use our websites and participate in or use our Project sites (collectively, the “Sites”).
Capitalized terms that are not defined in this Privacy Policy have the meaning given them in our Terms of Use. In this Privacy Policy, “personal information” or “personal data” means information relating to an identified or identifiable natural person. Your use of our Sites, and any dispute over privacy, is subject to this Policy and our Terms of Use, including its applicable limitations on damages and the resolution of disputes. The R Consortium Terms of Use are incorporated by reference into this Policy.
Personal Data That R Consortium Collects
We collect information directly from individuals, from third parties, and automatically through the Sites. You do not have to provide us your personal information. However, if you choose not to disclose certain information, we will not be able to provide you with access to certain services or features, including participation in certain aspects of our open source projects.
Your Contributions to Open Source Projects.
Attribution,Provenance and Integrity. When you contribute source code, documentation or other content to one of our Projects (whether on your own behalf or through contributions made as part of your employment services to your employer), we collect and store the information and content that you contribute. This includes the contents of those contributions, as well as data required to confirm the provenance of intellectual property contained in those contributions, and personal information that you make publicly available in the record of the contribution pursuant to sign-offs under the Developer Certificate of Origin (https://developercertificate.org/). Some Projects require additional agreements or information pursuant to their intellectual property policies; in such cases we collect and store information related to your acceptance of those agreements. We may also collect information relating to your participation in technical, governance or other Project-related meetings.
Other Project-related Content. The content you provide in relation to Projects also includes materials that you make publicly available in connection with Project development, collaboration and communication, such as on mailing lists, blogs, Project wiki pages and issue trackers, and related services.
Your Content. We collect and store the information and content that you post to the Sites, including your questions, answers, comments, forum postings, and responses to surveys. Please see the section on Publicly Available Information for how the information you post will be viewed on our Sites.
Communications. When you communicate with us (via email, phone, through the Sites or otherwise), we may maintain a record of your communication.
Automatically Collected Data. In addition, R Consortium may automatically collect the following information about Users’ use of the sites or services through cookies, web beacons, and other technologies: your domain name; your browser type and operating system; web pages you view; links you click; your IP address; the length of time you visit our Sites and or use our services; and the referring URL, or the webpage that led you to our Sites. We may combine this information with other information that we have collected about you, including, where applicable, your user name, name, and other personal information. Please see our cookie policy at https://www.linuxfoundation.org/cookies/ for more information about our use of cookies.
De-identified Data. We may de-identify and aggregate certain data we collect such that the data no longer identifies or can be linked to a particular User or an individual data subject (“De-identified Data”), subject to the terms of any applicable User agreements. We may use this data to improve our Services, analyze trends, publish market research, and for other marketing, research or statistical purposes, and may disclose such data to third parties for these specific purposes.
Purposes and Legal Bases for Our Using of Your Information Purposes and Legitimate Interests
R Consortium uses the information we collect for our legitimate business interests, which include the following purposes:
Providing our Sites and Services. To provide the Services and our Sites (including Project Sites), to communicate with you about your use of our Sites and Services, to respond to your inquiries, provide troubleshooting of the Sites and for other purposes to support Users and the community.
Operating our Open Source Projects. To enable communication between and among open source developers in the community; to facilitate and document Project governance and technical decision making; to maintain, and make publicly available on a perpetual basis, records regarding intellectual property provenance and license compliance for Project contributions; and for related activities to further R Consortium’s purposes, including fostering an ecosystem that supports the collaborative and public development of free and open source software projects. See the “Attribution, Provenance and Integrity” section above for more information.
Personalization. To tailor the content and information that we may send or display to you on our Sites and in our Services, to offer location customization and personalized help and instructions and to otherwise personalize your experiences.
Advertising. For targeting advertising to you on our Sites and third-party sites and measuring the effectiveness and reach of ads and services (through third-party ad networks and services).
Analytics. To gather metrics to better understand how Users access and use our Sites and Services and participate in our Projects; to evaluate and improve the Sites, including personalization, to develop new services; and to understand metrics regarding the community health of our Projects.
Compliance. To comply with legal obligations and requests. For example, to comply with laws that compel us to disclose information to public authorities, courts, law enforcement or regulators, maintain records for a certain period, or maintain records demonstrating enforcement and sublicensing of our trademarks and those of our Projects.
Business and Legal Operations. As part of our general business and legal operations (e.g., accounting, record keeping, and for other business administration purposes), and as necessary to establish, exercise and defend (actual and potential) legal claims.
Prevent Misuse. Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Use or this Privacy Policy.
Purposes of Processing | Legal Bases of Processing (EU Users) | |
---|---|---|
Providing our Sites and Services | - Our Legitimate Business Interests - Necessary to the Performance of a Contract with You (upon your request, or as necessary to make the Services available) - Compliance with Law |
|
Operating our Open Source Projects | - Our Legitimate Business Interests - Where Necessary to the Performance of a Contract with You (upon your request, or as necessary to enable your participation in the Projects or to make the Services available) - Compliance with Law - As necessary to establish, exercise and defend legal claims |
|
Personalization | - Our Legitimate Business Interests | |
Advertising | - Our Legitimate Business Interests - With Your Consent |
|
Analytics | - Our Legitimate Business Interests | |
Compliance | - Our Legitimate Business Interests - Compliance with Law - As necessary to establish, exercise and defend legal claims |
|
Business and Legal Operations | - Our Legitimate Business Interests - Compliance with Law - As necessary to establish, exercise and defend legal claims |
|
Prevent Misuse | - Our Legitimate Business Interests - Compliance with Law - As necessary to establish, exercise and defend legal claims |
Data Security
We have implemented commercially reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee 100% security.
You should take steps to protect against unauthorized access to your passwords, phone, and computer by, among other things, signing off after using a shared computer, choosing robust passwords that nobody else knows or can easily guess, not using a password for more than one site or service, and keeping your log-ins and passwords private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity. You must promptly notify us if you become aware that any information provided by or submitted to our Sites or through our Services is lost, stolen, or used without permission at privacy@linuxfoundation.org.
Marketing Choices
You may opt out or revoke your consent to receive marketing emails from us by using unsubscribe or opt out mechanisms included in our marketing emails or by emailing privacy@linuxfoundation.org. You may unsubscribe from mailing lists via the applicable mailing list’s subscription website or, in some cases, by using the unsubscribe mechanisms included in such emails.
Retention of Your Personal Data
We apply a general rule of keeping personal data only for as long as required to fulfill the purposes for which it was collected. However, in some circumstances, we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required. In specific circumstances, we may also retain your personal data for longer periods of time corresponding to a statute of limitation, so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
International Transfers
If you are located within the European Union (EU) or European Economic Area, you should note that your information will be transferred to the United States where R Consortium is located. The U.S. is deemed by the European Union to have inadequate data protection. However, we have put in place European Commission approved Standard Contractual Clauses which protect personal data transferred between R Consortium and affiliated entities as well as The Linux Foundation, its managed service provider. In addition, if personal data is transferred to third party service providers located outside the European Union, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU, including by entering into data transfer agreements, or using the European Commission approved Standard Contractual Clauses. You have a right to obtain details of the mechanism under which your personal data is transferred outside of the EU by contacting privacy@linuxfoundation.org.
Children’s Privacy
Except as specifically indicated within a Site, we do not knowingly collect or solicit personal information from anyone under the age of 16, or knowingly allow such persons to register. If we become aware that we have collected personal information from a child under the relevant age without parental consent, we take steps to delete that information.
Links to Third Party Sites and Services
The Sites may contain links to third party sites or online services. We are not responsible for the practices of such third parties, whose information practices are subject to their own policies and procedures, not to this Privacy Policy.
Your Rights
Access and Amendment. You may contact our privacy coordinator, as set forth below, to access or amend your personal information.
Additional Rights. Individuals in the European Economic Area (and other jurisdictions where applicable) have additional rights under applicable law:
- to obtain a copy of your personal data together with information about how and on what basis that personal data is processed;
- to rectify inaccurate personal data (including to have incomplete personal data completed);
- to erase your personal data (in limited circumstances, such as where it is no longer necessary in relation to the purposes for which it was collected or processed);
- to restrict processing of your personal data under certain circumstances;
- to export certain personal data in machine-readable format to a third party (or to you) when we justify our processing on the basis of your consent or the performance of a contract with you;
- to withdraw your consent to our processing of your personal data (where that processing is based on your consent);
- to obtain, or see a copy of the appropriate safeguards under which your personal data is transferred to a third country or international organization; and
- to object to our use and processing of your personal information that is conducted on the basis of a legitimate interest or to perform a contract with you. You also have the right to object at any time to any processing of your personal data for direct marketing purposes, including profiling for marketing purposes.
Lodging a Complaint. You also have the right to lodge a complaint with your local supervisory authority for data protection, or privacy regulator.
Submitting a Request. To exercise the above rights or contact us with questions or complaints regarding our treatment of your personal data, contact us at privacy@linuxfoundation.org. Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, especially if your request is manifestly unfounded or excessive. We will endeavor to respond to your request within all applicable timeframes.
California Privacy Rights
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the types of personal information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an email to privacy@linuxfoundation.org.
Contact Us
If you have any questions about our practices or this Privacy Policy, please contact us at privacy@linuxfoundation.org, or write to us at: R Consortium, 1 Letterman Drive, Building D, Suite D4700, San Francisco, CA 94129.
Changes to the Privacy Policy
This Policy is current as of the effective date set forth above. If we change our privacy policies and procedures, we will post those changes on this page and/or continue to provide access to a copy of the prior version. If we make any changes to this Privacy Policy that materially change how we treat your personal information, we will endeavor to provide you with reasonable notice of such changes, such as via prominent notice on our Sites or to your email address of record, and where required by law, we will obtain your consent or give you the opportunity to opt out of such changes.