The OpenStack Foundation is a Delaware non-stock, non-profit corporation under the jurisdiction of the FTC with its principal office in Austin, Texas. The goal of the OpenStack Foundation is to serve developers, users, and other participants in the OpenStack infrastructure ecosystem by providing a set of shared resources to build community, facilitate collaboration, and support integration of open source technologies.
The OpenStack Foundation is committed to the principles of the Privacy Shield through transparent disclosure of our activities related to privacy protection. We work at carefully balancing the Foundation’s interest in using your personal data to meet its goal against any potential impact to you arising from our use.
goal refers to the goal of the OpenStack Foundation stated above, and the Foundation’s purpose as stated in our Bylaws at https://www.openstack.org/legal/bylaws-of-the-openstack-foundation/.
visitor means a visitor to the Site, including visitors who use services on the site, such as the OpenStack Marketplace;
community member means an individual who: (i) is a member of the OpenStack Foundation, (ii) contributes software, documentation, or other information to the OpenStack Project, (iii) attends an OpenStack event, (iv) takes a certification exam, such as the OpenStack Administrator exam, or (v) provides personal data to the Foundation in some other way as described below;
personal data or personal information means any information about an individual that identifies the individual, or that can be used to identify the individual, directly or indirectly.
we and our and us refers to the OpenStack Foundation; and
you and your refers to visitors and community members.
if you want to join the OpenStack Foundation as an individual member, you will be asked to complete a web form with your name, contact information, employer name, physical location, field of activity, profession, and other information;
if you sign up for a mailing list, we will ask for your name and contact information.
if you participate in a forum, chat room, blog, or news group, your user name and the information you publish will be available to the OpenStack Foundation (and the public);
we will ask you to submit biographical information and a photograph of yourself to post on our site.
if you use our mobile app to plan your activity at the summit (which sessions to attend, etc.), we will have access to those plans as a necessary part of providing this feature. We do not view or use that information except in emergency circumstances – see “How we use your personal data” below. We also have access to your unique device identifier and other information useful for monitoring the availability of the app. We currently use Crashlytics to monitor the availability of the app.
we will collect your name and email address.
we periodically ask Project users to complete a survey to provide feedback on our events. If you choose to participate in such a survey, you will be asked to submit personal data such as your name, email address, and location.
we require you to provide your name and email address to issue you with the required OpenStackID.
if you register to attend on of our bi-annual summits, you will register and pay through Eventbrite and will be asked to submit name, email address, company, work phone, title, and geographic location of your workplace. Eventbrite shares that data with us.
event sponsors who host a booth or other facility at an OpenStack event may use a device provided by vandePoel Productions that enables them to scan your event badge. You do not have to permit an event sponsor to scan your event badge, but if you do, the event sponsor will be able to collect the personal data you provided to Eventbrite when you registered for the Summit.
Canonical manages our Launchpad instance. As the account owner and administrator, OpenStack has access to the information that you provide to Canonical, such as your Launchpad id.
the OpenStack Foundation has a Facebook page, a Twitter account, LinkedIn Company Page, and YouTube Channel. Your user names on these platforms will be exposed to OpenStack if you follow our social media accounts. Any personal data you elect to share as part of a posting using those platforms is also available to us.
if you register for and take an OpenStack certification exam, such as the Certified OpenStack Administrator exam, our exam administrator, which is currently the Linux Foundation, will collect your name and other personal data. The Linux Foundation provides us with exam results tied to the OpenStack ID you use to register for the exam.
if you arrive at our site by clicking on an advertisement or content published by a third party, that third party may provide information to us about your activity on their website. we may use Google AdWords or other third party advertisers.
local user groups and other community partners also provide us information about your attendance at their events, including your name and email address.
Generally we do not combine personal data we have about you from different sources for any purpose, with the exception that we will use information we collect about your interest in our events to send you email communications about those events.
Third parties who display content or provide services on our websites may also collect personal data about you using cookies, tracking pixels, and other methods. They share some of that data with us as described above, but they may collect other data that they use for things un-related to OpenStack. For example,
You may block cookies using the cookiebot feature available on our site. If you elect to permit collection of data via cookies initially, but later change your mind, you can change your preferences.
We will use your personal data to provide information and services to you as a participant in the OpenStack community and to manage the community consistent with the Foundation’s goals, at all times balancing the Foundation’s goal against your interest in protecting your personal data. We will strive to use your personal data only to the limited extent necessary to meet our legitimate interest as the manager of the OpenStack Project and community. Specific ways that we use your personal data in this way are as follows:
if you elect to be included in our Individual Member Directory, we will publish your member profile on our site;
we may use your email address to send you information about upcoming events, Foundation news, and governance matters;
Please see the section below captioned Email Policy for information on how to stop receiving email communications from us.
we use web visit information to measure interest in and develop our web pages and marketing plans, and administer our site.
we use web visitor IP addresses to help diagnose problems with our servers, and to administer our site.
we use personal data you choose to provide in response to our survey, as well as your comments on our site content.
We will not use your personal data in any other way unless:
(i) you have given your express consent for that use, or (ii) to the limited extent necessary to comply with a legal obligation that we are subject to.
for example, we currently use the following third party services:
Mailchimp, Emma, and Sendgrid for outgoing email;
Salesforce for community relationship information management;
Discus for the comments features on our blog and other Web publications;
Survey Monkey to administer surveys and analyze the results;
Adobe Echosign e-signing service; and
Formstack to administer webforms.
A note about Elections Administrators: we currently use BigPulse to administer our annual election of individual members to the OpenStack Board of Directors. BigPulse enables the OpenStack Foundation to issue each eligible voter a unique link to the voting platform. To vote in this election you are required to use this unique link. BigPulse shares the aggregate election results with the OpenStack Foundation and the community, but does not share individual voting records.
A tracking pixel, also known as a web bug or web beacon, is a small graphic (usually 1 pixel x 1 pixel) invisible to the eye, that is embedded in web content or email. When you view content that has an embedded web beacon, your web browser will request content from a web server, which in turn will set a cookie in your web browser containing a unique identifier. This unique identifier can be linked to log information that is used to track your movements on the operator’s website.
You may block cookies using the cookiebot feature available on our site. Your current cookie status and the link to change it appears in Section II above captioned “Third Parties Who Collect Data On Our Site.”
If you do not wish to receive our email or other communications, please send your request to [email protected] or write us at Compliance Officer, OpenStack Foundation, P.O. Box 1903, Austin, TX 78767. Please note that it may take up to ten days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request.
None of our websites, mobile applications or services are intended for children. Do not attempt to register as a services user unless you are at least 18 years old. Do not submit information about yourself using our websites or applications if you are under 13. If you are the parent or guardian of a child under 13 who may have submitted information to us please contact us at [email protected].
We have put in place appropriate security measures to prevent your personal data from being accidentally lost or accessed in an unauthorized manner, including being altered or disclosed.
We have put in place procedures to handle security incidents, including a process for making notifications to you or a data breach as required by law.
We require our service providers to comply with appropriate security measures and to give us notice of security events as necessary for us to meet our security obligations to you.
We will retain your personal data only for as long as reasonably necessary to fulfil the purpose for which it was collected, and to comply with our legal obligations. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Please contact us at [email protected] if you would like more information about our data retention policies
Our policies for complying with your requests to amend, erase, restrict or take other action with respect to your personal data are stated below. We will comply with the applicable legal requirements for these types of requests. You should communicate your request to [email protected]ack.org.
Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If your request under this section is clearly unfounded, repetitive or excessive, we may charge you a fee to comply, or we may refuse to comply with your request, to the extent permitted by applicable law. We may need to request additional information from you to confirm your identity and help us comply with your request. We will try to respond to all legitimate requests within one month. If your request is particularly complex or you have made a number of requests, it may take us longer than a month. In this case, we will notify you and keep you updated. There may be circumstances in which we believe our interest as the community manager requires us to retain your personal data despite your request, but we will disclose this to you at the time of the request. Those circumstances include the following:
In some circumstances we may use or disclose de-identified data about our community members to third parties, including aggregate data, such as the size of our community, the demographic make-up of the community, the proportionate number of users vs. developers, and like information. Provided that we have de-identified this data in a way that it cannot be re-identified to any individual, we do not consider this type of information to be “personal data” subject to this policy.
The OpenStack Foundation participates in the EU-US and Swiss Privacy Shield frameworks regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. We have certified with the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield Principles, visit here. Our certification appears here.
In compliance with the Privacy Shield Principles, The OpenStack Foundation commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact The OpenStack Foundation at [email protected] and give us the opportunity to resolve your complaint. We will respond to your complaint promptly.
The OpenStack Foundation has further committed to refer unresolved Privacy Shield complaints to Privacy Trust, an alternate dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.privacytrust.com/drs/openstack for more information or to raise a privacy shield complaint with PrivacyTrust. The services of Privacy Trust are provided at no cost to you.
In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, OpenStack remains liable.
Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
Please see the additional information provided by the U.S. Department of Commerce here on resolving complaints.