PRIVACY POLICY OF CLOUD FOUNDRY.ORG FOUNDATION, INC.
(Last Updated May 24, 2018)

 

This Privacy Policy describes how Cloud Foundry.Org Foundation, Inc. (referred to in this Privacy Policy as “Cloud Foundry Foundation,” “we,” “us,” or “our”) collects, processes, uses, stores, and safeguards information collected about or provided by users of the Cloud Foundry Foundation websites, such as cloudfoundry.org and any subdomains (each a “Site” and collectively, the “Sites”), users of Cloud Foundry Foundation services, including participation in our open source community projects and attendance of our summits and events (“Services”), and about those who provide us personal information as a customer, contributor, contractor, or through other interactions with us. Cloud Foundry Foundation can be contacted regarding our privacy practices and your rights described in this Privacy Policy at info@cloudfoundry.org or by sending a letter to: Cloud Foundry Foundation, 1 Letterman Drive Building D, Suite 4700, San Francisco, CA 94129.

Please note that if you are located in the European Economic Area (“EEA”) and interact with us through Sites, Services, or otherwise, specific rules apply to your privacy rights (as set forth below) in addition to the general provisions set out in this Privacy Policy that apply to everyone.

By otherwise accessing, using, or interacting with the Sites and Services, you expressly consent to our collection, processing, use, disclosure, and retention of your information as described in this Privacy Policy. If you do not agree with these practices, please do not use the Sites or otherwise provide us with your information.

Changes to the Privacy Policy

Cloud Foundry Foundation may make changes to this Privacy Policy from time to time. The current governing version of the Privacy Policy will be posted at cloudfoundry.org. Cloud Foundry Foundation will notify users of material changes to the Privacy Policy by posting the amended terms on the cloudfoundry.org site prior to implementation or by directly sending users notification if users have provided us with their email address for such purposes. By continuing to access, visit, or use the Sites after any changes to this Privacy Policy, you consent to the revised version of this Privacy Policy.

Children Under 16 Years of Age

The Sites are not directed to children under the age of 16, and Cloud Foundry Foundation will never request personally identifiable information from anyone whom it knows to be under the age of 16 without verifiable parental or guardian consent. Cloud Foundry Foundation does not knowingly collect, or wish to obtain, personally identifiable information from children.

Information That Cloud Foundry Foundation Collects

Through user interaction with the Sites, Cloud Foundry Foundation may collect personal information submitted by such users, including community forum content, blog posts and comments, profiles, photographs, names, geographic location, unique identifiers (e.g., social media handles or usernames), contact information (e.g., email address, postal address, telephone, fax), and transaction information. Cloud Foundry Foundation may also collect information users provide regarding their interests, demographics, industry, title, experience, and detailed contact preferences. Cloud Foundry Foundation may collect or access this information from third-party service providers who provide services, such as user surveys, in connection with the Sites.

When you make a payment to Cloud Foundry Foundation through the payment page located on our third-party payment processor’s website, they may collect credit card information from you in order to properly process your payment. Cloud Foundry Foundation does not receive or store your credit card information and no one at Cloud Foundry Foundation can access your credit card information. We use RegOnline by Lanyon Solutions, Inc. (“RegOnline”), a PCI-certified third-party payment service to process payments. Although we do not process payments, we may require you to provide RegOnline with contact information (e.g., name, email address, and company name) and financial and billing information (e.g., billing name and address, credit card number, and the number of employees within your company). RegOnline’s privacy policy is found here: https://www.lanyon.com/privacy-policy.shtml

Cloud Foundry Foundation and third-party service providers and advertisers who interact with Cloud Foundry Foundation, may also collect certain technical information about your use of the Sites. This technical information may include information about user device(s), browser type and version, geo-location, computer, computer connection, statistics on page views, traffic to and from the Service, ad data, Wi-Fi connection, internet protocol (“IP”) address, and standard web log.

Cloud Foundry Foundation does not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information; except to the extent you may voluntarily provide such information in anonymized surveys that would not allow Cloud Foundry Foundation to identify you as the source of the sensitive personal information.

Cookie Use Policy; Third-Party Analytics

Cloud Foundry Foundation and third-party advertisers and service providers may use cookies, web beacons, locally shared objects (sometimes called “flash cookies”), and similar technologies in connection with your use of the Sites (collectively referred to as “Cookies”). Cookies are small text files stored on your computer in order to allow the visited websites to identify and recognize the user’s individual browser for the purpose of providing optimized and user-friendly services, i.e. the user does not have to fill in his or her data every time he or she visits the websites. We use Cookies on the Sites to collect information about user interaction with the Sites, such as your browser type, preferences, data relating to content that has been displayed to you or that you have clicked on, and the date and time of your use. Cookies may also be used in order to further features and processes on the Sites, provide authentication and security for user transactions using the Site, store user preferences, facilitate relevant advertising, and help Cloud Foundry Foundation learn more about how users engage with the Sites.

Cloud Foundry Foundation also uses third-party service providers to provide certain products and Services or to integrate other Site features. These third-party service providers may collect information when you view or use them, including information about you and your device or browser. They may do this using Cookies or similar technologies. These third-party service providers also may use Cookies or similar technologies to help share information with us, like how you use their website or application. Cloud Foundry Foundation encourages users to evaluate privacy and security policies of any of the Sites’ transaction partners before entering into transactions or choosing to disclose information.

For example, Cloud Foundry Foundation works with a service called Google Analytics provided by Google, Inc. (“Google”). Google Analytics uses Cookies to help analyze how users use the Sites. The information generated by these Cookies (including user truncated IP address) is transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your, and other users’, use of the Sites and Services, compiling reports about how you and others use the Sites and Services, and providing other analytical information relating to activity on the Sites and Internet usage. Please note that Google only receives your truncated IP address. This is sufficient for Google to identify (approximately) the country from which you are using the Sites, but is not sufficient to identify you, or your computer or mobile device, individually. If you visit our Sites from within the EU, your IP address will be anonymized before transmission. Google’s privacy policy is found here: https://support.google.com/analytics/answer/6004245. To opt-out of analysis by Google Analytics on our Sites and services, please visit: http://tools.google.com/dlpage/gaoptout.

As another example, Cloud Foundry Foundation works with a service provided by Salesforce.com, Inc. called Pardot B2B Marketing Automation (“Pardot”) that uses cookies for storing and organizing information Cloud Foundry Foundation receives from user interaction with the Sites, including but not limited to, your email address, name, company, the country from which you are using the Site, and any comments. This information helps us improve our Sites and the user experience. To view Pardot’s privacy policy, please visit: http://www.pardot.com/company/legal/privacy-policy/.

For more detailed information about Cookies and third-party analytics used on our Site, please see our Cookie Policy.

How Cloud Foundry Foundation Uses the Information Collected

Cloud Foundry Foundation uses collected information for purposes related to Cloud Foundry Foundation’s business activities, including, but not limited to:

1. To understand a user’s needs and create content that is relevant to the user;
2. To generate statistical studies;
3. To conduct market research and planning by sending user surveys;
4. To notify user referrals of Cloud Foundry Foundation Services, information, or products when a user requests that Cloud Foundry Foundation send such information to referrals;
5. To improve Services, information, and products;
6. To help a user complete a transaction, or provide Services or customer support;
7. To communicate back to the user;
8. To update the user on Services, information, events and products;
9. To notify the user of any changes with a Site, which may affect the user;
10. To enforce terms of use on a Site; and
11. To allow the user to purchase products, access Services, or otherwise engage in activities the user selects.

Cloud Foundry Foundation is not-for-profit organization and an open source project and collaborative community. This means that portions of our Sites, including information you voluntarily provide, will be public-facing for the open sharing of ideas, best practices and information from users around the world. If you do not want to share your information, including personally identifiable information, with other community members and the public, please be thoughtful as to how you interact with our Sites and Services and what information you provide. For example, user names, identifications or IDs, and email addresses (as well as any additional attribution information that a user voluntarily posts or provides) may be publicly available through your creation or linking of a public profile, project contributions, comments, and blog posts. Another example is when a user posts information in conjunction with content subject to an open source license, or as part of a message posted to a public forum or a publicly-released software application.

The personal information you provide to Cloud Foundry Foundation may reveal or allow others to discern aspects of your life that are not expressly stated in your profile (for example, your picture or your name may reveal your hair color, race, or approximate age). You should be aware that your information may continue to be viewable to others after you close your account, such as on cached pages on Internet search engines. Users may not be able to change or remove public postings once posted. Such information may be used by visitors of these pages to send unsolicited messages. Cloud Foundry Foundation is not responsible for any consequences which may occur from the third-party use of information that a user chooses to submit to public pages. If you do not wish for others to view or access this information, please do not provide it to Cloud Foundry Foundation or post it on the Sites.

In some cases you may be able to provide project contribution-related information directly to third party sites and services; these third parties are independent data controllers and their use of your personal information is subject to their own policies.

Marketing Communications

From time to time, Cloud Foundry Foundation may contact you with information, including promotional, marketing, and advertising information and recommendations that Cloud Foundry Foundation believes may be of interest to you, but only if you have provided your consent to receive such communications (if such consent is required by applicable law). Consistent with applicable laws, including United States CAN-SPAM laws, if you do not wish to receive commercial emails, you may unsubscribe by following the instructions on any email or by contacting us at info@cloudfoundry.org. Cloud Foundry Foundation may still send you administrative notices in response to specific requests you submit or in connection with a contract you may have with us.

Links to Third-Party Websites

The Sites may permit you to access or link to third-party websites and information on the Internet, and other websites may contain links to the Sites. When a user uses these links, the user leaves the Sites. Cloud Foundry Foundation has not reviewed all of these third-party sites, does not control, and is not responsible for any of the third-party sites, their content, or privacy practices. The privacy and security practices of websites accessed from the Sites are not covered by this Privacy Policy, and Cloud Foundry Foundation is not responsible for the privacy or security practices or the content of such websites, including but not limited to, the third-party services you access through Cloud Foundry Foundation. Please check the privacy and security policies of these websites before you submit any personal data.

Sharing of Information

Cloud Foundry Foundation may share the personally identifiable information a user provides online with other entities that are part of our corporate network, including corporate affiliates, joint-venturers, and companies under common control, and/or outside service providers who we engage to distribute materials, create surveys, process credit card payments, provide technical support, handle transaction processing, or otherwise act on Cloud Foundry Foundation’s behalf. Third-party service providers and suppliers receiving personal information are authorized to use such personal information only for the purpose it was originally intended or as required or permitted by law. Specifically, Cloud Foundry Foundation may share a user’s email and other personally identifiable information with our third-party managed services provider, The Linux Foundation, which may send email correspondence to users on our behalf.

Cloud Foundry Foundation may disclose personal information that is associated with your profile as described in this Privacy Policy, as permitted by law or as reasonably necessary to: (1) comply with a legal requirement or process, including, but not limited to, civil and criminal subpoenas, court orders or other compulsory disclosures; (2) investigate and enforce our then-current Terms of Use, if any; (3) respond to claims of a violation of the rights of third parties, including DMCA notifications; (4) respond to customer service inquiries; (5) protect the rights, property, or safety of Cloud Foundry Foundation, our users, or the public; or (6) as part of the sale of all or a portion of the assets of Cloud Foundry Foundation, as a change in control of the organization or one of its affiliates, or in preparation for any of these events. Cloud Foundry Foundation may supply any such information to any organization into which Cloud Foundry Foundation may merge in the future or to which it may make any transfer of assets. Any third party to which Cloud Foundry Foundation transfers or sells all or any of its assets will have the right to use the personal and other information that you provide in the manner set out in this Privacy Policy.

Data Security

To keep your information safe, prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use of information, Cloud Foundry Foundation implements industry-standard physical, electronic, and managerial procedures to safeguard and secure the information Cloud Foundry Foundation collects. However, Cloud Foundry Foundation does not guarantee that unauthorized third parties will never defeat measures taken to prevent improper use of personally identifiable information. As a result, Cloud Foundry Foundation cannot guarantee or warrant the security of any information transmitted on or through the Sites and you do so at your own risk.

Internal Cloud Foundry Foundation access to users’ nonpublic personally identifiable information is restricted to Cloud Foundry Foundation’s personnel, including contractors on a need-to-know basis. These individuals are bound by confidentiality agreements.

In the event Cloud Foundry Foundation becomes aware that the security of a Site has been compromised or users’ personally identifiable information has been disclosed to unrelated third parties as a result of external activity, including but not limited to, security attacks or fraud, Cloud Foundry Foundation will take reasonable response measures, including but not limited to, investigation and reporting, and notification to and cooperation with law enforcement authorities.

International Data Protection and Transfer

Given the international scope of Cloud Foundry Foundation’s business activities and Services, personal information may be visible to persons outside your country of residence, including to persons in countries that your own country’s privacy laws and regulations deem deficient in ensuring an adequate level of protection for such information. If you are unsure whether this Privacy Policy is in conflict with applicable local rules, you should not submit your information.

Your information may be transferred, stored, and processed in the United States. Your agreement to the terms of this Privacy Policy, followed by your submission of information in connection with the Sites and Services, represents your agreement to this practice. Please note that if you are in the EEA, specific rules apply, please see below.

Notice of Privacy Rights to European Data Subjects

For persons located in the EEA (“EU Data Subjects”), commencing on May 25th, 2018 and in case of inquiries to any Cloud Foundry Foundation affiliates or service providers in Europe (such as event orders or applications), we will process your personal information in accordance with the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (“GDPR”) according to which you have the following rights:

1. You have the right to information as to whether or not and to which extent we process which of your personal information.
2. You have the right to object the processing of your data based on Article 6 (1) (e), (f) of the GDPR on grounds relating to your particular situation at any time.
3. You have the right to rectification of any inaccurate personal information about you and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
4. You have the right to the erasure of your personal information without undue delay unless we have a legitimate interest to keep the information, such as in the event we need the information to execute an agreement with you.
5. You have the right to restrict the processing of your personal information, unless we have a legitimate interest to continue processing the information for the purpose in respect to which you requested the restriction. For example, you have the right to object to our processing of your personal information for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal information for this purpose. You have the right to receive your personal information from us in a structured, commonly used and machine-readable format in certain circumstances. However, this right does not apply where it would adversely affect the rights and freedoms of others.
6. You have the right to withdraw your previously given consent at any time.

If you are an EU Data Subject, you may exercise any of your rights in this section in relation to your personal data by written notice to us at the following email address: gdpr@cloudfoundry.org.

If you believe our processing of your personal information violates data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged violation.

For EU Data Subjects, we rely on the following legal bases to process your personal information:

1. The legal bases for the processing of information we obtain while you visit our Sites are the performance of a contract with respect to the use of our Sites (Art. 6 Para. 1 lit. b GDPR) and our legitimate interests (Art. 6 Para. 1 lit. f GDPR) in improving the performance of our Sites and the Services we offer.
2. The legal bases for the processing of information we obtain through email messages or forms are your consent (Art. 6 Para. 1 lit. a GDPR) and our legitimate interests (Art. 6 Para. 1 lit. f GDPR).
3. The legal bases for the processing of obtained information related to your interest in purchasing our products, attending our events, or otherwise obtaining our Services under contract are Art. 6 Para. 1 lit. b GDPR (steps at the request of the data subject prior to entering into a contract) or our legitimate interests (Art. 6 Para. 1 lit. f GDPR).
4. The legal bases for the processing of information we obtain in the course of your account registration are performance of a contract (Art. 6 Para. 1 lit. b GDPR) and your consent (Art. 6 Para. 1 lit. a GDPR).
5. The legal basis for the processing of information we obtain through your subscription to our e-mail alerts and/or newsletters is your consent (Art. 6 Para. 1 lit. a GDPR).
6. The legal basis for the processing of information we obtain through the use of cookies, web beacons and third-party analytics is our legitimate interests (Art. 6 Para. 1 lit. f GDPR) in improving the performance of our Services and Sites and analyzing its use.
7. The legal basis for the transmission of information to third-party contractors, agents, business partners, sales representatives, or service providers is performance of the contract (Art. 6 Para. 1 lit. b GDPR).
8. The legal basis for the transmission of information to third parties in case we become involved in a sale or transfer of assets, bankruptcy, reorganization, dissolution, or any other transaction is our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in preparing and executing the applicable measure.
9. The legal basis for the transmission of information to our affiliates is performance of the contract (Art. 6 Para. 1 lit. b GDPR).
10. The legal basis for the transmission of information to law enforcement, governmental agencies, or authorized third parties is the compliance with a legal obligation (Art. 6 Para. 1 lit. c GDPR).
11. The legal basis for the transmission of information to our legal counsel and other consultants in connection with actual or potential litigation is our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in receiving consulting services.

We will only send EU Data Subjects marketing emails or contact EU Data Subjects regarding marketing matters where they have agreed to this, such as by subscribing to our alerts, email lists, completing our contact forms or sending us email inquiries. As noted above, we may personalize the message content based upon any information you have provided to us and your use of the Sites and Services.

As stated above we take all reasonable steps to ensure that your personal data are processed and stored securely. For EU Data Subjects, your personal data will never be stored longer than permitted by applicable law or longer than necessary to fulfil our purposes for processing your personal data, which are stated in this Privacy Policy. The personal data of EU Data Subjects will be processed by us during the following time periods:

• Customer, distributor or agent: If you are a customer, distributor, or an agent, and you have entered into an agreement with the Cloud Foundry Foundation, your personal data are saved for as long as necessary in order for us to perform the agreement with you, e.g. until we have delivered the product or performed the Services that you have ordered. This does, however, not apply if we need to save your personal data for a longer period of time due to any of the reasons stated below.
• Communication: If you have contacted us, e.g. via email, your personal data will be stored as long as necessary for us to complete any request or handle any issue for which you contacted us.
• Legal obligation: We may retain personal data as long as necessary to comply with legal or accounting obligations.
• Direct marketing: We may process your personal data for direct marketing purposes, until you object to your personal data being used for such purposes.

In addition, please note that your personal data may be transferred outside of the EU/EEA to other entities providing services to us for the purposes and processing of your information consistent with this Privacy Policy, including to the United States. For example, if you complete a registration form on our Site, such information may be transferred to our contracted service providers or payment processors in the United States or other countries and to representatives in the jurisdiction in which you currently reside or do business. Email or survey response communications may be stored on servers in the location to which you sent your email or submitted your response, including in the United States and other countries.

With respect to transfers of personal data to third parties, we will ensure that your personal information is transferred to a country which according to the EU Commission has been designated as having an adequate level of protection, or if this is not the case, that the company or organization to which the information is transferred has joined a legal framework (such as the EU-US Privacy Shield), adopted binding corporate rules approved by a competent supervisory authority, or signed standard protection clauses adopted by the European Commission (known as “Standard Model Clauses”), or that any other legal grounds for such transfer in accordance with applicable privacy law is satisfied. You may contact us as stated herein to obtain further information on such transfers.

California Privacy Rights; Do Not Track

Section 1798.83 of the California Civil Code permits California residents to request from a business, with whom the California resident has an established business relationship, information related to the personal information disclosed by Cloud Foundry Foundation to third parties for direct marketing purposes and the names and addresses of the third parties with whom the business has shared such information during the immediately preceding calendar year. If you are a California resident, you may make one request each year by emailing Cloud Foundry Foundation at info@cloudfoundry.org or sending a letter to:

Cloud Foundry Foundation
1 Letterman Drive
Building D, Suite 4700
San Francisco, CA 94129

Please note that Cloud Foundry Foundation does not respond to “do not track” signals or other similar mechanisms intended to allow California residents to opt-out of Internet tracking under The California Online Privacy Protection Action. Cloud Foundry Foundation may track and/or disclose your online activities over time and across different websites to third parties when you use the Sites. Cloud Foundry Foundation and third-party advertising companies may track information concerning a user’s use of the Sites, such as a user’s IP address.

Retention of Your Information

Except for EU Data Subjects, whose personal data will be retained as noted above, we retain information about you for as long as it is necessary and relevant for Cloud Foundry Foundation’s operations. We may retain information from closed accounts collected from you to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with any investigations, and take other actions permitted by law or disclosed in this Privacy Policy to enforce the Site’s terms and conditions and take other actions permitted by law. The information we retain will be handled in accordance with this Privacy Policy. Unless we are actively using your personal information or have a legal bases for retaining such information, in accordance with this Privacy Policy and applicable law, we will securely delete or dispose of your personal information after 5 years of inactivity with respect to such information. 

Feedback, Questions, Contacting Cloud Foundry Foundation

If you have any questions or concerns regarding Cloud Foundry Foundation’s Privacy Policy or practices, please send us a message at info@cloudfoundry.org.