chore(PrivacyPolicy): Update & GDPR compliance #11056
Draft
+95
−20
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Betree
force-pushed
the
chore/privacy-policy-update
branch
3 times, most recently
from
7a88afb to
58a8f0c
Compare
Betree
force-pushed
the
chore/privacy-policy-update
branch
from
58a8f0c to
79386d9
Compare
BenJam
requested changes
Feb 27, 2025
There was a problem hiding this comment.
Couple of mods needed in here. But mostly I'm interested in the consideration given to OFITech acting as a data controller over being a data processor. I believe it's more usual for us to be the data processor (a la Shopify) but there are cases where the platform acts as the controller, like Patreon.
|
|
||
| - **Sentry**: An error monitoring service that helps us identify and fix bugs in our applications. It may collect technical data related to errors encountered while using our Services. | ||
|
|
||
| - **Metabase**: An analytics platform we use to analyze data. |
There was a problem hiding this comment.
Might be worth being more specific here.
|
|
||
| <p class="lead">This Privacy Policy explains how information about you is collected, used, and disclosed by Open Collective, Inc. ("Open Collective" or “we”). This Privacy Policy applies to information we collect when you use our websites and online services (collectively, the “Services”) or when you otherwise interact with us.</p> | ||
| <p class="lead">This Privacy Policy explains how information about you is collected, used, and disclosed by OFi Technologies LLC ("OFi Technologies", "we", "us", or "our"), a company 100% owned and controlled by Open Finance Consortium, a C3 non-profit. The opencollective.com website is operated by OFi Technologies LLC. This Privacy Policy applies to information we collect when you use our websites and online services (collectively, the "Services") or when you otherwise interact with us.</p> |
There was a problem hiding this comment.
Policy then goes on to talk about Open Collective but Open Collective is not defined.
|
|
||
| We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Privacy Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy. | ||
|
|
||
| ## Data Controller | ||
|
|
||
| OFi Technologies LLC is the data controller of your personal information. We are responsible for, and determine how your personal data is processed. If you have any questions about this Privacy Policy or how we handle your personal data, please contact our Data Protection Officer at [email protected]. |
There was a problem hiding this comment.
I believe it's normal for a platform to operate as a data processor, not controller. I think it's worth looking at what the implications of this are.
|
|
||
| - **Performance of Contract**: Processing your information is necessary to provide the Services to you, such as creating an account, processing contributions, or handling expense reimbursements. | ||
| - **Legitimate Interest**: We process your information for our legitimate business interests, such as improving our Services, understanding how our Services are used, preventing fraud, and marketing our Services. | ||
| - **Consent**: In some cases, we process your information based on your consent, such as for certain types of marketing communications. |
There was a problem hiding this comment.
Worth looking at but you have this basis covered in service provision and legitimate interest. Not sure this needs to be stated here as a result. Note that of course we have to gain explicit informed and free consent at the point that we register users to be able to send marketing and other non-service-provision based messaging.
|
|
||
| ## Transfer of Information to the U.S. and Other Countries | ||
| Open Collective is based in the United States and the information we collect is governed by U.S. law. When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States or other countries which have not been determined by the European Commission to have laws that provide an adequate level of data protection, we use legal mechanisms designed to help ensure your rights and protections, including: |
|
|
||
| ### Compliance | ||
| ## Children's Privacy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.