Last Modified: 2020-07-27
Effective Date: 2020-07-27
This privacy policy explains how we will collect and process people’s personal data (such as users of www.opensourceconnections.com (“our website”)), including people whose data is subject to the EU General Data Protection Regulation (“GDPR”) and/or the UK Data Protection Act 2018 (each as amended or updated).
Here at OpenSource Connections, your privacy is really important to us and we’ve made it our mission to protect your personal data. As always, we want to be totally open with you. In this privacy policy we’ll tell you how we look after your personal data when you visit our website (regardless of where in the world you might be) and we’ll tell you about your privacy rights and how the law protects you.
We don’t want to patronize you and we’ve tried to steer clear of legal jargon, but we’ve explained any unusual terms you might not have come across before.
The important stuff
Purpose of this policy
In this privacy policy we’ll tell you how OpenSource Connections collects and processes your personal data, including when you visit our website. That includes data you might provide when you sign up to our mailing lists, attend one of our famous training sessions or contact one of our ‘relevance engineers’.
It’s important that you read this privacy policy alongside any other notice or privacy policy we might send you in future, so you’re fully aware of how and why we’re using your data. We’ll keep this privacy policy under regular review. If we update this Privacy Policy, the updated Privacy Policy will include an effective date and will be effective on that date. If we make any material changes to the Privacy Policy, we will give you notice at least thirty (30) days before the effective date of the updated Privacy Policy by (a) posting the updated Privacy Policy on our website, and/or (b) by sending you an e-mail to the e-mail address (if any) that we have on file for you.
Our website isn’t intended for kids (even the most tech savvy ones) and we don’t knowingly collect data relating to children.
Controller
Opensource Connections, LLC (registered under the Law of the Commonwealth of Virginia with registration number S145413-3) is the data controller and we’re responsible for your personal data. When you see “OpenSource Connections”, “we”, “us” or “our” in this privacy policy, that’s who we mean.
Contact Details
If you’ve got any questions about this privacy policy, just get in touch with us at hello@o19s.com.
If there’s something you really aren’t happy about, those of you based in the UK can make a complaint at any time to the Information Commissioner’s Office (ICO). They’re the UK supervisory authority for data protection issues. But if you’ve got any worries, we’d really appreciate the chance to deal with your concerns ourselves, so please get in touch with us in the first instance.
Third-Party Links
Our website might include links to third-party websites, plug-ins and applications. If you click on those links or enable those connections, it might allow third parties to collect or share data about you. Because we don’t control these third-party websites, we unfortunately can’t vouch for their privacy statements, so we’d recommend that you read the privacy policy of each website you visit.
The data we collect about you
What do we mean by personal data anyway? It’s pretty straightforward. It means any information about a person which could be used to identify them. It doesn’t include ‘anonymous data’, where the person’s identity has been removed. We might collect, use, store and transfer the following different types of personal data about you:
- Identity Data – this includes your first name and last name.
- Contact Data – this includes your email address and telephone number. If you buy tickets to our training sessions or other events, it includes your billing address too.
- Financial Data – this includes your payment card details. If you buy tickets to our training sessions or other events, the people over at Stripe (or a similar payment processing platform) will collect this from you.
- Transaction Data – if you buy tickets to our training or other events, this includes details about payments you’ve made, like how much you’ve paid and when, and what event you’ve signed up for. This data could also be used to work out Profile Data (below).
- Technical Data – to better understand you and your team, we use Google Analytics. So Technical Data includes things like your IP address (although Google won’t give this to us), your time zone setting and location, your browser type and version, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
- Profile Data – this includes any feedback you may give after attending one of our events or training sessions It also includes information about your interests and your history of events and training sessions you’ve attended with us, which we can work out from your Transaction Data (above).
- Usage Data – this includes information about how you use our website when you visit.
- Marketing and Communications Data – this includes whether you want to receive marketing from us and our third parties and your preferred means of communication.
We’ll also collect, use and share Aggregated Data, like statistical or demographic data, for any purpose. Aggregated Data could come from your personal data but it’s not considered personal data because it won’t reveal your identity, directly or indirectly. For example, we may aggregate your Usage Data to work out the percentage of users that access our Blog. Rest assured though, if we combine Aggregated Data with your personal data so that it can directly or indirectly identify you, we’ll treat the combined data as personal data and only use it in line with this privacy policy.
We don’t collect any Special Categories of Personal Data about you (this includes really personal information like details about your race or ethnicity, religious beliefs, sexual orientation, political opinions or information about your health, although we might collect information about your dietary requirements if you attend one of our events).
If you’d prefer not to give out your personal data
Sometimes, we might need to collect personal data by law, or under the terms of a contract we have with you. In those situations, if you don’t provide that data when asked for, we unfortunately may not be able to perform the contract we have or are trying to enter into with you (for example, if you’ve signed up to attend one of our training sessions). If this happens, we may have to cancel your attendance at the training session you’ve signed up for with us, but we we’ll let you know at the time.
Things change
By the way, it’s really important that the personal data we hold about you is accurate and up to date, so if your personal data changes during the time we know you, please let us know.
How is your personal data collected
We collect data from and about you in a few different ways, like through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by contacting us by post, phone, email or otherwise. This includes personal data you provide when you:
- contact us for information about our services, training sessions, events, meetups, seminars and conferences;book or attend online meetups / discussion groups;
- book or attend training sessions, events, seminars and conferences;
- subscribe to our mailing lists;
- request marketing to be sent to you about future events;
- request marketing to be sent to you about future training sessions;
- give us feedback after attending one of our events or training sessions; or
- contact us using the ‘contact us’ form on our website.
- Automated technologies or interactions. When you use our website, we’ll automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy for further details.
- Google Analytics. We may, from time to time, use a tool called “Google Analytics” (including Google Analytics Demographics and Interest Reporting features) to collect information about your use of our website, which helps us provide content that is relevant to you and optimized for the devices that you use (such as smartphones and tablets). We respect and value your privacy, and we never combine the information collected through the use of Google Analytics with other personal data. We use the information we receive from Google Analytics only to improve our website and our content and marketing. Google’s use and sharing of information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Service and the Google Privacy Policy. For more information about Google’s privacy practices, see: How Google uses data when you use our partners’ sites or apps. You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using Google’s Ad Settings tool. As an added privacy measure, you can use the Google Analytics Opt-out Browser Add-on.
- Third parties or publicly available sources. We’ll receive personal data about you from these third parties and public sources:
- Contact, Financial and Transaction Data from ticket agencies and providers of technical, payment and delivery services, such as Eventbee based outside the EU.
- Identity and Contact Data from Slack Technologies, Inc and Meetup LLC outside the EU.
- Technical Data from:
- analytics providers like Google Analytics based outside the EU;
- advertising networks; and
- search information providers.
- Identity and Contact Data from data brokers or aggregators.
- Identity and Contact Data from publicly available sources, like Companies House and the Electoral Register based inside the EU.
How we’ll use your personal data
We’ll only use your personal data when the law allows us to. The most common circumstances are:
- Where we need to perform a contract with you, for example to deliver a training session you’ve booked to attend.
- Where it’s necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights don’t override those interests.
- Where we need to comply with a legal obligation.
We will not knowingly disclose your personal data to a third party if we know or have reason to believe that the third party will use your personal data for direct marketing purposes.
Don’t forget, you’ve got the right to withdraw consent to such marketing communications at any time. Just get in touch with us at hello@o19s.com.
Purposes we use your personal data for
In the table below, we’ve set out all the ways we plan to use your personal data, and which of the legal bases we’ll rely on to do so. We’ve also let you know what our legitimate interests are for doing so. What explained what we mean by ‘legitimate interest’ below the table.
Just so you’re aware, we may process your personal data for more than one lawful ground depending on the specific purpose we’re using your data for. Please get in touch if you need details about the specific legal ground we’re relying on to process your personal data where more than one ground is set out in the table below.
Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
To register you as a new customer when you book to attend one of our training sessions, events meetups, seminars or conferences | (a) Identity (b) Contact | Performance of a contract with you |
To process and deliver your order via a third party payment processing platform | (a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to receive payment for a service to be delivered) |
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to provide feedback after attending one of our training sessions, seminars or other events | (a) Identity (b) Contact (c) Profile (d) Marketing and Communications | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to manage our relationship with you, to keep our records updated and to understand how customers use our services) |
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical | (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) (b) Necessary to comply with a legal obligation |
To use data analytics to improve our website, services, marketing, customer relationships and experiences | (a) Technical (b) Usage | (a) Your consent (b) Necessary for our legitimate interests (to define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to you about services that may be of interest to you | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications | (a) Your consent (b) Necessary for our legitimate interests (to develop our services and grow our business) |
Marketing
Communications from us
We may use your information to provide you with details about our events, training, products and services. In doing so, we may contact you through channels such as email. We shall obtain your prior opt-in consent to send you marketing messages where appropriate to do so.
Opting out
You can ask us to stop sending you marketing messages at any time, either by following the opt-out links on any marketing message sent to you or by getting in touch with us. If you ask us not to send you marketing messages, it may take us a short period of time to update our systems and records to reflect your request, during which time you may continue to receive marketing. Even if you tell us not to send you marketing messages, we may continue to use your contact details to provide you with important service information about the products or services that we are currently providing to you.
Cookies
This bit is up to you. You can set your browser to refuse all or some browser cookies, or to tell you when websites set or access cookies. Just be aware that if you disable or refuse cookies, some parts of our website may become inaccessible or won’t work properly. Your computer isn’t broken! For more information about the cookies we use, take a look at our cookie policy.
Change of purpose
We’ll only use your personal data for the purposes we collected it for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you’d like us to explain this in any more detail please get in touch.
If we need to use your personal data for an unrelated purpose, we’ll notify you and we’ll explain the legal basis which allows us to do so.
Please be aware that we may process your personal data without your knowledge or consent in compliance with the above rules, but only where this is required or permitted by law.
Disclosures of your personal data
We’ll only share your personal data with third parties in really limited circumstances, like if we sold our business or merged with another business. If a change like this happens to our business, then the new owners might use your personal data in the same way as set out in this privacy policy. We’d also require any third parties to respect the security of your personal data and to treat it in accordance with the law.
International transfers
We and some of the external third parties we work with (like the payment platforms you’ll use if you buy tickets to one of our training sessions) are based outside the EEA, so when we (and they) process your personal data, if you’re based in the EEA it will involve a transfer of data outside the EEA.
Countries outside the EEA might have different data protection laws to those within the EEA. Whenever we transfer your personal data out of the EEA, we’ll make sure appropriate safeguards are in place or obtain your prior consent. Please get in touch if you want further information about this.
Our website is hosted in the US, so information collected from you via the website (for example, information you submit via forms on this website) will be transferred to the US so we can process it there. By using the website in this manner, you acknowledge and consent to this transfer of your personal data to the US.
Data security
Like we said earlier, your privacy is really important to us. We’ve put in place appropriate security measures to stop your personal data from being accidentally lost, used or accessed in an unauthorized way, changed or disclosed. We’ll also limit access to your personal data to the people in our team who have a genuine business need to know. They’ll only process your personal data if we ask them to and they’ll have a duty to keep it confidential. We’ve put in place procedures to deal with any suspected personal data breach and we’ll let you (and any appropriate regulator) know of a breach where we’re legally required to do so.
Data retention
How long will we keep your personal data for?
We’ll only keep your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. To work out how long it’s appropriate to keep your personal data for, we consider things like the amount, nature and sensitivity of the personal data, the purposes we process it for, the potential risk of harm from its unauthorized use or disclosure and things like legal and accounting requirements. If you were to make a complaint or if we reasonably believed there was a prospect of litigation between us, we might have to keep your personal data for longer.
There are some occasions where you can ask us to delete your data (take a look at Your legal rights below).
Sometimes, we’ll anonymize your personal data to use it for research or statistical purposes, in which case we might use this information indefinitely without further notice to you.
Your legal rights
You’ve got rights under data protection laws in relation to your personal data, which we’ve set out at the end of this privacy policy. If you’d like to exercise any of your legal rights, please get in touch with us.
You won’t have to pay a fee to access your personal data (or to exercise any of the other rights). We might charge a reasonable fee, but only in the unlikely event that your request is clearly unfounded, repetitive or excessive (in those circumstances, we don’t actually have to comply with your request).
We might need to ask you some questions to help us confirm your identity. This is a security measure to make sure that personal data isn’t given to someone it shouldn’t be. We might also contact you to ask you for further information about your request to help speed up our response.
We’ll try to respond to all legitimate requests within one month. It might take us longer than a month, for example if your request is really complicated or if you’ve made lots of requests. If that’s the case, we’ll let you know and keep you updated.
What are your legal rights?
You have the right to: Request access to your personal data (this is called a “data subject access request”). This allows you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Request correction of the personal data that we hold about you. This allows you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide us with. Request erasure of your personal data. You can ask us to delete or remove personal data where there’s no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you’ve successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we’re required to erase your personal data to comply with local law. However, sometimes we may not always be able to comply with your request of erasure for specific legal reasons which we’ll let you know (if applicable) when you make your request. Object to processing of your personal data where we’re relying on a legitimate interest (or those of a third party) and there’s something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: If you want us to establish the data’s accuracy. Where our use of the data is unlawful but you do not want us to erase it. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims. You’ve objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Request the transfer of your personal data to you or to a third party. We’ll provide to you, or a third party you’ve chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. Withdraw consent at any time where we’re relying on consent to process your personal data. However, this won’t affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We’ll advise you if this is the case at the time you withdraw your consent. |