Privacy Policy

Last updated: 03 April 2020

Introduction

We take the protection of our users (“User/you/your”) personal data very seriously and strictly comply with applicable data protection laws and regulations. In our privacy policy below (“Privacy Policy”) we provide you with an overview of what data we collect for what purpose and how we ensure the protection of the data.

The controller is Travis Foundation gUG (haftungsbeschränkt), Rigaer Straße 8, 10247 Berlin/Germany, registered at the local court (Amtsgericht) of Charlottenburg under HRB 158047 B), represented by Nicole Hintner (“we/us/our”).

Information gathering and usage

The use of the railsgirlssummerofcode.org website is possible without any indication of personal data; however, if you want to use special services via our website, processing of personal data could become necessary.
Rails Girls Summer of Code (referred to as RGSoC from now) collects the email addresses of those who communicate with us via email. We also collect aggregated, anonymous user data regarding website usage. The user data we collect is used to improve RGSoC and the quality of our service. We only collect personal data that is required to provide our services, and we only store it insofar that it is necessary to deliver these services.

If you donate to our fundraising campaign, we collect the following information from you: your name, email address, and donation amount. We may also collect your GitHub and Twitter usernames as well as your URL if you choose to share those with us.
If you donate on behalf of a company (i.e. buying a sponsor package), we will also ask for invoice details to send you a digital invoice.
Your name/company name, URL, GitHub username, Twitter username, and donation amount will be made public on our donors list, but you can choose to make your donation anonymous and/or hide your donation amount.
All other personal data is used internally and won’t be shared with others.

Your data

RGSoC uses third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run RGSoC, such as GitHub for the purpose of further developing our RGSoC Website and Stripe to process payments. You retain all rights to your data; we will never share your personal data with a third-party without your prior authorization, and we will never sell data to third-parties. We transfer data with third-parties necessary to our ability to provide our services, all of whom are GDPR-compliant and provide the necessary safeguards required if they are outside of the EU.

Your rights

For further information on your rights, to withdraw consent, or to ask for deletion of your data, you can contact us at contact@rgsoc.org.

Right of access

You have the right to be informed at any time and free of charge about the personal data stored about you.

Right to rectification

You have the right to rectify inaccurate personal data about you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed (for example, by providing an additional statement).

Right to be forgotten

You have the right to have us delete any personal data concerning you that we store.
We have the obligation to erase your personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
  • The User withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing
  • The User objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the User objects to the processing pursuant to Article 21(2) of the GDPR
  • The personal data have been unlawfully processed
  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which we are subject
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR

Right to data portability

You have the right to ask for and receive the personal data we store about you in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance by the controller to whom the personal data have been provided, provided that the processing is based on a consent or on a contract to which the data subject is a party and that the processing is carried out by means of automated procedures.

Furthermore, in exercising your right to data portability, you have the right to have personal data transmitted directly from one controller to another where technically feasible — and when doing so does not affect the rights and freedoms of others.

Right to withdraw consent

You have the right to withdraw your consent regarding the use, processing or transmission of your data at any time in writing or by email to us.
In the event of consent withdrawal, we will no longer process and immediately delete your stored data. This does not apply if we can prove compelling grounds for processing that are worthy of protection and which outweigh your interests, rights and freedoms or in case the processing serves to assert, exercise or defend legal claims. For example, we will continue to use data if it is still necessary for the implementation of the contractual relationship.

Duration of the storage of personal data

We only store your personal data for as long as it is necessary for the execution of the respective purpose.
Criteria for the storage period include whether the data are still up-to-date, whether a contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not.

Cookies

We use cookies to store user preferences, customize webpage content based on user browser type or other information that the user sends. In particular, we use Google Analytics to understand the way you interact with our website. Within Google Analytics, we’ve set up IP masking, which allows all IP addresses to remain anonymous. Google Analytics anonymizes the address as soon as technically feasible at the earliest possible stage of the collection network.

You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website.

Ad servers

We do not partner with or have special relationships with any ad server companies.

Security

All data and information transmitted with RGSoC is secured by SSL protocol.

Links to Other Websites

Our website contains links to other websites. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third-party. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit Personal Information from you. Other sites follow different rules regarding the use or disclosure of the Personal Information you submit to them. We are not responsible for the content, privacy and security practices, and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to read the privacy policies or statements of the other websites you visit.

Changes

If our information practices change in the future, we will post the policy changes to our website to notify you of these changes, indicating the date of the latest revision. We will only use data collected from the time of the policy change forward for these new purposes. If you are concerned about how your information is used, you should check back at our website periodically.