Privacy Statement for the Fedora Project
Scope of This Notice
This Privacy Statement is intended to describe the Fedora Project's privacy practices and provide information about the choices you have regarding the ways in which information collected by the Fedora Project is used and disclosed. For convenience, the Fedora Project is referred to in this document as "Fedora".
Our Commitment to Privacy
At Fedora, your privacy is important to us. To better protect your privacy, we have provided this Statement explaining our information practices and the choices you can make about the way your personal information is collected, used and disclosed. To make this Statement easy to find, we have made it available on our homepage and at every location where personally-identifiable information may be requested.
The Information We Collect
This Privacy Statement applies to all information collected by or submitted to Fedora, including personal data. "Personal data" is data that can be used to identify an individual.
Fedora collects personal data when:
- you create a user account;
- you participate in surveys and evaluations;
- you participate in promotions, contests or giveaways;
- you submit questions or comments to us.
Fedora may also collect personal data from individuals (with their consent) at conventions, trade shows and expositions. The types of personal data collected may include (but are not limited to):
- your first and last name;
- your title and your company's name;
- your home, billing, or other physical address (including street name, name of a city or town, state/province);
- your country code;
- your e-mail address;
- your telephone number;
- any other identifier that permits Fedora to make physical or online contact with you;
- any information that Fedora collects online from you and maintains in association with your account, such as:
- your Fedora Account System password,
- your GPG key ID,
- your SSH public key,
- your IRC nickname,
- your language preference,
- your timezone,
- your geographic coordinates (longitude/latitude),
- your affiliation(s).
Publicly Available Personal Data
In keeping with the open nature and spirit of Fedora, some personal data attached to Fedora accounts is made public by default. Specifically:
- your first and last name;
- your country code;
- your email address;
- your language preference;
- your SSH public key;
- your timezone;
- your GPG key ID (if defined);
- your IRC nickname (if defined);
- your geographic coordinates (if defined);
- your affiliations (if defined).
If you wish for this information to be kept private, you can opt-out of displaying this information publicly in your Fedora Account Preferences. If you choose to opt-out, Fedora will still have access to this information, but it will not be displayed to others, and will be considered Private. The only exception to this is for your email address, which may still be visible in some Fedora services such as Bugzilla.
Using (Processing) Your Personal Data
Fedora uses the personal data you provide to:
- create and maintain your accounts;
- identify and authenticate you;
- attribute data and content you produce directly and indirectly in our public-facing services;
- answer your questions;
- send you information;
- for research activities, including the production of statistical reports (such aggregated information is not used to contact the subjects of the report);
- send you surveys.
We also use this personal data to provide you with information related to your account and the products or services you acquire from us, to better understand your needs and interests, to improve our service, to personalize communications, and to comply with or fulfill any contractual obligations to you. It is in Fedora’s legitimate business interests to provide you with the information, communications, and services you request; to create a public record of the data and content produced by Fedora’s services; and to maintain the integrity of that data and content for historical, scientific, and research purposes.
Sharing Your Personal Data
Unless you consent, Fedora will never process or share the personal data you provide to us except as described below.
Fedora may share your personal data with third parties under any of the following circumstances:
- Your publicly available personal data in the Fedora account system, as described above, is accessible by anyone unless you, as the account holder, opt out as already described in this Privacy Statement.
- As required to provide service, and for e-mail housing (as a consequence of uses already described in this Privacy Statement). It is in Fedora’s legitimate business interest to provide all users an accurate record of data and content provided by Fedora’s services, and to maintain the integrity of that data and content for historical, scientific, and research purposes. This data and content may include but is not limited to email, code changes, comments, and artifacts.
- As required by law (such as responding to a valid subpoena, warrant, audit, or agency action, or to prevent fraud).
- For research activities, including the production of statistical reports (such aggregated information is used to describe our services and is not used to contact the subjects of the report).
Fedora may send you e-mail about your account, to inform you of important upcoming Fedora events (e.g. elections), or in response to your questions. For your protection, Fedora may contact you in the event that we find an issue that requires your immediate attention. Fedora processes your personal data in these cases to fulfill and comply with its contractual obligations to you, to provide the services you have requested, and to ensure the security of your account.
Cookies and Other Browser Information
Fedora's online services automatically capture IP addresses. We use IP addresses to help diagnose problems with our servers, to administer our website, and to help ensure the security of your interaction with our services. Your IP address is used to help identify you and your location, in order to provide you data and content from our services as quickly as possible. It is in Fedora’s legitimate business interest to maximize the efficiency and effectiveness of its services for all users.
- Remind us of who you are and to access your account information (stored on our computers) in order to provide a better and more personalized service. This cookie is set when you register or "sign in" and is modified when you "sign out" of our services.
- Estimate audience size. Each browser accessing Fedora is given a unique cookie that is used to determine the extent of repeat usage and usage by a registered user versus by an unregistered user.
- Measure certain traffic patterns, which areas of Fedora's network of websites you have visited, and your visiting patterns in the aggregate. We use this research to understand how our user's habits are similar or different from one another so that we can make each new experience on fedoraproject.org a better one. We may use this information to better personalize the content, banners, and promotions you and other users will see on our sites.
Our Commitment to Data Security
Public Forums Reminder
Fedora often makes chat rooms, forums, mailing lists, message boards, and/or news groups available to its users. Please remember that any information that is disclosed in these areas becomes public information. Exercise caution when deciding to disclose your personal data. Although we value individual ideas and encourage free expression, Fedora reserves the right to take necessary action to preserve the integrity of these areas, such as removing any posting that is vulgar or inappropriate. It is in Fedora’s legitimate business interests to provide all users an accurate record of data and content provided in the public forums it maintains and uses; to maintain the integrity of that data and content for historical, scientific, and research purposes; and to provide an environment for the free exchange of ideas relevant and constructive to the development and propagation of open source software.
Our Commitment to Children's Online Privacy
Out of special concern for children's privacy, Fedora does not knowingly accept online personal information from children under the age of 13. Fedora does not knowingly allow children under the age of 13 to become registered members of our sites. Fedora does not knowingly collect or solicit personal information about children under 13.
In the event that Fedora ever decides to expand its intended site audience to include children under the age of 13, those specific web pages will, in accordance with the requirements of the Children's Online Privacy Protection Act (COPPA), be clearly identified and provide an explicit privacy notice addressed to children under 13. In addition, Fedora will provide an appropriate mechanism to obtain parental approval, allow parents to subsequently make changes to or request removal of their children's personal information, and provide access to any other information as required by law.
About Links to Other Sites
This site contains links to other sites. Fedora does not control the information collection of sites that can be reached through links from fedoraproject.org. If you have questions about the data collection procedures of linked sites, please contact those sites directly.
Your Rights and Choices in the EEA
Where the EU General Data Protection Regulation 2016/679 (“GDPR”) applies to the processing of your personal data, especially when you access the website from a country in the European Economic Area (“EEA”), you have the following rights, subject to some limitations, against Fedora:
- The right to access your personal data;
- The right to rectify the personal data we hold about you;
- The right to erase your personal data;
- The right to restrict our use of your personal data;
- The right to object to our use of your personal data;
- The right to receive your personal data in a usable electronic format and transmit it to a third party (also known as the right of data portability); and
- The right to lodge a complaint with your local data protection authority.
If you would like to exercise any of these rights, you may do so via our Personal Data Request Form. Please understand, however, the rights enumerated above are not absolute in all cases.
Where the GDPR applies, you also have the right to withdraw any consent you have given to uses of your personal data. If you wish to withdraw consent that you have previously provided to Fedora, you may do so via our Personal Data Request Form. However, the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
How to Access, Modify or Update Your Information
Fedora gives you the ability to access, modify or update your personal data at any time. You may log in and make changes to your login information (change your password), your contact information, your general preferences and your personalization settings. If necessary, you may also contact us and describe the changes you want made to the personal data you have previously provided using the Personal Data Request Form.
If you wish to remove your personal data from Fedora, you may contact us using the Personal Data Requests Form and request that we remove this information from the Fedora Account System. Other locations where you may have used your personal data as an identifier (e.g. Bugzilla comments, list postings in the archives, wiki change history, and spec changelogs) will not be altered.
How to Contact Us
If you have any questions about any of these practices or Fedora's use of your personal information, please feel free to contact us by email, or by mail at:
Fedora Legal c/o Red Hat, Inc. - Corporate Legal Group 100 East Davie Street Raleigh, NC 27601
Fedora will work with you to resolve any concerns you may have about this Statement.
Changes to this Privacy Statement
Fedora reserves the right to change this policy from time to time. If we do make changes, the revised Privacy Statement will be posted on this site. A notice will be posted on our homepage for 30 days whenever this privacy statement is changed in a material way.
This Privacy Statement was last amended on May 25, 2018.