Travis Foundation

Privacy Policy

Last updated: January 31st, 2019

Introduction

We take the protection of our users (“User/you/your”) personal data very seriously and strictly comply with applicable data protection laws and regulations.
In this privacy policy for our website on foundation.travis-ci.org (“Website”) we provide you with an overview of what data we process when you visit our website and how we ensure the protection of the data.

Controller and contact details

The controller is Travis Foundation gUG (haftungsbeschränkt), Rigaer Straße 8, 10247 Berlin/Germany, registered at the local court (Amtsgericht) of Charlottenburg under HRB 158047 B), represented by the managing director Anika Lindtner (“we/us/our”).

If you have any questions regarding the processing of your data you may contact us any time by email (foundation@travis-ci.org) or as set forth here.

Personal Data and Data Processing

Personal data are any information relating to an identified or identifiable natural person.

Applicable legal provisions are, in particular, those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data (“General Data Protection Regulation”, GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).

We, as well as our obliged external service partners, process your data for the purpose of providing our services on the Website. You provide data if this is necessary for the aforementioned purposes. In the event you refrain from providing such data you may face legal disadvantages, for example, no possibility of displaying the website in a functioning way.

Visiting the Website

If you browse our Website the provider of the website collects and stores information automatically in so-called “server log files” that your browser transfers to us. These are:

  • name of the retrieved website/file (URL),
  • date and time of retrieval,
  • transferred data volume,
  • notification of successful retrieval (HTTP status),
  • browser type and version,
  • the User's operating system,
  • referrer URL (previously visited page),
  • the browser’s user agent, IP address and the requesting provider.

We use these data only for statistical analysis for the purpose of operation, security and optimization of our Website. If such data are considered personal data such processing is based on Art. 6 (1) c. or f. GDPR or TMG and we wish to achieve the legitimate interests of stabilizing and improving our Website, quality insurance and fraud prevention.

Contacting us

When contacting us via email, your details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on your consent (legal basis of Art. 6 (1) a. GDPR) or for pursuing your request (legal basis of Art. 6 (1) b. GDPR).

Data processed when making donations

You may make donations for financial support of our projects and initiatives via the Website. For making a donation you should provide your name, email address, the amount to be donated and applicable payment data. If you wish to receive a donation receipt you should also provide us with your postal address for invoicing. Such data are processed by us (or the external payment provider Stripe) for proceeding your donation through the Website and (as applicable) for providing you with a donation receipt.

We do not receive or process any payment data needed for the purpose of making such donations but such payment data are processed by the external payment provider Stripe (by Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA). Stripe may process data outside the EU but guarantees the compliance with data protection standards applicable in the EU (see table below).

When we process data for the purpose of making donations this is based on your consent (legal basis of Art. 6 (1) a. GDPR) and/or for pursuing your donation (legal basis of Art. 6 (1) b. GDPR).

Analysis of Data

We also process aggregated, pseudonymized or anonymous user data regarding the usage of our services. The user data we collect is used to improve our websites and program and the quality of our service. We only collect personal data that is required to provide our services, and we only store it insofar that it is necessary to deliver these services. If such data are considered personal data the legal basis for such data processing is Art. 6 (1) f. GDPR based on our legitimate interests of marketing and quality assurance or TMG.

Third parties processing your data and data processing outside the EU

We use third-party providers and hosting partners to provide the necessary hardware, software, networking, storage, outsourced IT services and related technology required to run our Website. We will never share your personal data with a third party without a legal basis or your prior authorization.

For further information you may contact us any time via email to foundation@travis-ci.orgq.

We transfer data with third-parties necessary to our ability to provide our services, all of whom are GDPR-compliant and provide the necessary safeguards required if they are outside of the European Union (EU). Such providers are:

Third-party provider Data processing purpose Data Processing outside the EU / Compliance with EU Data Protection Standard Further Information
GitHub We use the service by Github Inc., 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA for the purpose of hosting your data on the Website. Github, Inc. is certified according to the EU-US agreement “Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA. For further information please refer to Github’s privacy statement or use the contact form under https://github.com/contact/privacy
Stripe We use the services of Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA for processing data regarding payments. Regarding any processes of payments we do not receive, collect and/or store any payment data. Stripe will use such data for the purpose of managing the payments relating to our services. Stripe, Inc. is certified according to the EU-US agreement “Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA. For further information please refer to Stripe's privacy policy.
Google Cloud We use the cloud service by Google LLC, Mountain View, CA, USA for the purpose of hosting, managing and storing your data. Google LLC is certified according to the EU-US agreement “Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA. For further information please refer to Google's privacy policy.

Links to other Websites

Our Website contains links to other websites. We do not exercise any controlling measures over third-party websites except as required by law. These other websites may place their own cookies or other files on your device and collect and process personal data. In general and without a respective notification, we are not responsible for the content, privacy and security practices, and policies of third-party websites or services to which links or access are provided through our Website. We encourage you to read the privacy policies or statements of the other websites you visit.

Your Rights

As a data subject you have the right:

  • to withdraw your consent to us at any time. As a result, we are no longer allowed to continue the processing of data based on this consent in the future;
  • to object to the processing of your personal data, if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) f. GDPR insofar as there are reasons for this arising from your particular situation;
  • to obtain from us access to your personal data. In particular, you may request access to the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source and the existence of automated decision-making, including profiling and meaningful information about this event;
  • to obtain from us without undue delay the rectification of inaccurate personal data concerning you;
  • to obtain the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to free expression of opinion and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing; and
  • to receive your personal data, which you have provided to us, in a structured, current and machine-readable format or to request the transmission to another controller.

If you wish to make use of your rights mentioned above please send an email to foundation@travis-ci.org.
You have the right to lodge a complaint vis-á-vis a supervisory authority of your choice (for example for Berlin/Germany: https://www.datenschutz-berlin.de/kontakt.html).
An overview of the European National Data Protection Authorities may be found here.

Duration of the storage of personal data

We only store your personal data for as long as your account is active or otherwise for a limited period of time as long as it is necessary for the execution of the respective purpose. We store the data set forth under “Visiting the Website” for 14 days.

Criteria for the storage period include whether the data are still up-to-date, whether a contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not. Such legal retention periods are set forth in the German Commercial Code (Handelsgesetzbuch, HGB) and German Fiscal Code (Abgabenordnung, AO) and the legal basis for storing such data is Art. 6 (1) c. GDPR.

Security

All data and information transmitted via our Websites is secured by SSL protocol.

Your data are only processed on servers in the European Union (EU), unless we provide other information in this Privacy Policy or otherwise.

Changes and Contact

We are allowed to amend this Privacy Policy as provided for in and according to applicable law. If you have any questions regarding the processing of your data you may contact us any time via email to foundation@travis-ci.org.