of JUST Open Source e.S., Schönhauser Allee 163, 10435 Berlin ("the Foundation")
The Foundation operates the website www.justopensource.io ("Website") on which it provides information and offers contact options.
The legal basis for data processing is Art. 6 (1) a), Art. 7 GDPR for consents, Art. 6 (1) b) GDPR for the performance of services and contractual obligations, Art. 6 (1) c) GDPR for the compliance with legal obligations and Art. 6 (1) f) GDPR for the safeguarding of legitimate interests. In the case of the processing of special categories of personal data, Art. 9 (2) GDPR serves as the legal basis.
I. Name and contact details of the responsible person („controller“)
The person responsible for processing personal data within the meaning of Art. 4 GDPR:
JUST Open Source e.S.
Schönhauser Allee 163
II. Type of data processed / purpose of processing / legal basis
In the following we explain what kind of personal data is processed when visiting the Website and using the services provided. Processing in this sense means any form of use of the data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Personal data is only processed as far as it is necessary for the provision of the services, the communication with the users, the execution of the contractual/business relationship as well as for the optimisation of business processes and the demand-oriented design of our services.
We observe the principle of data minimisation and only process your personal data in strict compliance with data protection regulations. In particular, corresponding data is only processed if a legal permission/legal basis exists.
1. Accessing the Website
1.1. Server Logfiles
When accessing the Website, data, so-called server logfiles, are automatically collected. These server logfiles contain the IP address, browser information (type, version, browser plug-ins), the operating system of the device (type, version), screen resolution, language settings, timezone, installed fonts, MIME type, Silveright data, HTTP header, the click behaviour on the Website, like the pages visited on the domain, the length of stay, visit date, time, duration and referrer, and error messages. Location data is only recorded anonymously and with limited accuracy (country/region/city), so that it is impossible to draw conclusions about the identity of the visitor.
Additional personal data, such as names, are not collected.
We process the data in order to establish a smooth connection to our Website. The processing is necessary to ensure the security and stability of the system and a comfortable use of the Website.
We also use the log data for statistical evaluations, for the purpose of optimising the processes and the security of the services. We reserve the right to check the log data retrospectively if, based on concrete indications, there is a suspicion of unlawful use of the service provided.
The legal basis for data processing is Art. 6 (1) b) and f) GDPR.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of the Website may be limited.
The legal basis for data processing is Art. 6 (1) b) and f) GDPR for cookies that are technically necessary for the operation of the website.
The legal basis for data processing for all other cookies that are not technically necessary for the operation of the website is your consent pursuant to Art. 6 (1) a) GDPR.
2. Contacting us
If you contact us using the postal or e-mail address provided on our Website, we will process the contact details you have provided, i.e. name, postal or e-mail address, as well as any additional information you have voluntarily provided.
In this case, the processing of the contact data used by you is indispensable in order to get in touch with you and to be able to answer your request. If additional data has been provided, processing serves to individualise you and thus to be able to respond to your request in the best possible way.
The legal basis for data processing is Art. 6 (1) a), b) and f) GDPR.
3. Job Form
If you decide to fill in the Job Form and present yourself in the context of our project "JUST Open Source Industry Job Form", we will process the data requested in the form: your name, email address, github profile link, current location as well as your CV. In your CV and in addition to it, you can of course provide us with further voluntary information, which we may, however, only consider after your explicit consent.
We process your data to get in touch with you and to provide the requested services. In particular, your data will be processed in order to present you and your qualifications and to allow potential future employers to assess your suitability for a possible collaboration and to get in touch with you.
The legal basis for data processing is Art. 6 (1) a), b) and f) GDPR.
Note: Special categories of personal data
If, in the course of using our service, you provide us with data that fall under the so-called special categories of personal data within the meaning of Art. 9 GDPR (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation) we will only process this data on the basis of your consent.
We would also like to point out at this point that the granting of consent is voluntary. It can be refused without giving reasons and can be revoked at any time after it has been given. In the event of revocation, the data covered by the consent will be deleted immediately.
III. Duration of storage
Your data will be stored for as long as is necessary to fulfil the above-mentioned purposes.
As soon as this is no longer the case, e.g. after complete termination of the contractual/business relationship, it will be deleted or blocked if and as long as commercial or tax retention obligations require this (Art. 6 (1) p. 1 c) GDPR). From the point in time when legal storage obligations no longer conflict with this, the data will be deleted unless you have expressly consented to further use (Art. 6 (1) p. 1 a) GDPR).
IV. Disclosure of data to third parties/transfer to third countries
In principle, the data you provide will not be made available to third parties. In individual cases, however, it may be necessary to pass on your personal data to companies entrusted by us with the provision of individual services (e.g. webhost, programmer, cloud provider, accounting) in order to execute the contract and provide our services.
However, if you decide to fill in the Job Form and present yourself in the context of our project "JUST Open Source Industry Job Form" it is our goal to present you to interesting and interested companies to increase your chances of a matching cooperation. In order to achieve this purpose, it is necessary that we make available your data to these companies. We would like to point out that we only provide a platform and have no influence on the data processing within the companies. Questions and the assertion of data subject rights must therefore be exercised directly against the companies. We have linked to the respective information on data processing by the companies and of course, we will gladly try to assist you with any queries.
If, in the course of our processing, we disclose data to third parties, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission, your consent, a legal obligation or on the basis of our legitimate interests. If we commission third-party providers with the processing of data on the basis of a so-called "Data Processing Agreement", this is done on the basis of Art. 28 GDPR. For their part, the third parties are obliged to comply with the statutory provisions when handling and processing this data.
It is possible that the seat of a third party is located in a third country, i.e. in a country in which the GDPR does not have direct legal effect. In this case, data will only be transferred if your consent has been given, an adequate level of data protection prevails, for example due to individual agreements, the use of EU standard contractual clauses, the existence of an EU adequacy decision, or other legal permission exists.
Transmission to authorities and state institutions entitled to receive information is also possible, but will only take place within the framework of the legal obligations to provide information and in the event of a court decision obliging us to do so. In these cases, the Foundation may provide the information, e.g. for the assertion, exercise and defence of legal claims, enforcement of existing contracts, in the context of allegations of fraud, security measures or generally legally applicable regulations.
Personal data will not be disclosed outside the scope described here without express consent.
Under no circumstances will the Foundation sell or rent personal data to third parties.
V. Services of third party providers in the operation of the Website
We would like to make specific reference to the following third-party providers whose services we use in the operation of the Website and to provide our services, and who may come into contact with the personal data set out above:
We expressly point out that we ourselves have no influence on the scope of the data that these companies collect. We must therefore rely on the information provided by the respective companies with regard to data protection, to which we refer in the following clarification.
If necessary, please inform yourself further with the companies in detail about the purpose and scope of the data collection as well as your rights and setting options in this respect to protect your privacy. We have provided the links to the data protection declarations here in each case.
In the following, you will find information on the possible data protection implications of the cooperation with the third-party providers as well as further links:
- Webflow, Inc, 398 11th Street, 2nd Floor, Sn Francisco, CA 94103 US ("Webflow")
We use the services of the provider Webflow for the creation and hosting of our website.We expressly point out that we have no influence on the scope of the data that Webflow collects. We must therefore rely on the information provided by them. You can find out more about Webflow's data protection policy here.
We have concluded a Data Processing Agreement with Webflow and fully implement the strict requirements of the German data protection authorities when using Webflow.
- “Airtable”, 799 Market Street, 8th Floor, San Francisco, CA 94103, US (“Airtable”)
We use the services of Airtable for the creation, hosting and operation of the Job Form. We expressly point out that we have no influence on the scope of the data that Airtable collects. We must therefore rely on the information provided by them. You can find out more about Airtable's data protection policy here.
We have concluded a Data Processing Agreement with Airtable and fully implement the strict requirements of the German data protection authorities when using Airtable.
VI. Online Presentations / Company Profile in Social Media
Our company has an online presence on the social platform LinkedIn. Through this, we simplify the search for our services for interested parties and offer an additional channel of communication.
When visiting our profile, the provider of the platform may process your personal data. The purpose of the processing of user data by the respective social media and platforms is usually user-specific advertising, i.e. individualised advertising can be displayed that corresponds to the presumed interests of the user or results from the user's previous usage behaviour.
It is possible that the seat of the provider is located in a third country, i.e. in a country in which the GDPR has no direct legal effect. We expressly point out that we ourselves have no influence on the scope of the data that these companies collect. We must therefore rely on the information provided by the respective companies with regard to data protection. Further information on the handling of user data can be found here: LinkedIn.
We would like to make it clear that in the event of information requests and/or the assertion of other data subject rights, users should contact the respective third-party providers directly. They have insight and access rights to the user data stored and processed there and can provide information and/or take measures accordingly. If you contact us directly, we will try to support your request as best we can. However, since we have no insight into or access to the data stored by third-party providers, our options for action are limited.
Please inform yourself about the data processing principles of the respective companies by reading the corresponding data protection statements.
VII. Your rights as a data subject
As a data subject, you are entitled to the rights set out below. These rights result from the provisions of the GDPR and are reproduced here in a partially simplified form.
1. Right to withdraw the declaration of consent
Pursuant to Art. 7 (3) GDPR, you have the right to withdraw your consent to processing at any time. The lawfulness of the processing carried out on the basis of the consent until withdrawal is not affected. The right of withdrawal may be exercised by means of an informal declaration. A written declaration or alternatively an e-mail to the above contact address is sufficient.
2. Right of access
Pursuant to Art. 15 GDPR, you have the right to obtain confirmation from us as to whether personal data relating to you is processed. If this is the case, you have a right to access to this personal data and the information specified in Art. 15 (1) GDPR. These include in particular the purpose of the processing, the categories of personal data concerned, the recipients to whom data have been or will be disclosed, as far as possible the envisaged duration of the storage or the criteria for the determination of the duration of the storage.
3. Right to rectification
Pursuant to Art. 16 GDPR, you have the right to obtain from us the rectification of any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary statement.
4. Right to erasure
Pursuant to Art. 17 GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay. We are obliged to delete personal data immediately if one of the provisions of Art. 17 (1) GDPR applies. One of these reasons is that the data are no longer necessary for the purposes for which they are collected or otherwise processed.
5. Right to restriction of processing
Pursuant to Art. 18 GDPR, you have the right to obtain from us the restriction of processing if one of the conditions set out in Art. 18 GDPR applies. This includes, for example, that you contest the accuracy of the personal data. Then we may process the data only to a limited extent as long as it takes to verify the accuracy of the personal data.
6. Right to data portability
Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you which you have provided to us in a structured, commonly and machine-readable format. You have the right to transfer this data to another data controller, i.e. another entity that processes the data, without hindrance, if the original processing was based on consent or was necessary for the execution of a contract. Right to object Pursuant to Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you if these data are processed on the basis of Art. 6 para. 1 e) or f) GDPR and there are reasons arising from your personal situation. The processing of data for the purpose of direct marketing can be objected to at any time. Personal data will then no longer be processed for this purpose. The right to object may be exercised by means of an informal declaration. A written declaration or alternatively an e-mail to the above contact address is sufficient.
8. Automated individual decision-making, including profiling
According to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing - including profiling - which has legal effect on you or similarly significantly affects you. Art. 22 (1) GDPR provides for exceptions to this rule, whereby Art. 22 (4) GDPR again contains some exceptions to withdrawal.
9. Right to lodge a complaint with a supervisory authority
Pursuant to Art. 77 GDPR, you have the right, without prejudice to any other administrative or non-judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of this Regulation.
In the present case, the competent supervisory authority is:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219, 10969
Berlin Telephone: 030/13 889-0
VIII. Technical and organisational measures
We take technical and organisational measures to ensure that the security and protection requirements of the GDPR are met and that personal data is protected against loss, destruction, manipulation or access by unauthorised persons. The measures are always adapted to the current state of the art.