Personal Data Protection Policy

This is the main privacy policy for fiware.org and for certain services provided through these and other FIWARE sites and applications (“Our Sites”) by FIWARE Foundation e.V. (“FIWARE”).

At FIWARE we collect different types of information about our users for three main reasons: 1. To provide personalised services unique to individual users 1. To help us to monitor and improve the services we offer 1. To market services, always in scope of the FIWARE Foundation mission, to the users we have permission for.

There may be other privacy policies that apply to certain services we provide. Please read these when you register or subscribe for these services on those specific sites.

Our principles

  1. FIWARE adopts the necessary technical and organisational measures to avoid the loss, misuse, alteration, unauthorised access, or theft of the personal data received, taking into account the state of technology, the nature of the data, and the risks to which they are exposed. This means:

    1. we make sure that we have in place appropriate security measures to protect your information; and
    2. we make sure that when we ask another organisation to provide a service for us, they have in place appropriate security measures as well.
  2. To respect your privacy is topmost of our concerns. You should receive marketing emails only from us and, if you agree, from other organisations we have carefully chosen following the current European and German legislation. We will make sure it is clear when you can make these choices. However, we may email you occasionally with information or questions about your registration, your subscription account, or postings, for example, with reminders, warnings, business opportunities, or copyright requests.

  3. We will collect and use individual user details only if we have explicit permission to do so, or we have sensible business reasons for doing so, such as collecting enough information to manage subscriptions.

  4. We will be clear in our dealings with you as to what information about you we will collect and how we will use it.

  5. We will use personal information only for the purposes for which it was originally collected, how they are defined at the beginning of this document, and we will make sure we delete it securely.

  6. Our Site is accessible via the internet. This means that people around the World who access our site can see anything you post on the site or twitter comments with the FIWARE hash.

  7. If we or our service providers transfer any information out of the European Union (EU), it will only be done with the relevant protection (stated under European and German law) being in place.

The information that it is collected from you consist on: * when you register or become a member of our portals * when you use the site * through cookies.

Certain services that we provide may involve us collecting extra information (Membership, for example or subscription detail to the FIWARE Newsletter), such as where you are, therefore the service can be provided as designed. Please also note our Cookies Policy.

Registration

The minimum information we need to register you is your name, email address, and a password. We might ask you more information for different services, including newsletter subscription. Unless we say otherwise, you have to provide all the registration information needed for the specific service.

All responsibility for the completion of forms with false, inaccurate, incomplete, or outdated information shall vest on the Users.

To assist us in our marketing, in addition to the data that you provide to us upon your registration, we may also obtain data from trusted third parties to help us to understand what you might be interested in. This ‘profiling’ information is obtained from a variety of sources, including publicly available data, or from sources such as surveys and polls where you have given your permission for your data to be shared. You can choose not to have such data shared with the FIWARE just informing us about it.

After you have registered, and with your permission, we may send you emails we think may be of interest of you. At any time, you can decide not to receive these emails and will be able to ‘unsubscribe’.

Is the provision of personal data obligatory?

If you have a business relationship with us, apply for Membership, send us a query or use our online services, you must provide the personal data necessary for performing that business function or service, and for fulfilling all associated contractual obligations or where we are subject to the legal obligation to collect such data. As a rule, without this data we are obliged to reject the order or conclusion of the contract, or cannot continue to carry out an existing contract and may need to end such contract.

How long do we keep your data?

We process and store your personal data as long as it is necessary to fulfil our contractual and legal obligations, or to fulfil legitimate interests. When this data is no longer necessary for the above purposes, it will be regularly deleted, except where - limited - data retention periods are required by commercial and tax laws such as the German Commercial Code and the German Fiscal Code. The retention periods specified in the above-mentioned Codes is six to ten years.

Who we share data with

We will not share your personal information with others for marketing purposes unless you have given us your permission. If we have your permission, we will share your information only with other organizations we have chosen carefully.

We can access and release personal information to keep to relevant laws and government requests, to operate our systems properly and to protect both us and our users.

Any other organizations who accesses your information in the course of providing services on our behalf will be governed by strict contractual restrictions to make sure that they protect your information and keep to data-protection and privacy laws which apply. We may also independently audit these service providers to make sure that they meet our standards. We may use service providers to help us run these sites (or services available on the sites), some of which may be based outside the EU.

Google Analytics

We use Google Analytics on our sites for anonymous reporting of site usage. If you would like to opt-out of Google Analytics monitoring your behaviour on our sites please use this link (https://tools.google.com/dlpage/gaoptout).

Social Media Plug-Ins

Our Sites might use plug-ins from facebook, twitter and LinkedIn. When you visit a page of our site, your browser does not automatically establish a direct connection to the social media servers. A connection only takes place if you click the link to the social media servers. In this case, the social media provider will be informed that you have visited our site with your IP address.

We would like to point out that as a provider of our site, we do not receive from the social media providers any knowledge of the content of the transmitted data nor its use.

For further information go to the social media providers privacy statements.

FIWARE advises users of Our Sites (“the Users”) that FIWARE complies with the current European legislation related to Personal Data Protection, Users' Privacy, and the Secrecy And Security of Personal Data, as established in the EU General Data Protection Regulation. The data controller is the organisation responsible for protecting information and, in our case, is FIWARE Foundation, e.V., Franklinstrasse 13A, 10587 Berlin. The Contact of the Data Protection Officer is dataprotection@fiware.org.

We process your personal data in accordance with the EU's General Data Protection Regulation (GDPR) as follows:

a) To fulfil contractual obligations (Art. 6 (1) point (b) GDPR)

Your personal data is processed for the performance of a contract, and to take steps at your request prior to entering into the contract. Examples:

  • Application for Membership
  • Providing online services
  • Providing member services
  • Processing online contact forms

b) To fulfil legitimate interest/balancing of interest conditions (Art. 6 (1) point (f) GDPR)

Where necessary, we process your data for reasons beyond fulfilling the contract, e.g. for the purposes of the legitimate interests pursued by us or by a third party. Examples:

  • For the purposes stated in our Bylaws with regard to Membership
  • For recruiting new Members
  • Establishing legal claims or for their defence in cases of dispute
  • Ensuring IT security, particularly in terms of access control

c) Where you have given your consent (Art. 6 (1) point (a) GDPR)

Where you have given us your consent to process your personal data for specific purposes (e.g. signing up for a newsletter), the processing of this data based on your consent is legitimate. The consent can be revoked at any time. Please note that such revocation of consent only applies from the time of revocation onwards. Any processing that had taken place before that time is not affected.

d) Where we have a legal obligation (Art. 6 (1) point (c) GDPR) or the processing is in the public interest (Art. 6 (1) point (e) (GDPR)

FIWARE is subject to various legal obligations (e.g. in accordance with the German Commercial Code, tax laws, etc.).

If you would like access to or a copy of the personal information we hold about you, to request a correction, or have any questions about how we may use it or to make a complaint, please contact the Data Protection Officer at the address shown above or just email to fiware-personaldataprotection@lists.fiware.org.

Complaints will be dealt with by the Data Protection Officer and will be responded to within 30 days at the latest.

If you are not satisfied with the way your complaint was handled, you may be able to refer your complaint to your local data protection regulator.

Your rights at a glance

In accordance with the General Data Protection Regulation (GDPR) you have the right of access (Art. 15), right of rectification (Art. 16), right to erasure (Art. 17), right to restriction of processing (Art. 18), right to object (Art. 21) and the right to data portability (Art. 20). Furthermore, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Your consent to process personal data can be revoked at any time. Please note that such revocation of consent only applies from the time of revocation onwards. Any processing that had taken place before that time is not affected.

Information on your right to object in acc. with Art. 21 of the GDPR

a) Individual right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data. The prerequisite for this is that the processing is in the public interest or on the basis of legitimate interest/balancing of interests. This also applies to profiling. In the case of such an objection, we will no longer process your personal data. An exception to this is if we can demonstrate compelling legitimate grounds for the processing of this data which override your interests, rights and freedoms, or the data serve the establishment, exercise or defence of legal claims.

b) Objections to using your data for direct marketing

In individual cases or where you have given your consent, we use your personal data for direct marketing purposes. You have the right to object at any time to the processing of your data for such marketing; this also applies to profiling to the extent that it is related to direct marketing. In the case of such an objection, we will no longer process your personal data for this purpose. Objections can take any form and should be sent to the address for our Data Protection Officer given above.

Changes to the privacy policy

Should we elect to change our privacy policy we will post the changes here. Where the changes are significant, we may also choose to email all our Users with the new details. Where required by law, will we obtain your consent to make these changes.

History of Changes:

Date Changes
May 2018 Changes due to the EU General Data Protection Regulation (GDPR).
December 2017 Privacy Policy version due to Data Controller change (FI-NEXT: FIWARE_Privacy_Policy - FIWARE Privacy Policy).
June 2016 Creation of the FIWARE Privacy Policy.