- 1.1 Scope of this notice
- 1.2 Our commitment to privacy
- 1.3 The information we collect
- 1.4 Publicly available personal data
- 1.5 Using (processing) your personal data
- 1.6 Sharing your personal data
- 1.7 Receiving e-mail
- 1.8 Cookies and other browser information
- 1.9 Our commitment to data security
- 1.10 Public forums reminder
- 1.11 About links to other sites
- 1.12 Your rights under GDPR in the EEA
- 1.13 How to access, modify or update your information
- 1.14 How to contact us
- 1.16 Version
- 1.17 Credits
Scope of this notice
Our commitment to privacy
Arch values your privacy. To better protect your privacy, we have provided this Policy explaining our information practices and the choices you can make about the way your personal information is collected, used and disclosed.
The information we collect
Arch collects personal data when:
- you create a user account;
- you post comments on the boards, AUR, bugtracker or mailing lists;
- you create content on the wiki;
- you submit packages to the AUR.
Arch may also collect personal data from individuals (with their consent) who participate and/or contribute to Arch. The types of personal data collected may include (but are not limited to):
- your first and last name;
- your username
- your country code;
- your e-mail address;
- any information that Arch collects online from you and maintains in association with your account, such as:
- your system password for the forums, wiki, or bugtracker,
- your GPG key ID,
- your SSH public key,
- your IRC nickname,
- your IP address,
- your language preference,
- your timezone,
- your geographic coordinates (longitude/latitude),
- your disclosed affiliation(s).
Publicly available personal data
Some personal data attached to Arch accounts is made public by default if you opt to include it in your profile. Specifically:
- your GPG key ID (if defined);
- your location (if defined)
- your website, blog, or other affiliations (if defined).
If you wish for this information to be kept private, you can opt-out of displaying this information publicly in your account profile. If you choose to opt-out, Arch will still have access to this information, but it will not be displayed to others, and will be considered Private.
Using (processing) your personal data
Arch uses the personal data you provide to:
- create and maintain your accounts;
- identify and authenticate you;
- attribute data and content you produce directly and indirectly in our public-facing services;
- answer your questions;
- send you information;
- for research activities, including the production of statistical reports, for example pkgstats, (such aggregated information is not used to contact the subjects of the report).
Sharing your personal data
Unless you consent, Arch will never process or share the personal data you provide to us except as described below.
Arch may share your personal data with third parties under any of the following circumstances:
- As required by law (such as responding to a valid subpoena, warrant, audit, or agency action, or to prevent fraud).
- For research activities, including the production of statistical reports (such aggregated information is used to describe our services and is not used to contact the subjects of the report).
Arch may send you e-mail about your account, to communicate with you about your accounts, or in response to your questions. For your protection, Arch may contact you in the event that we find an issue that requires your immediate attention. Arch processes your personal data in these cases to fulfill and comply with its contractual obligations to you, to provide the services you have requested, and to ensure the security of your account.
Cookies and other browser information
Arch's online services automatically capture IP addresses. We use IP addresses to help diagnose problems with our servers, to administer our website, and to help ensure the security of your interaction with our services. Your IP address is used to help identify you and your location, in order to provide you data and content from our services as quickly as possible. It is in the interests of the Arch community to maximize the efficiency and effectiveness of its services for all users.
- Remind us of who you are and to access your account information (stored on our computers) in order to provide a better and more personalized service. This cookie is set when you register or "sign in" and is modified when you "sign out" of our services.
- Estimate audience size. Each browser accessing Arch is given a unique cookie that is used to determine the extent of repeat usage and usage by a registered user versus by an unregistered user.
- Measure certain traffic patterns, which areas of Arch's network of websites you have visited, and your visiting patterns in the aggregate. We use this research to understand how our infrastructure needs to scale to meet demand.
Our commitment to data security
Public forums reminder
Arch makes this very wiki, IRC chat rooms, bulletin boards, mailing lists, and a bugtracker available to its users. Please remember that any information that is disclosed in these areas becomes public information. Exercise caution when deciding to disclose your personal data. Although we value individual ideas and encourage free expression, Arch reserves the right to take necessary action to preserve the integrity of these areas, such as removing any posting that is vulgar or inappropriate. See our Code of Conduct for what is acceptable behaviour.
It is in the interest of the Arch community to provide all users an accurate record of data and content provided in the public forums it maintains and uses; to maintain the integrity of that data and content for historical, scientific, and research purposes; and to provide an environment for the free exchange of ideas relevant and constructive to the development and propagation of open source software.
This site contains links to other sites. Arch does not control the information collection of sites that can be reached through links from archlinux.org. If you have questions about the data collection procedures of linked sites, please contact those sites directly.
Your rights under GDPR in the EEA
Where the EU General Data Protection Regulation 2016/679 (“GDPR”) applies to the processing of your personal data, especially when you access the website from a country in the European Economic Area (“EEA”), you have the following rights, subject to some limitations, against Arch:
- The right to access your personal data;
- The right to rectify the personal data we hold about you;
- The right to erase your personal data;
- The right to restrict our use of your personal data;
- The right to object to our use of your personal data;
- The right to receive your personal data in a usable electronic format and transmit it to a third party (also known as the right of data portability); and
- The right to lodge a complaint with your local data protection authority.
If you would like to exercise any of these rights, please contact the administrators of the forum, wiki, or bugtracker where your information is stored. Please understand, however, the rights enumerated above are not absolute in all cases. Nor does this extend to public information (see #Public forums reminder).
Where the GDPR applies, you also have the right to withdraw any consent you have given to uses of your personal data. If you wish to withdraw consent that you have previously provided to Arch, you may do so via email to the relevant administrators. However, the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
How to access, modify or update your information
Arch gives you the ability to access, modify or update your personal data at any time. You may log in and make changes to your login information (change your password), your contact information, your general preferences and your personalization settings. If necessary, you may also contact us and describe the changes you want made to the personal data you have previously provided via email.
If you wish to remove your personal data from Arch, you may contact us via email and request that we remove this information from the relevant Arch Account System. Other locations where you may have used your personal data as an identifier (e.g. forum or bugtracker comments, list postings in the archives, wiki change history, and spec changelogs) will not be altered.
How to contact us
If you have any questions about any of these practices or Arch's use of your personal information, please feel free to contact us at firstname.lastname@example.org, and we will work with you to resolve any concerns you may have about this Policy.
This is version 1.0. Last updated on 10 March, 2019.