Privacy Policy
1. Introduction
The Quassel IRC Project ("we") are committed to protecting the privacy of the persons visiting the project's web pages, and the users of the services we offer. We do not collect, process, or store personal or non-personal data that is not required to operate our web pages and services, and providing a good user experience. We do not share your data with third parties, nor do we collect metrics or analyze your behavior. We do not use your data for marketing or advertising purposes, or any other purpose that falls outside of providing our web pages or services (collectively, "the website") to you.
Any personal and non-personal data provided by you through your use of our website is processed pursuant to our Privacy Policy set forth here, in compliance with the European Union's General Data Protection Regulation ("GDPR").
The data controller pursuant to the GDPR in respect to any personal information that you submit to us via use of the website (or otherwise) is
Manuel Nickschas
Bertha-von-Suttner-Weg 25
89134 Blaustein
Germany
admin <at> quassel-irc.org
In case of questions or complaints regarding this Privacy Policy or our use of your personal information, please contact the official authority, the Landesbeauftragte für den Datenschutz und die Informationsfreiheit (LfDI) Baden-Württemberg.
2. What data do we collect and use for which purposes?
2.1 General use of our website
If you access or use our website, we may collect the following information:
- The requested resource (i.e., file on our server)
- Your browser's "User Agent", which may include the browser type, version and language, and other information configured by you
- The referral URL (the page previously visited)
- Specific data related to previous requests (e.g., cookies, referer, form data)
- Time of access
- Your IP address
The collection of this information is mandatory for us to be able to provide the services, and thus performed pursuant to GDPR Art. 6 Par. 1 lit. f.
Some of the information collected may be automatically logged for technical reasons, such as post-mortem troubleshooting in case of technical problems. Log files will be kept for up to 14 days, and then automatically deleted. We do not share the log files with third parties, cross-reference the data contained therein with other data sources, or otherwise use the collected information other than for afforementioned technically required purposes. However, in the event of user abuse of our website, we may block certain IP addresses.
2.2 Cookies
Cookies are small text files that are provided to your browser by websites, and stored on your device. Cookies are not stored server-side, but can be retrieved by the website during subsequent requests.
We generally do not provide cookies to non-registered users. If you have an account registered, and log in, a "session cookie" is created that tracks your login session until you log out. This is a technical requirement in order to make login sessions work, and thus conforming to GDPR Art. 6 Par. 1 lit. f. We do not use cookies for any other purpose.
You have full control over the handling of cookies in your browser. Most browsers are automatically set to accept cookies whenever you visit a website. You can disable cookies or set your browser to alert you when cookies are being sent. However, your web experience may be less satisfying without the use of cookies. For more information about how to reject cookies using your internet browser settings, please visit http://www.aboutcookies.org.
2.3 Specific services
2.3.1 Issue tracker and wiki
We use Redmine for tracking issues related to Quassel IRC, and also for maintaining documentation in a wiki. The Redmine instance we use is hosted on our servers, so no personal data is shared with third parties.
Your account
Both the issue tracker and the wiki can be accessed without having an account. However, in order to create or comment on issues, edit the documentation, and other interactive uses, you need to register an account and log into Redmine.
When creating an account, we ask you to provide a login name, your real name, email address and language preference, which are stored in your profile along with a number of other preferences you can set. We do not validate the real name you entered; however we require the email address to be verified before you can use your account, as a technical requirement for providing the service, pursuant to GDPR Art. 6 Par. 1 lit. f.
While administrators can access your full profile, normal users can only see your login name, and optionally, your email address. We will never share your personal data with third parties, or use it for any purpose other than providing the service. You can edit the personal information that is stored in your profile at any time using the Redmine UI. You can also delete your account using the Redmine UI, at which time all personal information and data related to your account is permanently deleted from our records.
User-generated content
As a registered user, you may create or comment on issues, edit wiki pages, or otherwise explicitly provide content to the public. Any such content may be stored permanently, and is accessible publicly through our Redmine instance or other means. The Quassel IRC Project is not responsible for the content you choose to provide, including any personal information you may opt to include.
Depending on the specific content, you may be able to edit or remove your contributions yourself after initial publication. In other cases, please contact the administrators. However, some content cannot be removed once published; e.g. changes made to a wiki page are permanently visible in the wiki history. In case removal would be detrimental to the purpose of the service (e.g., removing legitimate issues that are referenced in other places), we may opt to remove personal information only, leaving other content intact.
We reserve the right to edit or delete any user-generated content if it violates our guidelines, constitutes abuse, or is otherwise detrimental to the purpose of the service.
2.3.2 Source code contributions
Quassel IRC is an open source project. As such, the full revision history of the code base is publicly and permanently available, and duplicated by arbitrary third parties.
If you choose to contribute to the project, for example by sending patches or providing pull requests, you agree that your contribution may become part of the project. This includes metadata you provide, such as the name and email address stated in your commit. Once merged, your contribution cannot be removed from the revision history again, nor can it be edited retroactively.
Contributors may also be credited explicitly in the Quassel IRC client's About dialog, and thus be visible to any user of the Quassel IRC client. This includes the real name, nickname (if applicable), and email address used in your commits. You may contact the developers if you want your data to be removed from the Quassel Client UI; however, as stated above, the information will still be permanently available in the source code revision history.
2.3.3 Mailing lists
We provide several mailing lists for discussion and announcements related to the Quassel IRC Project. The lists are not used for marketing purposes.
You may opt into receiving mails from our mailing lists by subscribing. A subscription requires that you provide a valid email address, and optionally a name, both of which are stored in our system in order to provide the service pursuant to GDPR Art. 6 Par. 1 lit. f. Through the mailing list interface, you are able to edit your personal information at any time. You may also unsubscribe yourself at any time, in which case the personal information related to your subscription will be permanently removed from our records.
The list of subscribers is only accessible to the mailing list administrators, and will not be shared with third parties. We do not use your email address or name for any other purpose than sending project-related mails through the lists you are subscribed to.
As a subscribed member of a mailing list, you may send mails to the list. These mails are distributed to all other subscribers, as is the purpose of a mailing list. In addition, all mails sent through our lists are, by default, permanently and publicly archived on our servers in order to make conversations available to non-subscribers and to make previous discussions accessible to everyone. You can control whether your own mails are archived, on an individual per-message basis. If the posted message has a X-No-Archive:
header (regardless of value), or a X-Archive:
header with a value of No
(case insensitive), then the message will not be archived, although it will be treated as normal in all other ways.
3. How do we protect your data?
The security of your personal information is important to us. We follow the GDPR to protect the personal information submitted to us, both during transmission and in storage.
Access through our website uses SSL, an end-to-end encryption mechanism between your browser and our service. As such, any data you transmit is protected while in transit.
All personal data we collect and store pursuant to section 2 is stored on servers under our control; we do not transmit any personal data to third parties. While we do not own the server hardware (it is rented from a data center service provider), we use encrypted storage that can only be accessed by the project's server administrators. The service provider does not have access to the keys required to unlock the servers' storage.
4. What are your rights regarding your personal information?
The GDPR gives you a wide variety of rights, including, but not limited to:
- Right of access: Upon request, we provide you with any information we have regarding your personal data.
- Right to rectification: Upon request, we correct inaccurate or incomplete personal data, in the event you cannot do so yourself by using the services provided.
- Right to erasure: In most cases, you can remove your data yourself, e.g. by deleting your account. Otherwise we honor any request for data removal, unless technical reasons as set forth in section 2 prevent us from doing so.
- Right to restriction of processing: We only process and store your personal data insofar it is required to offer you our services. We do not share your data, nor use it for any other purpose, including marketing or profiling.
The independent supervisory authority pursuant to GDPR Art. 51 is the Landesbeauftragte für den Datenschutz und die Informationsfreiheit (LfDI) Baden-Württemberg. You may address any question or complaint to this authority if you feel that we do not honor your privacy as we should.