We comply with the Regulation No. 679/2016, the General Data Protection Regulation, also known as GDPR. This document includes necessary specifications.
Personal Data Controller
Ing. Michal Čihař, Nábřežní 694, 471 54 Cvikov, CZ, Reg. No. 04705904
Weblate has appointed a data protection officer who may be reached via email@example.com.
Personal Data processed by Weblate
Weblate only processes Personal Data the User provides by using it:
- Name and e-mail address
- These are used to identify you in the VCS commits.
- Additionally, e-mail is used for notification of watched events.
- Password in hashed form
- Used to authenticate the User, if configured
- Passwords are stored hashed using Argon2.
- IP address and browser name
- These are logged in case of important changes to your account (e.g. password change) to allow diagnosis in case your account is stolen.
- Billing info
- Necessary details to issue an invoice is collected when purchasing a service from us.
Purpose and legal basis of processing Personal Data
Your Personal Data will be used for the purposes of the Service:
- for providing our services on the Service, to contact you in matters regarding our services (also by means of e-mails and messaging) and to ensure the technical functionality of our services fulfillment of contractual or pre-contractual obligations (Article 6 (1) b. GDPR)
- to analyze your use of our services and improve our services (Article 6 (1) b. and f. GDPR)
- with your express consent or instruction to carry out our business activities or send you newsletters (Article 6 (1) a. GDPR)
Access to the Personal Data
The Controller has made all reasonable technical means to protect the Personal Data. Only authorized persons can access the Personal Data.
Third parties which can gain access to the Personal Data when necessary are:
- Persons which are contracted for technical assurance of the service.
- If you purchase a service from us, a payment processor gets essential access to your Personal Data, limited to the bare minimum needed to process your payment.
All Personal Data is stored in the European Union.
Disclosure of the Personal Data
The Personal Data might be disclosed to third parties in limited circumstances when the Controller has a good faith belief it is required by law, such as under a subpoena or other judicial or administrative order.
In case the Controller is required by law to disclose the Personal Data, an attempt will be made to provide the User with prior notice by e-mail (unless the Controller is prohibited, or it would be futile) that a request for the Personal Data has been made to allow the User to object to the disclosure. If the User does not challenge the disclosure request, the Controller may be legally required to turn over the Personal Data.
The Personal Data retention
The Personal Data is stored in the Service until the User deletes their account on the service.
Access log info might be collected for a longer period for the purpose of establishing, exercising or defending legal claims.
The User provides use of Personal Data voluntarily. Without this Personal Data Weblate is not able to provide our services.
We want you to always be in control of your Personal Data. To this end, you have certain rights that allow for it. Under certain conditions, you may:
- Gain access to all your Personal Data that Weblate uses or processes, and even get a copy of all of it (Article 15 GDPR)
- Correct the Personal Data that Weblate processes if you think that there are mistakes
- Order us to delete your Personal Data
- Restrict the Personal Data processing
- Object to processing
- Receive your Personal Data in a commonly used and machine-readable format or to transmit this Personal Data to a different provider.
The removal, correction, and retrieval of your Personal Data can be done from the account management, and is fully automated.