# Privacy Policy Effective date: April 05, 2019 Welcome to the OpenScienceMOOC privacy notice. We at the OpenScienceMOOC respect your privacy and are committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you. OpenScienceMOOC ("us", "we", or "our") operates the https://opensciencemooc.eu website (the "Service"). We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from https://opensciencemooc.eu/ ## Plain-Language Summary We highly value your privacy. We don't just say so. In fact the Open Science MOOC was built around giving people the freedom to do what they want in research, and we never had any intent for obtaining or using user data. All personal data stays on your computer, and we do not touch a thing. We were GDPR compliant from the beginning. Your data is not our business model. We want to provide services valuable enough and provide free features without the need to trade-off your data ownership and privacy. This is almost an entirely volunteer-driven project with minimal sponsorship, and that is our business model. We don't take venture capital funding to never fall into the trap of trading off your privacy and freedom to move for growth. Instead we choose the harder route of sustaining our project through alternative means, such as volunteers and small grants. ## Information Collection And Use We collect several different types of information for various purposes to provide and improve our Service to you. ### Types of Data Collected ##### Usage Data We may collect information how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. ### Use of Data OpenScienceMOOC uses the collected data for various purposes: * To provide and maintain the Service * To notify you about changes to our Service * To allow you to participate in interactive features of our Service when you choose to do so * To provide customer care and support * To provide analysis or valuable information so that we can improve the Service * To monitor the usage of the Service * To detect, prevent and address technical issues ### Transfer Of Data Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. If you are located outside Germany and choose to provide information to us, please note that we transfer the data, including Personal Data, to Germany and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. OpenScienceMOOC will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information. ## Disclosure Of Data ### Legal Requirements OpenScienceMOOC may disclose your Personal Data in the good faith belief that such action is necessary to: * To comply with a legal obligation * To protect and defend the rights or property of OpenScienceMOOC * To prevent or investigate possible wrongdoing in connection with the Service * To protect the personal safety of users of the Service or the public * To protect against legal liability ## Security Of Data The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. ## Children's Privacy Our Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers. ## Service Providers We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Specifically, these comprise: ### GitHub We currently use GitHub.com as an external service for hosting the development of the content of our [Modules](https://opensciencemooc.eu/modules/open-principles/). By using GitHub.com, you agree to their Privacy Policy, which can be found here: https://help.github.com/en/github/site-policy/github-privacy-statement ### Eliademy We use the open source-Platform Eliademy as an external service to deliver the actual content of our [Modules](https://opensciencemooc.eu/modules/open-principles/) in a modern environment, so as to enable interactive elements such as quizzes, and the issuing of a Certificate of Completion at the end of each Module. By using Eliademy, you agree to their Privacy Policy, which can be found here: https://eliademy.com/privacy ## Links To Other Sites Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services. ## Other Services provided by the OpenScienceMOOC Next to the website https://opensciencemooc.eu, we offer an open communication platform to facilitate exchange between the numerous members of the OpenScienceMOOC, and to coordinate the development of content for our Modules. For this communication platform, we use the open source solution **Mattermost**, which is made accessible via the following address: https://chat.opensciencemooc.eu. The following segment describes what data might be collected when you agree to use the OpenScienceMOOC's Mattermost platform, ### Mattermost For the purposes of this Mattermost Software Privacy Policy (the “Privacy Policy”) “you” means you as an individual user, or you as an entity using the software. “Mattermost” or “we” means Mattermost, Inc. This privacy policy is designed to help you understand which information of yours may be collected by the Mattermost software and how that information is used by Mattermost. By using the Mattermost software, you consent to the terms of this Privacy Policy. #### What information do we collect? As described below, the kinds of information that Mattermost collects and uses may depend on the configuration options selected by your administrator: ##### Security Fix Alert Feature: Mattermost offers a Security Fix Alert feature that is designed to protect your system by attempting to alert you to relevant, high priority security fixes released for your system. You may opt out of receiving Security Alerts by switching off the feature in the System Console or via the configuration file (see link). If you opt out of the Security Fix Alert feature, Mattermost will not collect information required for communication of relevant Security Fix Alerts for your installation and may be unable to contact you regarding such alerts. When you deploy a Mattermost server with the Security Alert feature enabled, information about your installation that is needed to (i) determine whether your system is at risk of security issues from time-to-time, and (ii) permit notification to you of security fixes and updates to protect your system, will be collected over an encrypted channel and communicated to Mattermost. Such collected and communicated information includes configuration options, the version and type of software components deployed, such as the Mattermost server, database and operating system, activity indicators counting the number of active users and teams, and a server identifier. If you are using an activated copy of Mattermost Enterprise Edition, Mattermost may also collect information about available enterprise features including commercial license key registration information. ##### Error and Diagnostics Reporting Feature: Mattermost offers an Error and Diagnostics Reporting feature that, when enabled, permits the transmission of information to Mattermost about your system that is needed to diagnose errors and improve the functionality of Mattermost software for deployments with your usage pattern. This information will be collected over an encrypted channel, and include reports of critical errors, configuration options, the version and type of software components deployed, such as Mattermost server, database and operating system, anonymous usage statistics including changes to system preferences, creation of channels and posts, and feature usage. If you are using an activated copy of Mattermost Enterprise Edition, Mattermost may also collect information about usage of enterprise features as well as commercial license key registration information. You may opt out of the Error and Diagnostics Reporting Feature by switching the feature off in the System Console user interface or via the system configuration file (see link). If you opt out of the Error and Diagnostics Reporting feature, Mattermost will not collect your information required for reporting of errors and diagnostics from your deployment and may be less able to improve system performance for deployments with your usage pattern in future. ##### Mattermost Hosted Push Notification Service: If you choose not to compile your own Mattermost push notification service from the source code provided and instead to use the Hosted Push Notification Service (“HPNS”) provided by Mattermost, a privacy policy for HPNS is available here: https://about.mattermost.com/hpns-privacy/ #### What do we use your information for? The information we collect from you may be used in the following ways: * To alert you of updates designed to protect your system from newly discovered potential security attacks. * To improve future versions of the Mattermost software for deployments with similar usage patterns as your installation — we continually strive to improve the performance, reliability and functionality of our product, and our efforts to do so are assisted the usage information and feedback we receive from you. #### How do we protect your information? Mattermost takes care to protect the information you provide as part of your use of the Mattermost software from misuse and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, as well as the current state of technology. You may opt-out of the Security Alerts (see link) and Error and Diagnostics Reporting (see link) services any time from the System Console or via the configuration file, as described previously. Any information that we consider potentially sensitive is transmitted through encrypted channels and we follow generally accepted industry standards to protect the data collected by us, both during transmission and after we receive it. Internally, we restrict access to all personally identifiable information we receive from You to our personnel that need access to the information in order to do their jobs and that are authorized to handle such information. Our staff is limited and all personnel are committed to adhere to our privacy and security policies. All personnel execute nondisclosure agreements, which provide explicit confidentiality protections. Any staff member who violates our privacy and/or security policies is subject to possible termination of contract and civil/criminal prosecution. #### Privacy Shield Mattermost self-certifies that it adheres to the E.U.-U.S. Privacy Shield principles of notice, choice, onward transfer, security, data integrity, access and enforcement for personal data submitted by our customers and partners. To see more information about our responsibilities under Privacy Shield, please see https://mattermost.com/privacy-shield/. #### Do we disclose any information to outside parties? We do not sell, trade, or otherwise transfer the information we collect from you to unaffiliated third parties. We do, however, share the information we collect from you with trusted third parties who assist us in operating our site, conducting our business, or servicing you, provided that those parties agree to keep your information confidential and secure. This includes sharing the following anonymous usage statistics on the **Gfycat feature** with Gfycat: which gifs are viewed and shared (without identifying specific users), how many users have used the feature, and the search terms and categories that are selected from the Gfycat picker. We also reserve the right to release your information when we believe that release is necessary to comply with the law, enforce our site policies, or protect our own or another’s intellectual property rights, property, or safety. ## Changes To This Privacy Policy We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. ## Contact Us If you have any questions about this Privacy Policy, please contact us: * By email: [info@opensciencemooc.eu](mailto:info@opensciencemooc.eu) * By visiting this page on our website: https://osmooc.herokuapp.com/