ZEBRAS UNITE PRIVACY POLICY
(Last Updated October 14, 2018)

This Privacy Policy describes how ZEBRAS UNITE (referred to in this Privacy Policy as “ZEBRAS UNITE,” “we,” “us,” or “our”) collects, processes, uses, stores, and safeguards information collected about or provided by users of the ZEBRAS UNITE community, users of ZEBRAS UNITE services, including participation in our community projects and attendance of our conferences and events (“Services”), and about those who provide us personal information as a customer, contributor, contractor, or through other interactions with us.

Please note that if you are located in the European Economic Area (“EEA”) and interact with us through Sites, Services, or otherwise, specific rules apply to your privacy rights (as set forth below) in addition to the general provisions set out in this Privacy Policy that apply to everyone.

By otherwise accessing, using, or interacting with the Sites and Services, you expressly consent to our collection, processing, use, disclosure, and retention of your information as described in this Privacy Policy. If you do not agree with these practices, please do not use the Sites or otherwise provide us with your information.

Changes to the Privacy Policy

ZEBRAS UNITE may make changes to this Privacy Policy from time to time. This current version of the Privacy Policy is considered to be governing over all previous posted versions. ZEBRAS UNITE will notify users of material changes to the Privacy Policy by posting the amended terms on the website prior to implementation or by directly sending users notification if users have provided us with their email address for such purposes. By continuing to access, visit, or use the Sites after any changes to this Privacy Policy, you consent to the revised version of this Privacy Policy.

Information That ZEBRAS UNITE Collects

Through user interaction with the Sites, ZEBRAS UNITE may collect personal information submitted by such users, including community forum content, blog posts and comments, profiles, photographs, names, geographic location, unique identifiers (e.g., social media handles or usernames), contact information (e.g., email address, postal address, telephone, fax), and transaction information. ZEBRAS UNITE may also collect information users provide regarding their interests, demographics, industry, title, experience, and detailed contact preferences.

ZEBRAS UNITE does not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information; except to the extent you may voluntarily provide such information in anonymized surveys that would not allow ZEBRAS UNITE to identify you as the source of the sensitive personal information.

Cookie Use Policy; Third-Party Analytics

ZEBRAS UNITE does not use cookies, web beacons, locally shared objects (sometimes called “flash cookies”), or similar technologies in connection with your use of the Sites (collectively referred to as “Cookies”). Cookies are small text files stored on your computer in order to allow the visited websites to identify and recognize the user’s individual browser for the purpose of providing optimized and user-friendly services, i.e. the user does not have to fill in his or her data every time he or she visits the websites.

ZEBRAS UNITE uses third-party service providers to provide certain products and Services or to integrate other Site features. These third-party service providers may collect information when you view or use them, including information about you and your device or browser. They may do this using Cookies or similar technologies. These third-party service providers also may use Cookies or similar technologies to help share information with us, like how you use their website or application. ZEBRAS UNITE encourages users to evaluate privacy and security policies of any of the Sites’ transaction partners before entering into transactions or choosing to disclose information.

If you visit our Sites from within the EU, your IP address will be anonymized before transmission. Google’s privacy policy is found here: https://support.google.com/analytics/answer/6004245. To opt-out of analysis by Google Analytics on our Sites and services, please visit: http://tools.google.com/dlpage/gaoptout.

How ZEBRAS UNITE Uses the Information Collected

ZEBRAS UNITE uses collected information for purposes related to ZEBRAS UNITE’S business activities, including, but not limited to:

  1. To understand a user’s needs and create content that is relevant to the user;

  2. To generate statistical studies;

  3. To conduct market research and planning by sending user surveys;

  4. To notify user referrals of Cloud Foundry Foundation Services, information, or products when a user requests that Cloud Foundry Foundation send such information to referrals;

  5. To improve Services, information, and products;

  6. To provide Services or customer support;

  7. To communicate back to the user;

  8. To update the user on Services, information, events and products;

  9. To notify the user of any changes with a Site, which may affect the user; and

  10. To enforce terms of use on a Site.

ZEBRAS UNITE is a not-for-profit organization and an open and collaborative community. This means that portions of our Sites, including information you voluntarily provide, will be public-facing for the open sharing of ideas, best practices, and information from users around the world. If you do not want to share your information, including personally identifiable information, with other community members and the public, please be thoughtful as to how you interact with our Sites and Services and what information you provide. For example, user names, identifications or IDs, and email addresses (as well as any additional attribution information that a user voluntarily posts or provides) may be publicly available through your creation or linking of a public profile, project contributions, comments, and blog posts.

You should be aware that your information may continue to be viewable to others after you close your account, such as on cached pages on Internet search engines. Users may not be able to change or remove public postings once posted. Such information may be used by visitors of these pages to send unsolicited messages. ZEBRAS UNITE is not responsible for any consequences which may occur from the third-party use of information that a user chooses to submit to public pages.

In some cases you may be able to provide project contribution-related information directly to third party sites and services; these third parties are independent data controllers and their use of your personal information is subject to their own policies.

Executive Communications

From time to time, ZEBRAS UNITE may contact you with information, including promotions, marketing, and recommendations that we believe may be of interest to you, but only if you have provided your consent to receive such communications (if such consent is required by applicable law). Consistent with applicable laws, including United States CAN-SPAM laws, if you do not wish to receive commercial emails, you may unsubscribe by following the instructions on any email. ZEBRAS UNITE may still send you administrative notices in response to specific requests you submit or in connection with a contract you may have with us.

Links to Third-Party Websites

The Sites may permit you to access or link to third-party websites and information on the Internet, and other websites may contain links to the Sites. When a user uses these links, the user leaves the Sites. ZEBRAS UNITE has not reviewed all of these third-party sites, does not control, and is not responsible for any of the third-party sites, their content, or privacy practices. The privacy and security practices of websites accessed from the Sites are not covered by this Privacy Policy, and ZEBRAS UNITE is not responsible for the privacy or security practices or the content of such websites, including but not limited to, the third-party services you access through ZEBRAS UNITE. Please check the privacy and security policies of these websites before you submit any personal data.

Sharing of Information

ZEBRAS UNITE may share the personally identifiable information a user provides online with other entities that are part of our corporate network, including corporate affiliates, joint-venturers, and companies under common control, and/or outside service providers who we engage to distribute materials, create surveys, process credit card payments, provide technical support, handle transaction processing, or otherwise act on ZEBRAS UNITE’S behalf. Third-party service providers and suppliers receiving personal information are authorized to use such personal information only for the purpose it was originally intended or as required or permitted by law. Specifically, ZEBRAS UNITE may share a user’s email and other personally identifiable information with our fiscal sponsor, Institute for the Future, which may send email correspondence to users on our behalf.

ZEBRAS UNITE may disclose personal information that is associated with your profile as described in this Privacy Policy, as permitted by law or as reasonably necessary to: (1) comply with a legal requirement or process, including, but not limited to, civil and criminal subpoenas, court orders or other compulsory disclosures; (2) investigate and enforce our then-current Terms of Use, if any; (3) respond to claims of a violation of the rights of third parties; (4) respond to customer service inquiries; or (5) protect the rights, property, or safety of ZEBRAS UNITE, our users, or the public.

Data Security

To keep your information safe, prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use of information, ZEBRAS UNITE implements industry-standard physical, electronic, and managerial procedures to safeguard and secure the information we collect. However, ZEBRAS UNITE does not guarantee that unauthorized third parties will never defeat measures taken to prevent improper use of personally identifiable information. As a result, ZEBRAS UNITE cannot guarantee or warrant the security of any information transmitted on or through the Sites and you do so at your own risk.

In the event ZEBRAS UNITE becomes aware that the security of a Site has been compromised or users’ personally identifiable information has been disclosed to unrelated third parties as a result of external activity, including but not limited to, security attacks or fraud, ZEBRAS UNITE will take reasonable response measures, including but not limited to, investigation and reporting, and notification to and cooperation with law enforcement authorities.

International Data Protection and Transfer

Given the international scope of ZEBRAS UNITE’S business activities and Services, personal information may be visible to persons outside your country of residence, including to persons in countries that your own country’s privacy laws and regulations deem deficient in ensuring an adequate level of protection for such information. If you are unsure whether this Privacy Policy is in conflict with applicable local rules, you should not submit your information.

Your information may be transferred, stored, and processed in the United States. Your agreement to the terms of this Privacy Policy, followed by your submission of information in connection with the Sites and Services, represents your agreement to this practice. Please note that if you are in the EEA, specific rules apply, please see below.

Notice of Privacy Rights to European Data Subjects

For persons located in the EEA (“EU Data Subjects”), commencing on May 25th, 2018 and in case of inquiries to any ZEBRAS UNITE affiliates or service providers in Europe (such as event orders or applications), we will process your personal information in accordance with the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (“GDPR”) according to which you have the following rights:

  1. You have the right to information as to whether or not and to which extent we process which of your personal information.

  2. You have the right to object the processing of your data based on Article 6 (1) (e), (f) of the GDPR on grounds relating to your particular situation at any time.

  3. You have the right to rectification of any inaccurate personal information about you and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

  4. You have the right to the erasure of your personal information without undue delay unless we have a legitimate interest to keep the information, such as in the event we need the information to execute an agreement with you.

  5. You have the right to restrict the processing of your personal information, unless we have a legitimate interest to continue processing the information for the purpose in respect to which you requested the restriction. For example, you have the right to object to our processing of your personal information for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal information for this purpose. You have the right to receive your personal information from us in a structured, commonly used and machine-readable format in certain circumstances. However, this right does not apply where it would adversely affect the rights and freedoms of others.

  6. You have the right to withdraw your previously given consent at any time.

If you are an EU Data Subject, you may exercise any of your rights in this section in relation to your personal data by written notice to us at the following email address: gdpr@cloudfoundry.org.

If you believe our processing of your personal information violates data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged violation.

For EU Data Subjects, we rely on the following legal bases to process your personal information:

  1. The legal bases for the processing of information we obtain while you visit our Sites are the performance of a contract with respect to the use of our Sites (Art. 6 Para. 1 lit. b GDPR) and our legitimate interests (Art. 6 Para. 1 lit. f GDPR) in improving the performance of our Sites and the Services we offer.

  2. The legal bases for the processing of information we obtain through email messages or forms are your consent (Art. 6 Para. 1 lit. a GDPR) and our legitimate interests (Art. 6 Para. 1 lit. f GDPR).

  3. The legal bases for the processing of obtained information related to your interest in purchasing our products, attending our events, or otherwise obtaining our Services under contract are Art. 6 Para. 1 lit. b GDPR (steps at the request of the data subject prior to entering into a contract) or our legitimate interests (Art. 6 Para. 1 lit. f GDPR).

  4. The legal bases for the processing of information we obtain in the course of your account registration are performance of a contract (Art. 6 Para. 1 lit. b GDPR) and your consent (Art. 6 Para. 1 lit. a GDPR).

  5. The legal basis for the processing of information we obtain through your subscription to our e-mail alerts and/or newsletters is your consent (Art. 6 Para. 1 lit. a GDPR).

  6. The legal basis for the processing of information we obtain through the use of cookies, web beacons and third-party analytics is our legitimate interests (Art. 6 Para. 1 lit. f GDPR) in improving the performance of our Services and Sites and analyzing its use.

  7. The legal basis for the transmission of information to third-party contractors, agents, business partners, sales representatives, or service providers is performance of the contract (Art. 6 Para. 1 lit. b GDPR).

  8. The legal basis for the transmission of information to third parties in case we become involved in a sale or transfer of assets, bankruptcy, reorganization, dissolution, or any other transaction is our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in preparing and executing the applicable measure.

  9. The legal basis for the transmission of information to our affiliates is performance of the contract (Art. 6 Para. 1 lit. b GDPR).

  10. The legal basis for the transmission of information to law enforcement, governmental agencies, or authorized third parties is the compliance with a legal obligation (Art. 6 Para. 1 lit. c GDPR).

  11. The legal basis for the transmission of information to our legal counsel and other consultants in connection with actual or potential litigation is our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in receiving consulting services.

We will only send EU Data Subjects marketing emails or contact EU Data Subjects regarding marketing matters where they have agreed to this, such as by subscribing to our alerts, email lists, completing our contact forms or sending us email inquiries. As noted above, we may personalize the message content based upon any information you have provided to us and your use of the Sites and Services.

As stated above we take all reasonable steps to ensure that your personal data are processed and stored securely. For EU Data Subjects, your personal data will never be stored longer than permitted by applicable law or longer than necessary to fulfil our purposes for processing your personal data, which are stated in this Privacy Policy. The personal data of EU Data Subjects will be processed by us during the following time periods:

  • Customer, distributor or agent: If you are a customer, distributor, or an agent, and you have entered into an agreement with ZEBRAS UNITE, your personal data are saved for as long as necessary in order for us to perform the agreement with you, e.g. until we have delivered the product or performed the Services that you have ordered. This does, however, not apply if we need to save your personal data for a longer period of time due to any of the reasons stated below.

  • Communication: If you have contacted us, e.g. via email, your personal data will be stored as long as necessary for us to complete any request or handle any issue for which you contacted us.

  • Legal obligation: We may retain personal data as long as necessary to comply with legal or accounting obligations.

  • Direct marketing: We may process your personal data for direct marketing purposes, until you object to your personal data being used for such purposes.

In addition, please note that your personal data may be transferred outside of the EU/EEA to other entities providing services to us for the purposes and processing of your information consistent with this Privacy Policy, including to the United States. Email or survey response communications may be stored on servers in the location to which you sent your email or submitted your response, including in the United States and other countries.

With respect to transfers of personal data to third parties, we will ensure that your personal information is transferred to a country which according to the EU Commission has been designated as having an adequate level of protection, or if this is not the case, that the company or organization to which the information is transferred has joined a legal framework (such as the EU-US Privacy Shield), adopted binding corporate rules approved by a competent supervisory authority, or signed standard protection clauses adopted by the European Commission (known as “Standard Model Clauses”), or that any other legal grounds for such transfer in accordance with applicable privacy law is satisfied. You may contact us as stated herein to obtain further information on such transfers.

Retention of Your Information

Except for EU Data Subjects, whose personal data will be retained as noted above, we retain information about you for as long as it is necessary and relevant for ZEBRAS UNITE’S operations. We may retain information from closed accounts collected from you to comply with the law, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigations, and take other actions permitted by law or disclosed in this Privacy Policy to enforce the Site’s terms and conditions and take other actions permitted by law. The information we retain will be handled in accordance with this Privacy Policy. Unless we are actively using your personal information or have a legal bases for retaining such information, in accordance with this Privacy Policy and applicable law, we will securely delete or dispose of your personal information after 5 years of inactivity with respect to such information.