The Carpentries Privacy Policy
Last updated: 2022-01-15
This Privacy Policy applies to The Carpentries and its associated lesson programs, Data Carpentry, Software Carpentry, and Library Carpentry (collectively, “We”, “Our”, “Us”). This Privacy Policy explains how we collect, use, and share the personal information that we gather on the subdomains and websites on carpentries.org, datacarpentry.org, software-carpentry.org, and librarycarpentry.org (the “Sites”) or through your use of our products and services. By continuing to use our Sites, you agree to the terms of this Privacy Policy.
This Privacy Policy does not apply to any of the practices of our workshop partners, such as universities and other organizations, other than our practices expressly disclosed below. To understand how our workshop partners process your information, please refer to their privacy policy.
Please click the following links to learn more about our Privacy Policy:
What Types of Personal Information Do We Collect?
How Do We Use Personal Information?
How Do We Share Personal Information?
How Do We Respond to ‘Do Not Track’ Signals?
Cookies
Your Privacy Choices
Legal Bases for Processing (EEA Individuals)
EEA Individuals’ Rights
International Transfers of Data
Children’s Privacy
Change of Control
How Do We Protect Personal Information?
Policy Changes
Contact Information
1. What Types of Personal Information Do We Collect?
Information You Give Us. You may give us information by applying to become an Instructor, a Maintainer, a Trainer; volunteering to serve in one of our committees or task forces; serving as a Regional Coordinator; requesting information on workshops or memberships; participating in any capacity in a workshop or event; entering other information through our online collaborative note taking tools, forms or surveys; entering into a membership agreement; making a donation; providing sponsorship; contacting us by phone or email for information or services, or in person during a workshop or event.
The categories of information include:
Identifiers such as real name, GitHub username, ORCID identifier, and social media account handles
Contact information, such as address, location, email, and telephone number
Financial information, such as bank account number, credit card number, or debit card number, for sponsorships, donations, and membership fees
If you choose to self-identify, for research purposes, characteristics of protected classifications, such as race, color, national origin, religion, appartenance to volunteer organisations, gender, disability, age, ancestry, medical condition, marital status, or sexual orientation
Professional, employment, or education information, such as copies of your resume or CV and any other information required to verify your qualifications, for Instructor and Core Team recruitment purposes
Inferences regarding your familiarity with programming languages and general computing skills, to help tailor our workshops to you
Information We Automatically Collect. Like many website operators, we may collect information that your browser sends whenever you visit one of our websites.
This includes log data, such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our sites that you visit, the time and date of your visit, the time spent on those pages and other statistics, and whether you reached our page via a social media or email campaign. This information may be collected via several technologies, including cookies and other means.
You can control cookies in your browser to enable or disable them. Learn more in our Cookie Policy.
Information We Collect From Third Parties. If you access our Sites through third-parties (e.g., GitHub or Google), or if you share content from our Sites to a third-party social media service, the third party service may send us certain information about you if the third party service and your account settings allow such sharing. The information we receive will depend on the policies and your account settings with the third party service.
2. How Do We Use Personal Information?
We Never Sell Personal Information. We will never sell, rent or otherwise provide your Personal Information to any third party for marketing purposes.
We use your personal information as follows:
To provide you with the services on our platform, which involves the creation and coordination of training events, coding and data science workshops, discussions, and other events
To process donations or workshop administration fees for our programs
To assess your qualifications as an applicant for one of our community volunteer position (such as being an Instructor or a Maintainer) or other Core Team member position
To market our products and/or services to you
To analyze Sites usage and improve the services offered
For market research, project planning, troubleshooting problems
For detecting and protecting against error, fraud or other criminal activity
4. How Do We Respond to ‘Do Not Track’ Signals?
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. When and where possible, we respect DNT (e.g., page views on our Sites will not be recorded). However, we cannot guarantee your DNT preference will be recognized across our Sites, as the Internet industry is currently still working toward defining exactly what DNT means, what it means to comply with DNT, and a common approach to responding to DNT.
6. Your Privacy Choices
Please contact us if you would like to request access and/or make any changes to your personal information.
Marketing Opt-Out: We may use your personal information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe instructions provided in any email we send, or you can contact us using the contact details provided in the “Contact Information” section below.
6.1 California Privacy Rights
If you are a California consumer, you have the following rights:
The right to know what personal information is being collected about you.
The right to know whether your personal information is sold or disclosed and to whom.
The right to say no to the sale of personal information.
The right to access your personal information.
The right, in certain circumstances, to delete the information you have provided to us.
The right to equal service and price, even if you exercise your privacy rights.
Request for Information and Deletion. California consumers have the right to request, up to twice in a 12-month period, that a business that collects personal information about the consumer disclose to the consumer the information listed below for the preceding 12 months. We have the right to request verification of your identity for all requests for information.
The categories of personal information it has collected about that consumer.
The categories of sources from which the personal information is collected.
The business or commercial purpose for collecting or selling personal information.
The categories of third parties with whom the business shares personal information.
The categories of personal information that the business sold about the consumer and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold.
The categories of personal information that the business disclosed about the consumer for a business purpose.
The specific pieces of personal information it has collected about that consumer.
To make such a request, email us at privacy@carpentries.org or visit this webpage https://carpentries.typeform.com/to/v4RDlibM.
Do Not Sell My Personal Information. California consumers have the right to opt out of the sale of the consumer’s personal information. We do not sell your contact information or other personal information to third parties.
Third Party Marketing. California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information to third parties for the third parties’ direct marketing purposes. We do not share your information.
7. Legal Bases for Processing (EEA Individuals)
If you are from the European Economic Area, our legal bases for collecting and using your Personal Information are as follows:
The performance of your contract or to enter into the contract and to take action on your requests. For example, the processing of your workshop request and administration fee, facilitating instructor training, and coordinating workshops.
Our legitimate business interests. For example, fraud prevention, enforcement of our Code of Conduct, maintaining the security of our network and services, direct marketing to you, and improvement of our services.
Compliance with a mandatory legal obligation. For example, accounting and tax requirements, which are subject to mandatory retention periods. We may also collect your Personal Information to record your requests to exercise your rights and to verify your identity for such requests.
Consent you provide where we do not rely on another legal basis. Consent may be withdrawn at any time.
In some limited cases, we may also have a legal obligation to collect Personal Information from you, in response to investigation of breaches to our Code of Conduct that involves violation of local laws, lawful requests by public authorities, including to meet law enforcement requirements, as described above in “How Do We Share Personal Information?”
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided in the “Contact Information” section below.
8. EEA Individuals’ Rights
If you are from the European Economic Area, you have the right, under certain circumstances, to:
Access your Personal Information;
Correct inaccurate Personal Information;
Request erasure of your Personal Information without undue delay;
Request the restricted processing of your Personal Information;
Request portability of the Personal Information that you have given us; and
To object to the processing of your Personal Information.
If you are from the European Economic Area, you also have the right to lodge a complaint with a supervisory authority, under certain circumstances.
You may contact us using the contact details provided in the “Contact Information” section below for more information or to exercise your rights.
9. International Transfers of Data
Given the international nature of our organization, to be able to process your personal data, it is necessary for us to transfer or share your personal data outside the UK/EEA:
with Core Team members within our organization who are located outside the UK/EEA;
with your and our service providers, (e.g., cloud service providers), who might have servers located outside the UK/EEA;
if you are based outside the UK/EEA;
where there is a European and/or international dimension to the services we are providing to you.
We will only transfer or share your personal data outside the UK/EEA:
to a country, territory or organization that has been assessed as providing an adequate level of protection for personal data ‘adequacy decision’ by the UK or the EU Commission;
By using legally-approved UK or EU Standard Contractual Clauses (SCCS) or Model Clauses, in addition to implementing appropriate supplementary measures to ensure the protection of the personal data.
If you are located in the UK or the EU, you may contact us at privacy@carpentries.org to request a copy of the Standard Contractual Clauses.
By accessing our Sites and using our Services, you acknowledge that your personal data may be collected and transferred from your local jurisdiction (including those in the European Economic Area and the UK) to the United States or other jurisdictions.
10. Children’s Privacy
The Sites are not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us using the contact details provided in the “Contact Information” section below. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information.
11. Change of Control
Personal information may be transferred to a third party as a result of a merger, reorganization or other change in control.
12. How Do We Protect Personal Information?
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. For example, when possible, we use encryption to transfer and store data. We further limit access to this data using access controls and confidentiality commitments.
However, no website, application, or transmission can guarantee security. Thus, while we have established and maintain what we believe to be reasonable procedures to protect the confidentiality, security, and integrity of personal information obtained through the Sites, we cannot ensure or warrant the security of any information you transmit to us.
13. Policy Changes
We may change our Privacy Policy at any time. We encourage you to periodically review this Privacy Policy to ensure you are familiar with the most current version.
14. Contact Information
If you wish to contact us or have any questions about or complaints in relation to this Privacy Policy, please contact us at the following contact details:
Email: privacy@carpentries.org
Mailing address:
The Carpentries c/o Community Initiatives
1000 Broadway, Suite #480
Oakland, CA 94607
USAContact form: https://carpentries.typeform.com/to/v4RDlibM
License
Please note our Privacy Policy is released under a Creative Commons Attribution-NonCommercial-ShareAlike (CC BY-NC-SA) licence.