On 12/08/2024 13:36, Richard Brown wrote:
On 2024-08-12 10:47, Patrick Fitzgerald wrote:
Richard Absolutely agree with Richard's points here. I think that the community has to see a bit more transparency on the foundation topic. It is much easier to release records than letting people speculate.
Agreed, and I am working on this. I forgot to mention that we are using the openSUSE TSP system, which I am unfamiliar with, (and I don't believe that even have access to except to make requests). Doug is currently on vacation, so unless there someone who can produce a report prior to his return.. the TSP side will have to wait. BUT everything TSP-related is in that database.
How are we handling the data protection and GDPR issues of this arrangement?
Use of the TSP platform is governed by the SUSE privacy policy as it requires use of SUSES IDM tooling
https://www.suse.com/company/legal/
This document clearly states “We process your Personal Data solely within the SUSE Group unless we expressly inform you otherwise”
But if the TSP is being governed by the Geeko Foundation as you describe, where can I find the details of the Data transfer policies between those organisations and to whom would a GDPR right-to-be-forgotten request be sent to, SUSE or the Geeko Foundation?
It is the same system! Managed by the same people (whoever they are at SUSE/oS) - I'm sure we'll either host the same system, or come up with our own. Right now, NOTHING has changed. We don't /govern/ it, we just /use /it. So by extension, I would expect that everything of which you speak is still managed by SUSE. Doug will know more. Once again, contributions are very welcome. /p