On 2024-08-12 13:52, Patrick Fitzgerald wrote:
On 12/08/2024 13:36, Richard Brown wrote:
On 2024-08-12 10:47, Patrick Fitzgerald wrote:
Richard Absolutely agree with Richard's points here. I think that the community has to see a bit more transparency on the foundation topic. It is much easier to release records than letting people speculate.
Agreed, and I am working on this. I forgot to mention that we are using the openSUSE TSP system, which I am unfamiliar with, (and I don't believe that even have access to except to make requests). Doug is currently on vacation, so unless there someone who can produce a report prior to his return.. the TSP side will have to wait. BUT everything TSP-related is in that database.
How are we handling the data protection and GDPR issues of this arrangement?
Use of the TSP platform is governed by the SUSE privacy policy as it requires use of SUSES IDM tooling
https://www.suse.com/company/legal/
This document clearly states “We process your Personal Data solely within the SUSE Group unless we expressly inform you otherwise”
But if the TSP is being governed by the Geeko Foundation as you describe, where can I find the details of the Data transfer policies between those organisations and to whom would a GDPR right-to-be-forgotten request be sent to, SUSE or the Geeko Foundation?
It is the same system! Managed by the same people (whoever they are at SUSE/oS) - I'm sure we'll either host the same system, or come up with our own. Right now, NOTHING has changed. We don't /govern/ it, we just /use /it. So by extension, I would expect that everything of which you speak is still managed by SUSE.
Doug will know more. Once again, contributions are very welcome.
/p
The Geeko Foundation is a UK registered entity is it not? Seperate from the SUSE Group entities that are governed under that privacy policy Of the Geeko Foundation is receiving money which it is then giving to TSP receipiants, this must mean identifiable data is being transferred from SUSE/openSUSE to that UK registered legal entity in order to facilitate those payments. There must be some policies, documentation and legal structure covering the transfer of information, no? For example, how long does the Geeko Foundation retain the bank details of the TSP recipients it receives from SUSE? I’m sure this sort of thing must have been thought of before SUSE starting giving tons of money for the Geeko Foundation to administer via the TSP.. surely?