M4 System - Privacy Policy
Effective Date | N/A |
Current Version | 0.1 |
Status | Draft |
Reviewer | Daniel Gagnon |
Table of Content
What information M4 System collects and why 4
Categories of personal information 4
Information from users with accounts 4
Information from website browsers 4
Information we collect from third parties 5
Why we collect this information 5
Our legal basis for processing information 6
What information M4 System does not collect 7
How we share the information we collect 8
Public information on M4 System 9
How you can access and control the information we collect 12
Data retention and deletion of data 12
Our use of cookies and tracking 13
How M4 System secures your information 14
M4 System's global privacy practices 14
Cross-border data transfers 15
How we respond to compelled disclosure 15
How and why we communicate with you 16
Changes to our Privacy Statement 17
Version | Date | Author | Comment |
0.1 | 12/12/2019 | Caroline Pelletier-Boisvert | First draft |
"User Personal Information" is any personal information about one of our users which could, alone or together with other information, personally identify them. Information such as a user name and password, an email address, a real name, and a photograph are examples of “User Personal Information.” User Personal Information includes Personal Data as defined in the General Data Protection Regulation.
"Technical Information" may include information we collect from website browsers, such as web server logs, or other log information, such as User session or activity logs. Technical Information may be connected to User Personal Information such as a username or an email address, or to other potentially personally-identifying information like Internet Protocol (IP) addresses.
User Personal Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, analyze, improve, and optimize our website and service.
If you create an account, we require some basic information at the time of account creation. You will create your own user name and password, and we will ask you for a valid email address. You also have the option to give us more information if you want to, and this may include "User Personal Information."
If you sell a M4 System Marketplace application or raise funds through the M4 System Sponsors Program, we require some additional information through the registration process. We may require identification information and banking information for you to receive funds through those services.
If you're just browsing the website, we collect the same basic information that most websites collect. We use common internet technologies, such as cookies and web server logs, to collect Technical Information. This is stuff we collect from everybody, whether they have an account or not.
The information we collect about all visitors to our website includes the visitor’s browser type, language preference, referring site, additional websites requested, and the date and time of each visitor request. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses.
From time to time, M4 System receives personal information about individuals from third parties. This may happen if you sign up for a training or to receive information about M4 System from one of our vendors.
Under certain international laws (including GDPR), M4 System is required to notify you about the legal basis on which we process User Personal Information. M4 System processes User Personal Information on the following legal bases:
We do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information, unless you sell a Marketplace application or raise funds through the Sponsors Program. Although M4 System does not request or intentionally collect any other sensitive personal information, we realize that you might store this kind of information in your account, such as in a repository or in your public profile. If you store any sensitive personal information on our servers, you are responsible for complying with any regulatory controls regarding that data.
If you're a child under the age of 13, you may not have an account on M4 System. M4 System does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will unfortunately have to close your account. We don't want to discourage you from learning to code, but those are the rules. Please see our Terms of Service for information about account termination. Other countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not use M4 System without obtaining your parents' or legal guardians' consent.
We do not intentionally collect User Personal Information that is stored in your repositories or other free-form content inputs. Information in your repositories belongs to you, and you are responsible for it, as well as for making sure that your content complies with our Terms of Service. Any personal information within a user's repository is the responsibility of the repository owner.
M4 System employees do not access private repositories unless required to for security reasons, to assist the repository owner with a support matter, or to maintain the integrity of the service. Our Terms of Service provides more details.
If your repository is public, anyone (including us and unaffiliated third parties) may view its contents. If you have included private or sensitive information in your public repository, such as email addresses or passwords, that information may be indexed by search engines or used by third parties. In addition, while we do not generally search for content in your repositories, we may scan our servers for certain tokens or security signatures, or for known active malware.
Please see more about User Personal Information in public repositories.
We do share User Personal Information with your permission, so we can perform services you have requested or communicate on your behalf. For example, if you purchase an integration or other Developer Product from our Marketplace, we will share your account name to allow the integrator to provide you services. Additionally, you may indicate, through your actions on M4 System, that you are willing to share your User Personal Information. For example, if you join an organization, the owner of the organization will have the ability to view your activity in the organization's access log. We will respect your choices.
We do not share, sell, rent, or trade User Personal Information with third parties for their commercial purposes, except where you have specifically told us to (such as by buying an integration from Marketplace).
We do not host advertising on M4 System. We may occasionally embed content from third party sites, such as YouTube, and that content may include ads. While we try to minimize the amount of ads our embedded content contains, we can't always control what third parties show. Any advertisements on individual M4 System Pages or in M4 System repositories are not sponsored by, or tracked by, M4 System.
We do not disclose User Personal Information outside M4 System, except in the situations listed in this section or in the section below on Compelled Disclosure.
We do share certain aggregated, non-personally identifying information with others about how our users, collectively, use M4 System, or how our users respond to our other offerings, such as our conferences or events. For example, we may compile statistics on the usage of open source licenses across M4 System. However, we do not sell this information to advertisers or marketers.
We do share User Personal Information with a limited number of third party vendors who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our ownPrivacy Policyby signing data protection agreements. Our vendors perform services such as payment processing, customer support ticketing, network data transmission, and other similar services. When we transfer your data to our vendors under EU-US and Swiss-US Privacy Shield Frameworks, we remain responsible for it. While M4 System processes all User Personal Information in the United States, our third party vendors may process data outside of the United States or the European Union. If you would like to know who our third party vendors are, please see our page on Subprocessors.
We do share aggregated, non-personally identifying information with third parties. For example, we share the number of stars on a repository, or in the event of a security incident, we may share the number of times a particular file was accessed.
We may share User Personal Information if we are involved in a merger, sale, or acquisition. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we have made in ourPrivacy Policyor in our Terms of Service.
Much of M4 System is public-facing. If your content is public-facing, third parties may access and use it in compliance with our Terms of Service, such as by viewing your profile or repositories or pulling data via our API. We do not sell that content; it is yours. However, we do allow third parties, such as research organizations or archives, to compile public-facing M4 System information. Other third parties, such as data brokers, have been known to scrape M4 System and compile data as well.
Your User Personal Information, associated with your content, could be gathered by third parties in these compilations of M4 System data. If you do not want your User Personal Information to appear in third parties’ compilations of M4 System data, please do not make your personal information publicly available and be sure to configure your email address to be private in your user profile and in your git commit settings. We currently set users' email address private by default, but legacy M4 System users may need to update their settings.
If you would like to compile M4 System data, you must comply with our Terms of Service regarding scraping and privacy, and you may only use any public-facing User Personal Information you gather for the purpose for which our user has authorized it. For example, where a M4 System user has made an email address public-facing for the purpose of identification and attribution, do not use that email address for commercial advertising. We expect you to reasonably secure any User Personal Information you have gathered from M4 System, and to respond promptly to complaints, removal requests, and "do not contact" requests from M4 System or M4 System users.
Similarly, projects on M4 System may include publicly available User Personal Information collected as part of the collaborative process. In the event that a M4 System project contains publicly available personal information that does not belong to M4 System users, we will only use that personal information for the limited purpose for which it was collected, and we will secure that personal information as we would secure any User Personal Information. If you have a complaint about any personal information on M4 System, please see our section on resolving complaints.
You may indicate, through your actions on M4 System, that you are willing to share your User Personal Information. If you collaborate on or become a member of an organization, then the Account owners may receive your User Personal Information. When you accept an invitation to an organization, you will be notified of the types of information owners may be able to see (for more information, see About Organization Membership). If you accept an invitation to an organization with a verified domain, then the owners of that organization may be able to see your full email address(es) within that organization's verified domain(s).
If you collaborate on or become a member of an Account that has agreed to the Corporate Terms of Service and a Data Protection Addendum ("DPA") to this Privacy Statement, then that DPA will govern any conflicts between thisPrivacy Policyand the DPA with respect to your activity in the Account.
Please contact the Account owners for more information about how they process your User Personal Information and the ways for you to access, update, alter, or delete the User Personal Information stored in that account.
You have the option of enabling or adding third party applications, known as "Developer Products," to your account. These Developer Products are not necessary for your use of M4 System. We will share your User Personal Information to third parties when you ask us to, such as by purchasing a Developer Product from the Marketplace; however, you are responsible for your use of the third party Developer Product and for the amount of User Personal Information you choose to share with it. You can check our API documentation to see what information is provided when you authenticate into a Developer Product using your M4 System profile.
If you create a M4 System Pages website, it is your responsibility to post aPrivacy Policythat accurately describes how you collect, use, and share personal information and other visitor information, and how you comply with applicable data privacy laws, rules, and regulations. Please note that M4 System may collect Technical Information from visitors to your M4 System Pages website, including logs of visitor IP addresses, to maintain the security and integrity of the website and service.
You can also add applications from M4 System, such as our Desktop app, our Electron or Atom applications, or other account features, to your account. These applications each have their own terms and may collect different kinds of User Personal Information; however, all M4 System applications are subject to this Privacy Statement, and we will always collect the minimum amount of User Personal Information necessary, and use it only for the purpose for which you have given it to us.
If you're already a M4 System user, you may access, update, alter, or delete your basic user profile information by editing your user profile or contacting M4 System Support or M4 System Premium Support. You can control the information we collect about you by limiting what information is in your profile, by updating out of date information, or by contacting M4 System Support or M4 System Premium Support.
If M4 System processes information about you and you do not have an account, such as information M4 System receives from third parties, then you may access, update, alter, delete, or object to the processing of your personal information by contacting M4 System Support or M4 System Premium Support.
As a M4 System User, you can always take your data with you. You can clone your repositories to your desktop, for example, or you can use our Data Portability tools to download all of the data we have about you.
Generally, M4 System will retain User Personal Information for as long as your account is active or as needed to provide you services.
We may retain certain User Personal Information indefinitely, unless you delete it or request its deletion. For example, we don’t automatically delete inactive user accounts, so unless you choose to delete your account, we will retain your account information indefinitely.
If you would like to cancel your account or delete your User Personal Information, you may do so in your user profile. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days. You may contact M4 System Support or M4 System Premium Support to request the erasure of the data we process on the basis of consent within 30 days.
After an account has been deleted, certain data, such as contributions to other users' repositories and comments in others' issues, will remain. However, we will delete or deidentify your personal information, including your user name and email address, from the author field of issues, pull requests, and comments by associating them with the ghost user.
The email address you have supplied via your Git commit settings will always be associated with your commits in the Git system. If you chose to make your email address private, you should also update your Git commit settings. We are unable to change or delete data in the Git commit history — the Git software is designed to maintain a record — but we do enable you to control what information you put in that record.
M4 System uses cookies to make interactions with our service easy and meaningful. We use cookies (and similar technologies, like HTML5 localStorage) to keep you logged in, remember your preferences, and provide information for future development of M4 System. For security reasons, we use cookies to identify a device. By using our website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept these cookies, you will not be able to log in or use M4 System’s services. On certain areas of the website, we may also use cookies to identify you and/or your device to advertise M4 System products and services to you on third party sites.
We provide a web page on cookies and tracking that describes the cookies we set, the needs we have for those cookies, and the types of cookies they are (temporary or permanent). It also lists our third party analytics providers and subprocessors, and details exactly which parts of our website we permit them to track.
We use a number of third party analytics and service providers to help us evaluate our users' use of M4 System; compile statistical reports on activity; and improve our content and website performance. We only use these third party analytics providers on certain areas of our website, and all of them have signed data protection agreements with us that limit the type of personal information they can collect and the purpose for which they can process the information. In addition, we use our own internal analytics software to provide features and improve our content and performance.
Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. M4 System responds to browser DNT signals and follows the W3C standard for responding to DNT signals. If you have not enabled DNT on a browser that supports it, cookies on some parts of our website will track your online browsing activity on other online services over time, though we do not permit third parties other than our analytics and service providers to track M4 System users' activity over time on M4 System.
M4 System takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.
M4 System enforces a written security information program. Our program:
In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.
Transmission of data on M4 System is encrypted using SSH, HTTPS, and SSL/TLS, and git repository content is encrypted at rest. We manage our own cages and racks at top-tier data centers with excellent physical and network security, and when data is stored with a third party storage provider, it is encrypted.
No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. For more information, see our security disclosures.
We store and process the information that we collect in Canada in accordance with this Privacy Policy (our sub-processors may store and process data outside of Canada). However, we understand that we have users from different countries and regions with different privacy expectations, and we try to meet those needs even when the United States does not have the same privacy framework as other countries'.
We provide a high standard of privacy protection — as described in this Privacy Policy — to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide. We work hard to comply with the applicable data privacy laws wherever we do business, working with our Data Protection Officer as part of a cross-functional team that oversees our privacy compliance efforts. Additionally, if our vendors or affiliates have access to User Personal Information, they must sign agreements that require them to comply with our privacy policies and with applicable data privacy laws.
In particular:
M4 System may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.
In complying with court orders and similar legal processes, M4 System strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.
We will use the email address you used to create your account to communicate with you. We may communicate with you for multiple reasons, such as:
Please note that you can not opt out of receiving important communications from us, such as emails from our Support team or system emails, but you can configure your notifications settings in your profile.
If you have concerns about the way M4 System is handling your User Personal Information, please let us know immediately. You may also email us directly at privacy@m4system.com with the subject line "Privacy Concerns.".
You may also contact our Data Protection Officer directly:
Canada HQ | |
Data Protection Officer | |
Street Address | |
City/Province/Postal Code | |
Country | Canada |
Email address | privacy@m4system.com |
In the unlikely event that a dispute arises between you and M4 System regarding our handling of your User Personal Information, we will do our best to resolve it. If we cannot…
Under certain limited circumstances, individuals may invoke arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. Arbitration is not mandatory; it is a tool you can use if you choose to.
We are subject to the jurisdiction of the Quebec’s Consumer Protection Act at the provincial level and at the federal level, of the Canada Consumer Product Safety Act (CCPSA) and to the Personal Information Protection and Electronic Documents Act (PIPEDA).
Although most changes are likely to be minor, M4 System may change its Privacy Policy from time to time. We will provide notification to Users of material changes to this Privacy Policy through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending email to the primary email address specified in your M4 System account. For changes to this Privacy Policy that do not affect users rights, we encourage users to consult our Privacy Policy periodically and to keep an eye for a pop-up announcement on our website notifying our users that there was an update to the policy.
This Privacy Policy is licensed under the GNU General Public License v3.0.
Questions regarding M4 System's Privacy Policy or information security practices should be sent via email to privacy@m4system.com.