We understand the importance of your privacy and pledge to take all appropriate security measures to protect it in accordance with the industry's well-established safety standards. This Privacy Policy gives you information about the personal data we collect about you in relation to your use of Open Source Technology Center ("OSTC"), and how and why we use it to meet our obligations under the GDPR. It also contains a summary of your rights in relation to your personal data. Some of the terminology in this Statement may be unfamiliar to you – there is a glossary at the end of the Statement which you may find useful. Terms which are included in the glossary are in capital letters.
Huawei Poland and Huawei Italy are jointly responsible as joint
controllers. The joint processes particularly pertain to the
operation and use of jointly used databases, platforms and IT
systems. With respect to the joint processes, we jointly determine
the purposes and means of processing. In an agreement on joint
controllership pursuant to Article 26 GDPR, we have determined how
the respective tasks and responsibilities in the processing of
personal data are structured and who fulfils which data protection
obligations.
OSTC is a team managed by
Huawei Poland (Domaniewska 39a, 02-672 Warsaw,
Poland) and Huawei Technologies Italia (Via
Lorenteggio, 240 - Tower A – 20147 Milan, Italy and registered with
the Chamber of Commerce di Milano Monza Brianza Lodi with
registration number 04501190963), (hereinafter jointly referred to
as "we", "us" or "our").
Personal Data collected and processed |
|
|---|---|
|
The source of personal data |
Data will be collected directly by you as the Data Subject. |
|
Will we process special categories of data? |
No. |
Below you will find detailed information on what personal data we process, for what purpose and on what legal basis arising from generally applicable data protection regulations. |
||
|---|---|---|
|
For what purpose does Huawei process your personal information? |
What categories of personal data do we process for this processing purpose |
Legal basis of processing |
|
Create your account, identify and authenticate your access to the Services and provide you with the Services you have requested |
Your name, last name, username, email address and password as well as authentication token when you make use of dual-factor authentication to your user account |
Legitimate interests. We use your personal information for our legitimate interests, such as to provide you with services you requested, allow you to participate in creation of OSTC platform |
|
Completing your profile page with the information you voluntarily provided |
Profile information: such as avatar (profile picture), time zone, social media IDs, website url, location, job title, organization, bio, and others available at your profile page |
Implied consent granted by you hence you make the decision to voluntarily provide and upload unnecessary data to complete the profile page |
|
Improve the security of and troubleshoot our Services, as necessary to perform the contract governing your use of our applications or to communicate with you |
IP address, device type, operating system, browser type and version, language preference, cookie identifiers, hardware identifiers, and mobile IDs |
Legitimate interests. We use your personal information for our legitimate interests, such as improving the security of and troubleshoot our Services |
|
Detect, prevent, or otherwise address fraud and abuses |
Personal data we collect through your use of the Services |
Legitimate interests. We use your personal information for our legitimate interest, such as administrative, security, fraud prevention purposes as well as ensuring the safety of users of the platform |
|
Comply with our legal obligations |
Personal data that is necessary for compliance with a legal obligation that we are subject to |
Legal obligation. We may disclose personal information or other information we collect about you to law enforcement if required in response to a valid subpoena, court order, search warrant, a similar government order |
Huawei uses suppliers and service providers to ensure carrying out
its business, including for the provision of OSTC, and to ensure
adequate protection of the Personal Data. The processing of Personal
Data in relation to our suppliers is always commissioned by us and
the parties will act only on our behalf as data processors or based
on another contractual set-up. Such processing is always protected
with contractual arrangements to ensure that your Personal Data is
processed in accordance with the laws and good data processing
practices. To comply with applicable laws or respond to valid legal
procedures, Huawei may also disclose your personal data to law
enforcement or other government agencies.
Huawei and its suppliers and service providers shall establish
technological, physical, administrative and procedural safeguards
all in line with the industry accepted standards in order to ensure
the confidentiality, integrity and accessibility of the Personal
Data processed; prevent the unauthorized use of or unauthorized
access to the Personal Data or prevent a Personal Data breach
(security incident).
Your personal data will also be shared with the engagement team of
Huawei managing OSTC project which is located in Poland.
Your personal data may also be disclosed to another company in
connection with a merger, acquisition, sale of assets (e.g., a
service contract), or transfer of service delivery.
Any personal data published by the user of GitLab and Mattermost
services will be kept for one year. After that time the data will be
automatically permanently deleted. Your user profile may be deleted
anytime upon your request (please see below how to submit requests
concerning your data subject rights).
Retention rules established and implemented for OSTC:
In order to ensure effective data minimization principle in the
processing activity, Huawei reserves the right to permanently remove
user profile if it has not been used for an extensive amount of
time;
In the case of legitimate interest legal basis - we will keep your
personal data until the project is completed, i.e., until The
OpenHarmony Project is delivered;
In the case of implied consent legal basis (depending on which comes
first) we will keep your data until you withdraw your consent or if
the profile page including voluntarily given personal data has not
been used for one year;
In the case of legal obligation legal basis, we will keep your
personal data as long as it is required by law, e.g. tax law.
Your information is securely stored by our cloud infrastructure
vendor in Europe/ Germany - Open Telekom Cloud. Our employees and
contractors that process personal data information may be located in
Europe/Poland.
Disclosure with our suppliers: we host our services at 3rd party
cloud service for which infrastructure is located in Europe.
Specific information about data protection and compliance can be
found
here.
As the data subject, you have the following rights in relation to your personal data. Depending on the case and the legal basis for processing your personal data, these rights may be subject to certain restrictions under the applicable data protection rules. To exercise these rights or contact us on privacy or data protection issues, please send your enquiry via the form: https://www.huawei.com/en/personal-data-request.
|
Right of Access |
You have the right to obtain from Huawei or any of its affiliates confirmation as to whether or not Personal Data concerning you is being processed and, where that is the case, access to a copy of the Personal Data and specific information about how Huawei or any of its affiliates processes your Personal Data. |
|
Right of Rectification (Correction) |
You have the right to obtain from Huawei the correction of inaccurate Personal Data concerning you and also the right to have incomplete Personal Data completed. |
|
Right of Erasure (Deletion) |
You have the right to obtain from Huawei or any of its affiliates the erasure (deletion) of your Personal Data in particular circumstances. |
|
Right of Restriction |
You have the right to obtain from Huawei or any of its affiliates restriction of processing in particular circumstances. |
|
Right of Objection |
You have the right to object to the processing of your Personal Data in particular circumstances. |
|
Right of Portability |
In certain circumstances, you have the right to receive your Personal Data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller Please bear in mind that the right of portability does not apply in the case of processing personal data on legitimate interests basis. |
|
Right to Withdraw Consent |
Where the legal basis of processing Personal Data is based on consent, you have the right to withdraw your consent at any time by providing a withdrawal notice to Huawei or any of its affiliates. Please note, however, that the withdrawal of your consent will not affect any use of the Personal Data made before you withdrew your consent. |
|
Right to lodge a Complaint |
If you consider your Personal Data is not being processed in compliance with the applicable laws, you have the right to lodge a complaint with any relevant supervisory authority, in Poland- President of the Personal Data Protection Office |
Glossary |
|
|---|---|
|
Controller |
An organisation who (alone or jointly with others) determines the purposes and means of the processing of Personal Data. |
|
Data Transfer Agreement |
An agreement containing standard data protection clauses adopted by the European Union Commission as referred to in Article 46(2)(c) of the GDPR. |
|
Data Subject |
The identified or identifiable natural person to whom the Personal Data relates. |
|
GDPR |
The European Union General Data Protection Regulation (2016/679). |
|
Legal Basis |
Processing of Personal Data is only lawful if and to the extent that at least one legal basis specified in the GDPR applies. The available legal bases which are applicable are summarised as:
|
|
Personal Data |
Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
|
Process/Processing |
Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
|
Special Categories of Personal Data |
Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. |