Privacy Policy

(Effective date: 24 May 2018)

This Privacy Policy applies to information that the MariaDB Foundation (“MDBF” or “we” or “our” ) collects when you access or use any of our mailing lists, websites, and products, when you communicate to our staff, or when you otherwise interact with us (collectively, the “Services”). See Appendix A for a non-exhaustive list of Services covered by this Privacy Policy.

This Privacy Policy: (a) explains how we process your information in relation to the Services; and (b) provides you with information about the choices available to you regarding our collection and use of your information. The terms of this Privacy Policy apply to all visitors, users, and others (collectively “Users”) who use and/or access the Services.

1. The MDBF approach to information

We collect your information directly only as required to communicate with you and fulfill your requests relating to our Services, and indirectly only as indicated in our Cookies and Logging section referenced below. For example, if you request to be contacted regarding our events, we collect and store your relevant contact information. We only send emails to Users who explicitly opt in or with whom we have established business relationships.

2. Information you provide directly to us

In the course of establishing communication and maintaining our Services, we receive “Personal Information” directly from Users. Personal Information means any information or data element that is associated with or may be used to identify an individual. Definitions of Personal Information vary by jurisdiction; however, here are some examples: contact information such as: first name, last name, phone (fixed/mobile) number, address, employer, title, IP and/or MAC address, photographs, user generated content, email address, user names, and transaction history; this is not an exhaustive list. Please note: we do not collect or store any credit card billing information; we delegate that sensitive task to a trusted service provider.

Some Services, including our blog, mailing lists, and social software development services such as GitHub (“Social Services”) are publicly-facing which means the information you post, including any Personal Information, is public and immediately viewable and searchable by Users of the applicable Social Services. You do have the ability to use a pseudonym, if you prefer, to associate with your User persona to protect your identity. We are only the administrator of the Social Services, in order to access a User’s profile information for operational or troubleshooting purposes.

One particular service, which we call the Feedback Plugin, receives usage data from MariaDB Servers who have the “Feedback Plugin” installed and enabled. Any Personal Information received directly or indirectly (for example IPs)  is only published in aggregate form.

In addition to the communications, the Services and/or the Social Services, we may collect information directly from you when you sign up for an event or conference that we sponsor or host. For more information on our privacy practices concerning such MDBF-sponsored or hosted events, please see the MDBF Events section below.

2.1. MDBF events

2.1.1. Event information

We may use third party platforms to register you for our events. They collect personal data that you directly input into the event forms. This personal data includes information such as your first and last name and your email address. This data is collected for us and transferred to us. We process it in order to register you for the event, as well as, in our legitimate interest, to manage our events and contact you, as explained below.

Your information may also be shared with companies that provide products and services to us (processors), such as third parties involved in organizing our events, client support or sales activities.

2.1.2. Event registration and participation

In order to participate in our events, you will be issued a name tag identifying you, your company or organization affiliation (if any), and the level of access that your ticket grants you. You will be asked to wear or show this name tag upon entry to the various areas of our events and during our events, as it is in our legitimate interest to manage access to our events.

When you go to the third party’s website to enter your registration information, the third party’s processing of your information is subject to their privacy policy available on their website. We, on the other hand, use this data to:

(a) Manage our events;
(b) Contact you regarding the event you registered to attend;
(c) Contact you regarding other events that we organize and think may be of interest to you, if you opt-in to receiving such notifications; and
(d) Improve our future events.

2.1.3. Food allergies or other dietary restrictions

Where we provide food, we may ask you about food allergies or other dietary restrictions, so we may adapt our menu accordingly. Providing this information is optional and we will only process it with your consent. However, if you fail to provide us with information regarding your food allergies or dietary restrictions, we cannot be held responsible for reactions that the food provided may elicit.

The information above is stored by us for a period of 120 days from the event.

2.1.4. Photos and videos

We may take pictures and record video footage of our events. Given that our events are generally held in public areas with controlled access, and that we do not intend to photograph you directly, but rather as part of a group (unless you are a speaker or a special guest), we do this based on our legitimate interest to document our events and market their success. However, we think you should be in control of how photos of you are handled; therefore, during the registration process, we will ask you if you agree to have photos and videos of you taken and shared publicly, on MDBF’s websites as well as third party websites (e.g., social media platforms, event marketing, etc.) and will honour it to the most reasonable extent practicable. Note, however, that this will only be applicable where your coded name tag is visible in the photo or video.

We may take pictures and record video footage of our events. Given that our events are generally held in public areas with controlled access, and that we do not intend to photograph you directly, but rather as part of a group (unless you are a speaker or a special guest), we do this based on our legitimate interest to document our events and market their success. However, we think you should be in control of how photos of you are handled; therefore, during the registration process, we will ask you if you agree to have photos and videos of you taken and shared publicly, on MDBF’s websites as well as third party websites (e.g., social media platforms, event marketing, etc.) and will honour it to the most reasonable extent practicable. Note, however, that this will only be applicable where your coded name tag is visible in the photo or video.

2.1.5. Speakers

If you are a speaker at an event, you will provide and we will process some or all of the following information: your first and last name, title, employer, employment history, education, biography, your presentation slides (if applicable) and any photos and videos you may share with us (such as a headshot). The presentation slides (if applicable) and photos and videos (both provided by you as well as any photos and videos taken at the event) may be made public through the channels we consider appropriate (for example, our website, third party websites and social media).

We do ask for your consent to take photos and videos of you and share them publicly; however, it is in our legitimate interest to publicize our events and, if you do not agree, we reserve the right not to appoint you as a speaker at our events.

This processing is made in our legitimate interest to promote our events and the data is stored by us for the duration of our business relationship.

3. Information you provide us indirectly

Additionally, we may receive “Usage Data” indirectly from Users and link such data to Personal Information. Examples may include: browser type, operating system, webpage history, or internet service provider; this is not an exhaustive list. In some cases, Personal Information may be automatically and indirectly provided to us (“Automatically-Shared Personal Information”), such as may be the case with network requests often disclosing the requestor’s IP address. We limit the collection and processing of this Automatically-Shared Personal Information to what is reasonably required for operational and troubleshooting purposes.

4. How we use this information

Our practice is not to store, collect, or share Personal Information you share directly with us unless you opt in explicitly. If you have not signed up to receive communications, registered with one of our Social Services or a conference or other event sponsored or hosted by us, nor requested us to perform any services for you, then you are not opted in to any type of data collection or storage, with the exception of Usage Data and Automatically-Shared Personal Information, noted above, and cookies, noted below. We use those sources of information not to perform a service, but to facilitate effective operation of our Services and a positive User experience.

5. Cookies and logging

A cookie is a small packet of data that is stored on your computer or device. Like most websites, our websites use cookies and other online tracking technologies only to store website preferences and session identifiers, such as your session when you log into our customer service portal, to collect additional website Usage Data, and to facilitate website functionality and security. Services preference cookies are used to remember your requests and enhance your user experience, such as asking not to see a contact request form when downloading software or white papers. We keep standard logs of network requests made to computer systems that we control to assist in diagnosing problems with the Services and other troubleshooting and analysis tasks which ensures you have an optimal experience.

Browser settings may be adjusted to automatically accept or decline cookies and/or to alert you when a website is attempting to put one in place. For example, if you wish to opt out of Google’s use of cookies to serve advertisements to you, you can browse to Google’s advertising opt-out page.

Please note, if you disable some cookies, it may impact the functionality of our website. We do not generally recognize automated browser signals regarding tracking mechanisms and we attempt to respect Users’ selection of a “Do-Not-Track” browser option.

6. How we share your information

We share information with third parties only as required to fulfill Users’ requests relating to functions that we do not provide ourselves, e.g. processing credit card payments or providing services related to MDBF Events. Except in connection with a corporate restructuring or sale of substantially all of our assets, we will not share or sell your contact information or email lists to others unless a User provides us with the opt-in registration form giving us permission to share information with the MariaDB Corporation. We never share or sell your information for others to market to you, so there is no need to opt out of third-party marketing.

We use Google Analytics to help measure website usage and may use Google Ads to help make potential Users and others aware of our Services through advertisements on the Internet. As noted above, this is accomplished through the placement and use of cookies.

7. Storing and retaining your information

We store the aforementioned information on servers located in Finland, Germany, and the United States of America. We keep Personal Information obtained through cookies for 30 days. Once that time period has expired, the information will be disposed of and any cookies will be reset. Automatically-Shared Personal Information is automatically deleted 1 year (or sooner) after collection. Unless otherwise specified, other Personal Information obtained will be stored for the duration of our relationship and 120 days after the relationship has ended and/or consent (if applicable) is withdrawn.

8. Your choices regarding collection, use, and sharing of your information

We believe in: (a) limiting the processing of your Personal Information to the most reasonable extent possible; and (b) using it solely for the purpose that we disclose to you when we initially collect it. We also provide you with the ability to change your mind. For example, if you wish to opt out of one of our mailing lists, you may select the opt out link which can be found at the bottom of any message, in which case your email will be unsubscribed from the mailing list.

9. Rights in certain jurisdictions

Based on jurisdiction, there may be certain access, erasure, and other rights which individuals may have to their data Personal Information, including the right to manage our treatment of their Personal Information and the way in which it is processed.

9.1. Provisions applicable to California, USA residents

California Civil Code Section § 1798.80 et al provides certain rights pertaining to the use and disclosure of Personal Information. For example, § 1798.83 permits Users of our Services that are California residents to request certain information regarding our disclosure of Personal Information to third parties for direct marketing purposes. To make such a request, please send an email to privacy@mariadb.org or write us at:

MariaDB Foundation
Attention: Data Privacy Officer
401 Edgewater Place, Suite 600
Wakefield, MA 01880
USA

9.2. Provisions applicable to persons in the European Union and European Economic Area

This section applies only to those who reside in the European Union or European Economic Area (EEA).

9.2.1. Transfers of information outside of the European Economic Area

Where your Personal Information is transferred to other entities as mentioned in section 3 above, we will take appropriate measures to ensure that the recipient protects your Personal Information adequately in accordance with this Privacy Policy. These measures include entering into European Commission-approved standard contractual arrangements with the recipients or ensuring they have self-certified compliance with the EU-US Privacy Shield framework (see further https://www.privacyshield.gov/welcome).

Further details on the steps we take to protect your personal information in these cases is available at any time upon request by contacting at privacy@mariadb.org

9.2.2. Your rights

As a data subject under EU data protection laws, you have specific legal rights relating to the Personal Information we collect from you. We will respect your individual rights and will deal with your concerns adequately.

(a) Right to withdraw consent: Where you have given consent for the processing of your Personal Information, you may withdraw your consent at any moment.

(b) Right to rectification: You may obtain from us rectification of your Personal Information. We make reasonable efforts to keep Personal Information in our possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us.

(c) Right to restriction: You may require us to restrict the processing of your Personal Information, if:

• you contest the accuracy of your Personal Information, for the period we need to verify the accuracy;
• the processing is unlawful and you request the restriction of processing rather than erasure of your Personal Information;
• we no longer need your Personal Information, but you require it for the establishment, exercise or defense of legal claims; or
• you object to the processing while we verify whether our legitimate grounds override yours.

(d) Right to access: You may request information regarding Personal Information that we hold about you, including information as to which categories of Personal Information we have in our possession or control, what they are being used for, where we collected them (if not from you directly), and to whom they have been disclosed, if applicable.

We will provide you with a copy of your Personal Information upon request. If you request further copies of your Personal Information, then we can charge you with a reasonable fee that we base on administrative costs.

If we transfer your Personal Information to a country outside the EU and EEA, you have the right to request information about the safeguards in place for our transfer of that data to the receiving country.

(e) Right to portability: You have the right to receive Personal Information that you have provided to us, and, where technically feasible, request that we transmit such Personal Information to another organization.

You have these two rights if:

• we process your Personal Information by automated means;
• we base the processing of your Personal Information on your consent, or our processing of your Personal Information is necessary for the execution or performance of a contract to which you are a party;
• you provided your Personal Information to us; and
• the transmission of your Personal Information does not adversely affect the rights and the freedoms of other persons.

You have the right to receive your Personal Information in a structured, commonly used and machine-readable format.

Your right to receive your Personal Information must not adversely affect the rights and the freedoms of other persons. This may be the case if a transmission of your Personal Information to another organization also involves the transmission of the personal data of other (non-consenting) individuals.

Your right to have your Personal Information transmitted from us to another organization is a right you have only if such transmission is technically feasible.

(f) Right to erasure: You have the right to request that we delete the Personal Information we process about you. We must comply with this request if we process your Personal Information, unless the data is necessary:

• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation that binds us;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or
• for the establishment, exercise or defense of legal claims.

(g) Right to object: You may object – at any time – to the processing of your Personal Information due to your particular situation, provided that the processing is not based on your consent, but on our legitimate interests or those of a third party. In this event, we shall no longer process your Personal Information, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing or for the establishment, exercise or defense of legal claims. If you object to the processing, please specify whether you also wish the erasure of your Personal Information; otherwise, we will only restrict it.

You may always object to the processing of your Personal Information for direct marketing purposes, even if it was based on our legitimate interest for any reason. If the marketing was based on your consent, you can withdraw consent.

(h) Right to lodge a complaint: You can lodge a complaint to the data protection authority in your Member State or to the data protection authority in the Republic of Ireland.

Please note:

(a) Time period: We will try to fulfil your request within 30 days, which may be extended due to specific reasons relating to the specific legal right or the complexity of your request. In all cases, if this period is extended, we will inform you about the cause and anticipated length of the extension.

(b) Restriction of access: In certain situations, we may not be able to give you access to all or some of your personal data due to statutory provisions. If we deny your request for access, we will advise you of the reason for the refusal.

(c) No identification: In some cases, we may not be able to look up your Personal Information due to the choice of identifiers provided in your request. In such cases, where we cannot identify you as a data subject, we will not be able to comply with your request to execute your legal rights as described in this section, unless you provide additional information enabling your identification. We will inform you and give you the opportunity to provide such additional details.

(d) Exercise your legal rights: In order to exercise your legal rights, please contact us in writing (including electronically) at the contact details provided below.

9.2.3 Contact information

Please direct your questions regarding the subject matter of data protection and any requests in the exercise of your legal rights to the following:

privacy@mariadb.org

MariaDB Foundation LLC: 401 Edgewater Place, Suite 600, Wakefield, MA 01880, USA

We will investigate and attempt to resolve any request or complaint regarding the use or disclosure of your Personal Information. If you are not satisfied with our reply and you are from the European Union, you may also make a complaint to the data protection authority, as indicated in the corresponding section above.

10. Revising and updating our Privacy Policy

We will notify you before the effective date of changes to this Privacy Policy and give you the opportunity to review those revisions before you choose to continue receiving communications or using our Services and Social Services.

Please Note: When you use a link to go from our Services to a third-party website or service, our Privacy Policy does not apply to those websites and services. We are not responsible for the practices employed by any third-party website or services linked to or from our Services, including the information or content contained within them.

PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY. If you have any questions about our Privacy Policy, Services, and/or any of our other policies, please contact privacy@mariadb.org. By continuing to subscribe to our communications and use our Services and Social Services, you are acknowledging that you understand the terms of our collection, use, treatment, and sharing of your Personal Information as described in this Privacy Policy. This Privacy Policy is incorporated into and made a part of our Terms of Use.

Appendix A

Services covered by this policy include, but are not limited to:

• https://mariadb.org
• https://archive.mariadb.org
• https://buildbot.mariadb.org
• https://ci.mariadb.org
• https://downloads.mariadb.org
• https://github.com/mariadb and related pages
• https://launchpad.net/maria and related pages
• https://mariadb.zulipchat.com
• https://lists.askmonty.org/cgi-bin/mailman/listinfo and related lists
• https://yum.mariadb.org