Privacy Report¶
<p>We hold personal data about vendors, administrators, clients and other
individuals for a variety of purposes.
This policy sets out how we seek to protect personal data and ensure that
administrators understand the rules governing their use of personal data to
which they have access in the course of their work.
In particular, this policy requires that the Data Protection Officer (DPO) be
consulted before any significant new data processing activity is initiated to
ensure that relevant compliance steps are addressed.</p> Scope¶
<p>This policy applies to all users who have access to any of the personally
identifiable data.</p> Who is responsible for this policy?¶
<p>As the Data Protection Officer, Richard Hughes.
has overall responsibility for the day-to-day implementation of this policy.
The DPO is registered with the Information Commissioner’s Office (ICO) in the
United Kingdom as a registered data controller.</p> Fair and lawful processing¶
<p>We must process personal data fairly and lawfully in accordance with individuals’ rights.
This generally means that we should not process personal data unless the
individual whose details we are processing has consented to this happening,
or where such collection is unavoidable and/or considered pragmatic in the
context, e.g.
logging the number of downloads of a particular file.</p>
<p>We do not consider an IP address to represent a single user (due to NAT or VPN use),
and as such metadata requests are not considered personal data using the draft GDPR guidelines.</p> Accuracy and relevance¶
<p>We will ensure that any personal data we process is accurate, adequate,
relevant and not excessive, given the purpose for which it was obtained.
We will not process personal data obtained for one purpose for any unconnected
purpose unless the individual concerned has agreed to this or would otherwise
reasonably expect this.
Individuals may ask that we correct inaccurate personal data relating to them.
If you believe that information is inaccurate you should inform the DPO.</p> Your personal data¶
<p>You must take reasonable steps to ensure that personal data we hold about
hardware vendors is accurate and updated as required.
For example, if your personal circumstances change, please update them using
the profile pages or inform the Data Protection Officer.</p> Data security¶
<p>We keep personal data secure against loss or misuse.
Where other organizations process personal data as a service on our behalf,
the DPO will establish what, if any, additional specific data security
arrangements need to be implemented in contracts with those third party
organizations.</p> Storing data securely¶
<p>All data is stored electronically.
All documents and code are held on a locked LUKS partition with a password
adhering to security best practices.</p> Data retention¶
<p>We must retain personal data for no longer than is necessary.
What is necessary will depend on the circumstances of each case, taking into
account the reasons that the personal data was obtained, but should be
determined in a manner consistent with our data retention guidelines.
Anonymized user data (e.g.
metadata requests) will be kept for a maximum of
5 years which allows us to project future service requirements and provide
usage graphs to the vendor.</p> Transferring data internationally¶
<p>There are restrictions on international transfers of personal data.
We do not transfer personal data anywhere outside the EU without the approval
of the Data Protection Officer, unless required to do so by law.</p> Subject Access Requests¶
<p>Please note that under the Data Protection Act 1998, individuals are entitled,
subject to certain exceptions, to request access to information held about them.</p>
<p>On receiving a subject access request, we will refer that request immediately
to the DPO.
We may ask you to help us comply with those requests.
Please also contact the Data Protection Officer if you would like to correct
or request information that we hold about you.
There are also restrictions on the information to which you are entitled under
applicable law.</p> Processing data¶
<p>We will never use identifiable vendor data for direct marketing purposes.</p> GDPR Provisions¶
<p>Where not specified previously in this policy, the following provisions will
be in effect on or before 11 November 2020.</p> Transparency of data protection¶
<p>Being transparent and providing accessible information to individuals about how
we will use their personal data is important for our project.
The following are details on how we collect data and what we will do with it:</p> Firmware Vendor Information¶
<ul>
<li>
<strong>What:</strong> The hardware vendor name, password, GPG public key and content of original
uploaded firmware files.</li>
<li>
<strong>Why collected:</strong> Secure authentication, to allow any possible future audit
and to provide authorized users access to signed firmware files.</li>
<li>
<strong>Where stored:</strong> AWS hosted PostgreSQL database in Oregon, USA region.</li>
<li>
<strong>When copied:</strong> Full backups weekly, with daily snapshots both to AWS backup.</li>
<li>
<strong>Who has access:</strong> The hardware vendor (filtered by the QA group), Linux
Foundation Infrastructure Team and the DPO.</li>
<li>
<strong>Wiped:</strong> When the vendor requests deletion of the user account.</li>
</ul> Service Event Log¶
<ul>
<li>
<strong>What:</strong> IP address (unhashed) and REST method requested, along with any error.</li>
<li>
<strong>Why collected:</strong> Providing an event log for checking what the various
hardware vendors are doing, or trying to do.</li>
<li>
<strong>Where stored:</strong> AWS hosted PostgreSQL database in Oregon, USA region.</li>
<li>
<strong>When copied:</strong> Full backups weekly, with daily snapshots both to AWS backup.</li>
<li>
<strong>Who has access:</strong> The hardware vendor (filtered by the QA group), Linux
Foundation Infrastructure Team and the DPO.</li>
<li>
<strong>Wiped:</strong> When the QA group is deleted.</li>
</ul> Firmware Download Log¶
<ul>
<li>
<strong>What:</strong> IP address (hashed), timestamp, filename of firmware, user-agent of client.</li>
<li>
<strong>Why collected:</strong> To know what client versions are being used for download,
and to provide a download count over time for a specific firmware file.</li>
<li>
<strong>Where stored:</strong> AWS hosted PostgreSQL database in Oregon, USA region.</li>
<li>
<strong>When copied:</strong> Full backups weekly, with daily snapshots both to AWS backup.</li>
<li>
<strong>Who has access:</strong> The hardware vendor (filtered by the QA group), Linux
Foundation Infrastructure Team and the DPO.</li>
<li>
<strong>Wiped:</strong> When the firmware is deleted.</li>
</ul> Firmware Reports¶
<ul>
<li>
<strong>What:</strong> Machine ID (hashed), failure string and checksum of failing file,
OS distribution name and version.</li>
<li>
<strong>Why collected:</strong> Allows the hardware vendor to assess if the firmware update
is working on real hardware.</li>
<li>
<strong>Where stored:</strong> AWS hosted PostgreSQL database in Oregon, USA region.</li>
<li>
<strong>When copied:</strong> Full backups weekly, with daily snapshots both to AWS backup.</li>
<li>
<strong>Who has access:</strong> The hardware vendor (filtered by the QA group), Linux
Foundation Infrastructure Team and the DPO.</li>
<li>
<strong>Wiped:</strong> When the firmware is deleted.</li>
</ul>
<p>We will ensure any use of personal data is justified using at least one of
the conditions for processing and this had been specifically documented above.</p> Consent¶
<p>The data that we collect is subject to active consent by the data subject.
This consent can be revoked at any time.
Revoking consent to use data ends any vendor relationship with the LVFS.</p> Data portability¶
<p>Upon request, a data subject should have the right to receive a copy of their
data in a structured format, typically an SQL export.
These requests should be processed within one month, provided there is no
undue burden and it does not compromise the privacy of other individuals.
A data subject may also request that their data is transferred directly to
another system.
This is available for free.</p> Right to be forgotten¶
<p>A vendor may request that any information held on them is deleted or removed,
and any third parties who process or use that data must also comply with the request.
An erasure request can only be refused if an exemption applies.</p> Privacy by design and default¶
<p>Privacy by design is an approach to projects that promote privacy and data
protection compliance from the start.
The DPO will be responsible for conducting Privacy Impact Assessments and
ensuring that all changes commence with a privacy plan.
When relevant, and when it does not have a negative impact on the data subject,
privacy settings will be set to the most private by default.</p> Data audit and register¶
<p>Regular data audits to manage and mitigate risks will inform the data register.
This contains information on what data is held, where it is stored,
how it is used, who is responsible and any further regulations or retention
timescales that may be relevant.</p> Reporting breaches¶
<p>All users of the LVFS have an obligation to report actual or potential data
protection compliance failures.
This allows us to:</p>
<ul>
<li>Investigate the failure and take remedial steps if necessary</li>
<li>Maintain a register of compliance failures</li>
<li>Notify the Supervisory Authority (SA) of any compliance failures that are
material either in their own right or as part of a pattern of failures</li>
</ul>
<p>Please refer to the DPO for our reporting procedure.</p> Monitoring¶
<p>Everyone who actively uses the LVFS must observe this policy.
The DPO has overall responsibility for this policy.
They will monitor it regularly to make sure it is being adhered to.</p> Consequences of Failing to Comply¶
<p>We take compliance with this policy very seriously.
Failure to comply puts both you and us at risk.
The importance of this policy means that failure to comply with any requirement
may lead to disciplinary action under our procedures.
If you have any questions or concerns about anything in this policy,
do not hesitate to contact the DPO.</p> Love Documentation? Write the Docs Portland is a 3-day virtual docs event.
May 22-24.<small>
<em>Community Ad</em>
</small> LVFS Navigation
<p>Contents:</p>
<ul>
<li>Introduction</li>
<li>Getting an Account</li>
<li>Metadata</li>
<li>Uploading Firmware</li>
<li>Firmware Testing</li>
<li>Claims</li>
<li>User Telemetry</li>
<li>Custom Protocol</li>
<li>Privacy Report<ul>
<li>Scope</li>
<li>Who is responsible for this policy?</li>
<li>Fair and lawful processing</li>
<li>Accuracy and relevance</li>
<li>Your personal data</li>
<li>Data security</li>
<li>Subject Access Requests</li>
<li>Processing data</li>
<li>GDPR Provisions</li>
<li>Transparency of data protection</li>
<li>Consent</li>
<li>Data portability</li>
<li>Right to be forgotten</li>
<li>Privacy by design and default</li>
<li>Data audit and register</li>
<li>Reporting breaches</li>
<li>Monitoring</li>
<li>Consequences of Failing to Comply</li>
</ul>
</li>
<li>Offline Firmware</li>
<li>Product Certification</li>
<li>LVFS Releases</li>
</ul> Related Topics
<ul>
<li>Documentation overview<ul>
<li>Previous: Custom Protocol</li>
<li>Next: Offline Firmware</li>
</ul>
</li>
</ul> Quick search ©2016-2020, Richard Hughes.
| Powered by Sphinx 1.8.6 &.
Alabaster 0.7.12  .
v: latest <dl>
<dt>Versions</dt>
<dd> latest </dd>
</dl>
<dl>
<dt>Downloads</dt>
<dd>PDF</dd>
<dd>HTML</dd>
<dd>Epub</dd>
</dl>
<dl>
<dt>On Read the Docs</dt>
<dd> Project Home </dd>
<dd> Builds </dd>
<dd> Downloads </dd>
</dl>
<dl>
<dt>On GitLab</dt>
<dd> View </dd>
<dd> Edit </dd>
</dl>
<dl>
<dt>Search</dt>
<dd>
</dd>
</dl>
<small> Hosted by Read the Docs · Privacy Policy </small>