Last Updated: April 13, 2021
Consistent with the assurances of described in the Fourth Amendment and the principles built into the RightForge Community Policies, RightForge is committed to robust privacy for those who use its services. The laws relating to privacy and security vary from country to country. Even with these differences, however, RightForge is committed to providing its services in a manner that comports with the fundamental interests that form the basis for RightForge’s very existence.
In particular, RightForge complies with the provisions of the European Union’s General Data Protection Regulation (“GDPR”) as to any information in its possession regarding EU-based persons (“data subjects”). Accordingly, RightForge only processes Personal Data on data subjects where it has a lawful basis to do so, as set forth more fully in this GDPR Notice.
RightForge’s Status Under GDPR
Under GDPR, RightForge may be designated as either (i) a “processor” or (ii) a “controller” for certain data sets.
RightForge as Processor
In most cases, RightForge will be a “processor.” This means that we will store or perform some other set of operations on a data set that contains Personal Data for a customer, at the customer’s written direction. If RightForge is a “processor” under GDPR for a particular data set, we will enter into a processor agreement or data processor addendum. This agreement is required by GDPR and governs the terms of RightForge’s processing of the protected data at issue.
RightForge as Controller
If RightForge is a “controller” under GDPR, we will comply with applicable GDPR obligations. These include, but are not limited to the following:
- lawfully process data;
- enter into processing agreements with any third-party processors prior to sending personal data to such processors;
- maintain all required records and provide required modalities for the exercise of rights of the data subject;
- retain data only as long as necessary for the purpose for which it was obtained;
- provide data subjects with certain required notices;
- adopt all required policies and procedures and train employees who handle personal data governed by GDPR;
- implement privacy by design and privacy by default with regard to personal data governed by GDPR; and
- provide required notifications in the event of a data breach.
Transfer Outside of EU/EEA
From time to time RightForge may transfer Personal Data outside of the European Union or European Economic Area. Whenever we do so, appropriate safeguards will be in place, such as the insertion of approved model clauses. RightForge will only transfer Personal Data to foreign controllers and processors who meet these standards.
Duration of Storage
RightForge will only store your data as long as required by the basis for processing. For example, we will only store Personal Data that is being processed pursuant to our legitimate interest so long as such interest is present. If we are processing Personal Data based on consent, that consent may be withdrawn by you at any time. Please contact firstname.lastname@example.org to withdraw such consent.
Your Rights as a Data Subject
RightForge is committed to fulfilling its obligations concerning the exercise of your rights under GDPR. Please be advised that you have the following rights under GDPR (to the extent GDPR applies to your personal data):
- the right to request access to, rectification or erasure (i.e., the right to be forgotten) of personal data or restriction of processing or to object to processing;
- the right to data portability;
- the right to lodge a complaint with a supervisory authority; and
- the right to know the source of the data and whether the source was public (in certain circumstances).
Should you have any questions regarding the exercise of these rights, please contact us at email@example.com. We may provide additional information in communications directly with data subjects as necessary.