Kunnskaps-Norges IKT-infrastrukturselskap | Uninett



Avtalespeil databehandleravtaleSjekkliste databehandleravtale( databehandleravtaler)Leverand?rs besvarelse / referanse til tjenestens avtaleverkGitHub Privacy Statement(Effective date: May 25, 2018)Ansvarsfordeling mellom leverand?ren og institusjonen:?Leverand?ren bekrefter at personopplysninger som behandles i tjenesten skjer p? vegne av institusjonen.Our legal basis for processing informationUnder certain international laws (including GDPR), GitHub is required to notify you about the legal basis on which we process User Personal Information. GitHub processes User Personal Information on the following legal bases:When you create a GitHub account, you provide your user name and an email address. We require those data elements for you to enter into the Terms of Service agreement with us, and we process those elements on the basis of performing that contract. We also process your user name and email address on other bases. If you have a GitHub Hosted, GitHub Enterprise, or other paid account with us, there will be other data elements we must collect and process on the basis of performing that contract. GitHub does not collect or process a credit card number, but our third-party payment processor does.(…)Skriftlige instrukser fra institusjonen:?Leverand?ren forplikter seg til ? f?lge institusjonens skriftlige instrukser mht. hvordan opplysningene skal behandles og sikres. Det skal fremg? at leverand?ren ikke kan behandle personopplysningene p? andre m?ter enn det som f?lger av institusjonens skriftlige instrukser.Our legal basis for processing information(…)When you fill out the information in your user profile, you have the option to provide User Personal Information such as your full name, an avatar which may include a photograph, your biography, your location, your company, and a URL to a third party website. You have the option of setting a publicly visible email address here. We process this information on the basis of consent. All of this information is entirely optional, and you have the ability to access, modify, and delete it at any time (while you are not able to delete your email address entirely, you can make it private).Generally, the remainder of the processing of personal information we perform is necessary for the purposes of our legitimate interests. For example, for security purposes, we must keep logs of IP addresses that access GitHub, and in order to respond to legal process, we are required to keep records of users who have sent and received DMCA takedown notices.If you would like to request erasure of data we process on the basis of consent or object to our processing of personal information, please use our Privacy contact form.Oversikt over opplysningstyper:?Leverand?ren skal spesifisere hvilke typer personopplysninger som behandles p? vegne av institusjonen og hvem opplysningene gjelder, for eksempel studenter og rmation from users with accountsIf you create an account, we require some basic information at the time of account creation. You will create your own user name and password, and we will ask you for a valid email address. You also have the option to give us more information if you want to, and this may include "User Personal Information.""User Personal Information" is any information about one of our users which could, alone or together with other information, personally identify him or her. Information such as a user name and password, an email address, a real name, and a photograph are examples of “User Personal Information.” User Personal Information includes Personal Data as defined in the General Data Protection Regulation.User Personal Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, improve, and optimize our website and service.What information GitHub does not collectWe do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information. Although GitHub does not request or intentionally collect any sensitive personal information, we realize that you might store this kind of information in your account, such as in a repository or in your public profile. If you store any sensitive personal information on our servers, you are responsible for complying with any regulatory controls regarding that data.If you're a child under the age of 13, you may not have an account on GitHub. GitHub does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will unfortunately have to close your account. We don't want to discourage you from learning to code, but those are the rules. Please see our Terms of Service for information about account termination. Other countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not use GitHub without obtaining your parents' or legal guardians' consent.We do not intentionally collect User Personal Information that is stored in your repositories or other free-form content inputs. Information in your repositories belongs to you, and you are responsible for it, as well as for making sure that your content complies with our Terms of Service. Any personal information within a user's repository is the responsibility of the repository owner.Leverand?rens bruk av personopplysningene:?Leverand?ren skal tydelig definere hva institusjonens personopplysninger kan brukes til, for eksempel at de ikke vil bli brukt til markedsf?ring, men bare til administrasjon og levering av tjenesten. Dersom leverand?ren ?nsker ? anvende opplysningene til andre form?l enn det som opprinnelig er avtalt, m? leverand?ren f? tillatelse til dette fra institusjonen. Tillatelse fra institusjonen vil vanligvis ogs? v?re p?krevd dersom leverand?ren skal utlevere personopplysninger til tredjeparter, for eksempel andre virksomheter eller myndighetsorganer.?Why we collect this informationWe need your User Personal Information to create your account, and to provide the services you request, including to provide the GitHub service, the Marketplace service, or to respond to support requests.We use your User Personal Information, specifically your user name, to identify you on GitHub.We use it to fill out your profile and share that profile with other users if you ask us to.We will use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. Please see our section on email communication for more information.We use User Personal Information and other data to make recommendations for you, such as to suggest projects you may want to follow or contribute to. For example, when you fill out an interest survey at account creation, we learn from it — as well as from your public behavior on GitHub, such as the projects you star — to determine your coding interests, and we recommend similar projects. These recommendations are automated decisions, but they have no legal impact on your rights.We use your User Personal Information for internal purposes, such as to maintain logs for security reasons, for training purposes, and for legal documentation.We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first. You can always see what information we have, how we're using it, and what permissions you have given us in your user profile.How we share the information we collectWe do share User Personal Information with your permission, so we can perform services you have requested or communicate on your behalf. For example, if you purchase an integration or other Developer Product from our Marketplace, we will share your account name to allow the integrator to provide you services. Additionally, you may indicate, through your actions on GitHub, that you are willing to share your User Personal Information. For example, if you join an organization, the owner of the organization will have the ability to view your activity in the organization's access log. We will respect your choices.We do not share, sell, rent, or trade User Personal Information with third parties for their commercial purposes, except where you have specifically told us to (such as by buying an integration from Marketplace).We do not host advertising on GitHub. We may occasionally embed content from third party sites, such as YouTube, and that content may include ads. While we try to minimize the amount of ads our embedded content contains, we can't always control what third parties show. Any advertisements on individual GitHub Pages or in GitHub repositories are not sponsored by, or tracked by, GitHub.We do not disclose User Personal Information outside GitHub, except in the situations listed in this section or in the section below on Compelled Disclosure.We do share certain aggregated, non-personally identifying information with others about how our users, collectively, use GitHub, or how our users respond to our other offerings, such as our conferences or events. For example, we may compile statistics on the usage of open source licenses across GitHub. However, we do not sell this information to advertisers or marketers.We do share User Personal Information with a limited number of third party vendors who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our own Privacy Statement by signing data protection agreements. Our vendors perform services such as payment processing, customer support ticketing, network data transmission, and other similar services. When we transfer your data to our vendors under Privacy Shield, we remain responsible for it. While GitHub processes all User Personal Information in the United States, our third party vendors may process data outside of the United States or the European Union. If you would like to know who our third party vendors are, please see our page on Subprocessors.We do share aggregated, non-personally identifying information with third parties. For example, we share the number of stars on a repository, or in the event of a security incident, we may share the number of times a particular file was accessed.We may share User Personal Information if we are involved in a merger, sale, or acquisition. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we have made in our Privacy Statement or in our Terms of Service.How we respond to compelled disclosureGitHub may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.In complying with court orders and similar legal processes, GitHub strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.For more information, see our Guidelines for Legal Requests of User Data.Tidsavgrenset behandling:?Leverand?ren spesifiserer hvor lenge de aktuelle personopplysningene blir behandlet p? vegne av institusjonen, for eksempel til den dato avtalen om levering av tjenesten opph?rer eller til avtalen sies opp.Data retention and deletion of dataGenerally, GitHub will retain User Personal Information for as long as your account is active or as needed to provide you services.We may retain certain User Personal Information indefinitely, unless you delete it or request its deletion. For example, we don’t automatically delete inactive user accounts, so unless you choose to delete your account, we will retain your account information indefinitely.(…)Institusjonens plikter:?Institusjonen forplikter seg til ? ivareta sine lovp?lagte oppgaver/plikter n?r behandling av personopplysninger settes ut til en ekstern tjenesteleverand?r.What information GitHub does not collect(…). If you store any sensitive personal information on our servers, you are responsible for complying with any regulatory controls regarding that data.(…)Forvaltning av rettigheter:?Leverand?ren forplikter seg til ? hjelpe institusjonen med ? ivareta rettighetene til de som opplysningene gjelder, for eksempel studenter og ansatte. Dette omfatter blant annet retten til informasjon om hvordan leverand?ren forvalter personopplysninger, retten til innsyn i egne personopplysninger og retten til ? kreve retting eller sletting av egne opplysninger. Det b?r spesifiseres at leverand?ren kan bli erstatningsansvarlig overfor sluttbrukerne dersom leverand?ren eller leverand?rens underleverand?rer til tjenesten behandler personopplysninger p? ulovlige m?ter.How you can access and control the information we collectIf you're already a GitHub user, you may access, update, alter, or delete your basic user profile information by editing your user profile or contacting GitHub Support. You can control the information we collect about you by limiting what information is in your profile, by updating out of date information, or by contacting GitHub Support.Dataportabilitet:?I enkelte tilfeller b?r avtalen spesifisere at sluttbrukerne (studenter, ansatte, osv.) har rett til ? f? utlevert sine opplysninger fra leverand?ren i et format som gj?r det enkelt for dem ? overf?re opplysningene til en annen leverand?r. For universiteter og h?gskoler er det trolig at dette prim?rt vil v?re aktuelt dersom institusjonen benytter eksterne tjenester med bakgrunn i samtykke fra den enkelte sluttbruker.?Data portabilityAs a GitHub User, you can always take your data with you. You can clone your repositories to your desktop, for example, or you can use our Data Portability tools to download all of the data we have about rmasjonssikkerhet hos leverand?ren:?Leverand?ren forplikter seg til ? iverksette alle n?dvendige organisatoriske og tekniske tiltak for ? unng? at personopplysninger som institusjonen er ansvarlig for utsettes for uautorisert tilgang, spredning, endring, skade, ?deleggelse eller utilgjengelighet (informasjonssikkerhet). Kravet er at informasjonssikkerheten hos leverand?ren skal v?re tilfredsstillende. Tiltak for ? oppn? tilfredsstillende informasjonssikkerhet kan blant annet omfatte pseudonymisering eller kryptering av personopplysninger.How GitHub secures your informationGitHub takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.GitHub enforces a written security information program. Our program:aligns with industry recognized frameworks;includes security safeguards reasonably designed to protect the confidentiality, integrity, availability, and resilience of our users' data;is appropriate to the nature, size, and complexity of GitHub’s business operations;includes incident response and data breach notification processes; andcomplies with applicable information security related laws and regulations in the geographic regions where GitHub does business.In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.Transmission of data on GitHub is encrypted using SSH, HTTPS, and SSL/TLS. While our data is not encrypted at rest, we manage our own cages and racks at top-tier data centers with excellent physical and network security, and when data is stored with a third party storage provider, it is encrypted.No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. For more information, see our security disclosures.Taushetsplikt hos leverand?ren:?Leverand?ren tydeliggj?r at alle ansatte som har tilgang til institusjonens personopplysninger har taushetsplikt for disse opplysningene. Det b?r i tillegg tydeliggj?res at ansatte hos leverand?ren f?r n?dvendig oppl?ring i hvordan institusjonens personopplysninger skal h?ndteres.How GitHub secures your information(…)GitHub enforces a written security information program. Our program:aligns with industry recognized frameworks;includes security safeguards reasonably designed to protect the confidentiality, integrity, availability, and resilience of our users' data;(…)Varslingsplikt ved sikkerhetsbrudd:?Leverand?ren forplikter seg til ? varsle institusjonen dersom personopplysninger som institusjonen er ansvarlig for utsettes for sikkerhetsbrudd (uautorisert tilgang, spredning, endring, skade, ?deleggelse eller utilgjengelighet). Det b?r fremg? at leverand?ren skal dokumentere sikkerhetsbruddet og at varslingen skal skje s? raskt som praktisk mulig. Varslingen skal blant annet inneholde informasjon om hvem som er ber?rt av sikkerhetsbruddet, hvilke typer personopplysninger som er ber?rt og hva leverand?ren har gjort for ? h?ndtere eller utbedre situasjonen.How GitHub secures your informationGitHub enforces a written security information program. Our program:includes incident response and data breach notification processes; andIn the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.(…)Varsling ved ulovlig behandling:?Leverand?ren forplikter seg til ? varsle institusjonen dersom institusjonens skriftlige instrukser (etter leverand?rens oppfatning) er ulovlige (inneb?rer brudd p? lovverkets regler om behandling av personopplysninger).?Ikke direkte formulert, men opplasting av sensitiv informasjon omtales her:What information GitHub does not collectWe do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information. Although GitHub does not request or intentionally collect any sensitive personal information, we realize that you might store this kind of information in your account, such as in a repository or in your public profile. If you store any sensitive personal information on our servers, you are responsible for complying with any regulatory controls regarding that data.If you're a child under the age of 13, you may not have an account on GitHub. GitHub does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will unfortunately have to close your account. We don't want to discourage you from learning to code, but those are the rules. Please see our Terms of Service for information about account termination. Other countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not use GitHub without obtaining your parents' or legal guardians' consent.We do not intentionally collect User Personal Information that is stored in your repositories or other free-form content inputs. Information in your repositories belongs to you, and you are responsible for it, as well as for making sure that your content complies with our Terms of Service. Any personal information within a user's repository is the responsibility of the repository owner.Repository contentsGitHub employees do not access private repositories unless required to for security reasons, to assist the repository owner with a support matter, or to maintain the integrity of the service. Our Terms of Service provides more details.If your repository is public, anyone (including us and unaffiliated third parties) may view its contents. If you have included private or sensitive information in your public repository, such as email addresses or passwords, that information may be indexed by search engines or used by third parties. In addition, while we do not generally search for content in your repositories, we may scan our servers for certain tokens or security signatures, or for known active malware.Please see more about User Personal Information in public repositories.Leverand?rens bruk av underleverand?rer:?Leverand?ren forplikter seg til ikke ? engasjere nye underleverand?rer som har tilgang til institusjonens personopplysninger uten at institusjonen har gitt sin godkjenning til dette. Dersom underleverand?rer benyttes, skal det fremg? at alle underleverand?rer er bundet av de samme reglene som gjelder for leverand?rens behandling av institusjonens personopplysninger, spesielt n?r det gjelder informasjonssikkerheten til opplysningene. Til slutt skal det fremg? at leverand?ren er ansvarlig overfor institusjonen for avtalebrudd som eventuelle underleverand?rer til tjenesten gj?r seg skyldig i.How we share the information we collect(…)We do share User Personal Information with a limited number of third party vendors who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our own Privacy Statement by signing data protection agreements. Our vendors perform services such as payment processing, customer support ticketing, network data transmission, and other similar services. When we transfer your data to our vendors under Privacy Shield, we remain responsible for it. While GitHub processes all User Personal Information in the United States, our third party vendors may process data outside of the United States or the European Union. If you would like to know who our third party vendors are, please see our page on Subprocessors.We do share aggregated, non-personally identifying information with third parties. For example, we share the number of stars on a repository, or in the event of a security incident, we may share the number of times a particular file was accessed.(…)Third party applicationsYou have the option of enabling or adding third party applications, known as "Developer Products," to your account. These Developer Products are not necessary for your use of GitHub. We will share your User Personal Information to third parties when you ask us to, such as by purchasing a Developer Product from the Marketplace; however, you are responsible for your use of the third party Developer Product and for the amount of User Personal Information you choose to share with it. You can check our API documentation to see what information is provided when you authenticate into a Developer Product using your GitHub profile.GitHub applicationsYou also have the option of adding applications from GitHub, such as our Desktop app, our Electron or Atom applications, or other account features, to your account. These applications each have their own terms and may collect different kinds of User Personal Information; however, all GitHub applications are subject to this Privacy Statement, and we will always collect the minimum amount of User Personal Information necessary, and use it only for the purpose for which you have given it to us.Leverand?rens overf?ring av personopplysninger til land utenfor ?EU/E?S:?Leverand?ren redegj?r for lovlighetsgrunnlaget som benyttes dersom personopplysninger overf?res til land utenfor E?S-omr?det, for eksempel dersom tjenesten anvender underleverand?rer eller datasentre i slike land. Overf?ringen kan for eksempel baserer seg p? EUs standardkontrakt for overf?ring av personopplysninger til tredjeland.Cross-border data transfersFor cross-border data transfers from the European Union (EU) and the European Economic Area (EEA), GitHub adheres to the Privacy Shield Framework. You may view our entry in the Privacy Shield List.In addition to providing our users methods of unambiguous, informed consent and control over their data, we participate in and comply with the Privacy Shield framework, and we are committed to subject any Personal Information we receive from the EU and EEA to the Privacy Shield Principles. In addition, we continue to participate in the Safe Harbor Framework for Swiss data transfers to the US. Please read more about GitHub's international privacy commitments.Revisjoner hos leverand?ren:?Leverand?ren redegj?r for hvordan revisjon av leverand?rens arbeid med avtaleoverholdelse skal foreg?. Dette gjelder spesielt hvordan personopplysningene sikres mot uautorisert tilgang, spredning, endring, skade, ?deleggelse eller utilgjengelighet (informasjonssikkerhet). Det kan fremg? at slike revisjoner blir utf?rt av uavhengige revisorer engasjert av leverand?ren eller at institusjonen selv kan gjennomf?re revisjoner hos leverand?ren (eventuelt begge deler).Github Security:Physical Security(…)Physical security audited by an independent firmOperational SecurityOur primary data center operations are regularly audited by independent firms against an ISAE 3000/AT 101 Type 2 Examination standardSystems access logged and tracked for auditing purposesSecure document-destruction policies for all sensitive informationFully documented change-management proceduresInstitusjonens tilgang til n?dvendig dokumentasjon:?Leverand?ren gir institusjonen tilgang til dokumentasjon som setter institusjonen i stand til ? kontrollere at leverand?ren ivaretar sine avtaleforpliktelser. Slik dokumentasjon vil blant annet omfatte rapporter fra revisjoner av informasjonssikkerheten til personopplysninger som leverand?ren behandler p? vegne av institusjonen.Tilbakef?ring og sletting av personopplysninger ved opph?r:?Leverand?ren forplikter seg til ? tilbakef?re alle personopplysninger til institusjonen som institusjonen ?nsker ? ta vare p? etter at avtaleforholdet opph?rer (eller etter at tjenesten opph?rer ? eksistere). Leverand?ren skal ogs? forplikte seg til ? slette alle personopplysninger etter opph?r av avtaleforholdet. Sletteplikten skal omfatte alle sikkerhetskopier av personopplysninger som leverand?ren behandler p? vegne av institusjonen.Data retention and deletion of data(…)If you would like to cancel your account or delete your User Personal Information, you may do so in your user profile. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days. You may contact GitHub Support to request the erasure of the data we process on the basis of consent within 30 days.After an account has been deleted, certain data, such as contributions to others' repositories and comments in others' issues, will remain. However, we will delete or deidentify your personal information, including your user name and email address, from the author field of issues, pull requests, and comments by associating them with the ghost user.The email address you have supplied via your Git commit settings will always be associated with your commits in the Git system. If you chose to make your email address private, you should also update your Git commit settings. We are unable to change or delete data in the Git commit history — the Git software is designed to maintain a record — but we do enable you to control what information you put in that record.S?rskilte bestemmelser: Leverand?ren forpliktelser seg til ? bist? institusjonen med ? utrede konsekvensene ved bruk av tjenester/teknologier som representerer en s?rlig h?y risiko for personvernet. Leverand?ren skal videre forplikte seg til ? bist? i dialogen med Datatilsynet der hvor personvernrisikoen (avdekket gjennom konsekvensutredningen) vanskelig lar seg h?ndtere p? en hensiktsmessig m?te.NB: Datatilsynet vil offentliggj?re en liste over tjenester/teknologier hvor det er n?dvendig ? utrede personvernkonsekvensene f?r de tas i bruk. Avtalebestemmelser om konsekvensutredning vil v?re aktuelle n?r tjenester/teknologier p? Datatilsynets liste driftes av eksterne leverand?rer. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download