Privacy Policy

Version: 2021-07-18

1. Privacy Policy

The Arch Linux Team (hereinafter referred to as "Arch" or "we") operates the website and its services available on the Internet at https://archlinux.org/ including the respective sub-directories (hereinafter referred to as the "website").

With this privacy policy, we would like to inform you which data will be processed in which form when you visit the website or use its services. Where the GDPR applies, we hereby also comply with our duty to inform you in accordance with Art. 13 and Art. 14 of the EU-General Data Protection Regulation (GDPR).

2. Controller

The controller for the data processing on our website is the Arch Linux Team.

3.1. General use of the platform

The web server of our hosting service provider automatically records the accesses to our website. Therefore, when you visit our website, you transmit certain technical data to us, namely:

  • IP address,

  • accessed content,

  • information about the transmission,

  • date of access,

  • the amount of data transmitted,

  • the referrer,

  • the web browser/user agent.

Where the GDPR applies, the processing of the IP address when establishing a connection is based on Art. 6 par. 1 lit. b) GDPR to provide the website you requested.

Our host also creates so-called log files to maintain system security, in order to guarantee the security and integrity of our IT systems. These purposes also represent the legitimate interest for which the processing is carried out (Art. 6 par. 1 lit. f) GDPR). We store the log files for a period of 91 days and delete them afterwards.

3.2. Registering for a user account

Some of our services require that you sign up and create a user account. For this purpose we will collect and process your user name, email address and a password. We will send you a validation email to the email address you have provided. Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

When you use our services we will collect certain information from you and associate it with your account, such as:

We generally process your personal data for as long as you have an account with us and delete it afterwards.

4. Services of the website

Our website offers you a range of services for which we process certain personal data:

4.1. Forums (bbs.archlinux.org)

You can read in our forums without giving us any personal data. However, if you wish to participate by posting entries, we will ask you to sign up for an account. In this case, we will collect your user name, email address and a captcha question. You are able to select if you wish that other users could see your email address and if other users shall be able to send you mails via the forums mail function. Furthermore, you can set location options as time zone and language preference.

We process your data to provide you with the account, the forums and the respective functions. The captcha question is required to avoid abuse by spammers using automated tools to post their content and links to many sites. We process your location options and language preferences to provide you with the according account settings.

When you post comments, we display certain information about your user account next to your post such as user name, registration date, and country of origin (if you add these personal details in your user account).

Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In case you delete your account, we store your entries based on our legitimate interest of a consistent forums according to Art. 6 para. 1 lit. f) GDPR, but we anonymize the author of your entries.

4.2. Wiki (wiki.archlinux.org)

You can read in our wiki without giving us any personal data. However, if you wish to participate creating entries, we will ask you to sign up for an account. In this case, we will collect your user name, email address and a captcha question. You are able to select if you wish that other users could see your email address and if other users shall be able to send you mails via the wikis mail function. Furthermore, you can set location options as time zone and language preference.

We process your data to provide you with the account, the wiki and the respective functions. The captcha question is required to avoid abuse by spammers using automated tools to post their content and links to many sites. We process your location options and language preferences to provide you with the according account settings. When you contribute entries, we display certain information about your user account next to your entries such as user name, registration date, and country of origin (if you add these personal details in your user account).

Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In case you delete your account, we store your entries based on our legitimate interest of a consistent wiki according to Art. 6 para. 1 lit. f) GDPR.

4.3. Bug tracker (bugs.archlinux.org)

You can browse our bug tracker without giving us any personal data. However, if you wish to report a bug, we require you to register with us first. When you register a reporting account, we collect your user name, your real name, email address and optionally jabber ID, your notifications preferences and time zone. The obligatory registration data are required to enable you to log in to your account and to use the reporting services. When you report a bug, we display your user name along with the bug you reported.

Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In case you delete your account, we store your entries based on our legitimate interest of a consistent bug report according to Art. 6 para. 1 lit. f) GDPR.

4.4. Arch User Repository (aur.archlinux.org)

You can make use of the package instruction without giving us any personal data. However if you wish to participate by posting comments or submitting packaging instructions we will ask you to sign up for an account. When you register with us for a user account, we collect your user name, email address, a backup email address (optional) and a captcha question. You may choose whether other registered AUR users can see your email address. If you hide your email address, it is visible to members of the Arch Linux staff only. Optionally, you may enter your real name, your homepage, IRC nick, PGP key fingerprint and set location options as time zone and language preference as well as notification settings.

We require your data to enable you to log in to your account and to use the AUR actively. The captcha question is required to avoid abuse by spammers using automated tools to post their content and links to many sites. We will show your personal details next to the packages you submitted. We process your location options and language preferences to provide you with the according account settings.

When you submit or maintain packages, we display certain information about your user account next to the respective package such as your user name.

Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In case you delete your account, we retain your user name and email address based on our legitimate interest of a consistent documentation of the submitted packages, Art. 6 para. 1 lit. f) GDPR.

4.5. GitLab (gitlab.archlinux.org)

We also use a self-managed GitLab instance available at gitlab.archlinux.org for repository management, code reviews, issue tracking, activity feeds and wikis. You can read our GitLab public groups without registration. However, if you wish to participate creating content, we will ask you to sign up for an account. In this case, we will collect your user name, email address and a captcha question.

We process your data to provide you with the account, the GitLab instance and the respective functions. The captcha question is required to avoid abuse by spammers using automated tools to post their content and links to many sites. We process your location options and language preferences to provide you with the according account settings.

Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In case you delete your account, we retain your user name and email address based on our legitimate interest of a consistent documentation in our GitLab instance, Art. 6 para. 1 lit. f) GDPR.

4.6. Collaboration pads (md.archlinux.org)

You can use our collaboration pads and contribute in our work. In this case, we collect your email address, a password and your contributions to the collaboration pads. We process your data to enable you to participate in our collaboration pads. You can delete your contributions at any time in your account.

Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In case you delete your account, we will retain your contributions based on our legitimate interest of a consistent collaboration pad according to Art. 6 para. 1 lit. f) GDPR.

4.7. Mailing lists (lists.archlinux.org)

You can subscribe to our mailing lists. In this case, we collect your email address, a password, your language and other preferences and optionally your name. We process your data to enable you to participate in our mailing lists. You can unsubscribe at any time on your subscription page.

Where the GDPR applies, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

4.8. Arch IRC channels

You can use our Arch IRC channels. To avoid spam you need to be registered in order to join. We process your personal data to provide you with the IRC channel’s functions. For information on the registration process, please see our corresponding wiki page at: https://wiki.archlinux.org/title/Arch_IRC_channels. The IRC channels are provided by Libera Chat. We have no influence on the processing of your data by Libera Chat. For information on the processing of your personal data, please see https://libera.chat/privacy.

5. Contact

We offer you the opportunity to contact us via email. We will then process your email address and, if applicable, your name, a subject and the content of your request to answer your enquiry due to our legitimate interests (Art. 6 para. 1 lit. f) GDPR).

We will store your enquiry as long as we have lawful bases for processing the data. Where the GDPR applies, we may store data in accordance unless legal provisions prevent deletion. Where the GDPR applies, we may store data in accordance with Art. 6 para. 1 lit. f) GDPR where it is necessary for the purpose of providing evidence or to comply with legal retention periods in accordance with Art. 6 para. 1 lit. c) GDPR. If the request is made within the framework of an existing or prospective contractual relationship with us, the storage period shall be based on the underlying contractual relationship.

6. Donations

You can donate to Arch Linux as a member project of the Software in the Public Interest, Inc. (SPI) as non-profit corporation using via Click&Pledge or via SPI directly using PayPal or Credit Card payment. For further information, please see the SPI donation website at: https://www.spi-inc.org/donations/. We publish the past donors on the website https://archlinux.org/donate/.

This processing is based on your consent (Art. 6 Abs. 1 lit. a) GDPR) until your withdrawal or until we end this publication of past donors. You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal e.g. by sending us an email.

7. Storage period

Unless explicitly stated otherwise, we will process and store your personal data for as long as it is required for the respective purpose and delete it thereafter.

8. Categories of recipients

We use external service providers if we are unable to provide services ourselves or if it is not reasonable to do so. These external service providers are primarily providers of IT services, such as our hosting service provider Hetzner (Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany).

9. General rights of data subjects

The GDPR guarantees you certain rights, which you can assert against us - if the legal requirements are met.

9.1. Art. 15 GDPR - Right of access

You have the right to obtain confirmation from us as to whether personal data relating to you are being processed and, if so, what these data are and the detailed circumstances of the processing.

9.2. Art. 16 GDPR - Right of rectification

You have the right to ask us to rectify incorrect personal data concerning you immediately. You also have the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

9.3. Art. 17 GDPR - Right to deletion

You have the right to demand that we delete any personal data relating to you immediately.

9.4. Art. 18 GDPR - Right to restriction of processing

You have the right to request us to restrict processing.

9.5. Art. 20 GDPR - Right to data portability

You have the right, in the event of processing based on consent or for the fulfilment of a contract, to receive the personal data concerning you which you have provided us with in a structured, common and machine-readable format and to transfer this data to another responsible party without hindrance from us or to have the data transferred directly to the other responsible party, insofar as this is technically feasible.

9.6. Art. 77 GDPR in conjunction with Section 19 BDSG - Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State in which you are resident, your place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection law.

10.1. Art. 21 GDPR - Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is necessary on the basis of a legitimate interest on our part or in order to carry out a task in the public interest, or which is carried out in the exercise of official authority.

If you object, we will no longer process your personal data unless we can prove compelling legitimate grounds for processing that override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If we process your personal data for direct marketing purposes, you have the right to object to the processing at any time. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

In order to exercise your right of objection, you can, for example, send us an email to the email address mentioned above.

If you have given us your informed consent, you have the right to withdraw your consent at any time. In this case, all data processing that we have carried out until your withdrawal remains lawful.

11. Obligation to provide data

You have no contractual or legal obligation to provide us with personal data. However, we then might not be able to offer you the requested services.

12. The existence of automated decision-making (including profiling)

We will not make you subject to any automated decision-making, including profiling in accordance with Art. 22 para. 1 and 4 GDPR, which has legal effects on you or affects you.

13. Internet-specific data processing and cookies

On some sub-directories of our website, cookies are set in your browser. Cookies are small text files that are stored on your hard drive and are assigned to the browser you are using. The provider who sets the cookie can collect certain information through the cookie. The only purpose of the cookies set on our website is to enable you to use the website and its functions safely. The legal basis for the processing is our legitimate interests in the aforementioned purpose according to Art. 6 para. 1 lit. f) GDPR. The cookies are necessary for the services you have requested.