V1.2

Date of issue: 26/02/2025. Changes from v1.1.

Company

Collabora is a global consultancy specializing in Open Source software, with our headquarters located at The Platinum Building, Cowley Road, Cambridge, CB4 0DS, United Kingdom.

If you have any questions regarding how we handle your personal data, please contact our Data Protection Representative via email at data@collabora.com. Alternatively, you can reach our EU Representative, Olivier Potin, at olivier.potin@collabora.com.

Our legal basis for processing your personal data:

We collect personal contact information at events, trade shows, and through the contact form on our website to identify potential leads and explore future business opportunities. This processing is based on our legitimate interest.

When we collect and process Customer data, it is for contractual reasons only.

Where Customer employees' username and contact details have been used in git commits, the legal basis is legitimate interest on the grounds that it is necessary to be able to trace the history of the software development and safeguard against malicious code.

Data we collect for various purposes:

Transfer of data to third parties:

Our servers are located in Europe and Canada, regions bound by GDPR/DPA legislation. These servers host our email system (Zoho Mail/Calendar), customer data management (CRM), task management system (Phabricator), internal messaging (Mattermost), source code management (GitLab) and document storage (Nextcloud).

Any data transfer to Google servers in the United States of America is protected by Standard Contractual Clauses.

Data related to invoicing is processed by a 3rd party whose data servers are located in the United States of America. This data transfer is protected by Standard Contractual Clauses.

These 3rd parties are service providers (data processors) to Collabora and we only share information with them as part of regular business activities. In no case, does Collabora sell customer data of any kind.

Retention Period:

Retention Period: We will only retain personal information for as long as necessary to fulfill the purposes for which it is processed, or to comply with legal and regulatory retention requirements, which may include retaining information for:

• audit and accounting purposes;
• statutory retention terms: as mandated by local regulations;
• the handling of disputes: Until the resolution of disputes.

Once it is no longer necessary to retain personal data for these purposes, we will either delete or anonymize the data. If deletion or anonymization is not immediately feasible (for example, if the data is held in backup archives), we will securely store it and restrict it from any further processing until deletion or anonymization is possible.

Your Rights

We operate under the UK Data Protection Act (DPA) 2018 which encompasses the EU General Data Protection Regulation (GDPR). In accordance with data protection laws, we are committed to ensuring that the personal data we hold is:

1. Processed lawfully, fairly and transparently;
2. Collected for specified, explicit and legitimate purposes, and not processed in a manner that is incompatible with those purposes;
3. Adequate, relevant and limited to what is necessary for the purposes for which it is processed;
4. Accurate, and where necessary, kept up to date;
5. Retained only for as long as necessary for the purposes for which the data was collected;
6. Processed securely, with protection against unauthorized or unlawful processing, and accidental loss, destruction, or damage, using appropriate technical or organizational measures.

To exercise any of the rights listed below, please contact us using data@collabora.com. In order to process your request, we may need to verify your identity for your security. In such cases, we will need you to respond with proof of your identity.

1. The right to access personal data we hold on you. At any point you can contact us to request the personal data we hold on you as well as why we have that personal data, who has access to the personal data and where we obtained the personal data from. Once we have received your request and verified who you are we will usually respond within one month. There are no fees or charges for the first request but additional requests for the same personal data or requests which are manifestly unfounded or excessive may be subject to an administrative fee.
2. The right to correct and update the personal data we hold on you.
3. The right to object to processing of your personal data or to restrict it to certain purposes only. You have the right to request that we stop processing your personal data or ask us to restrict processing. Upon receiving the request we will contact you and let you know if we are able to comply or if we have a legal obligation to continue to process your data.
4. The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained.
5. The right to request portability of data. You can request that personal data you have provided which is based on consent or for the performance of a contract and that that has been carried out by automated means be provided to you in a structured and machine-readable format.
6. The right to object. You can object to your personal data being used where the legal basis is legitimate interest or public interest or is being used for direct marketing.
7. The right to not be subject to decision based solely on automated processing.
8. The right to lodge a complaint with the UK Information Commissioner’s Office. You can contact the Information Commissioner’s Office here: https://ico.org.uk/global/contact-us/contact-us-public/. Alternatively, please contact the relevant supervisory body for the country you are resident.

Changes from v1.1

Update to the retention period and minor grammar and contact detail amendments for clarity and accuracy.