By using our websites you consent to the collection, processing and use of data as described below. Our website can be visited without registration. This data such as pages called or name of the retrieved file, date and time are stored on the server for statistical purposes, without this data are directly related to your person. Personal data, in particular name, address or e-mail address are collected as far as possible on a voluntary basis. Without your consent, the data will not be passed on to third parties.
Your user account
When you register, we need of course personal data: your email address and your user name (the pseudonym you choose yourself). Passwords will never be stored in plain text, only secure password hashes.
Your user name and email address will be accessible for site administrators. Our course they have no permission to access or even copy this information for any other reason than giving support related to the user account. You email address will never be given to third parties without your explicit consent.
Cancelling your account
Personal information you have provided us with can be deleted at any time (by cancelling your user account). We reserve the right to keep content published that you created on the website.
Data used for billing and accounting purposes is not affected. Your event ticket will not expire by canceling your account.
You probably know Drupal. Information like “User XY created a session proposal” will be saved together with the timestamp for a while. This information is only accessible for site administrators.
The following fields will be used to create your name tag for the event and to identify you at check-in:
- personal title
- first/middle/last name
- job title
- name of your company/organization
You’ll see there’s only an absolute minimum of required fields. This information will be revealed to the organising team and to the people who volunteer on the attendee care team (for example, at the check-in counter).
Additional attendee information on website
Unless you opt out (“Publish in lists”), the above listed attendee info fields plus your picture will be shown in attendee lists on the website and - depending on your speaker or volunteer status - in other lists like “volunteers” or “speakers”. This status will be set by website administrators based on personal communication.
Help promote invites you to enter your testimonial for Drupal Europe and - if applicable - a profile text to be shown in the volunteer list. If you fill in these fields your entries will be published.
Any other entries in the user profile form are subject to restricted access and they are optional. This means that only very few people will access the entries and will make no other use of the information other than for:
- Special needs (dietary restrictions, accessibility assistance, child-care)—will only be accessed by team members who help organize this support.
- Speaker information—will be accessed by the program team to help us achieve more speaker diversity.
We might use anonymized data for insights that help foster the open source community. For example we might want to publish that we are “proud to have 15% first-time speakers“ or that “20% prefer vegan catering”.
Apart from the data you allowed to be published, we will delete all sensitive data within 8 weeks after the event before archiving the website.
If you fill in forms you might be entering additional personal data, for instance your passport details when requesting a visa invitation. Any form designed to contact the Drupal Europe team will trigger an email notification. Only a minimum of your entries will be included in these emails, normally your email address to facilitate fast replies to you.
Sensitive data like the above mentioned passport details will never be included in such emails. Instead your entries will be stored on the web server where only a very limited number of team members can access them (for instance an attendee care team member for the visa invitation requests). Once processed, your entries will be deleted from the web server.
A cookie is a small file downloaded on to your device when you access certain websites.
We use the following cookies:
- Pretix_session - used to provide ticket buying functionality for this event
- OpenStreetMap - allows us to display the location of Drupal Europe in a nice user friendly interactive map
- SESSxx – set when you log into our website, then removed when you log out
We are using a self-hosted Pretix Community edition (free and open source). Self-hosted means it is installed on a web server in Germany under direct control of a board member of Drupal e. V. Three Drupal e. V. board members have administrative access to all entries you made when ordering tickets.
In case your employer ordered for you and you do not know about the entries: Your full name, e-mail address and maybe your t-shirt size could have been entered - plus an optional information that you are willing to volunteer during the event. As for payment details, only the following will be stored in Pretix:
- type of payment (for example “credit card”)
- charge ID (encrypted)
- status (for example “success” or “insufficient funds”)
The ticket shop processes all payments via Stripe. This service has certified high security standards, it's backend does not reveal payment details to the administrators (Drupal e. V. board members).
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services. Read in detail: stripe.com/docs/security/stripe
Ticket shop API
Pretix has an application programming interface allowing us to map information from the ticket shop to information on the website. One person on the website team has (reading) access to a limited set of ticket purchase information (orders, vouchers). We will use this access strictly limited to verification of the order number/ticket ID. This helps us create name tags limited to ticket holders.