Privacy Policy

Privacy Policy #

Source: OASIS Open Privacy Statement. Effective May 25, 2018.

Overview #

OASIS collects, retains, and uses personal information only for specific, legitimate business purposes. Staff who handle personal data — member information, employee records, event registrations, financial data — are responsible for understanding and following this policy. Data privacy questions should be directed to dataprivacy@oasis-open.org.

What Personal Data OASIS Collects #

OASIS collects personal data including names, addresses, email addresses, phone numbers, login credentials, location and IP data, and payment information in the course of:

  • Hosting collaborative projects and group communications
  • Creating and maintaining member and contributor accounts
  • Documenting license commitments
  • Hosting events and processing registrations
  • Processing sponsorship and payments
  • Managing job applications
  • Sending newsletters and organizational communications

How Staff Must Handle Personal Data #

  • Access personal data only to the extent required for your role and legitimate business purpose
  • Do not share personal data with third parties without authorization from the General Counsel or (Interim) ED
  • Do not store personal data in personal cloud storage or on unmanaged personal devices
  • Email list posts and addresses are permanently archived per OASIS policy; messages containing technical contributions or licensing commitments are generally not deleted
  • OASIS maintains permanent public records of technical contributions, including membership roles and contributions, to establish legal licensure and provenance — staff should not remove or suppress these records

Retention #

Personal data is retained to identify contributions, provide legal records, maintain contributor provenance, and administer contracts. Technical contribution data is typically retained as long as the associated work remains available. Staff should not delete or alter retention records without authorization.

Data Subject Rights #

EU citizens and those in certain other jurisdictions have rights to access, correct, update, delete, or suppress their personal data. Requests should be directed to dataprivacy@oasis-open.org. OASIS commits to responding within 30 days.

Staff who receive data subject requests should forward them to the General Counsel immediately — do not attempt to fulfill or decline requests independently.

Security #

OASIS implements physical, administrative, and technical safeguards to protect personal data from unauthorized access, consistent with the Information Security Policy. Staff are responsible for maintaining those safeguards in their day-to-day work.

Sharing Personal Data #

OASIS shares personal data with service vendors, business partners, and contractors only for operational purposes. OASIS does not provide contact data for external marketing purposes. When legal obligations require disclosure to law enforcement, the (Interim) ED and legal counsel are notified.

Data Privacy Contacts #

  • Email: dataprivacy@oasis-open.org
  • Data Protection Officer: Jamie Clark
  • Mailing address: OASIS Open, 400 TradeCenter, Suite 5900, Woburn, MA 01801, USA