Licensed to the Apache Software Foundation (ASF) under one

or more contributor license agreements. See the NOTICE file

distributed with this work for additional information

regarding copyright ownership. The ASF licenses this file

to you under the Apache License, Version 2.0 (the

“License”); you may not use this file except in compliance

with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,

software distributed under the License is distributed on an

“AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

KIND, either express or implied. See the License for the

specific language governing permissions and limitations

under the License.

layout: default

---> DRAFT VERSION

This policy describes restrictions for mailing lists managed by the ASF or hosted on ASF servers.

1) Subscription Information

When a user subscribes to a new mailing list, the following text need to be included when asking for subscription confirmation:

"By subscribing to this mailing list you agree to the privacy policies of The Apache Software Foundation. The privacy policies can be found at: https://privacy.apache.org/policies/

The subscriber is fully aware that message may be posted in public and distributed by 3rd parties. The subscriber is also aware, that private message lists will also be read by multiple people with appropriate access rights, like - but not exclusively - Foundation Members, Board Members, Officers etc..

The subscriber is also fully aware that messages may not be (fully) removed from our archives if there is no strong reason to do so; also, we may decide to only remove parts of a message."

2) Email distribution

Every email send from our mailing list servers have a footer message with the text: "You receive this message because you are subscribed to <listname>. You can unsubscribe any time by sending a blank message to: <listname>-unsubscribe@<subdomain>.apache.org

3) Message/Data removal

Messages are only edited in rare occassions and when necessary from a privacy perspective.

Messages need to be edited or removed, when personal information according to the GDPR or CCPA is disclosed and need to be removed.

This includes all data which makes it possible to identify a person. In example:

  • full name
  • email address
  • phone number
  • address, city, country of origin
  • ethnicity
  • medical conditions
  • etc

Messages are not considered for removal when data is not related to a person:

  • login names (if it is not a real name)
  • ssh passwords
  • production IP addresses
  • machine names
  • URLs

Please not that any edit to our archives does not automatically edit the archives of 3rd party services which mirror our archives. A requestors will need to contact mirror services themselves.

4) Procedures for archive modifications

A removal request need to be sent to privacy@apache.org (private, but archived list) or directly sent to vp-privacy@apache.org. Please note that you request will be documented for future reference.

Please include the following:

  • country of residence, to apply the right data privacy laws
  • the list of messages to be removed or edited

After submitting the request, VP Data Privacy will confirm it's receipt and discuss appropriate solutions with the Infrastructure team.

Please note: The Apache Software Foundation is a volunteer organization; we do our best to handle each request as quickly as we can.