Privacy, Safety and GDPR Information

Below are direct links to the sections in this page:

• Introduction
• Information collection
• Information usage
• Cookie usage
• Your rights
• Data retention and data persistency
• Data security
• Protecting your online safety and security
  • Internet access and account access
  • File sharing and downloads
  • Online communication, messaging and safe video/audio chats
  • Safe online relationships and behavior
• Changes to this policy
• Contact information

Introduction

This page covers the subjects of privacy and personal safety, and lays down the Privacy Policy for Collaboration Café sites and services. The server providing the Collaboration Café Web services and websites is located in Germany.

The GDPR Data Protection Officer, site operator and principal contact for all things is David Nelson (Dave), and you can easily contact him via the contact form or by email at admin@collaboration.cafe.

All users based in the European Union are protected by the requirements of the European Union’s General Data Protection Regulation. Users outside the European Union receive the same coverage and treatment.

For your information, all services provided by Collaboration Café are provided from Germany only.

If you are located in the European Union, no personal information or user data transits via any point outside the European Union unless it is due to your deliberate and consenting interaction with a party outside the European Union (via a file transfer, audio/video call or email correspondence, for example).

Information collection

At the moment of user account creation, personal data is collected from a prospective user (a potential “service receiver“) directly by the site operator, who creates all accounts manually and individually after approval of a prior service request.

The only information required for a personal account is your name and a contactable email address (‘disposable/throw-away‘ and other such temporary email addresses are not accepted). No other personal data is mandatory for using Collaboration Café Web services.

No profiling or tracking data is collected either automatically or manually by the software on Collaboration Café Web services.

On the Collaboration Café service information pages (which you’re reading now), anonymized visitation statistics (no IP address, no intrusive probing) are collected by Collaboration Café‘s self-hosted and privacy-friendly Plausible tool.

After account creation, because of the very nature of Collaboration Café Web facilities (such as the cloud file storage, the Collabora online office apps, Code Collaboration Café git repositories, and the Collaboration Café Mail email service), you may provide personal information or upload files by your own deliberate action and explicit choice.

If you opt to install and use automatic tools such as the Nextcloud file synchronization client for the Windows, Linux, Android, and Apple operating systems, you may upload files from your local computer or device to a Collaboration Café account automatically, in accordance with the settings you deliberately configure in that tool. You can halt that or change your choices via the settings in the said software.

Information usage

Any personal data collected by Collaboration Café Web services or the site operator is used solely for the purpose of providing Collaboration Café Web services and communicating with registered users.

Your privacy is highly valued, and your data will never be used for marketing or promotional purposes, nor shared with any third party (except possibly in the event of a legal obligation such as a court order or requisition).

Collaboration Café Web services do not engage in any form of data harvesting or analytics. The only exception to this is the Collaboration Café service information pages (which you’re reading now), where anonymized visitation statistics (no IP address, no intrusive probing) are collected by Collaboration Café‘s self-hosted and privacy-friendly Plausible tool.

Cookie usage

Collaboration Café Web services only employ cookies for technical functionality, which can notably include enhancing your user experience and remembering your user preferences.

No third-party cookies are used and no data is collected for advertisers or social networks.

You have the option to manage or opt out of cookies via settings in your Web browser. However, disabling cookies may affect the proper functioning of Collaboration Café Web services and sites.

Your rights

You have the right to access, correct, and delete your personal data and files directly from within your user account. You can also delete your user account by your own action from within your user account.

For any data protection inquiries, the site operator is the designated contact and will personally handle and fulfill all requests. You can contact the site operator via email at admin@collaboration.cafe, or via the contact form, or via the means stated on the Imprint page.

You are provided with data portability through the option to download your data from any Collaboration Café service. If you have any difficulty doing that, you can contact the site operator for assistance or advice.

If you decide that you have any objection to the data processing of your information or files, you can delete the respective information and files from your account by your own action at any time.

Data retention and data persistency

Your information and data is retained on a Collaboration Café site or service only for as long as you choose to keep it in place. There are no predetermined or regulatory retention periods, and no data is ever kept longer than you want it to be, not even in an anonymized form.

You have full autonomy to delete your data and, upon deletion, that data is removed permanently and is not recoverable by any means known to the site operator, except via a site backup.

Please take account of the fact that the Collaboration Café server is backed-up daily to off-server disk storage.

To preserve the integrity of backups, it is not possible to delete data that they contain.

Backups are kept and discarded on a rolling basis after 28 days. So, while your data will be permanently erased from the server file system immediately after a deletion action, it can continue to exist in off-server backups for 28 days.

If you encounter difficulties in deleting your data, you can request the site operator to perform the action on your behalf.

Data security

Various measures are implemented to protect the security of your data. However, one important measure is to use a securely-crafted password for account login, which can be accompanied by two-factor authentication for further protection. Although Collaboration Café does not hold any certifications regarding data security, the site operator is strongly committed to safeguarding your data.

In the unfortunate event of a data breach, affected users will be notified by email as quickly as possible, and all appropriate and possible remedial action will be taken as early as possible.

Protecting your online safety and security

Below is good advice generally applicable to all online activities and sites, whether on Collaboration Café or elsewhere.

Some of it won’t be directly applicable to your experience on Collaboration Café, but may be applicable to your activities arising from your usage of Collaboration Café services, including interactions during audio/video calls and meetings.

Below are direct links to the different subjects covered in this section:

• Internet access and account access
• File sharing and downloads
• Online communication, messaging and safe video/audio chats
• Safe online relationships and behavior.

Internet access and account access

• Use a VPN (Virtual Private Network) such as NordVPN on your devices, to protect yourself from snooping, cracking, advertisers and trackers.
• Don’t use public WiFi connections without VPN software.
• Don’t use public computers (in coffee shops, hotels, etc.) to access banking and financial services, or to make credit card payments and other monetary transactions.
  They can have been loaded with spyware and key loggers.
• If you really have no option but to use a public computer to log into a security-protected account (email or whatever), use an ‘incognito‘ or ‘private‘ window, click any checkbox saying ‘Public or shared computer‘, and unclick any checked box that says ‘Stay signed in‘ or ‘Remember me‘.
  Clear the Web browser’s cache (in the Settings) after you’re finished, so that fewer traces of your surfing session remain.
• If you have to use a public computer, try to set-up one-time passwords (OTPs) for accessing your accounts beforehand, and use those rather than your principal account password.
• Use strong, unique passwords and update them regularly.
• Passwords should be at least 12 characters in length and composed of a mixture of lowercase, uppercase, digits and special characters.
• Never use the same password for different accounts or tools.
• Use a password manager such as NordPass or KeePass to store and manage your passwords. They only require you to remember one master password to get access to all your account passwords, and often can enter your credentials in a login page without needing you to do so.
• One easy way to remember a good and secure password: take a two or three lines of a song, poem or book you know well.
  Create your password by using the first letter of each word.
  Choose uppercase letters to emphasize certain words.
  Include digits to replace words like ‘to’, ‘for’ and ‘too’.
  Include special characters like commas, periods, exclamation marks, question marks, etc.
  Be creative and inventive.
  When you need to enter the password, you can recite your quotation back to yourself in your mind, to help you remember it correctly.
  Try not to use any letter, digit or character more than once, if possible.
  Make sure your password is at least 12 characters long. Even longer is all the better.
• Consider using privacy-protective browser extensions such as Privacy Badger and DuckDuckGo Privacy Essentials.
  They protect you from advertisers and trackers, and can be deactivated easily for individual trusted sites.
• Make sure your devices are well-secured: With all devices – phones, computers, tablets, smart watches, smart TVs, etc. – it’s wise to use passwords or passcodes and other security such as biometrics, to protect yourself from a cyberattack or your personal data being stolen.
• Ensure that your devices have all the latest security updates installed, to reduce the risk of potential security breaches.

File sharing and downloads

• Share files wisely: only share your content with trusted persons, and use file access permissions to control the scope granted.
• Enable notifications for file activities. Stay informed about changes and access to your shared content.
• Consider encrypting files containing sensitive information, using a product such as VeraCrypt.
• Use version control to have the option of backtracking on unwanted changes.
• Regularly review your folders and files. Remove access to shared content when sharing is no longer necessary.
  Always delete content that you no longer need to store on the server.
• Always keep a separate backup of critical files.
• Install and use anti-virus and anti-malware software such as BitDefender on your devices.
• Be careful what you download: cybercriminals try to trick you into downloading malware to open a back door into your device.
  Malware can be disguised as a harmless-seeming app, or can be concealed on a malicious website that tries an exploit to infect you or gain control.
• Beware of ‘drive-by‘ downloads from a site that tries to install software on your device without requesting permission first.
  Be cautious about visiting new websites and downloading things.
• Only download content from trusted sources.
• Avoid opening untrusted emails. If you’re not sure whether an email is legitimate or not, go directly to the source and check.
  For example, if you receive a suspicious message that is supposed to be from your bank, call your bank and ask them if it is genuine and bona fide.
• If you do open an untrusted email, don’t click on any links in it and don’t open any attachments, notably PDF files, documents, images and audio files.
  They probably contain malware.
  These days, reputable brands and services just don’t send you PDF files and documents by email out of the blue. Only cybercriminals do.
• When you’re encouraged to click on a link, especially long hard-to-read links or links behind a shortened URL, check the domain name of the actual URL it’s pointing to.
  If it’s in a Web browser, hover your mouse over the link without clicking: you’ll probably see the actual URL in the bottom-left or bottom-right corner of your browser.
  Look out for addresses that look like a well-known brand or website but that are slightly mispelled.
  If it looks suspicious, don’t click on it.

Online communication, messaging and safe video/audio chats

• Always use a secure Internet connection for audio/video calls. Avoid using public WiFi for confidential conversations. Use a VPN such as NordVPN if possible.
• When using websites and tools, regularly review your privacy settings and make sure you understand and still want to accept the privacy policies.
• Call recording: call recording is disabled by default in calls and meetings on Conference Café, but can be enabled for special events (by prior arrangement).
  It may or may not be disabled on other video/audio call conferencing tools.
  But you should bear in mind that someone may have screen recording software installed on their device, and may be able to record your conversation regardless of recording being disabled or not activated in the software you’re using, so conduct yourself wisely.
• Be careful when sharing your screen or desktop. Make sure no sensitive information is visible in a window or document.
• Make a habit of muting your microphone when you’re not talking, and try to use a headset or microphone with noise reduction, to remove any background noise or conversations.
• If you receive a meeting invite, keep it confidential to ensure that no unwanted visitors use it.
• If you host a meeting, generate a unique and secure link that will protect the event’s privacy. Avoid using easily guessable or predictable links.
• If you’re hosting a call or event and call recording is available, always inform your participants before starting recording, to get their prior permission and to give them time to deactivate their webcam and microphone if they want.
• If you moderate a meeting, use the available features of the software for managing participant access and keeping the event safe and secure.
• If you’re hosting a meeting, use virtual waiting rooms or ‘break-out‘ rooms to verify newly-arrived participants before letting them join the event.
• When you’re in a call, you can use a virtual background to protect your privacy and conceal the background of the room you’re in.
• Consider password-protecting your conferences: set a password to enter a meeting or, if you don’t want to do that, set a password and ‘lock the door‘ once all your attendees are present.
• Before you join a meeting, make sure that no sensitive or private information is visible or audible in the background of the room you’re in.
• Join meetings from trusted devices only.
  Avoid taking part in confidential meetings using a public computer or shared device.
  It can have been loaded with spyware and a key logger.
• Post-meeting privacy: at the end of a meeting, close any meeting-related documents to prevent unauthorized access, and then cleanly terminate the event and log out properly to ensure that nobody can rejoin after you leave.

Safe online relationships and behavior

• Please read and respect the Code of personal conduct.
• Be careful what you say and where you say it: any comment, message or image you post online or send by email or messaging may stay online indefinitely, because removing the original won’t remove things received in a mailbox or re-posted elsewhere.
  There’s too often no way to take back something you regret.
  Don’t post stuff online that you wouldn’t want a current or prospective employer to see.
• Be careful about disclosing personal information about yourself or about someone else.
• Don’t share sensitive personal and financial information in public media such as a bio or post.
• Don’t share sensitive personal and financial information with persons who are unverified and who you don’t have reasonable grounds to trust.
• Be very cautious about wonderful new relationships with online contacts. Take things slowly.
  Consider confiding in a trusted family member, friend or colleague and getting a separate opinion. If it seems too good to be true, it often is.
• Be careful about who you meet online. People you meet online are not always who they claim to be. They might not even be real. Fake profiles are a very common tool for grooming unwary people.
  Bad actors are often charming, friendly and persuasive, and claim to like you as someone particularly special. Be cautious, and don’t be manipulated by flattery.
• Beware of people and websites pressurizing you to take an immediate decision about something – making a payment or providing sensitive information – without giving you time and opportunity to think it over beforehand.
  If you don’t immediately agree and they become more coercive and critical, it’s a bad sign.
  Consider talking to a trusted family member, friend or colleague first, and getting a separate opinion away from the urgency and pressure.
• Be careful about agreeing to in-person meetings with new contacts. Make sure you tell someone beforehand about when and where you’re going, and when you expect to be back.
  Be very cautious about how you behave and the behavior you accept: things can go wrong in lots of unexpected ways.
• Double-check information you receive online. Fake news, misinformation, disinformation and scams are commonplace.
  Also, different people can simply have different perceptions of the same thing.
  Do your own research to check the facts and draw your own conclusions.

If you have any concerns or questions about something during your use of Collaboration Café services, contact the site operator.

Changes to this policy

This Privacy Policy may be updated in response to regulatory changes. In the event of significant changes to the policy, you will be notified by email.

However, you are encouraged to review the Privacy Policy published in this page regularly, to ensure that you remain familiar with it and continue to consent to its provisions.

You do not need to take any action unless you decide to delete your account. You can do that by your own action or you can contact the site operator for assistance.

Contact information

For any privacy-related inquiries, you can reach out to the site operator via email at admin@collaboration.cafe, or via the contact form. or via the means of contact stated in the Imprint page.

Your message will be answered as quickly as possible, but please make allowance for nights, weekends, public holidays, and other possible reasonable unavailability for immediate response.