Information on Data Processing for SUSE's Okta Authentication System
As described in the email that you received from SUSE, we are upgrading our authentication system by migrating away from the current system provided by our subprocessor, Micro Focus to the Okta system. In order to continue provisioning your user account and providing the services associated therewith, SUSE Software Solutions Germany GmbH and its corporate affiliates ("SUSE Group") must process certain personal data which you have provided to us in the past or may provide to us going forward ("Personal Data").
Purpose of Processing
We need to process your Personal Data to create, provision and administer your account with SUSE, to ensure the security of your account, to provide account related services such as password recovery, multi-factor authentication as well as to provision your access to SUSE services which rely on the Okta authentication system. Where necessary, we may need to use the Personal Data processed to contact you with respect to issues with your account.
Categories of Personal Data processed
Grounds for Processing
Where a contractual relationship (e.g. whereunder SUSE provides product support) exists or is being created between us, we process your Personal Data according to Art 6 1(b) GDPR. Otherwise, we process your Personal Data according to Art 6 1(f) GDPR, under which it is our legitimate interest to process your Personal Data to be able to provide the Okta authentication system and to be able to contact you (see above). Given that we keep the Personal Data we need to process to provide these services to you at a minimum and that we do not believe you are disadvantaged in any way by using our Developer Portal, we believe that this represents a fair balancing of interests.
Recipients of Personal Data
Appendix A (Your Rights)
You have the right:
- pursuant to Article 7 (3) GDPR, to revoke your consent to us at any time, for Personal Data shared externally. Thereafter, we will not be allowed to continue the data processing based on your revoked consent for the future.
- pursuant to Article 15 GDPR, to request information about your Personal Data processed by us. In particular, you may request information about the processing purposes, the categories of Personal Data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right of rectification, deletion, limitation of processing or opposition, the existence of a right to complain, the source of their data, if not collected from us, and the existence of automated decision-making, including profiling, and - if necessary - meaningful information about their details.
- pursuant to Article 16 GDPR, to immediately demand the correction of incorrect or completed Personal Data stored by us.
- pursuant to Article 17 GDPR, to demand the deletion of your Personal Data stored by us, except where the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
- pursuant to Article 18 GDPR, to demand the restriction of the processing of your Personal Data, insofar as the accuracy of such Personal Data is disputed by you; or the processing is unlawful, you reject the deletion of such unlawfully processed Personal Data and we no longer need the Personal Data, but where you assert, exercise or defence of legal claims or you have objected to the processing in accordance with Article 21 GDPR.
- pursuant to Article 20 GDPR, to receive the Personal Data that you have provided to us in a structured, standard and machine-readable format or to request the transfer to another controller.
- pursuant to Article 77 GDPR, to complain to a supervisory authority. For example, you can contact the supervisory authority of your location or workplace or our corporate office (see Appendix A)
To exercise any of the rights listed above, please contact firstname.lastname@example.org. For Personal Data shared externally, you can revoke your consent at any time, effective for the future by sending email to email@example.com. This will not affect the legitimacy of processing under the consent up to the time of revocation.
Information about your right of objection under Article 21 GDPR
Case-specific Right of Objection
You have the right at any time, for reasons arising out of your particular situation, to object to the processing of your Personal Data pursuant to Article 6 (1)(e) GDPR (Data Processing in the Public Interest) and Article 6 (1)(f) GDPR (Data processing on the basis of a balance of interests). This also applies to profiling based on this provision within the meaning of Article 4 (4) GDPR. Should you object, we will not further process your Personal Data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims. Your objection should be directed to firstname.lastname@example.org.