Information on Data Processing for SUSE Developer Portal


You are about to participate in SUSE’s Developer Portal. In order to facilitate your participation and to administer the Developer Portal, SUSE Software Solutions Germany GmbH and its corporate affiliates (“SUSE Group”) must process certain personal data which you provide (“Personal Data”).


The controller of the processing for the purposes of Article 4(7) GDPR is SUSE Software Solutions Germany GmbH, Maxfeldstraße 5, 90409 Nuremberg, Germany. SUSE’s Data Protection Officer is Mr. Stefan Eigler, TÜV Rheinland i-Sec GmbH, Am Grauen Stein, 51105 Cologne, Germany. The SUSE Group privacy policy is available at

Purpose of Processing

We need to process your Personal Data to provision and administer your account, to audit/monitor your use of the services to ensure fairness of usage with other users, to allow you to request and be provided with support (if applicable), to allow you to collaborate within the Developer Portal as well as to send you information about the Developer Portal and how SUSE’s associated products and services are typically used by developers, from time to time.

Categories of Personal Data processed

We expect to process Personal Data such as your chosen username, your first and last name, your email, your company affiliation and role (if applicable), your location (country, postal code) as well as any information you share with us, including without limitation in emails, forum, free text fields. We ask you to never include sensitive categories of Personal Data (see Art 9 GDPR)  when you use our Developer Portal.

Grounds for Processing

We are processing your Personal Data according to Art 6 1(f) GDPR, under which it is our legitimate interest to process your Personal Data to be able to provide the Developer Portal  and to be able to contact you (see above). Given that we keep the Personal Data we need to process to provide these services to you at a minimum and that we do not believe you are disadvantaged in any way by using our Developer Portal, we believe that this represents a fair balancing of interests. 

Recipients of Personal Data

The Personal Data will be processed by those SUSE Group employees who are responsible for the day-to-day running of the Developer Portal. Transfer of your Personal Data to SUSE Group entities outside the EEA is covered by a multi-entity data processing agreement which incorporates the Standard Contractual Clauses (“model clauses”).  Additionally, SUSE uses a processor, Amazon AWS us-west-2 region to provide and deploy the Developer Portal infrastructure. A data processing agreement is in place between Amazon AWS and SUSE which incorporates the standard contractual clauses. While we currently use the AWS Identity service for authentication, we may migrate to the Okta service used by SUSE in the future. You hereby agree that we may, at our discretion, add Okta as a processor of your Personal Data if and when this occurs. Should we wish to add additional processors, you will be notified and will have an opportunity to terminate your use of the Developer Portal should you object to such processor(s).

Deletion of Personal Data

We will permanently and irrevocably delete your Personal Data six (6) months after the date on which your participation in the SUSE Developer Program is terminated.

Appendix A (Your Rights)

You have the right:

  • pursuant to Article 7 (3) GDPR, to revoke your consent to us at any time, for Personal Data shared externally. Thereafter, we will not be allowed to continue the data processing based on your revoked consent for the future.
  • pursuant to Article 15 GDPR, to request information about your Personal Data processed by us. In particular, you may request information about the processing purposes, the categories of Personal Data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right of rectification, deletion, limitation of processing or opposition, the existence of a right to complain, the source of their data, if not collected from us, and the existence of automated decision-making, including profiling, and – if necessary – meaningful information about their details.
  • pursuant to Article 16 GDPR, to immediately demand the correction of incorrect or completed Personal Data stored by us.
  • pursuant to Article 17 GDPR, to demand the deletion of your Personal Data stored by us, except where the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
  • pursuant to Article 18 GDPR, to demand the restriction of the processing of your Personal Data, insofar as the accuracy of such Personal Data is disputed by you; or the processing is unlawful, you reject the deletion of such unlawfully processed Personal Data and we no longer need the Personal Data, but where you  assert, exercise or defence of legal claims or you have objected to the processing in accordance with Article 21 GDPR.
  • pursuant to Article 20 GDPR, to receive the Personal Data that you have provided to us in a structured, standard and machine-readable format or to request the transfer to another controller.
  • pursuant to Article 77 GDPR, to complain to a supervisory authority. For example, you can contact the supervisory authority of your location or workplace or our corporate office (see Appendix A)

To exercise any of the rights listed above, please contact For Personal Data shared externally, you can revoke your consent at any time, effective for the future by sending email to This will not affect the legitimacy of processing under the consent up to the time of revocation.

Information about your right of objection under Article 21 GDPR

Case-specific Right of Objection
You have the right at any time, for reasons arising out of your particular situation, to object to the processing of your Personal Data pursuant to Article 6 (1)(e) GDPR (Data Processing in the Public Interest) and Article 6 (1)(f) GDPR (Data processing on the basis of a balance of interests). This also applies to profiling based on this provision within the meaning of Article 4 (4) GDPR. Should you object, we will not further process your Personal Data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims. Your objection should be directed to