NDA

[guaka]

• [x] Work in progress, v0.1 at https://docs.google.com/document/d/1mP3cwLBZrmUbyWyvVKYOahd3srQfYuL2McthXjVQnE0/edit
• [x] Get folks to sign it
• [ ] Get more feedback
• [ ] Check https://dochub.com/

[guaka]

docracy is shutting down. I want a good enough alternative (not: printing, signing, scanning).

[guaka]

better, just need to translate it into English:

wird folgende Vereinbarung für die Vergabe von “Orgarechten” auf foodsharing.de geschlossen:Der/Die UnterzeichnerIn erhält Zugänge zu erweiterten Kommunikationskanälen von foodsharingund damit zu vertraulichen Informationen über foodsharing sowie dessen AkteurInnen.Informationen im Sinn dieser Vereinbarung sind alle mündlichen oder schriftlichen Informationen,Daten und Mate​rialien, zu denen der/die UnterzeichnerIn direkt oder indirekt durch die Orgarechteund generell durch den Nutzeraccount Zugang erhält.

Der/Die UnterzeichnerIn verpflichtet sich, alle ihm direkt oder indirekt zur Kenntnis gekommenenvertraulichen Informationen strikt vertraulich zu behandeln.Ohne eine vorherige schriftliche Zustimmung vom foodsharing e.V. sind keine Informationen zuverwenden, zu verwerten oder an Dritte weiterzugeben. Ggf. stellt der/die UnterzeichnerIn dazusicher, dass Dritte ebenfalls die vorliegende Vertraulichkeits​vereinbarung unterzeichnen und dassdiese Vereinbarung dem foodsharing e.V. zugestellt wurde; nur dann kann die schriftlicheZustimmung zur Weitergabe erteilt werden.

Der/Die UnterzeichnerIn wird selbständig alle geeigneten Vorkehrungen treffen, um dieVertraulichkeit sicherzustellen. Die Pflicht zur absoluten Vertraulichkeit dauert auch nach Entzug derOrgarechte an und gilt auch für Rechtsnachfolger der Parteien. Auf Verlangen sind ausgehändigteUnterlagen einschließlich aller angefertigten Kopien, Arbeitsunterlagen und -Materialienzurückzugeben.

Der/Die UnterzeichnerIn haftet für alle Schäden in vollem Umfang, die foodsharing durch Verletzungseiner Pflichten entstehen. Änderungen und Ergänzungen dieser Vereinbarung bedürfen derSchriftform. Diese Vereinbarung unterliegt dem Deutschen Recht. Gerichtsstand ist Köln

[simison]

I want a good enough alternative (not: printing, signing, scanning).

Let's do electronic signatures, works pretty well these days: https://www.howtogeek.com/164668/how-to-electronically-sign-documents-without-printing-and-scanning-them/

[guaka]

Alexandre: "I cannot wrap my head around point 2, english is not my primary language and the sentence is extremely long." Yes. This is silly:

"Without granting any right or license, the Disclosing Party agrees that the foregoing shall not apply with respect to any information after five years following the disclosure thereof or any information that the Receiving Party can document (i) is or becomes (through no improper action or inaction by the Receiving Party or any affiliate, agent, consultant or employee) generally available to the public, or (ii) was in its possession or known by it prior to receipt from the Disclosing Party as evidenced in writing, except to the extent that such information was unlawfully appropriated, or (iii) was rightfully disclosed to it by a third party, or (iv) was independently developed without use of any Proprietary Information of the Disclosing Party. The Receiving Party may make disclosures required by law or court order provided the Receiving Party uses diligent reasonable efforts to limit disclosure and has allowed the Disclosing Party to seek a protective order."

What shall we do? Try to simplify it, or ditch it?

[aoifehegarty]

Mother of all thats holy...thats some terrible legal english. I´m native and it needs some unpacking. This is the kind of thing lawyers write to keep themselves in business. Simplify if we cant find anything better...

[guaka]

Or approach it in another way, write down what we want and then let a lawyer look at that?

On Wed, 3 Oct 2018 at 14:43, Aoife (Eefa) Hegarty notifications@github.com wrote:

Mother of all thats holy...thats some terrible legal english. I´m native and it needs some unpacking. This is the kind of thing lawyers write to keep themselves in business. Simplify if we cant find anything better...

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/Trustroots/community/issues/11#issuecomment-426623389, or mute the thread https://github.com/notifications/unsubscribe-auth/AADVyOrE_43Z2bZiD2Gr0LnENozNINxjks5uhLDjgaJpZM4UTQxA .

-- sent from my phone

[aoifehegarty]

That may very well work better, most of the contracts I deal with are mostly straightforward english. Something like this maybe:

The Foundation = Trustroots Foundation Contributor = name of the person who is volunteering. Member = User of any services, platform or software built, maintained or owned by the Foundation

Being located in the EU, the Foundation is bound by GDPR. Thus Contributor shall comply with all the regulations of GDPR, specifically shall not disclose or keep any personal details of any Member. The Contributor will make all efforts to protect the privacy of all Members during and after working with the Foundation.

Then there would need to clauses about not running off the code base and trying to sell it!

[guaka]

Then there would need to clauses about not running off the code base and trying to sell it!

No need, the code base is not really of any value without data.

Your start looks good actually.

My changes below:

• making it more precise
• I want it also to apply if someone is paid to contribute.
• added: "The Contributor will remove any personal details of Members from their any personal devices when requested so by the Foundation."
• added signing stuff, then realized it's ok if it's just signed by the contributor
• added some points

Trustroots privacy and data protection NDA version 0.1

The Foundation = Trustroots Foundation, a non-profit Limited by Guarantee (LBG) under section 60 exemption, registered in the United Kingdom in March 2015 Contributor = the person who is contributing (unpaid or paid) Member = user of any services, platform or software built, maintained or owned by the Foundation

Being located in the EU, the Foundation is bound by GDPR (2016/679). Thus Contributor shall comply with all the regulations of GDPR, specifically shall not disclose or keep any personal details of any Member. The Contributor will make all efforts to protect the privacy of all Members during and after working with the Foundation. The Contributor will remove any personal details of Members from their any personal devices when requested so by the Foundation.

• Contributor uses strong passwords on devices that hold or have access to data.
• Devices that hold or with access to data are encrypted. This includes backups of devices.

Contributor name: ____ signature: date, location: __

[guaka]

I moved it to https://docs.google.com/document/d/1mP3cwLBZrmUbyWyvVKYOahd3srQfYuL2McthXjVQnE0/edit?usp=sharing - open for comments, happy to provide editing rights on request

[Lemoert]

@guaka Seeing as we use the NDA fairly frequently these days, would you reckon we can close this issue or is it still work in progress?

[guaka]

yes!