You are User One of our platforms

What are your responsibilities and obligations as a user of this CommunityForge platform?

As a user of the platform, including if you are a member of the Committee, Local Admin or User One, you must be aware that your member profile contains all the information necessary for the proper functioning required within the platform: Name, First name, Address, City, Telephone number, Email address. You are responsible for this information included in your member profile.

Your profile informations are accessible to other users of the same platform except for the email address which works, in the background, when using the "contact" function and is only accessible to the platform administrators (Committee, Local Admin or User One). They are not accessible to visitors, and they are protected by CommunityForge's security systems and comply with the General Data Protection Regulation (GDPR).
Small concrete example: The users of the youpie LETS (dummy) have made the choice to activate the widest existing distribution tools at CommunityForge (offers and requests, intertrading, solsearch) which means that they want their ads to be visible not only by their LETS members but also by other LETS members who have made the same choice.
Even in this particular case, CommunityForge protects the personal data of its members: no personal information is published (unless the member himself/herself has included one of this information in the ad itself).

Only the information stored in your profile benefits from this protection. None of the information in your profile must therefore be replicated in the pages, advertisements, offers, wants, documents or others... or you will risk to leave the secure environment that we offer you.
You should be aware that this data is no longer protected by CommunityForge's security mechanisms and is therefore at risk of violation.

Any document attached to an offer or want is accessible to anyone who knows the specific URL address, for example by making a query via a search engine (example: plan with your contact details). However, information distributed on the Internet is extremely difficult to  be deleted because it is often replicated in search engine databases. 

It is thus strongly disadvised to you to put personal information except your profile. If you make them nevertheless, be aware of the risks you are taking (for example that your information can be spread on the Internet and used without your consent) and do not complain afterward.

What are your additional responsibilities and obligations as an administrator (Committee member or Local Admin) of your CommunityForge platform?

Any document attached to an offer, request, content "page", "event", "news", photos stored in photo albums can be accessed by anyone who has knowledge of the specific URL address, for example by making a query via a search engine.
You should be aware that such data is no longer protected by CommunityForge's security mechanisms and is therefore at risk of breach or spread over the Internet.
You should therefore under no circumstances put personal information of your members in these contents, except with the consent of the member.

For the record, on platforms provided by CommunityForge, “documents” content and their attachments are stored on a secure private space not accessible to ordinary visitors. 

Each user of the platform can choose to disclose their own personal data, but they must be aware of the consequences of this choice, as specified above.  It is up to you, the site administrators, to explain to your members how to use the platform correctly as explained above, and remind them of the risk incurred if they themselves put personal information in content outside their profile.

This configuration is the result of the majority requests from users of our platforms and Drupal's inherent functions.  If these choices do not suit you, you can exit CommunityForge's basic offering (Local Admin) and increase your responsibility and customization of your platform by requesting User One access or even hosting your platform on a server of your choice and ensuring GDPR compliance yourself.
See: http://helpdesk.communityforge.net/fr/les_formules_proposes  

You are responsible for the use that you make of your members' personal data extracted from your platform, and you must in no case distribute this data beyond the platform without the authorization of the members concerned, under penalty of violating the regulations and being in non-compliance.

Attention, if you are several to have an access administrator (local admin, committee), it is outlawed to use to several the same account administrator.  The law requires that each action can be identified in such a way that unlawful disclosure of data can be traced. You must therefore delete this joint account and have your own accounts that allow you to identify yourself unambiguously.

Exceeding the number of 5 people for the administration of a platform is not recommended on the GDPR reference documents. As a "local admin", you must ensure that this recommendation is respected.

The GDPR requires all data managers to establish a form that specifically identifies who is responsible for data management in your community. It is your responsibility to prepare this document and to keep it ready to be able to respond to any request made by the competent authorities. CommunityForge offers you a form to easily list this information.

Finally, you have the duty to be able to provide each of your members the information concerning them, recorded on your platform.  Members may, if they so wish, enforce their "right to forget" by deleting their own account as long as their balance is zero or positive.

What are your additional responsibilities and obligations as a User One on your CommunityForge platform?

As a "User One", in addition to the requirements concerning all administrators of our platforms listed above, you are required to verify that changes that have been made on your CommunityForge platform are consistent with the GDPR and in particular changes to roles, access, views displays, ... CommunityForge cannot be held responsible for such changes.
We guarantee that our hosting provider complies with the GDPR rules but we cannot guarantee that the modifications of rights that you assign to users to consult the data stored on your site, are in conformity. 

This is the case if, for example, you modify the members' view to show the list of their emails making it easily copyable and therefore diffusable..