A. HOW WE COLLECT AND USE PERSONAL DATA
1. Information You Provide to Us
If you communicate with us, register an account for an Appfire Service (directly with Appfire or through the Atlassian marketplace), sign up to receive materials from us, attend an Appfire event, or participate in an Appfire online community, you may provide us with Business Contact Information such as your name, employer, postal address, telephone number, and email address. Another person or entity, such as your employer, may also provide us with your contact information so that we can communicate with you as part of providing our Services or about the possibility of providing Services. We use this information to create and maintain your account for the Services, bill and receive payment for the Services, provide you with information about existing and new products and services, and to facilitate your participation at our events and online communities. We do not sell personal data to anyone and only share it with third parties who facilitate the delivery of our Services or to communicate about our Services. Therefore, our use of these data is for the fulfillment of a contract or to fulfill a compelling legitimate interest of Appfire as provided for under Article 6 of the European Union General Data Privacy Regulation (“GDPR”). For certain communications about new Appfire products and services, we may rely on your consent as the lawful basis for processing personal data.
2. Information We Collect Automatically
As is the case with most websites, Appfire’s websites collect certain information automatically and stores the information in log files. The information may include internet protocol (“IP”) addresses, the region or general location where your computer or devices is accessing the internet, browser type, operating system and other information about the use of our website. We may use this information to help design our websites to better suit our users’ needs.We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. The lawful basis for processing these data is that Appfire has a legitimate interest in understanding how customers and potential customers use our website. These data may also assist in identifying and responding to data security incidents.
B. CHILDREN'S PRIVACY
Our Services are not directed to or intended for use by children. Consistent with the requirements of the US Children’s Online Privacy Protection Act, the GDPR, and all other applicable laws and regulations, if we learn that we have received information directly from a child under age 16 without his or her parent’s or legal guardian’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use our Services. Subsequently, we will delete such information.
C. HOW WE SHARE PERSONAL DATA
The personal data we collect is stored in one or more databases hosted by third parties. These third parties do not use or have access to this personal data for any purpose other than cloud storage and retrieval. Occasionally, Appfire engages a third party to perform bulk emailing services, and the third party’s use of personal information is restricted to the provision of that service. A list of third party service providers used by Appfire is listed at http://appfire.com/gdpr/third-party-processors.
If we determine it to be necessary, we may also disclose your personal data to a third party: (i) to respond to an emergency or act of God; (ii) to comply with a legal requirement such as a court order, search warrant, or subpoena; (iii) to protect the legitimate rights, privacy, property, interest or safety of Appfire, our personnel, customers, business partners or the general public; (iv) to address disputes, claims or to persons demonstrating legal authority to act on your behalf; (v) in relation to a change in ownership or control of Appfire such as a merger, sale, acquisition, or insolvency; or (vi) to prevent, detect actual or potential fraud or other illegal activities.
D. LINKS TO OTHER WEBSITES
E. INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA
Appfire is a global company and our Services are used by companies around the world. Information we collect from you may be processed or stored in United States where no adequacy decision of the European Commission exists under GDPR Art. 45. Appfire relies on derogations for specific situations as set forth in GDPR Art. 49 when we undertake transfers of personal data from the EEA to countries without European Commission adequacy findings, specifically: (i) based on your consent; (ii) to perform a contract with you; (iii) or to fulfill a compelling legitimate interest of Appfire in a manner that does not outweigh your rights or freedoms. For vendors outside of the EEA, whenever feasible, we either use a vendor subject to a jurisdiction for which an adequacy decision of the European Commission exists (including the EU-US Privacy Shield where the recipient is a participant), or there are adequate safeguards such as the Standard Contract Clauses or Binding Corporate Rules.
F. YOUR RIGHTS
Under the GDPR, residents of the EEA have important rights regarding access to and control of your personal data, including:
- Right of Access: You have the right to ascertain what type of personal data Appfire holds about you and to a copy of this personal data.
- Right to Complain: You have the right to file a complaint regarding the processing of your personal data to the Supervisory Authority of your Member State.
- Right of Erasure: In certain circumstances you may request that we delete the personal data that we hold about you.
- Right to Object: When we rely on our legitimate interests to process personal data, you have a right to object to this use. We will stop processing your personal information unless we can demonstrate an overriding legitimate interest in continued processing.
- Right to Portability: You may request that we provide you with certain personal data which you have given us in a structured, commonly used and machine-readable format and you may request that we transmit your personal data directly to another data controller where this is technically feasible.
- Right to Rectification: You have the right to have any inaccurate personal data which we hold about you updated or corrected.
- Right to Restriction: You have the right to request that we stop using your personal data in certain circumstances including if you believe that the personal data we hold about you is inaccurate or that our use of your personal data is unlawful. If you validly exercise this right, we will store your personal data and will not carry out any other processing until the issue is resolved.
Please bear in mind that your rights in relation to your personal data are not absolute and that we must be cognizant of our legal obligations. If you choose to exercise some of your rights, we may not be able to perform the actions necessary to provide the Services or otherwise achieve the purposes set forth above.
You can exercise these rights by contacting us using the information in the Contact Us section below. We may request that you provide proof of your identity for security reasons and in order to prevent the unauthorized disclosure or misuse of personal data. We will only charge you for requests to access your personal data where they are unreasonable, unfounded or excessive. If we are unable to honor your request, or before we charge a fee, we will let you know why.
G. RETENTION OF PERSONAL DATA
We will keep your personal data for the time necessary to fulfill the purposes for which it was collected, including any legal, accounting or reporting requirements. To determine the appropriate retention period, we consider the categories, amount, nature and sensitivity of personal data, the potential risk of harm from unauthorized use of disclosure of the personal data, the purposes for which we process the personal data, if we can achieve the purposes through other means, and the applicable legal requirements.
H. SECURITY OF PERSONAL DATA
Appfire will maintain appropriate security measures to minimize the risk that personal data will be lost, used without authorization, or accessed without authorization. We limit access to your personal information to those who have a legitimate business need to use it. Those who process your information will do so only in an authorized manner and are subject to a duty of confidentiality. We have implemented procedures to deal with suspected security incidents involving personal data and will notify the applicable regulator(s) and you of such incidents as required by applicable law.
J. CONTACT US, MANAGE YOUR PERSONAL DATA
Individuals in the EEA also have the right to file a complaint with the Supervisory Authority of their Member State.
Last updated: May 1, 2018