1. Information You Provide to Us
If you communicate with us, register an account for an Appfire Service (directly with Appfire or through the Atlassian marketplace), sign up to receive materials from us, attend an Appfire event, or participate in an Appfire online community, you may provide us with Business Contact Information such as your name, employer, postal address, telephone number, and email address. Another person or entity, such as your employer, may also provide us with your contact information so that we can communicate with you as part of providing our Services or about the possibility of providing Services. We use this information to create and maintain your account for the Services, bill and receive payment for the Services, provide you with information about existing and new products and services, and to facilitate your participation at our events and online communities. We do not sell personal data to anyone and only share it with third parties who facilitate the delivery of our Services or to communicate about our Services. Therefore, our use of these data is for the fulfillment of a contract or to fulfill a compelling legitimate interest of Appfire as provided for under Article 6 of the European Union General Data Privacy Regulation (“GDPR”). For certain communications about new Appfire products and services, we may rely on your consent as the lawful basis for processing personal data.
2. Information We Collect Automatically
As is the case with most websites, Appfire’s websites collect certain information automatically and stores the information in log files. The information may include internet protocol (“IP”) addresses, the region or general location where your computer or devices is accessing the internet, browser type, operating system and other information about the use of our website. We may use this information to help design our websites to better suit our users’ needs.We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. The lawful basis for processing these data is that Appfire has a legitimate interest in understanding how customers and potential customers use our website. These data may also assist in identifying and responding to data security incidents.
Our Services are not directed to or intended for use by children. Consistent with the requirements of the US Children’s Online Privacy Protection Act, the GDPR, and all other applicable laws and regulations, if we learn that we have received information directly from a child under age 16 without his or her parent’s or legal guardian’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use our Services. Subsequently, we will delete such information.
The personal data we collect is stored in one or more databases hosted by third parties. These third parties do not use or have access to this personal data for any purpose other than cloud storage and retrieval. Occasionally, Appfire engages a third party to perform bulk emailing services, and the third party’s use of personal information is restricted to the provision of that service. A list of third party service providers used by Appfire is listed at http://appfire.com/gdpr/third-party-processors.
If we determine it to be necessary, we may also disclose your personal data to a third party: (i) to respond to an emergency or act of God; (ii) to comply with a legal requirement such as a court order, search warrant, or subpoena; (iii) to protect the legitimate rights, privacy, property, interest or safety of Appfire, our personnel, customers, business partners or the general public; (iv) to address disputes, claims or to persons demonstrating legal authority to act on your behalf; (v) in relation to a change in ownership or control of Appfire such as a merger, sale, acquisition, or insolvency; or (vi) to prevent, detect actual or potential fraud or other illegal activities.
Appfire is a global company and our Services are used by companies around the world. Information we collect from you may be processed or stored in United States where no adequacy decision of the European Commission exists under GDPR Art. 45. Appfire relies on derogations for specific situations as set forth in GDPR Art. 49 when we undertake transfers of personal data from the EEA to countries without European Commission adequacy findings, specifically: (i) based on your consent; (ii) to perform a contract with you; (iii) or to fulfill a compelling legitimate interest of Appfire in a manner that does not outweigh your rights or freedoms. For vendors outside of the EEA, whenever feasible, we either use a vendor subject to a jurisdiction for which an adequacy decision of the European Commission exists (including the EU-US Privacy Shield where the recipient is a participant), or there are adequate safeguards such as the Standard Contract Clauses or Binding Corporate Rules.
Under the GDPR, residents of the EEA have important rights regarding access to and control of your personal data, including:
Please bear in mind that your rights in relation to your personal data are not absolute and that we must be cognizant of our legal obligations. If you choose to exercise some of your rights, we may not be able to perform the actions necessary to provide the Services or otherwise achieve the purposes set forth above.
You can exercise these rights by contacting us using the information in the Contact Us section below. We may request that you provide proof of your identity for security reasons and in order to prevent the unauthorized disclosure or misuse of personal data. We will only charge you for requests to access your personal data where they are unreasonable, unfounded or excessive. If we are unable to honor your request, or before we charge a fee, we will let you know why.
We will keep your personal data for the time necessary to fulfill the purposes for which it was collected, including any legal, accounting or reporting requirements. To determine the appropriate retention period, we consider the categories, amount, nature and sensitivity of personal data, the potential risk of harm from unauthorized use of disclosure of the personal data, the purposes for which we process the personal data, if we can achieve the purposes through other means, and the applicable legal requirements.
Appfire will maintain appropriate security measures to minimize the risk that personal data will be lost, used without authorization, or accessed without authorization. We limit access to your personal information to those who have a legitimate business need to use it. Those who process your information will do so only in an authorized manner and are subject to a duty of confidentiality. We have implemented procedures to deal with suspected security incidents involving personal data and will notify the applicable regulator(s) and you of such incidents as required by applicable law.
Individuals in the EEA also have the right to file a complaint with the Supervisory Authority of their Member State.
Last updated: May 1, 2018