Table of Contents
3. Regulatory registration
4. Contacting Us
5. Your Usage of websites
6. What information we collect related to you
7. Retention of data
8. Disclosure of data
9. Adaptavist Third Parties
10. Overview of Cookies and Pixels
11. Specific Types of Cookies and Pixels
12. Product Data
13. Interaction Data
14. Transactional and Commerce Data
For the purposes of this Agreement, ‘We’ and ‘Us’ refer interchangeably to Adaptavist and any affiliates in the Adaptavist Group.
The terms below shall have the following meanings:
2.1 "Personal Data Breach," "Controller," "Processor", "Data Subject", "Personal Data", "Processing," "Special Category Data", and "appropriate technical and organisational measures” as used in this Policy shall have the meanings given in the GDPR irrespective of whether GDPR, UK GDPR, or U.S. Data Protection Law applies.
2.2. "Data Protection Law" means European Data Protection Law including UK GDPR and U.S. Data Protection Law that are applicable to the processing of Personal Data under this Policy.
2.3. "European Data Protection Law" means any data protection and privacy laws of Europe applicable to the Personal Data in question, including where applicable
2.3.1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)("GDPR"); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) any applicable national implementations of (i) and (ii); (iv) the Swiss Federal Data Protection Act of 19 June 1992 and its Ordinance; and (v) in respect of the United Kingdom, the Data Protection Act 2018, UK GDPR and any applicable national legislation that replaces or converts in domestic law the GDPR or any other law relating to data and privacy as a consequence of the United Kingdom leaving the European Union; in each case as may be amended, superseded or replaced from time to time;
2.4 “U.S. Data Protection Law” means data protection or privacy laws applicable to Personal Data in force within the United States, including the California Consumer Privacy Act (“CCPA”).
3 Regulatory registration
As part of the requirements of the General Data Protection Regulation (GDPR), Adaptavist have registered with the Data Commissioner in the United Kingdom and you can see our notification report on their website (after clicking the search link, enter "Adaptavist" as the name and click the ‘Search Register’ button).
Any information collected on behalf of Adaptavist will be collected, stored and processed by Adaptavist within countries that comply with the GDPR. Primarily data is stored within UK / EU / USA data centers, all of which have the appropriate compliance frameworks – including support for GDPR.
Adaptavist is committed to working with you to ensure compliance with all applicable laws and regulations concerning the protection of Personal Data. Should you wish to exercise any of the rights outlined in this Policy, or have further queries with regards to this Policy, please contact us at firstname.lastname@example.org.
5 Your Usage of websites
5.1 Software downloads
We may make certain software available for download on our websites and may link to software on other, third party websites. This software may be created by Adaptavist, Adaptavist or by third party vendors. The software may be programmed to access our servers and/or third party servers in order for the software to operate and in order to check for program upgrades or enhancements. From time to time, new files may be added to your computer in order to upgrade the software or add new functionality to it. These changes may occur without notice to you. Use of such software will be governed by any associated or referenced terms and conditions, and instructions on uninstalling such software will similarly accompany or be referenced. In the event that such software is an Adaptavist product, use of the product will be governed by a separate Adaptavist End User License Agreement.
5.2 Privacy of other websites
Our websites may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we are not responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.
5.3 Users of age 16 and under
If you are aged 16 or under, please get your parent/guardian’s permission beforehand whenever you provide personal information to our websites. Users without this consent are not allowed to provide us with personal information.
5.4 Comments and Ratings
Should any pages on any of our systems allow posting of comments, your username may be associated with any comments (except in areas where anonymous comments are permitted, your post and username will be displayed alongside those comments to anyone who has access to see them).
5.5 Offensive language and behaviour
Adaptavist reserves the right to, at its sole discretion, remove any content on its websites.
Adaptavist reserves the right to remove content and to remove any user’s access to its Services for content which is offensive, abusive, provocative or for discriminatory language posted on or sent through our Services, at its sole discretion.
6 What information we collect related to you
6.1 Information we get
When you use our Services or have any Interactions with Us, We may collect data related to you, your use of Services, and Interactions. Broadly speaking, this data can be categorised as:
- Cookies and Pixels,
- Product Data (data generated through use of our products in various forms),
- Interaction data (data generated through interactions with us on phone, via email, via the website, or other means), and
- Transactional and Commerce Data (data generated through an actual order or sale of a product or service).
This data (which may include Personal Data) can be described in more detail as:
- Identification information, which may include name, email address, billing or shipping addresses, telephone numbers, screen names, user IDs (potentially with password). This might also include IP addresses;
- Commercial information, which may include payment or financial information which would be appropriately handled (for example through a third party payment platform);
- Technical platform information, which relates to the technical means by which you interact with us, such as operating system, web server type, browser type, or other information regarding your device;
- Web related information, including things such as referring domain;
- Activities related to your use of Services, including website use and records of actions and activities, including search, and communication preferences;
- Educational information, which includes your education history; grades
- Professional information, such as employer or organisational affiliation for a customer or partner; the contents of your resume;
- Geolocation data, which might be extrapolated from other data;
- Communication information, which may include audio, electronic, visual information, as well as any data in any files uploaded, emailed or otherwise provided, and the contents of your communications with us via email, social media, telephone or voice calls, or via whatever Interaction you participated in.
6.2 How we get the information
We collect data, including Personal Data, from a variety of sources depending on the nature of the Services you use or Interaction you have. Sources may include:
- Your direct submission: You may provide information to us via one of our Services or via Interactions. This may be unstructured information (such as that in an email) or a response to a survey, web-form, or other data gathering mechanism.
- This includes Personal Data (including for example, names and e-mail addresses) provided by You or your users or (if applicable) your customers using the Adaptavist services
- Indirectly via your use: We may collect information from you in the course of your using Services or our providing services to you. For example, We may observe your actions on one of our websites.
- From Third Parties: We may be provided, or collect, information from various third parties with whom We may contract, or share an integrated service, in connection with our Services. For example:
- third party vendors that help us build or supplement contact lists or information, for example webinar platforms or market intelligence providers; and
- third parties that help us verify records or enrich information We capture about you; and
- third party providers of services (such as online recruiting services) whereby information is sent to us automatically or via request; and
- transactional information from third parties, including information regarding your purchases or evaluations of any of our Services. This may include data from companies such as Atlassian (via Atlassian Marketplace or other means).
6.3 Use of your information
To the extent permitted by law, We will use data provided, including Personal Data, to:
- Provide our Services, including their administration, operation and support, communications related to the Services, and commercial related aspects such as purchasing;
- Meet our legal and regulatory obligations, such as in the area of security;
- Carry out marketing including advertising of our Services, which may include passing your information to external social media platforms (see Marketing Providers) for profiling & deriving new target audiences to whom We may advertise on those platforms.
• All marketing email communications from Adaptavist shall provide the option to unsubscribe at any time.
7 Retention of data
With regards specifically to Personal Data, We will keep and process your Personal Data only for as long as is necessary for the purposes for which it was collected, unless We have a legal obligation to retain the data for a longer period.
Where We disclose Personal Data to third parties who act as a Processor, this data will be retained by the third party in accordance with our specific requirements.
8 Disclosure of data
In general, there are various people within the Adaptavist Group who may need access to the information that you provide us. They may need this for technical, commercial or compliance reasons, and this will be done in accordance with Adaptavist Group’s internal access control policy.
8.2 Access and administration
The information you provide to us will be held on our computers and may be accessed by or given to our staff, affiliates or subcontractors. You should be aware that the administrator of the Services may be able to:
- access information in and about your account;
- disclose, restrict, or access information that you have provided or that is made available to you when using your account, and;
- control how your account may be accessed or deleted.
8.3 Promotional reference
Clients who purchase goods or services from Us may be referenced in our promotional material and websites. We may identify you by name, trade name, logo and trademark. Should you not want to be listed, please contact us at here.
8.4 Third parties and sub-processors
We may use information you provide, including Personal Data, in conjunction with third parties, who may act as Sub-Processor of such data. See Adaptavist Third Parties (below) for more information.
8.5 Joint ventures, mergers and acquisitions
Finally, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.
9 Adaptavist Third Parties
We collaborate with third parties that help us operate, provide, improve, integrate, customise, and support our Services.
9.2 Service Providers
9.3 Marketing Providers
We work with third-party service providers to enable us to further market and advertise our Services. In order to do this, We may provide them with Personal Data which will be processed in a manner compliant with the appropriate Data Protection Law. Marketing Providers may establish a profile of potential people to whom We might advertise, based on data We provide them. Marketing Providers may include, but are not limited to the following and any further third parties listed in section "Cookies and Pixels:"
9.4 Integrated Partners:
Our products integrate with third parties products. We may share your information with these third parties in connection with their services, which will be described in relevant product documentation. Additionally, you may choose to make use of third-party add-ons in conjunction with Adaptavist services (or independently). Third-party add-ons are software written by third-parties to which you grant access privileges to your content. We may also share information with these third parties where you have agreed to that sharing. Adaptavist Integrated Partners may include, but are not limited to:
12 Product Data
There are various forms of data that are generated and collected from your use of products. Reasonable efforts are made to encrypt or encode Personal Data data where we know it is present in Product Data.
Broadly, the data generated and collected from your use of products can be categorised as follows:
12.1 Data Types: In-Product Analytics
We analyse behaviour patterns in order to develop product improvements. Such data is exclusively used in order to improve our Services. Adaptavist may capture information such as the page that is viewed, the referrer, or the actions actions performed (such as a clicked button). Note that:
- IP addresses may be supplied and in some cases can be resolved to a person, which would render them Personal Data.
- In some cases, We track the software instance that data comes from. In the Atlassian context, this ties to an Enablement ID or a SEN number.
- You can also set your firewall to disallow (block) this traffic.
12.2 Data Types: Diagnostic Data ( Error Logs data )
Our Cloud Apps track errors of our Cloud Apps' resources executed in the end users' browsers in real-time. This includes for example AddOnKey, ClientKey, BaseUrl, anonymised TrackingID, error messages and information about the environment such as browser type, browser version and operating system. It is exclusively used in order to improve our service.
Additionally, web services hosted in our own infrastructure log information, warning and error messages that may contain information about specific web requests or actions taken as part of a Cloud App's usage. AddOnKey, ClientKey, BaseUrl, AccountId and other context specific information including references to entities within Jira Cloud or Confluence Cloud are included. These logs are stored for 90 days (or as specified in the applicable product technical documentation at https://docs.adaptavist.com/) and are used for diagnostic and service improvement purposes only.
In addition, by seeking product support, you may provide log and other information, voluntarily, to our Support staff for analysis and review. It is possible that this can contain Personal Data depending on how you use and configure your products and systems. Application logs may be sent to sub-processors or stored.
12.2.1 Log and supplied information
This is information given voluntarily by a client to our support staff by a client. In theory, this could contain Personal Data embedded within user generated content. This depends on how the client manages Personal Data.
Some of this data may be processed and stored on Adaptavist’s AWS based servers.
12.2.2 General Diagnostics
This includes error detection and alerting data. Sentry is running in browser and will diagnose issues. An End User’s IP address is included in the data sent to Sentry, and this can at times be resolved to an individual, which means it can be Personal Data.
This information is sent to Sentry for processing and storage. Depending on configuration, information may also be sent to Slack as there is a slack add-on for notifications.
12.2.3 Aggregated Diagnostics and Session Data
This includes data from each customer’s use of products, for example, usage statistics of product functionality such as the total number of product functions used per day. This data is anonymised. Therefore, we cannot identify the end user this data relates to.
Datadog is used for monitoring synthesized values and metrics such as those outlined above, or CPU usage and requests per second.
Application metrics are sent to Datadog or AWS for analysis and reporting in order for us to monitor the application’s performance. This will include anonymised organisational data and aggregated data, but no Personal Data by design.
12.3 Data Types: General Data
This includes user generated or configured content or data such as scripts or configuration of cloud based products.
- We store customer scripts for specific Cloud Apps such as ScriptRunner for Jira Cloud, Enhanced Search (JQL and Subqueries), ScriptRunner Connect, ScriptRunner for Confluence Cloud as well as queries (encrypted), inside our own infrastructure hosted on AWS and managed and operated by Adaptavist. There may be a few exceptions where, for example, select low-risk ScriptRunner Cloud data is still hosted on Jira Cloud (Atlassian) storage.
- By design there is normally no Personal Data contained in this data category, though an end user may at their choice configure the products otherwise.
12.4 Data Types: Administrative data
If you are using our Hosted Services for Atlassian Cloud products, Adaptavist may have access to data available to an administrator based on the specific applications scopes granted (please see https://confluence.atlassian.com/upm/atlassian-connect-app-scopes-445186491.html for more information on application scopes). Access to this information is strictly controlled and will only be used for specific application functionality which requires it and support services such as initial configuration, routine maintenance such as backups and changes to server configuration and also any bespoke content production or alterations We make upon your request.
In addition, Atlassian will have to retain a copy of your contact details and license key of the Atlassian products for their own records, along with any correspondence you may have with them directly.
12.5 Data Types: Personal Profile Data
Integrated Partners such as Atlassian have very specific ways of defining Personal Data. For Atlassian, this includes data held in a specific set of tables and for a narrow purpose of logically identifying users. Such data may also be processed by service providers such as AWS Cognito or Auth0 in order to enable profile related product features for Adaptavist offerings.
This data does not include information which may still resolve to an individual (i.e. Personal Data within the definition prescribed by the GDPR) and which may be embedded in content throughout various applications.
In order to ensure we harmonise in certain instances with our Integrated Partners from a policy standpoint, we recognise this distinctive category of data as Personal Profile Data.
12.6 On-premises products versus Hosted Services (including Cloud Apps)
Adaptavist provides on-premises products for which you can acquire a license to use. Use of such products is governed by the Adaptavist End User License Agreement. On-premises products include Atlassian-based "Server" and "Data Center" variants of our products. These products, by their nature, will be installed in an environment that a client controls.
Adaptavist also provides hosted products for Atlassian Cloud and in addition, Adaptavist provides products for Slack and Trello; all together, these are our "Cloud Apps" and Cloud Apps are part of "Hosted Services," which also contain other online services that may be made available by Adaptavist.
Regarding Cloud Apps:
12.7 Hosted Services: Note on Slack apps
When you install Slack apps created by Adaptavist into your Slack workspace, you acknowledge and understand that other users of your Slack workspace may be able to interact with Adaptavist and as such their Personal Data may be visible to Adaptavist. Adaptavist does not record, disseminate or share with third parties any personally identifiable data from other users of your workspace. However, statistical data (such as the number of users in the Slack workspace) is monitored for the purposes of improving, tracking and developing the software only.
13 Interaction Data
This is the sum of the digital presence which may be left behind as a result of any Interactions you may have had with Adaptavist or its affiliates which falls outside of the scope of a formalised agreement. This includes , but is not limited to, any information you may provide us through our website(s), through any communications you may have with Adaptavist or any Adaptavist or Adaptavist Group employee in the course of their employment, or through any social media platform. You warrant not to provide Adaptavist with any Special Category Data through such Interactions unless explicitly requested by Adaptavist.
14 Transactional and Commerce Data
Data regarding any orders / purchases for use of our Services is referred to as Transactional and Commerce Data. This includes (but is not limited to) orders / purchases of:
- licenses to use our software (including products) in whatever form,
- licenses to use 3rd party software, or services, sold through Adaptavist.
Transactional and Commerce Data may be provided to us via your placing an order on the phone, via our own online marketplace facilities, via 3rd party marketplace facilities such as the Atlassian Marketplace, our website, officially authorised 3rd party partners or representatives, or other sources.
When placing orders / making purchases, it is important to note and agree to any terms and conditions imposed by third parties, such as Service Providers with whom we may be working to facilitate the order or purchase.
For user research (including survey) activities We will collect the data, including personal data, which is described in a research or survey description or its accompanying user research activity information document, for the purposes as set out in that same document.
You have the right to request and obtain a copy of all your personal data and any data derived from it.
We are the data controller for your personal data collected and processed as part of this research, and you agree that We may process your personal data based on your consent. We will use your personal data within Adaptavist and its affiliates only for research and informational purposes and to comply with applicable data protection laws. We will try to anonymize your data to the extent that this is feasible. No special category data (as defined in GDPR) is collected as part of this research. We will erase your data on your written request to us.