1. Introduction
This Privacy Policy outlines how Łukasz Wiatrak Firnity (the “Service Provider”) collects, processes, uses, and protects Personal Data when the User interacts with the Application and related services, as well as when the User contacts the Service Provider for support or provides feedback (collectively referred to as the “Services”).
Roles of the Parties
In providing the Services, the User’s organization acts as the Data Controller, meaning the organization that determines the purposes and means of processing Personal Data. Łukasz Wiatrak Firnity, as the Data Processor, processes Personal Data on behalf of the Data Controller in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
Who Does This Policy Apply To?
This policy applies to Users, as defined in our Terms of Use, meaning any business entity or organization that purchases, accesses, or uses the Application for business purposes, including individuals acting on behalf of such entities.
By using the Application and related Services, the User acknowledges that they have read and understood this Privacy Policy. If the User does not agree with its terms, they must refrain from using the Application and Services.
2. Data Processing and Usage
2.1 What Personal Data Does the Service Provider Process?
The Service Provider processes only the minimum Personal Data necessary to provide and improve the Application and related Services. This may include:
Data from Jira Cloud
- Jira User Display Names and Avatars: Retrieved from the User’s Jira instance and used within the Application to facilitate communication between Jira and Discord.
- Jira Issue Content: Includes descriptions and other field values, comments, and attachments processed by the Application, which may contain Personal Data.
Data from Discord Users
When Discord users interact with the Application to create issues or tickets in Jira, the Service Provider processes:
- Discord Messages and Bot Command Values: Includes any content submitted, such as descriptions, comments, and attachments, which may contain Personal Data.
Support and Feedback Data
While providing support and improving the Services, the Service Provider may collect Personal Data that the User voluntarily provides, such as:
- Support Request Information: When the User contacts the Service Provider for support, we collect the User’s name, email address, and any other Personal Data provided during communications.
- Feedback and Communications: Any information the User provides when giving feedback or communicating directly with the Service Provider.
2.2 How Does the Service Provider Use Personal Data?
The Service Provider uses Personal Data to:
- Facilitate Integration: Enable seamless communication and task management between Discord and Jira for the User’s organization, including displaying user information in notifications and messages sent to Discord.
- Create Issues in Jira: Transmit the content submitted in Discord to the connected Jira instance to create corresponding issues or tickets.
- Provide Support and Improve Services: Respond to support requests and enhance the Application based on user feedback.
2.3 Data Minimization
The Service Provider adheres to the principle of data minimization and processes only the Personal Data necessary to provide the functionalities of the Application and Services.
2.4 No Automated Decision-Making
The Service Provider does not use Personal Data for automated decision-making or profiling that would significantly affect the User or data subjects.
3. Legal Basis for Processing
The Service Provider processes Personal Data in accordance with the General Data Protection Regulation (GDPR) and other applicable laws. The legal bases for processing are:
- Performance of a Contract (Article 6(1)(b) GDPR): Processing is necessary to provide the Application and Services as agreed with the User’s organization.
- Legitimate Interests (Article 6(1)(f) GDPR): Processing is necessary for the Service Provider’s legitimate interests in maintaining and improving the Application and Services, providing support, and ensuring security, without overriding the rights and freedoms of data subjects.
- Compliance with Legal Obligations (Article 6(1)(c) GDPR): Processing is necessary to comply with legal obligations to which the Service Provider is subject.
The User’s organization, as the Data Controller, is responsible for ensuring a valid legal basis for processing Personal Data within the Application and Services.
4. Data Sharing and Disclosure
4.1 Sub-Processors
The Service Provider may engage trusted third-party service providers (sub-processors) to assist in delivering the Application and related Services. These sub-processors process Personal Data on behalf of the Service Provider and are contractually obligated to maintain data security and confidentiality. List of Sub-processors is available on the Sub-Processors page.
4.2 Third-Party Platforms
As part of the Application’s functionality, Personal Data such as Jira User Display Names, Avatars and content may be shared with third-party platforms like Discord. Once transferred, the Service Provider has no control over how these platforms process, store, or secure the data. The User’s organization is responsible for ensuring that such transfers comply with applicable data protection laws.
4.3 Legal Obligations
The Service Provider may disclose Personal Data when required to do so by law or to comply with legal obligations, such as responding to court orders, legal processes, or governmental requests.
4.4 International Data Transfers
While the Service Provider stores and processes Personal Data within the EU, data transferred to third-party platforms like Discord may be stored outside the EU. The User’s organization is responsible for ensuring appropriate safeguards are in place for such international data transfers.
5. Security Measures
The Service Provider is committed to protecting Personal Data and implements appropriate technical and organizational measures to safeguard it against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Data Encryption: Personal Data is encrypted both in transit and at rest to ensure confidentiality.
- Access Controls: Strict access controls limit access to Personal Data to authorized personnel only.
- Regular Security Assessments: The Service Provider conducts regular reviews and assessments of its security practices to address potential vulnerabilities.
- Secure Hosting: Personal Data is hosted on secure servers within the European Union (EU) with reputable providers like Microsoft Azure.
6. Data Retention and Deletion
The Service Provider retains Personal Data only for as long as necessary to provide the Application and related Services, and to comply with legal obligations. Retention periods depend on the nature of the data and the requirements of the User’s organization. Upon termination of the agreement or at the request of the User’s organization, the Service Provider will delete or return all Personal Data in accordance with the terms outlined in the Data Processing Agreement (DPA).
7. User Rights
Individuals have certain rights regarding their Personal Data under the General Data Protection Regulation (GDPR) and other applicable laws. These rights include:
- Right of Access: To request confirmation of whether Personal Data is being processed and to access that data.
- Right to Rectification: To request correction of inaccurate or incomplete Personal Data.
- Right to Erasure: To request deletion of Personal Data under certain circumstances.
- Right to Restrict Processing: To request limitation on the processing of Personal Data under specific conditions.
- Right to Data Portability: To receive Personal Data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
- Right to Object: To object to the processing of Personal Data based on legitimate interests.
How to Exercise These Rights
Data subjects wishing to exercise their rights should contact the User’s organization, which acts as the Data Controller for their Personal Data. The Service Provider will assist the Data Controller in addressing such requests in accordance with the Data Processing Agreement (DPA) and applicable laws.
Individuals may also contact the Service Provider directly at contact@firnity.com. The Service Provider will coordinate with the Data Controller to address the request appropriately.
Verification of Identity
For security purposes, the Service Provider may need to verify the identity of the individual making the request to ensure that Personal Data is not disclosed to unauthorized parties.
8. Changes to This Privacy Policy
The Service Provider reserves the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page with an updated “Last Updated” date. The User is encouraged to review this Privacy Policy periodically for any updates. Continued use of the Application and Services after any changes constitutes acceptance of the revised Privacy Policy.
