PRIVACY POLICY
(hereinafter: “Privacy Policy”)
1. Introduction
1.1. Purpose and characteristics of Privacy Policy
Your privacy is very important to Service Provider because you give him your information in confidence, and the services he offers rely on it. This document explains what information is collected by the Discord for Jira application (“Application” as defined in the Terms of Use) and by the Service Provider while providing Services (“Services” as defined in the Terms of Use – especially services of support and feedback) – how Service Provider secures it, how and why it uses it, and what rights you have in connection with it.
1.2. Who is the Controller?
The controller of your personal data is Łukasz Wiatrak, doing business as “Łukasz Wiatrak Firnity” (the “Service Provider” as defined in the Terms of Use) with its registered seat in Kraków (address: ul. Zamknięta 10, loc. 1.5, 30‑554 Kraków, Poland), having Tax Identification Number (NIP): 5130127144 and Statistical Number (REGON): 520124248 (hereinafter referred to as “Service Provider”). You can contact Service Provider by phone: +48 693 066 020, and also via e‑mail at: contact@firnity.com.
If it follows from the legal relationship between Service Provider and User that Service Provider, pursuant to the DPA, is to act as a Personal Data Processor for a User who is a Controller, Service Provider processes Personal Data on the User’s behalf in accordance with this Privacy Policy.
1.3. Who does Privacy Policy apply to?
Privacy Policy applies to Users, as defined in our Terms of Use, meaning any business entity or organization that purchases, accesses, or uses Application for business purposes, including individuals acting on behalf of such entities.
If a User grants access to Application and Services to User’s related entities, Service Provider processes also their Personal Data as a Processor on the basis of the DPA, according to Article 28 GDPR.
By using Application and related Services, the User acknowledges that they have read and understood this Privacy Policy. If the User does not agree with its terms, they must refrain from using Application and Services.
1.4. Definitions
Capitalised terms in this Privacy Policy have the meanings given to them in this document or in the Terms of Use. In case of inconsistency, the meaning given here prevails.
2. How and why Your Personal Data is processed?
2.1. Reasons for Personal Data Processing
Service Provider processes your personal data in order to perform the Agreement between him and you with respect to accessing the functionality of Application and providing Services, as well as to fulfil tax obligations and accounting requirements.
Your personal data may also be processed for marketing purposes if you have consented to Service Provider sending you commercial information.
2.2. How does Service Provider use Personal Data?
Service Provider uses Personal Data to:
2.2.1. Facilitate integration: enable seamless communication and task management between Discord and Jira for User’s organization, including displaying user information and issue content in notifications and messages sent to Discord.
2.2.2. Create issues in Jira: transmit the content submitted in Discord to the connected Jira instance to create corresponding issues or tickets.
2.2.3. Provide support and improve services: respond to support requests and enhance Application based on user feedback.
2.2.4. Marketing: send you commercial information, if you have given your express consent.
3. Which Personal Data are processed?
Service Provider processes only the minimum Personal Data necessary to provide and improve Application and related Services or for marketing purposes. This may include:
3.1. Data from Jira Cloud
3.1.1. Jira User Display Names, Avatars and Account IDs: retrieved from User’s Jira instance and used within Application to facilitate communication between Jira and Discord.
3.1.2. Jira Issue Content: includes descriptions and other field values, comments and attachments processed by Application, which may contain Personal Data.
3.2. Data from Discord users
When Discord users interact with Application to create issues or tickets in Jira, Service Provider processes:
3.2.1. Discord User IDs, User Names, Discord Messages and Bot Command Values: includes any content submitted, such as descriptions, comments and attachments, which may contain Personal Data.
3.3. Other Services (support and feedback) data
While providing support and improving Services, Service Provider may collect Personal Data that User voluntarily provides, such as:
3.3.1. Support Request Information: when User contacts Service Provider for support, we collect User’s name, email address, and any other Personal Data provided during communications.
3.3.2. Feedback and Communications: any information User provides when giving feedback or communicating directly with Service Provider.
3.4. Marketing data
If you have given consent for receiving marketing content (commercial information), Service Provider may collect Personal Data that you have provided, such as:
3.4.1. Contact information, especially e‑mail address, user’s name or any other Personal Data provided with the consent.
4. To whom Your Personal Data is exposed?
4.1. Sub‑processors and entrusting Personal Data
Service Provider may engage trusted third‑party service providers (Sub‑processors) to assist in delivering Application and related Services. These Sub‑processors process Personal Data on behalf of Service Provider and are contractually obligated to maintain data security and confidentiality. A list of Sub‑processors is available on the Sub‑Processors page.
4.2. Third‑party platforms
As part of Application’s functionality, Personal Data may be shared with third‑party platforms. Once transferred, Service Provider has no control over how these platforms process, store or secure the data. User’s organization is responsible for ensuring that such transfers comply with applicable data protection laws. In particular, this refers to Jira, Discord and Atlassian (including other Atlassian software, programs and applications that are mandatory to use Jira).
4.3. International Data transfers
While Service Provider stores and processes Personal Data within the EU, data transferred to third‑party platforms (e.g. Discord) may be stored outside the EU. The User’s organization is responsible for ensuring appropriate safeguards are in place for such international data transfers.
4.4. Legal Obligations
Service Provider may disclose Personal Data when required to do so by law or to comply with legal obligations, such as responding to court orders, legal processes or governmental requests.
5. Period of processing
The period of processing depends on the nature of the data and the requirements of User’s organization. Upon termination of Agreement or at the request of User’s organization, Service Provider will delete or return all Personal Data in accordance with the terms outlined in the DPA. The specific periods are:
5.1. Basic period of processing
We will process data related to your use of Application, necessary to grant you access to the full functionality of Application and Services, for the entire period of your use of Application. Also, if you have any legal or contractual rights, we must process your personal data for as long as they last so we can assist you if necessary.
5.2. Period of processing for tax purposes
In addition, we will process your personal data for as long as necessary for tax purposes (according to current Polish law, five years from the end of the year in which the tax obligation arose).
5.3. Period of processing for marketing purposes
Processing of your data for sending commercial information based on consent continues until you withdraw your consent.
6. Legal basis of processing and security measures
6.1. Legal basis for processing (performance of the contract)
The legal basis for processing your personal data is Article 6(1)(b) GDPR (processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the data subject’s request prior to entering into a contract) and Article 6(1)(c) GDPR (processing is necessary for compliance with a legal obligation to which the controller is subject).
Another legal basis is Article 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party). This legitimate interest is the ability to prove, in the event of a dispute, the content of the contract and that it was performed properly.
6.2. Legal basis for processing (marketing purposes)
If you have consented to receiving marketing content, the legal basis for processing is Article 6(1)(a) GDPR (the data subject has given consent). You may withdraw your consent at any time (without affecting the lawfulness of processing carried out before withdrawal) by unchecking the appropriate checkbox in your account settings.
6.3. Legal basis for processing (legal obligations)
Processing may also be necessary to comply with legal obligations (Article 6(1)(c) GDPR).
6.4. Service Provider as Processor
When acting under the DPA, Service Provider processes Personal Data on behalf of the User’s organization, which is the Controller.
6.5. Security measures
Service Provider is committed to protecting Personal Data and implements appropriate technical and organisational measures to safeguard it against unauthorised access, alteration, disclosure or destruction. These measures include:
6.5.1. Data Encryption: Personal Data is encrypted both in transit and at rest.
6.5.2. Access Controls: strict controls limit access to Personal Data to authorised personnel only.
6.5.3. Regular Security Assessments: Service Provider conducts regular reviews and assessments of security practices.
6.5.4. Secure Hosting: Personal Data is hosted on secure servers within the EU with reputable providers such as Microsoft Azure.
7. How to exercise Your rights?
7.1. Range of rights
Service Provider is committed to ensuring that you are satisfied with your cooperation with us. Remember that you have a number of rights that allow you to influence how we process your personal data and, in some cases, cause us to stop such processing. These rights are:
7.1.1. Right of Access: To request confirmation of whether Personal Data is being processed and to access that data – regulated by Article 15 of GDPR.
7.1.2. Right to Rectification: To request correction of inaccurate or incomplete Personal Data – regulated by Article 16 of GDPR.
7.1.3. Right to Erasure: To request deletion of Personal Data under certain circumstances – regulated by Article 17 of GDPR.
7.1.4. Right to Restrict Processing: To request limitation on the processing of Personal Data under specific conditions – regulated by Article 18 of GDPR.
7.1.5. Right to Data Portability: To receive Personal Data in a structured, commonly used, and machine-readable format and to transmit it to another controller - regulated by Article 20 of GDPR.
7.1.6. Right to Object: To object to the processing of Personal Data based on legitimate interests – regulated by Article 21 of GDPR.
To exercise any of these rights, please contact Service Provider by e‑mail at contact@firnity.com or by phone at +48 693 066 020. For security reasons, Service Provider may need to verify your identity.
7.2. Complaint to the supervisory authority
Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. In Poland, this is the President of the Personal Data Protection Office (Prezes UODO) – https://uodo.gov.pl/. A list of other EU authorities can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
8. Final provisions
8.1. Is providing data necessary to enter into an Agreement?
We collect your personal data to the extent necessary to conclude and perform the Agreement. Some data are also necessary for us to fulfil legal obligations (tax, accounting). Failure to provide the required data will make it impossible to conclude and perform the Agreement.
8.2. Where does Service Provider get your personal data from?
We obtain personal data only from you or from the User with regard to the data entrusted to us by them as Processor under the DPA.
8.3. Changes to Privacy Policy
Service Provider reserves the right to update or modify this Privacy Policy at any time. Any changes will be sent to Users via e‑mail. Continued use of Application and Services 14 days after notification constitutes acceptance of the revised Privacy Policy. Disapproval may be expressed by discontinuing use of Application in accordance with the Terms of Use.
