Privacy Policy
Effective Date: 23.09.2024
1. Introduction
Welcome to Firnity! We are committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, and safeguard your personal information when you interact with our applications and services, including those available on the Atlassian Marketplace and other platforms like Discord (collectively referred to as the “Services”).
This policy provides you with essential information about:
- What personal data we collect and why,
- How we use your data and who we share it with,
- Your rights regarding your personal data, and How we protect your data and ensure compliance with legal requirements.
We value your trust and strive to protect your personal data in line with the best practices in data protection and privacy. Whether you are a user, customer, or simply visiting our website, we encourage you to read this Privacy Policy to understand how we handle your information.
What is Personal Data?
Personal data refers to any information that relates to an identified or identifiable individual. This could include, but is not limited to, your name, email address, phone number, IP address, or any other data that could be linked to you directly or indirectly.
Who is the Data Controller?
Your company is the Data Controller for the personal data you provide to us through our Services. As the Data Controller, your company determines the purposes and means of processing your personal data. Firnity acts as a Data Processor when processing your data on behalf of your company.
Please note that the Controller is fully liable for the processing of personal data in accordance with the applicable data protection laws. Firnity is not responsible for the privacy practices of the Controller.
Who is the Data Processor?
In cases where we process data on behalf of other organizations (such as when you use our Services through your employer), we act as a Data Processor. The organization that provides you access to our Services is the Data Controller and is responsible for the data processing activities carried out through our Services.
2. Scope and Applicability of This Privacy Policy
Where Does This Policy Apply?
This Privacy Policy applies to all users who interact with our Services, including but not limited to:
- Cloud Applications: Applications available through platforms like the Atlassian Marketplace or Discord, extending the functionality of host services such as Jira, Discord and Confluence.
- Websites and Online Services: Our official websites and any other digital properties we manage.
- Support Services: Customer service interactions, inquiries, and communications.
Who is This Policy For?
This Privacy Policy is intended for any individual who:
- Uses Our Products: As a registered user, licensed user, or any other form of interaction with our Services.
- Interacts with Our Websites or Support Services: Individuals who browse our websites, submit inquiries, or request support.
What Data Do We Collect?
We are guided by the principle of data minimization and only collect data necessary for specific, legitimate purposes. Depending on the context of your interaction with our Services, we may collect the following types of data:
Personal Data
Identification Data:
- Email Address, Name, and Contact Information: Used for communication when you request support or contact us.
Technical Data:
- IP Address: Collected for security, troubleshooting, and service analytics.
- Device Information: Browser type, operating system, and device specifications. Service-Related Data:
Support Data:
- Data provided when you request support or report an issue.
Non-Personal Data
We may also collect non-personal data, which does not directly identify you. This includes:
- Configuration Data: Details of how you configure and use our applications, including notification settings and preferences.
- Aggregated and anonymized data that helps us improve our Services and understand user behavior.
How Do We Collect Your Data?
We collect data in the following ways:
- Directly from You: When you provide information by filling out forms, creating an account, or contacting support.
- Automatically: Through the use of cookies, log files, and other tracking technologies when you interact with our Services.
- From Third Parties: We may receive data from third parties, such as Atlassian Marketplace, your organization, or other partners.
3. Purposes and Legal Basis for Data Processing
Why Do We Collect Your Data?
We collect and process your personal data for various legitimate purposes, in accordance with applicable data protection laws such as the General Data Protection Regulation (GDPR). The specific purposes and legal grounds for processing your data are as follows:
Purposes of Data Processing
- Service Provision and Functionality:
- Purpose: To provide, operate, and maintain our Services, including delivering requested functionalities and technical support.
- Legal Basis: Processing is necessary for the performance of a contract to which you are a party (Article 6(1)(b) GDPR).
- Customer Support and Communication:
- Purpose: To respond to your inquiries, resolve issues, and provide customer support.
- Legal Basis: Processing is based on our legitimate interest in communicating with you and resolving issues related to our Services (Article 6(1)(f) GDPR).
- Legal Compliance:
- Purpose: To comply with legal obligations, such as responding to legal requests or enforcing our terms and conditions.
- Legal Basis: Processing is necessary for compliance with a legal obligation (Article 6(1)(c) GDPR).
- Marketing and Promotional Activities:
- Purpose: To send you newsletters, promotional content, and information about new products or services that may be of interest to you.
- Legal Basis: Processing is based on your consent (Article 6(1)(a) GDPR). You can withdraw your consent at any time by contacting us or using the unsubscribe link in our communications.
Legal Basis for Processing Personal Data
We only process your personal data where we have a lawful basis for doing so under applicable data protection laws. The primary legal bases for processing your data are:
- Consent: When you have provided explicit consent for specific purposes, such as receiving marketing communications or participating in events.
- Contractual Necessity: When processing is required to perform a contract to which you are a party, such as using our Services or support.
- Legal Obligation: When we are required to process your data to comply with legal obligations, such as tax and accounting requirements.
- Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, provided your rights do not override those interests. This includes service improvements, security measures, and customer support.
Special Considerations
-
Direct Marketing: If you have provided consent, we may process your personal data for direct marketing purposes, such as sending you newsletters and promotional offers. You have the right to opt out of direct marketing at any time.
-
Data Minimization: We ensure that we collect and process only the minimum amount of personal data necessary for each specific purpose.
-
Data Retention: We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws.
4. Data Sharing and Disclosure
Who Do We Share Your Data With?
We are committed to protecting your personal data and will only share it in specific circumstances. We do not sell or rent your personal data to third parties. However, we may disclose your information as follows:
1. Service Providers and Sub-Processors
We may share your data with third-party service providers who assist us in operating our Services, conducting our business, or serving our users. These service providers include, but are not limited to:
- Cloud Hosting Providers: Companies that host our cloud-based applications and store data on our behalf, such as Microsoft Azure.
- Customer Support and Communication Tools: Platforms that help us manage and respond to user inquiries, such as Trello or JIRA.
- Analytics Providers: Services that help us analyze user behavior and improve our Services, such as Google Analytics.
- Marketing and Communication Services: Tools used to send marketing communications or newsletters, such as MailChimp or HubSpot.
Each service provider or sub-processor is carefully selected and vetted to ensure they provide a high level of data protection and security. They are only given access to the data necessary to perform their specific functions and are prohibited from using your data for any other purpose.
2. Business Partners
In certain cases, we may share your data with our business partners who provide complementary services or integrations. For example:
- Integration Partners: If you use our Services in conjunction with other third-party tools (e.g., Jira or Discord), we may share data to facilitate seamless integration and functionality between the platforms.
3. Legal Requirements and Compliance
We may disclose your personal data when required to do so by law or in response to valid legal requests, such as subpoenas, court orders, or governmental regulations. This includes:
- Compliance with Legal Obligations: If we believe in good faith that disclosure is necessary to comply with a legal obligation, protect our rights, or prevent fraud or security issues.
- Law Enforcement and Regulatory Authorities: To cooperate with law enforcement agencies or regulators when required by applicable law.
4. Corporate Transactions
In the event of a merger, acquisition, reorganization, or sale of all or part of our business, your data may be transferred as part of the transaction. We will notify you of any such change in ownership or transfer of assets to ensure transparency and continuity of data protection.
5. Consent-Based Sharing
In situations where you have explicitly consented to the sharing of your data, we will do so according to the terms of your consent. For example:
- Marketing and Promotions: If you have opted in to receive marketing communications from third parties, we may share your data with these parties for promotional purposes.
6. Anonymous and Aggregated Data
We may share anonymized and aggregated data with third parties for research, analytics, and other purposes. This data does not identify individual users and is used to analyze trends, monitor the effectiveness of our Services, and develop new features.
Our Commitment to Data Security
We prioritize your data security and take appropriate measures to protect it from unauthorized access, use, or disclosure.
Third-Party Links
Our Services may contain links to third-party websites or services that are not controlled by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services before providing them with your personal data.
5. Data Retention and Your Rights
How Long Do We Keep Your Data?
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, or to resolve disputes. The specific retention periods depend on the nature of the data and the context in which it is processed. Here’s an overview of our data retention practices:
1. Retention Periods
- Customer Data: Data processed as part of our Services (such as configuration and account data) is retained for the duration of the contract between us and the customer. After the termination of the contract, data is typically retained for a maximum of 12 months to allow for any necessary post-contractual support and to comply with legal obligations.
- Support and Inquiry Data: Information collected through customer support inquiries, emails, or contact forms is retained for up to 24 months after the resolution of the inquiry or issue to ensure quality assurance and to respond to any follow-up queries.
- Marketing Data: If you have provided consent to receive marketing communications, we retain your contact information and preferences until you withdraw your consent. If you unsubscribe, we will promptly delete your data from our marketing databases.
- Legal Obligations: Certain data may be retained for longer periods if required by law or necessary for compliance with legal obligations, such as record-keeping requirements for financial or tax-related data.
2. Data Deletion
You have the right to request the deletion of your personal data at any time. We will delete or anonymize your data promptly, unless we are required to retain it for legal reasons or it is necessary for the purposes for which it was collected.
3. Data Minimization
We are committed to the principle of data minimization, which means that we only collect and retain the minimum amount of personal data necessary to achieve the intended purpose. This approach helps reduce risks to your privacy and ensures that we do not keep data for longer than necessary.
Your Rights as a Data Subject
Under applicable data protection laws, you have several rights concerning your personal data. We are committed to upholding these rights and ensuring that you have control over your information. These rights include:
1. Right to Access
You have the right to request access to your personal data. This includes obtaining information about the types of data we process, the purposes of processing, the recipients of your data, and the retention periods. You can request a copy of your personal data in a commonly used, electronic format.
2. Right to Rectification
If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete the information. We will update your data promptly upon verification of your request.
3. Right to Erasure (Right to be Forgotten)
You can request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw your consent to processing. We will comply with your request unless there are legitimate grounds for retaining the data, such as legal obligations or the need to establish, exercise, or defend legal claims.
4. Right to Restrict Processing
In some cases, you have the right to request that we restrict the processing of your personal data. This means that while we continue to store your data, we will not process it further without your consent, except for specific reasons such as legal compliance or the protection of another person’s rights.
5. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. This right applies when the data processing is based on your consent or the performance of a contract, and when the data is processed by automated means.
6. Right to Object
You can object to the processing of your personal data at any time if it is based on our legitimate interests or for direct marketing purposes. If you object to processing based on legitimate interests, we will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing. If you object to processing for direct marketing, we will stop processing your data for those purposes immediately.
7. Right to Withdraw Consent
If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent by contacting us at the details provided in the “Contact Us” section of this policy.
8. Right to Lodge a Complaint
If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with the supervisory authority in your jurisdiction. We encourage you to contact us first, so we can address your concerns directly.
How to Exercise Your Rights
To exercise any of these rights, please contact us using the information provided in the “Contact Us” section below. We will respond to your request within the timeframe required by applicable law, typically within 30 days. In some cases, we may need to verify your identity before processing your request.
6. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience with our Services, understand your usage patterns, and improve our offerings. This section explains the types of cookies and tracking technologies we use, why we use them, and your choices regarding them.
1. What are Cookies?
Cookies are small text files stored on your device when you visit a website. They are widely used to make websites work more efficiently, as well as to provide information to the owners of the site. Cookies can store your preferences, account settings, and other data to personalize your experience.
2. Types of Cookies We Use
- Necessary Cookies: These cookies are essential for the basic functionality of our Services, such as enabling you to log into secure areas. Without these cookies, our Services cannot function properly.
- Preference Cookies: These cookies allow us to remember your preferences and customize your experience, such as your preferred language or the region you are in.
- Performance Cookies: These cookies collect information about how you use our Services, such as the pages you visit and the links you click. This data helps us understand user behavior and improve our Services.
- Functionality Cookies: These cookies enable more advanced features, such as remembering your login details, so you don’t have to re-enter them each time you visit our Services.
3. Tracking Technologies in Emails
We may also use tracking technologies in emails to understand whether the emails we send are opened or if links within them are clicked. This information helps us assess the effectiveness of our communications and improve future email content.
4. Third-Party Cookies
We may allow third-party service providers to use cookies and similar tracking technologies to collect information about your browsing activities over time and across different websites following your use of our Services. This information is used to provide you with more relevant advertising, measure the effectiveness of their ads, and manage your interactions with them.
5. Managing Cookies
You can manage or disable cookies through your browser settings. Most browsers provide you with the option to reject or accept cookies, or to control certain types of cookies. However, if you disable cookies, some features of our Services may not function properly or may become unavailable.
- Browser Settings: You can usually find the cookie settings in the “Options” or “Preferences” menu of your browser. Below are links to information about cookie settings for major browsers:
- Opt-Out Mechanisms: You may also opt out of certain third-party cookies and tracking technologies using industry opt-out tools, such as the Network Advertising Initiative and the Digital Advertising Alliance.
6. Web Beacons and Other Tracking Technologies
In addition to cookies, we may use other tracking technologies like web beacons, pixels, and tags. These technologies help us understand user behavior on our Services and in our communications. For example, we may use web beacons to track whether a user has opened an email and clicked on any links within it.
7. Consent to Use Cookies
By using our Services, you consent to the use of cookies and other tracking technologies as described in this section. You can withdraw your consent at any time by deleting the cookies stored on your device and adjusting your browser settings to refuse cookies in the future.
For more detailed information about our use of cookies and other tracking technologies, please contact us at contact@firnity.com.
7. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or how we handle your data. If we make material changes to this policy, we will notify you by email (if you have provided one), through a notice on our website, or through our Services prior to the change becoming effective.
1. How Will We Notify You of Changes?
We will take appropriate measures to inform you about significant changes in a manner that is consistent with the importance of those changes. Depending on the nature of the change, this may include:
- Sending an email to you if you have provided your email address and have opted to receive such communications.
- Posting a notice on our website or within the Services, which may include banners, pop-ups, or similar mechanisms.
- Updating the “Effective Date” at the top of this policy to indicate when the changes will take effect.
2. Your Rights Regarding Changes
If we make changes to this Privacy Policy, you have the right to review the revised policy before deciding to continue using our Services. If you do not agree with the new policy, you may choose to stop using the Services and request the deletion of your data by contacting us at contact@firnity.com.
3. Continuing to Use Our Services After Changes
By continuing to use our Services after the changes become effective, you accept the revised Privacy Policy. If you have any questions or concerns about the changes, please reach out to us before continuing to use the Services.
8. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your rights as a data subject, please feel free to contact us. We are committed to addressing your inquiries and ensuring that your privacy is protected.
Contact Details:
- Company Name: Łukasz Wiatrak Firnity
- Registered Address: ul. Zamknięta 10, lok. 1.5, 30-554 Kraków
- Email: contact@firnity.com