Privacy Policy
Effective Date: 23.09.2024
1. Introduction
Welcome to Firnity! We are committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we process, use, and safeguard your personal information when you interact with our applications and services, including those available on the Atlassian Marketplace and other platforms like Discord (collectively referred to as the “Services”).
This policy provides you with essential information about:
- What personal data we process and why,
- How we use your data and who we share it with,
- Your rights regarding your personal data, and
- How we protect your data and ensure compliance with legal requirements.
We value your trust and strive to protect your personal data in line with best practices in data protection and privacy. Whether you are a user, customer, or simply visiting our website, we encourage you to read this Privacy Policy to understand how we handle your information.
What is Personal Data?
Personal data refers to any information relating to an identified or identifiable natural person. This includes, but is not limited to, names, email addresses, user IDs, IP addresses, or any other data that could be linked to you directly or indirectly.
Who is the Data Controller?
In the context of our Services, your organization (e.g., your employer or the company you represent) acts as the Data Controller for the personal data processed through the Discord for Jira application. This is because your organization determines the purposes and means of processing personal data within their Jira instance.
Who is the Data Processor?
Firnity acts as a Data Processor when processing personal data on behalf of your organization. We process personal data retrieved from Jira to provide the functionalities of the Discord for Jira application, but we do not collect personal data directly from users.
Please note that your organization, as the Data Controller, is responsible for ensuring that the processing of personal data complies with applicable data protection laws. Firnity, as the Data Processor, processes data in accordance with the instructions of the Data Controller and the terms of our agreements.
If you have questions about how your personal data is handled, please contact your organization. Firnity is not responsible for the privacy practices of the Data Controller.
2. Scope and Applicability of This Privacy Policy
Where Does This Policy Apply?
This Privacy Policy applies to all users who interact with our Services, which include:
- Cloud Applications: Our applications available through platforms like the Atlassian Marketplace and Discord, such as the Discord for Jira application, which enhance the functionality of host services like Jira and Discord.
- Websites and Online Services: Our official websites and any other digital platforms we manage.
- Support Services: Customer service interactions, inquiries, and communications you may have with our support team.
Who Is This Policy For?
This Privacy Policy is intended for:
- Users of Our Services: Individuals who use our applications and services as part of their organization’s Jira instance or Discord server.
- Visitors to Our Websites: Individuals who browse our websites, submit inquiries, or request support.
Please note that if you access our Services through your organization, your organization acts as the Data Controller, and we process data on their behalf as a Data Processor.
What Data Do We Process?
We adhere to the principle of data minimization and process only the data necessary to provide our Services. Depending on your interaction with our Services, we may process the following types of data:
Personal Data
Jira User Display Names:
- We process Jira user display names, which are fetched from your organization’s Jira instance and displayed within our application to facilitate functionalities such as notifications and user interactions.
Support Data:
- Information you provide when contacting us for support, which may include your name, email address, and any other personal data you choose to share.
Non-Personal Data
Configuration Data:
- Details about how the application is configured within your organization’s Jira instance and Discord server, including notification settings, connected projects, and server connections.
Technical Data:
- Data such as server and channel IDs, user IDs, and other identifiers necessary for the operation of the application. These identifiers are used solely for linking functionalities between Jira and Discord and are not considered personal data in this context.
Aggregated and Anonymized Data:
- Statistical data about how users interact with our Services, which does not identify any individual and is used to improve our Services.
How Do We Obtain Your Data?
We process data in the following ways:
From Your Organization’s Jira Instance:
- We fetch Jira user display names from your organization’s Jira instance to display within our application as part of its functionalities.
Automatically Through the Services:
- Non-personal data such as configuration settings and technical identifiers are processed automatically when the application interacts with Jira and Discord APIs to perform its functions.
Directly from You:
- When you contact us for support or provide feedback, we may process any personal data you provide in your communications.
Purpose of Data Processing
We process your data solely to provide and improve the Services as instructed by your organization, which is the Data Controller. This includes:
Service Provision and Functionality:
- Enabling the integration between Jira and Discord as configured by your organization, including displaying Jira user display names within the application and including them in notifications sent to Discord channels and direct messages to enhance user experience and facilitate communication.
Customer Support:
- Providing support and responding to inquiries or issues you report.
Legal Basis for Processing
Our processing of personal data is based on the following legal grounds:
Performance of a Contract:
- Processing is necessary to perform our contractual obligations to your organization in providing the Services (Article 6(1)(b) GDPR).
Legitimate Interests:
- Processing is necessary for our legitimate interests in ensuring the functionality and improvement of our Services (Article 6(1)(f) GDPR). We have assessed that our legitimate interests do not override your fundamental rights and freedoms.
Please note that your organization, as the Data Controller, is responsible for ensuring there is a valid legal basis for the processing of your personal data and for providing any necessary notices or obtaining any required consents under applicable data protection laws.
International Data Transfers
All personal data processed by Firnity is stored and processed within the European Union (EU). We do not transfer your personal data outside the EU. Our servers and data storage facilities are located in data centers within the EU, ensuring that your data is protected under EU data protection regulations.
Data Minimization and Retention
We are committed to processing only the minimum amount of personal data necessary to provide our Services. We retain personal data only for as long as required to fulfill the purposes outlined in this policy or as instructed by your organization. Specific retention periods are determined by your organization’s policies and applicable legal requirements.
4. Data Sharing and Disclosure
Who Do We Share Your Data With?
We are committed to protecting your personal data and will only share it in specific circumstances. We do not sell or rent your personal data to third parties. However, we may disclose your information as follows:
1. Service Providers and Sub-Processors
We may share your data with third-party service providers who assist us in operating our Services, conducting our business, or serving our users. These service providers include, but are not limited to:
- Cloud Hosting Providers: Companies that host our cloud-based applications and store data on our behalf, such as Microsoft Azure.
- Customer Support and Communication Tools: Platforms that help us manage and respond to user inquiries, such as Trello or JIRA.
- Analytics Providers: Services that help us analyze user behavior and improve our Services, such as Google Analytics.
- Marketing and Communication Services: Tools used to send marketing communications or newsletters, such as MailChimp or HubSpot.
Each service provider or sub-processor is carefully selected and vetted to ensure they provide a high level of data protection and security. They are only given access to the data necessary to perform their specific functions and are prohibited from using your data for any other purpose.
2. Business Partners
In certain cases, we may share your data with our business partners who provide complementary services or integrations. For example:
- Integration Partners: If you use our Services in conjunction with other third-party tools (e.g., Jira or Discord), we may share data to facilitate seamless integration and functionality between the platforms.
3. Legal Requirements and Compliance
We may disclose your personal data when required to do so by law or in response to valid legal requests, such as subpoenas, court orders, or governmental regulations. This includes:
- Compliance with Legal Obligations: If we believe in good faith that disclosure is necessary to comply with a legal obligation, protect our rights, or prevent fraud or security issues.
- Law Enforcement and Regulatory Authorities: To cooperate with law enforcement agencies or regulators when required by applicable law.
4. Corporate Transactions
In the event of a merger, acquisition, reorganization, or sale of all or part of our business, your data may be transferred as part of the transaction. We will notify you of any such change in ownership or transfer of assets to ensure transparency and continuity of data protection.
5. Consent-Based Sharing
In situations where you have explicitly consented to the sharing of your data, we will do so according to the terms of your consent. For example:
- Marketing and Promotions: If you have opted in to receive marketing communications from third parties, we may share your data with these parties for promotional purposes.
6. Anonymous and Aggregated Data
We may share anonymized and aggregated data with third parties for research, analytics, and other purposes. This data does not identify individual users and is used to analyze trends, monitor the effectiveness of our Services, and develop new features.
Our Commitment to Data Security
We prioritize your data security and take appropriate measures to protect it from unauthorized access, use, or disclosure.
Third-Party Links
Our Services may contain links to third-party websites or services that are not controlled by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services before providing them with your personal data.
5. Data Retention and Your Rights
How Long Do We Keep Your Data?
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, or to resolve disputes. The specific retention periods depend on the nature of the data and the context in which it is processed. Here’s an overview of our data retention practices:
1. Retention Periods
- Customer Data: Data processed as part of our Services (such as configuration and account data) is retained for the duration of the contract between us and the customer. After the termination of the contract, data is typically retained for a maximum of 12 months to allow for any necessary post-contractual support and to comply with legal obligations.
- Support and Inquiry Data: Information collected through customer support inquiries, emails, or contact forms is retained for up to 24 months after the resolution of the inquiry or issue to ensure quality assurance and to respond to any follow-up queries.
- Marketing Data: If you have provided consent to receive marketing communications, we retain your contact information and preferences until you withdraw your consent. If you unsubscribe, we will promptly delete your data from our marketing databases.
- Legal Obligations: Certain data may be retained for longer periods if required by law or necessary for compliance with legal obligations, such as record-keeping requirements for financial or tax-related data.
2. Data Deletion
You have the right to request the deletion of your personal data at any time. We will delete or anonymize your data promptly, unless we are required to retain it for legal reasons or it is necessary for the purposes for which it was collected.
3. Data Minimization
We are committed to the principle of data minimization, which means that we only collect and retain the minimum amount of personal data necessary to achieve the intended purpose. This approach helps reduce risks to your privacy and ensures that we do not keep data for longer than necessary.
Your Rights as a Data Subject
Under applicable data protection laws, you have several rights concerning your personal data. We are committed to upholding these rights and ensuring that you have control over your information. These rights include:
1. Right to Access
You have the right to request access to your personal data. This includes obtaining information about the types of data we process, the purposes of processing, the recipients of your data, and the retention periods. You can request a copy of your personal data in a commonly used, electronic format.
2. Right to Rectification
If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete the information. We will update your data promptly upon verification of your request.
3. Right to Erasure (Right to be Forgotten)
You can request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw your consent to processing. We will comply with your request unless there are legitimate grounds for retaining the data, such as legal obligations or the need to establish, exercise, or defend legal claims.
4. Right to Restrict Processing
In some cases, you have the right to request that we restrict the processing of your personal data. This means that while we continue to store your data, we will not process it further without your consent, except for specific reasons such as legal compliance or the protection of another person’s rights.
5. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. This right applies when the data processing is based on your consent or the performance of a contract, and when the data is processed by automated means.
6. Right to Object
You can object to the processing of your personal data at any time if it is based on our legitimate interests or for direct marketing purposes. If you object to processing based on legitimate interests, we will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing. If you object to processing for direct marketing, we will stop processing your data for those purposes immediately.
7. Right to Withdraw Consent
If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent by contacting us at the details provided in the “Contact Us” section of this policy.
8. Right to Lodge a Complaint
If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with the supervisory authority in your jurisdiction. We encourage you to contact us first, so we can address your concerns directly.
How to Exercise Your Rights
To exercise any of these rights, please contact us using the information provided in the “Contact Us” section below. We will respond to your request within the timeframe required by applicable law, typically within 30 days. In some cases, we may need to verify your identity before processing your request.
6. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience with our Services, understand your usage patterns, and improve our offerings. This section explains the types of cookies and tracking technologies we use, why we use them, and your choices regarding them.
1. What are Cookies?
Cookies are small text files stored on your device when you visit a website. They are widely used to make websites work more efficiently, as well as to provide information to the owners of the site. Cookies can store your preferences, account settings, and other data to personalize your experience.
2. Types of Cookies We Use
- Necessary Cookies: These cookies are essential for the basic functionality of our Services, such as enabling you to log into secure areas. Without these cookies, our Services cannot function properly.
- Preference Cookies: These cookies allow us to remember your preferences and customize your experience, such as your preferred language or the region you are in.
- Performance Cookies: These cookies collect information about how you use our Services, such as the pages you visit and the links you click. This data helps us understand user behavior and improve our Services.
- Functionality Cookies: These cookies enable more advanced features, such as remembering your login details, so you don’t have to re-enter them each time you visit our Services.
3. Tracking Technologies in Emails
We may also use tracking technologies in emails to understand whether the emails we send are opened or if links within them are clicked. This information helps us assess the effectiveness of our communications and improve future email content.
4. Third-Party Cookies
We may allow third-party service providers to use cookies and similar tracking technologies to collect information about your browsing activities over time and across different websites following your use of our Services. This information is used to provide you with more relevant advertising, measure the effectiveness of their ads, and manage your interactions with them.
5. Managing Cookies
You can manage or disable cookies through your browser settings. Most browsers provide you with the option to reject or accept cookies, or to control certain types of cookies. However, if you disable cookies, some features of our Services may not function properly or may become unavailable.
- Browser Settings: You can usually find the cookie settings in the “Options” or “Preferences” menu of your browser. Below are links to information about cookie settings for major browsers:
- Opt-Out Mechanisms: You may also opt out of certain third-party cookies and tracking technologies using industry opt-out tools, such as the Network Advertising Initiative and the Digital Advertising Alliance.
6. Web Beacons and Other Tracking Technologies
In addition to cookies, we may use other tracking technologies like web beacons, pixels, and tags. These technologies help us understand user behavior on our Services and in our communications. For example, we may use web beacons to track whether a user has opened an email and clicked on any links within it.
7. Consent to Use Cookies
By using our Services, you consent to the use of cookies and other tracking technologies as described in this section. You can withdraw your consent at any time by deleting the cookies stored on your device and adjusting your browser settings to refuse cookies in the future.
For more detailed information about our use of cookies and other tracking technologies, please contact us at contact@firnity.com.
7. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or how we handle your data. If we make material changes to this policy, we will notify you by email (if you have provided one), through a notice on our website, or through our Services prior to the change becoming effective.
1. How Will We Notify You of Changes?
We will take appropriate measures to inform you about significant changes in a manner that is consistent with the importance of those changes. Depending on the nature of the change, this may include:
- Sending an email to you if you have provided your email address and have opted to receive such communications.
- Posting a notice on our website or within the Services, which may include banners, pop-ups, or similar mechanisms.
- Updating the “Effective Date” at the top of this policy to indicate when the changes will take effect.
2. Your Rights Regarding Changes
If we make changes to this Privacy Policy, you have the right to review the revised policy before deciding to continue using our Services. If you do not agree with the new policy, you may choose to stop using the Services and request the deletion of your data by contacting us at contact@firnity.com.
3. Continuing to Use Our Services After Changes
By continuing to use our Services after the changes become effective, you accept the revised Privacy Policy. If you have any questions or concerns about the changes, please reach out to us before continuing to use the Services.
8. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your rights as a data subject, please feel free to contact us. We are committed to addressing your inquiries and ensuring that your privacy is protected.
Contact Details:
- Company Name: Łukasz Wiatrak Firnity
- Registered Address: ul. Zamknięta 10, lok. 1.5, 30-554 Kraków
- Email: contact@firnity.com