Last updated - 09th July 2019
1. ACKNOWLEDGEMENT
By using Enriched Profiles software, you acknowledge that you have reviewed the terms of our End User Licence Agreement (EULA) and this Privacy Policy (Privacy Policy), have the authority to act on behalf of any person for whom you are using the Product, and agree that we may collect, use and transfer your Data in accordance with this Privacy Policy. If you are using our Product on behalf of a company, then you acknowledge that you are binding your company to this Privacy Policy.
This Privacy Policy applies to our Customers. It is the responsibility of the Customer to determine if the Privacy Policy is consistent with its own treatment of end user data.
2. DEFINITIONS
- Company means Amoeboids Technologies Pvt Ltd. The terms “we”, “us” and “our” when used in this Privacy Policy are a reference to the Company.
- Customer means a direct customer of the Company. The terms “you”, “your” and “yours” when used in this Privacy Policy are a reference to the Customer.
- Data means Personal Information and User Data.
- Data Controller has the meaning given in Rec. 22, Art 3(1) of the GDPR, that is, a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purpose and means of the processing of Personal Information, where the purpose and means of processing are determined by EU or Member State laws.
- Data Subject means an identified or identifiable natural person who is a user of our Product.
- GDPR means the General Data Protection Regulation (European Union)
- Law means all relevant legal and regulatory requirements applicable to you or us
- Personal Information means information about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.
- Product in the context of this privacy policy refers to our app for Jira Service Desk called 'Enriched Profiles'. Wherever necessary deployment version of the product (Cloud or Server) is mentioned in this privacy policy, if not the relevant clause is applicable to both versions.
- Subprocessor means any processor engaged by us or by any other Subprocessor who agrees to receive from us or from any other Subprocessor, Personal Information exclusively intended for processing activities to be carried out on behalf of you after the transfer in accordance with your instructions, the terms of our EULA and this Privacy Policy.
- Supervisory Authority means the authority with the primary responsibility for dealing with the relevant data processing activity.
- Unsolicited Information includes any unsolicited communications by you to the Company.
- User Data means all information collected passively or actively from our Customers that is not Personal Information
3. DATA COLLECTION
3.1 Software Versions
Enriched Profiles comes in only one deployment version - Cloud.
3.2 Why do we collect personal information
Enriched profiles software is based on a single input parameter (that is PII), which is email address of the 'reporter' in a Jira service desk issue. The software does not store this information anywhere. Rather we pass on this email address to our third party providers to received enriched data about the reporter and their company (based on email address domain).
The only personal information that is collected in order to provide a better onboarding experience is the technical contact & billing contact email addresses, received via the Atlassian marketplace.
3.3 How do we collect personal information
The software collects only reporter email address through its integration with Jira. Without this information, the software will not be able to provide you with the desired functionality.
3.4 Personal information you provide to us
If you create, input, submit, post, upload, transmit, and/or store information (“User Content”) while using our services, your Personal information such as name, email address or other contact information will be associated with that User Content. For example, information regarding a problem you are experiencing with the Software could be submitted to our Support Services or posted in our public forums. Any information, including Personal Information, that you submit to our Websites could be visible to the public unless submitted to a secure area in the Website.
3.5 Personal information we collect from your use of software
Log files: When you interact with the Software, we generate log files to help us operate and improve our Services. Web log files includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences and system configuration information. For our Cloud Services, the information we collect may include the URLs you accessed, usernames as well as elements of content (such as Jira project names, project keys, status names, and JQL filters, and Confluence page titles and space names) as necessary for the Cloud Services to perform the requested operations.
...
Cookies and Other Tracking Technologies: We use various technologies to collect information, including cookies.
3.6 Personal information we collect from other sources
In order to provide you with certain services, we may obtain Personal Information from our third-party service providers to verify and confirm the information you have submitted. For example, if you log into our Software through a third-party service, that service will share your Personal Information with us.
3.6 With whom do we share your personal information
Our third-party service providers: Some of the services we provide require the involvement of our third-party service providers, such as web hosting providers, application development, maintenance, virtual infrastructure (including storage and backup), communications providers, customer relationship management providers, and data enrichment software providers. We have carefully selected these third-parties and have taken steps to ensure that your Personal Information is adequately protected.
...
With Your Consent: We will share your Personal Data with third-parties when we have your consent to do so.
3.7 Data retention policy
- We process the Data provided by you in accordance with the Privacy Policy and your instructions. We will promptly inform you if we cannot process your Data in accordance with the Privacy Policy.
- You agree that we may collect and use technical data and related information, including without limitation, technical information relating to your device, system, and use of the Product(s), that is gathered periodically to facilitate the provision of software updates, product support, marketing efforts and other services and communications to you related to the Products, including providing you with information about services, features, surveys, newsletters, offers, promotions; providing other news or information about us and our select partners; and sending you technical notices, updates, security alerts, and support and administrative messages. We may use this technical data and related information, as long as it is in a form that does not personally identify you, except to the extent necessary to provide you with support, or communications to improve our products or to provide services or technology to you.
4. SECURITY MEASURES
Enriched profiles is hosted at Amazon Web Services (AWS Website), a world-class hosting provider. For more information on their servers, security & privacy policy, please see AWS privacy policy.
All of your data is transmitted over HTTPS; however, as of now we don't encrypt any of the information when storing. Amoeboids Technologies Pvt Ltd has a strict policy in place to limit the production database access. It is possible to access production database only when requested by a customer/prospect who is evaluating or is facing a problem.
- We use a self-assessment approach to ensure compliance with the Privacy Policy. We verify periodically that the Privacy Policy is accurate and comprehensive for the information intended to be covered, prominently displayed, completely implemented, and accessible and in conformity with applicable Laws. We encourage interested parties to contact us with any concerns using the contact information provided.
- We will:
- restrict access and use of Data to those employees responsible for processing Data to fulfil our obligations under the Privacy Policy; and
- maintain a list of our employees that have been granted access to Data.
5. INCIDENT RESPONSE
Where there has been a security breach, data leakage or Personal Information is lost, destroyed or becomes damaged, corrupted or unusable, we will notify you as soon as practicable.
6. YOUR OBLIGATIONS
You agree and warrant that:
- the processing, including the transfer itself, of Personal Information has been and will continue to be, carried out in accordance with all applicable Laws (and, where applicable, you have notified the Supervisory Authority in your country of such processing);
- all Data that you provide on behalf of a Data Subject has been obtained with the informed consent of the Data Subject;
- you have assessed our security measures as described in clause 4 and believe our security measures ensure a level of security appropriate to the nature of the Data you provide to us;
- you will provide Data Subjects with a copy of the Privacy Policy or a description of our security measures, if requested by the Data Subject;
- if applicable, you will deposit a copy of the Privacy Policy with the Supervisory Authority upon request or if such deposit is required under the applicable Laws.
7. ACCESS TO DATA
- Data Subjects have the right to request that we update, correct or, upon request, erase Personal Information in our possession. We will endeavour to provide the requested Personal Information within a reasonable time.
- If you request a correction to your Personal Information then we will take reasonable steps to correct that Personal Information.
- To guard against fraudulent requests, we will require information to confirm your identity before granting access or making corrections.
- We may decline to provide a Data Subject with access to Personal Information including where we determine that the information requested:
- may disclose:
- the Personal Information of another individual; or
- trade secrets or other business confidential information;
- is subject to legal professional privilege;
- is not readily retrievable and the burden or cost of providing the information would be disproportionate to the nature or value of the information;
- does not exist, is not held, or cannot be located by us;
- would pose a serious threat to the life, health or safety of any individual, or to public health or safety if it were accessed; or
- is not permitted by Law to be accessed.
- may disclose:
8. SUBPROCESSING
- Some of our obligations under the Privacy Policy and EULA may be performed by Subprocessors. A Subprocessor will only be granted access to your Data where:
- such access is for purposes consistent with the Privacy Policy; and
- the Subprocessor agrees to be bound by the Privacy Policy.
- such access is for purposes consistent with the Privacy Policy; and
- When we work with Subprocessors, we seek to provide the Subprocessor with only the information the Subprocessor needs to perform its specific functions.
9. DISCLOSURE OF DATA
- We will not disclose your Data to any other party other than at your request or in accordance with this clause 9.
- We will share information including Personal Information with our Subprocessors. In addition, Atlassian works with us on certain business-related functions of our Products, such as processing payments. Atlassian has its own privacy policy, which you can find here(https://www.atlassian.com/legal/privacy-policy).
- There are also a limited number of circumstances in which we may share your Data with third parties. This may be done without further notice to you. These circumstances are:
- Legal requirements: We may disclose your Data and any other information if required to do so by law or in good faith belief that such action is necessary to:
- comply with a legal obligation;
- protect and defend the rights or property of the Company; or
- protect against legal liability.
- Legal requirements: We may disclose your Data and any other information if required to do so by law or in good faith belief that such action is necessary to:
- Business transfers and related activities: We may sell, buy, restructure or reorganise our business or assets. In the event of any sale, merger, reorganisation, restructuring, dissolution or similar event involving our business or assets, Personal Information may be part of the transferred assets.
10. CROSS-BORDER TRANSFER OF DATA
- If you are using our Products in a country other than the Paris, your communications will result in the transfer of Data across international boundaries. The countries in which recipients of your Personal Information are likely to be located are the United States and countries within the European Union.
- If you provide Personal Information, you acknowledge and agree that Personal Information may be transferred from your current location to the offices and servers of the Company and Subprocessors located primarily in France, the United States and countries within the European Union.
11. WARRANTIES
We warrant that:
- you may withdraw your consent for us to process your Data at any time at which time the process under clause 13 will be followed;
- we will process your Data in compliance with your instructions and the Privacy Policy. If we cannot provide such compliance for whatever reason, we will inform you promptly of our inability to comply, in which case you are entitled to suspend the transfer of Data and/or terminate your contract with us;
- we will not vary or modify clause the Privacy Policy without notifying you and obtaining your consent;
- we have no reason to believe that any Law prevents us from fulfilling the terms of the Privacy Policy. In the event of a change in the Law that is likely to have a substantial adverse effect on the warranties and obligations provided under the Privacy Policy, we will promptly notify you of the change as soon as we become aware, in which case you are entitled to suspend the transfer of Data and/or terminate your contract us;
- we will implement and maintain appropriate technical and organisation measures to meet the requirements of the GDPR. This does not alter your own obligations under these legal regimes;
- we will only use your Data for the purposes for which it is provided by you;
- we will not sell or otherwise redistribute to third parties the Data we collect from you;
- we will promptly notify you of:
- any legally binding request for disclosure of the Data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
- any unauthorised access to or disclosure of Personal Information or any circumstances that are likely to give rise to such unauthorised access or disclosure, where there is a likely risk of serious harm to any Data Subject as a result of the unauthorised access or disclosure; and
- any request received directly from one of your customers or a Data Subject, without responding to that request, unless we have been otherwise authorised by you to do so;
- we will deal promptly and properly with all inquiries from you relating to the processing of your Data and we will abide by the advice of any Supervisory Authority with regard to the processing of the Data transferred; and
- the processing services by any Subprocessor will be carried out in accordance with this privacy policy.
12. SURVIVAL
The Privacy Policy will survive termination of the EULA and will remain in effect until we have deleted all of your Data.
13. TERMINATION
On termination, you will have the choice of having all Data transferred to you or the Data being destroyed, unless Laws imposed on us prevents us from returning or destroying all or part of the Data. If we cannot return or destroy the Data, we warrant that we will guarantee the confidentiality of the Data and will not actively process the Data after termination.
14. AUDIT OF MEASURES
- Where you are required by a Supervisory Authority to demonstrate compliance with privacy obligations, we allow and contribute to audits, including inspections.
- We will submit our data processing facilities for an audit of the measures referred to in clause 14(a) at the request of you and/or the Supervisory Authority.
- We will promptly inform you of the existence of any Laws that prevent us from being audited.
15. UNSOLICITED INFORMATION
- If you submit unsolicited User Data, we will use it in accordance with the Privacy Policy.
- If you submit unsolicited Personal Information and we determine that we could not have collected the Personal Information in accordance with the Privacy Policy, we will destroy the information or ensure that the information is de-identified as soon as practicable. Otherwise, the Personal Information will be used in accordance with the Privacy Policy.
16. JURISDICTION
This Privacy Policy is governed by and construed in accordance with the laws of the Republic of India. You agree to submit any dispute arising out of your use of the Products to the exclusive jurisdiction of India.
17. MAKING A COMPLAINT
You are entitled to lodge a complaint about our treatment of your Data with the relevant Supervisory Authority.
Before lodging a complaint with a Supervisory Authority, we encourage you to first attempt to resolve the complaint by contacting us using the details below. We will respond to your complaint within 30 days.
18. CONTACT
If you have any questions about our Privacy Policy or our information practices, please contact our data protection officer:
...