Last updated - 17th April 2019
- UpRaise refers to any one or more software products that are branded under the UpRaise name. Currently the products include - UpRaise for Employee Success, UpRaise for Employee Garrison, UpRaise People.
- Data means Personal Information and User Data.
- Data Controller has the meaning given in Rec. 22, Art 3(1) of the GDPR, that is, a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purpose and means of the processing of Personal Information, where the purpose and means of processing are determined by EU or Member State laws.
- Data Subject means an identified or identifiable natural person who is a user of our Product.
- GDPR means the General Data Protection Regulation (European Union)
- Law means all relevant legal and regulatory requirements applicable to you or us
- Personal Information means information about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.
- Supervisory Authority means the authority with the primary responsibility for dealing with the relevant data processing activity.
- Unsolicited Information includes any unsolicited communications by you to the Company.
- User Data means all information collected passively or actively from our Customers that is not Personal Information
3. DATA COLLECTION
3.1 Software Versions
UpRaise softwares come in two deployment versions to support corresponding variations in Jira - Cloud & Server. Server instances are hosted within your infrastructure, neither we have any control nor any visibility into them.
Apart from your technical contact & billing contact we do not receive any additional details in case of Server version of our software. We will only use the technical & billing contacts to initiate product onboarding & to communicate billing information. Thus for the server (or data center or on-premise) version of our software - responsibility of data security & infrastructure lies with you.
3.2 Why do we collect personal information
Your personal information is collected in order to provide the best possible experience with our software. Personal information is a broad concept & refers to any data points that can help identify an individual.
For example, your email addresses are collected to send out email notifications related to app features. Without email address our products/services will fail to provide you the desired experience. We do not store your email address (received through Jira/Confluence integration) into our database but are rather stored temporarily until the emails are dispatched. Exception is when you store email address as 'user content'.
Any neutralised (also called anonymised) data does not fall under the purview of personal information. Your personal information is neutralised before being used for analysing product usage patterns.
3.3 How do we collect personal information
The software collects your personal information either directly from you or through its integration with Jira. Without this information, the software may not be able to provide you with the desired functionality.
3.4 Personal information you provide to us
If you create, input, submit, post, upload, transmit, and/or store information (“User Content”) while using our services, your Personal information such as name, email address or other contact information will be associated with that User Content. For example, information regarding a problem you are experiencing with the Software could be submitted to our Support Services or posted in our public forums. Any information, including Personal Information, that you submit to our Websites could be visible to the public unless submitted to a secure area in the Website.
3.5 Personal information we collect from your use of software
Log files: When you interact with the Software, we generate log files to help us operate and improve our Services. Web log files includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences and system configuration information. For our Cloud Services, the information we collect includes the URLs you accessed, usernames as well as elements of content (such as Jira project names, project keys, status names, and JQL filters, and Confluence page titles and space names) as necessary for the Cloud Services to perform the requested operations. Occasionally, we collect Personal Data to information gathered in our log files as necessary to improve our Services for individual customers.
Installer Analytics, Software Updates & License Information from Server Version: During the installation of Software (specifically Server version), the installer sends analytics information to us to understand where in the installation process users are experiencing trouble or dropping out.
Cookies and Other Tracking Technologies: We use various technologies to collect information, including cookies.
3.6 Personal information we collect from other sources
In order to provide you with certain services, we may obtain Personal Information from our third-party service providers to verify and confirm the information you have submitted. For example, if you log into our Software through a third-party service, that service will share your Personal Information with us.
3.6 With whom do we share your personal information
Our third-party service providers: Some of the services we provide require the involvement of our third-party service providers, such as web hosting providers, application development, maintenance, virtual infrastructure (including storage and backup), communications providers, customer relationship management providers, and software providers. We have carefully selected these third-parties and have taken steps to ensure that your Personal Information is adequately protected.
We do not share your Personal Information with third-parties for their marketing purposes (including direct marketing).
Compliance with Laws and Legal Requests: We may disclose your Personal Information to a third-party if we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request.
Protection of Our Services: We may disclose your Personal Information to a third-party, if we believe it is reasonably necessary to (a) to enforce our agreements, policies and terms of service; (b) to protect the security or integrity of the product and services; (c) to protect our product, our customers or the public from harm or illegal activities; or (d) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
With Your Consent: We will share your Personal Data with third-parties when we have your consent to do so.
3.7 Data retention policy
- You agree that we may collect and use technical data and related information, including without limitation, technical information relating to your device, system, and use of the Product(s), that is gathered periodically to facilitate the provision of software updates, product support, marketing efforts and other services and communications to you related to the Products, including providing you with information about services, features, surveys, newsletters, offers, promotions; providing other news or information about us and our select partners; and sending you technical notices, updates, security alerts, and support and administrative messages. We may use this technical data and related information, as long as it is in a form that does not personally identify you, except to the extent necessary to provide you with support, or communications to improve our products or to provide services or technology to you.
4. SECURITY MEASURES
All of your data is transmitted over HTTPS; however, as of now we don't encrypt any of the information when storing. Amoeboids Technologies Pvt Ltd has a strict policy in place to limit the production database access. According to the policy, it is possible to access production database only when requested by a customer/prospect who is evaluating or is facing a problem.
- We will:
- maintain a list of our employees that have been granted access to Data.
5. INCIDENT RESPONSE
Where there has been a security breach, data leakage or Personal Information is lost, destroyed or becomes damaged, corrupted or unusable, we will notify you as soon as practicable.
6. YOUR OBLIGATIONS
You agree and warrant that:
- the processing, including the transfer itself, of Personal Information has been and will continue to be, carried out in accordance with all applicable Laws (and, where applicable, you have notified the Supervisory Authority in your country of such processing);
- all Data that you provide on behalf of a Data Subject has been obtained with the informed consent of the Data Subject;
- you have assessed our security measures as described in clause 4 and believe our security measures ensure a level of security appropriate to the nature of the Data you provide to us;
7. ACCESS TO DATA
- Data Subjects have the right to request that we update, correct or, upon request, erase Personal Information in our possession. We will endeavour to provide the requested Personal Information within a reasonable time.
- If you request a correction to your Personal Information then we will take reasonable steps to correct that Personal Information.
- To guard against fraudulent requests, we will require information to confirm your identity before granting access or making corrections.
- We may decline to provide a Data Subject with access to Personal Information including where we determine that the information requested:
- may disclose:
- the Personal Information of another individual; or
- trade secrets or other business confidential information;
- is subject to legal professional privilege;
- is not readily retrievable and the burden or cost of providing the information would be disproportionate to the nature or value of the information;
- does not exist, is not held, or cannot be located by us;
- would pose a serious threat to the life, health or safety of any individual, or to public health or safety if it were accessed; or
- is not permitted by Law to be accessed.
- When we work with Subprocessors, we seek to provide the Subprocessor with only the information the Subprocessor needs to perform its specific functions.
9. DISCLOSURE OF DATA
- We will not disclose your Data to any other party other than at your request or in accordance with this clause 9.
- There are also a limited number of circumstances in which we may share your Data with third parties. This may be done without further notice to you. These circumstances are:
- Legal requirements: We may disclose your Data and any other information if required to do so by law or in good faith belief that such action is necessary to:
- comply with a legal obligation;
- protect and defend the rights or property of the Company; or
- protect against legal liability.
- Business transfers and related activities: We may sell, buy, restructure or reorganise our business or assets. In the event of any sale, merger, reorganisation, restructuring, dissolution or similar event involving our business or assets, Personal Information may be part of the transferred assets.
10. CROSS-BORDER TRANSFER OF DATA
- If you are using our Products in a country other than the Paris, your communications will result in the transfer of Data across international boundaries. The countries in which recipients of your Personal Information are likely to be located are the United States and countries within the European Union.
- If you provide Personal Information, you acknowledge and agree that Personal Information may be transferred from your current location to the offices and servers of the Company and Subprocessors located primarily in France, the United States and countries within the European Union.
We warrant that:
- you may withdraw your consent for us to process your Data at any time at which time the process under clause 13 will be followed;
- we will implement and maintain appropriate technical and organisation measures to meet the requirements of the GDPR. This does not alter your own obligations under these legal regimes;
- we will only use your Data for the purposes for which it is provided by you;
- we will not sell or otherwise redistribute to third parties the Data we collect from you;
- we will promptly notify you of:
- any legally binding request for disclosure of the Data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
- any unauthorised access to or disclosure of Personal Information or any circumstances that are likely to give rise to such unauthorised access or disclosure, where there is a likely risk of serious harm to any Data Subject as a result of the unauthorised access or disclosure; and
- any request received directly from one of your customers or a Data Subject, without responding to that request, unless we have been otherwise authorised by you to do so;
- we will deal promptly and properly with all inquiries from you relating to the processing of your Data and we will abide by the advice of any Supervisory Authority with regard to the processing of the Data transferred; and
On termination, you will have the choice of having all Data transferred to you or the Data being destroyed, unless Laws imposed on us prevents us from returning or destroying all or part of the Data. If we cannot return or destroy the Data, we warrant that we will guarantee the confidentiality of the Data and will not actively process the Data after termination.
14. AUDIT OF MEASURES
- Where you are required by a Supervisory Authority to demonstrate compliance with privacy obligations, we allow and contribute to audits, including inspections.
- We will submit our data processing facilities for an audit of the measures referred to in clause 14(a) at the request of you and/or the Supervisory Authority.
- We will promptly inform you of the existence of any Laws that prevent us from being audited.
15. UNSOLICITED INFORMATION
17. MAKING A COMPLAINT
You are entitled to lodge a complaint about our treatment of your Data with the relevant Supervisory Authority.
Before lodging a complaint with a Supervisory Authority, we encourage you to first attempt to resolve the complaint by contacting us using the details below. We will respond to your complaint within 30 days.
+91 9923 156 359