Is your personal data important to you? We know it is. For us, too. This is why we respect your privacy and ensure that we only use your data when necessary.
Let’s get started.
GDPR – we have probably all heard the word. What does it mean? This is the acronym for Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
What is personal data? Personal data is defined as any information relating to an identified or identifiable natural person. Depending on the context, personal data will therefore be e.g. name, surname, e-mail address, telephone number, bank details, payment card number, IP computer address; however, this is not a closed list.
The Personal Data Controller (Controller) is Deviniti Sp. z o. o. with its registered office in Wrocław, at Sudecka street 153, 53-128 Wrocław, KRS: 0000223645, NIP: 897-17-00-419, REGON: 933044506, with the share capital of PLN 50,000.00, fully paid up.
You may contact the Data Protection Officer (DPO) by email at: email@example.com or in writing to: Sudecka street 153, 53-128 Wrocław, with the wording “DPO”.
A User is any person who uses the Services offered by us.
Where do we get your data from?
We receive your data directly from you, e.g., when you fill out a contact form, register for an event organized by us, send an inquiry or apply for a position you are interested in. We also receive it when you download our software, in particular applications for Atlassian products, i.e. Jira, Confluence and others.
Which data do we process?
We are guided by the principle of minimization, i.e., we only process data that is necessary for us to fulfil the purpose of processing. This is typically: name and surname, email address, and phone number. For applications downloaded from the Atlassian Marketplace, we additionally receive the following data from you: company name, country information and phone number. When we organize events in which you participate, we additionally receive the following data from you: country, company name, department/division, job title and industry. If you send us a CV, we process more data, but in that case it is always up to you to decide what kind of data you send us.
We do not collect personal data from minors, so if you are a minor, please do not send us your personal data (personal data is, depending on the context, e.g. name, surname, email address). If you are a minor, but still wish to use our Services in any way that requires you to provide personal data, then please ask your parent or guardian to do so on your behalf.
What is the purpose and legal basis for our processing of your personal data?
We process your personal data for the purposes indicated below:
- to conclude and perform contracts for the provision of services by electronic means through the website, including ensuring the correct quality of services – then the legal basis for the processing of personal data is the necessity of the processing to perform the contract (Article 6(1)(b) of the GDPR),
- to establish contact, respond to questions and messages sent by you – then the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR),
- to grant licenses for the use of our products, including trial licenses – in this situation, the legal basis for the processing of personal data is the necessity of the processing to perform the contract (Article 6(1)(b) of the GDPR),
- to carry out the purchase transaction – then the legal basis for the processing of personal data is the necessity of the processing to perform the contract (Article 6(1)(b) of the GDPR),
- to perform legal obligations incumbent on us, e.g. in the form of storing and issuing accounting documents – in this case the legal basis for the data processing is a legal obligation (Article 6(1)(c) of the GDPR),
- to handle complaints, respond to requests and complaints – in this case, the legal basis for data processing is a legal obligation (Article 6(1)(c) of the GDPR),
- to send information about updates in purchased (or “trialled”) products and services – then the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR),
- to provide technical support regarding the use of our products and services – then the legal basis for the processing of personal data is the necessity of the processing to perform the contract (Article 6(1)(b) of the GDPR),
- to conduct statistical analyses – then the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) consisting in conducting analyses of the Users’ activities, as well as of their preferences in order to improve the applied functionalities,
- to obtain feedback on the products and services we offer – then the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR),
- to establish the validity of claims, defend against claims and pursue claims – then the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR),
- to detect and prevent malpractice – in this case, the legal basis for data processing is the legal obligation (Article 6(1)(c) of the GDPR),
- to enable organization of webinars with the participation of Users – then the legal basis for the processing is also the legitimate interest of the Controller (Article 6(1)(f) of GDPR),
- for direct marketing purposes, including the sending of commercial and marketing information, premium content and newsletters, by means of electronic communication – in this case the legal basis for processing is also the legitimate interest of the Controller (Article 6(1)(f) of the GDPR),
- to carry out the recruitment process – then the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR).
Do you have to give us your personal data?
Do we transfer your data to countries outside the European Economic Area?
In justified cases, based on your consent and respecting the principles expressed in Chapter V. GDPR, your personal data may be transferred outside the European Economic Area, i.e. to trusted entities based outside the EEA. Our suppliers guarantee a high level of the protection of personal data. In particular, such transfer may take place to countries for which the European Commission has issued adequacy decisions on the protection of Personal Data (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) without the need to fulfil additional requirements and to other countries, primarily on the basis of Standard Contractual Clauses with additional safeguards (technical and legal) or Binding Corporate Rules.
Do we process your personal data automatically (including through profiling) in a way that affects your rights?
Your personal data will be processed by automated means (including profiling) within the meaning of the GDPR, but this will not produce any legal effects on you or similarly significantly affect you. Personal data profiling involves the processing of your data (including by automated means) by using it to evaluate certain information about Users, in particular to analyse or forecast personal preferences and interests. We use profiling to individually tailor our Services and targeted marketing communications to your needs and preferences, as well as to score and segment Users in our database according to criteria we define.
In particular, we use the following categories of data for profiling purposes: information contained in Cookies, information about addresses (including Internet electronic addresses to which your terminal equipment has been connected), information about the type of device used and the type and version of software. Profiling may also use automated data processing. Profiling is done solely on the basis of your consent, which can be revoked at any time.
What are your rights to Deviniti Sp. z o. o. in the scope of processed data?
We want you to know that you are entitled:
- to access to the data and receive a copy of it. You have the right to obtain confirmation from us as to whether we are processing your personal data, and if we are, you have the right:
- to gain access to your personal data,
- to obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the intended period of storage of your data or the criteria for determining that period, your rights under the GDPR and your right to lodge a complaint with the supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Economic Area,
- to obtain a copy of your personal data.
- to rectify (amend) data. You have the right to rectify and complete the personal data you have provided. With respect to other personal data, you also have the right to request us to rectify that data (if it is incorrect) and to complete it (if it is incomplete). For this purpose you should contact us.
- to have your data deleted (right to be forgotten). If in your opinion there are no grounds for us to process your data, you can request that we delete it. You have the right to request deletion of your personal data if:
- you have withdrawn specific consent, to the extent that personal data was processed based on your consent,
- your personal data is no longer necessary for the purposes for which it was collected or processed,
- you have objected to the use of your data for marketing purposes,
- you have objected to the use of your data for the purpose of conducting statistics on the use of the Services and satisfaction surveys, and your objection is deemed to be valid,
- your personal data is being processed unlawfully.
Despite your request to delete your personal data, due to an objection or withdrawal of consent, we may retain certain personal data to the extent necessary for the purposes of establishing, pursuing or defending claims. This includes, but is not limited to, your name, surname and e-mail address, which we retain for the purpose of handling complaints and claims relating to the use of our Services.
- to limitation of data processing. You may request that we restrict the processing of your personal data to the sole purpose of storing it or carrying out activities that have been agreed upon with you, if in your opinion we have incorrect data about you or are processing it unjustifiably, or you do not want us to delete it because you need it to establish, pursue or defend claims, or for as long as you object to the data processing. You have the right to request restrictions on the use of your personal data in the following cases:
- when you question the accuracy of your personal data, in which case we will limit its use for the time needed for us to verify the accuracy of your data,
- when the processing of your data is unlawful and instead of deletion you request the restriction of its use,
- when your personal data is no longer necessary for the purposes for which we collected it or used it, but you need it to establish, pursue or defend claims,
- where you have objected to the use of your data, in which case the restriction is for the time necessary for us to consider whether, in view of your particular situation, the protection of your interests, rights and freedoms outweighs the interests we exercise by processing your personal data.
- to object to the processing of your data for direct marketing purposes. If you exercise this right, we will stop processing your data for this purpose. If your objection proves to be valid and we have no other legal basis for processing your personal data, then we will delete this of your data that you have objected to the use of.
- to data portability. You have the right to receive from us, in a structured, commonly used machine-readable format, such as CSV, personal data about you that you have provided to us based on your consent. You can also instruct us to send this data directly to another entity.
- to lodge a complaint with a supervisory authority. You may submit complaints, inquiries and requests to us regarding the processing of your personal data and the exercise of your rights. If you believe that we are processing your data unlawfully, you may file a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office with its registered office at Stawki 2 street in Warsaw.
Who do we share your personal information with?
We may share your data only if you have given your consent, or without your consent – with authorized entities (Recipients), if necessary. These are persons authorized by us to process personal data in the performance of their official duties, entities to which we outsource accounting, HR, legal and tax services, in particular
based on entrustment contracts for the processing of personal data, as well as social plugins providers and advertising agencies with whom we have contracts to provide advertising services. We also share your data with organizations indicated by law when we are legally obligated to do so, and when it is necessary to protect the vested interests of the data subject or another natural person. We have the right to share data and information about Users within the framework of ongoing proceedings with authorized authorities, such as prosecutors or courts.
How long do we keep your personal data?
We will process your personal data for the period during which you may direct any claims against the Controller relating to the performance of the Services, but no longer than six years. If the processing is based on your consent, we will process your data until your consent is withdrawn. We may also decide to stop processing your data at any time if we determine that the consents we have received from you are no longer valid or if the processing of your data for the remaining purposes is no longer necessary for their performance, e.g. in the event of the end of a contract between you and us or in the event of performance of an obligation for which the data was collected.
How can you contact us
If you wish to contact us, you can do so by writing an email to: firstname.lastname@example.org
Cookies are IT data, in particular small text files stored on the User’s terminal equipment, in particular to carry out the Services and to ensure efficient use of the Services (e.g. saving and storing settings and User preferences, adapting website content to User preferences). They are also used to input and store information, to enable automatic login to those of the Services that enable login, to compile data counters, statistics, monitor activity and evaluate visitor use, and to compile reports on website traffic and provide other services related to website traffic and Internet usage, as well as to enable login and session compilation on those of the Services that enable it. The solutions used are safe for the devices of the Users.
Cookies typically contain the name of the website or application from which they originate, the time they are stored on your terminal equipment and a unique number.
The Services may use two main types of Cookies: “session” (session cookies) and “persistent” (persistent cookies).
“Session” cookies are temporary files that are stored on the User’s terminal equipment until they log off, leave the website or turn off the software (web browser). “Persistent” Cookies are stored on the User’s terminal equipment for the time specified in the parameters of the Cookies or until they are deleted by the User.
The Services may use the following types of Cookies:
- “essential” Cookies enabling the use of the Services, such as authentication Cookies used for services that require authentication,
- Secure cookies, such as those used to detect authentication abuse,
- “Performance” Cookies allowing collection of information about the way of use of the Services,
- “Functionality” Cookies that enable “remembering” the User’s selected settings and personalizing the User’s interface, e.g. with regard to the chosen language or region of origin of the User, the font size, the appearance of the website, etc.,
- “advertising”, allowing provision of advertising content more tailored to the interests of the User.
In many cases, the software used to browse the Internet (web browser) allows the storage of Cookies on the User’s terminal equipment by default. Users can change their Cookies settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of Cookies in the settings of the web browser or inform on their placement on the User’s terminal equipment each time. Detailed information about the possibility and methods of using Cookies is available in software settings (web browser).
Cookies placed in the User’s terminal equipment can also be used by advertisers and partners cooperating with the Administrator.
In addition, the Administrator uses technologies similar to Cookies, i.e. social plugins, i.e. tools that enable connection with popular social networking services. The following social plugins are currently used:
Twitter, Inc. – a plugin that allows referral to Twitter. By using such a plugin, the User is logging into the aforementioned service, which has privacy principles that differ from the Services. You can view them under the link: https://twitter.com/en/privacy and https://help.twitter.com/en/rules-and-policies/twitter-cookies.
Meta Platforms Ireland Ltd. – a plugin that allows referral to Instagram and Facebook. By using such a plugin, the User is logging into the aforementioned services, which have privacy principles that differ from the Services. You can view them under the link: https://www.facebook.com/policy.php and https://www.facebook.com/policy/cookies.
LinkedIn Ireland Unlimited Company – a plugin that allows referral to LinkedIn. By using such a plugin, the User is logging into the aforementioned service, which has privacy principles that differ from the Services. You can view them under the link: https://www.linkedin.com/legal/privacy-policy.
The User may consent to receive Web-Push notifications via the web browser the User is using. For this purpose, the browser will assign a special ID to the User, to which it will send relevant messages. Resignation from receiving Web-Push notifications is possible by changing the User’s browser settings.
The Administrator also uses the HubSpot tool, which involves the use of additional Cookies. The detailed scope and way of operation of individual Cookies can be found on the HubSpot website at: https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser.
HubSpot tracks Users using browser Cookies, which means that a User’s activity is monitored anonymously. If a User submits his or her data in one of the forms, HubSpot will correlate the User’s previous views of each subpage based on the Cookie that tracks that User. If deletion of Cookies occurs, the User will be treated as a new user and a new Cookie will be assigned to him/her. The HubSpot tool will attribute website views to a User if the User clicks on a link provided in an email that redirects to a website with the HubSpot tracking code installed.
More information about Cookies is available in the “Settings” or “Help” section of your web browser’s menu, and detailed information about how the HubSpot tool works is available at https://knowledge.hubspot.com/account/how-does-hubspot-track-visitors.
The Service may use the following types of cookies:
- “Necessary” cookies, enabling the use of services available on the Service, e.g., authentication cookies used for services that require authentication on the Service;
- cookies used to ensure security e.g., used to detect fraud in the field of authentication in the Service;
- “Performance” cookies, enabling the collection of information on the use of Service pages;
- “Functional” cookies, allowing “remembering” the settings selected by the user and personalizing the user’s interface, e.g., regarding the language or region of the user’s origin, size of the font, appearance of the website, etc.;
- In many cases, software used for browsing websites (web browser) allows cookies to be stored in the user’s end device by default. Service users can change their cookie settings at any time. These settings can be changed in particular to block the automatic handling of cookies in the web browser’s settings or to inform them of each entry in the device of the Service user. Detailed information about the possibilities and ways of handling cookies are available in the software (web browser) settings.
- Cookies placed on the Service user’s end device may also be used by advertisers and partners cooperating with the Service Operator.
- More information about cookies is available in the “Settings” or “Help” section in the menu of your web browser.
Trademarks and copyrights
Unless otherwise stated, the copyrights to the pages, information, materials and their arrangement belong to Deviniti Sp. z o.o. or Deviniti Sp. z o.o. holds the relevant licence to them.
The https://deviniti.com/ website also contains trademarks, trade names, and logos registered by both Deviniti Sp. z o.o. and third parties. They have been used for identification purposes only. By making them available, Deviniti Sp. z o.o. does not grant any license to use them in any way.
The Users may print, reproduce, copy, or temporarily store portions of https://deviniti.com for their own use or in connection with their use of Deviniti Sp. z o.o. Services.
The Users are not allowed to make any changes to the content from https://deviniti.com.
The detailed scope of permitted and prohibited use of content originating from the https://deviniti.com website is specified by the provisions of law, in particular the Act of 4 February 1994 on Copyright and Related Rights . Violation of these rights is subject to civil and criminal penalties.
As part of using the Services, in particular within the https://deviniti.com/ website, links to other websites may appear. Such websites operate independently of the Administrator and are not supervised by the Administrator in any way. These websites may have their own privacy policies and regulations, which we recommend reading.