Privacy policy

This Privacy Policy has been created by Deviniti sp. z o.o.
with its registered office in Wrocław at ul. Sudecka 153, 53-128 Wrocław,
KRS: 0000223645, NIP: 897-17-00-419, REGON: 933044506,
with a share capital of PLN 54,400.00 (‘Deviniti’, ‘We’)
and applies to Personal Data that we collect from registered users and licensed users of our applications, collectively referred to as ‘Products’, available on the Atlassian Marketplace website.

The Privacy Policy we have prepared complements our general privacy policy and is intended to give you all the most important information about WHERE, WHEN and WHY we obtain your personal data when you use the Products on the Atlassian Marketplace website. We will also write about what data we process and how we secure it. You will also find information on what you can request from us and what your rights are.

GDPR – we have probably all heard the word. What does it mean? This is the Polish acronym for Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016  on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

What is personal data? Personal data is defined as any information relating to an identified or identifiable natural person. Depending on the context, personal data will therefore be e.g. name, surname, e-mail address, telephone number, bank details, payment card number, IP computer address, however, this is not a closed list.

Why do we collect your personal data?

We collect your personal data in order to operate effectively and to ensure the proper functioning of our Products.

Where do we get your data from? Who is the Controller and who is the Processor?

We may collect your personal data e.g. when you register your user account, modify your account profile, download and install or use our Products. You can provide this information yourself, however, most of our Products are intended for use by companies and other organisations, so in some cases, such an organisation may provide it on your behalf. 

If you are provided with the Products through an organisation (e.g. your employer), that organisation is the controller of your personal data (‘Controller’) and Deviniti processes the data on its behalf and is the Processor (‘Processor’).  If this is the case, please address your data privacy questions directly to the Controller.

Please note that the Controller is fully liable for the data (including personal data) it provides us. It also ensures that it only provides us with personal data that has been obtained and processed in accordance with the law. If you provide us with information (including personal data) about another person, you acknowledge that you have the authority to act on that person’s behalf and agree to this Privacy Policy.

Therefore, if we have not received your data directly from you, we may have received it from third parties who are our customers in the course of our service activities, e.g. from your employer.

What data do we process?

For Products downloaded from the Atlassian Marketplace, we may receive the following data: name, surname, e-mail address, IP address, ID, telephone number, end-user information (avatar, account ID, displayed name), end-user data contained in Jira submissions, projects, attachments and other Jira units of shared applications, company name, country information. The extent of this data varies and depends on the product you intend to use. We are always guided by the principle of data minimisation and only collect data that is necessary to ensure the proper functioning of the Products.

We do not collect personal data from minors, so if you are a minor, please do not send us your personal data (personal data is, depending on the context, e.g. name, surname, e-mail address). If you are a minor, but still wish to use our Products in any way that requires you to provide personal data, then please ask your parent or guardian to do so on your behalf.

What information do we receive from the Atlassian Marketplace?

As an Atlassian partner, we have access to the contact details (e.g. e-mail addresses and names of technical and billing contacts) and licensing information (e.g. number of licences, licence term, etc.) that you provide when you subscribe to or renew a licence for any of our Products in the Atlassian Marketplace. Apart from the data indicated, we do not receive any additional customer data from Atlassian Marketplace.

How do we use your personal data?

Whenever we use your data, we do so to the extent permitted by applicable law. We use your data each time with your consent in order to conduct our business operations, for customer support, for the improvement of our Products, for the provision of our services, so that you can freely and fully benefit from the Products we offer. In addition, we use your data to send communications, including promotional ones. If your consent forms the basis of our use of your personal data, you have the right to withdraw your consent at any time by contacting us directly at e-mail address deviniti@deviniti.com or in writing to: ul. Sudecka 153, 53-128 Wrocław. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

Do we need to have your personal data at our disposal?

Of course not. However, without your personal data, we are unable to provide you with the ability to use our Products and fulfil the other purposes indicated in the Privacy Policy.

How do we contact you?

In addition to contact related to the day-to-day operation of the Product, we may send you messages for direct marketing purposes, including sending commercial and marketing information, premium content and newsletters, by electronic means, enabling webinars and other events. We can then use the domains deviniti.us, deviniti.com and deviniti.com.pl. Marketing content is always sent on the basis of the consent given.

Do we transfer your data to countries outside the European Economic Area?

Some of our Products may be available to you through the use of resources and servers located in various countries around the world, including the US. Therefore, in some cases, your personal data may be transferred outside the European Economic Area, i.e. to trusted entities based outside the EEA, however, this is always done in compliance with the principles expressed in Chapter V of the GDPR. Our suppliers guarantee a high level of the protection of personal data. In particular, such transfers may take place to certified entities (https://www.dataprivacyframework.gov/) and countries for which the European Commission has issued adequacy decisions on the protection of Personal Data (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) without additional requirements and to other countries, primarily on the basis of Standard Contractual Clauses with additional safeguards (technical and legal) or Binding Corporate Rules. We continuously take measures to ensure the security of the transmitted data and the application of appropriate controls to protect this data in accordance with current data protection laws and regulations. 

If the Product you have chosen has the possibility of data residency, you will be informed of this.

Do we process your personal data automatically (including through profiling) in a way that affects your rights?

Your personal data will be processed by automated means (including profiling) within the meaning of the GDPR, however, this will not produce any legal effects on you or similarly significantly affect you. Personal data profiling involves the processing of your data (including by automated means) by using it to evaluate certain information about users, in particular to analyse or forecast personal preferences and interests. We use profiling to individually tailor our Services and targeted marketing communications to your needs and preferences, as well as to score and segment Users in our database according to criteria we define.

For the purpose of profiling, we use the following categories of data in particular: information contained in cookies, information about addresses (including Internet electronic addresses to which your terminal device has been connected), information about your licence number, information about the type of device used and the type and version of software. Profiling may also use automated data processing.

Profiling is done on the basis of your consent, which can be revoked at any time.

What rights do you have against Deviniti Sp. z o.o. with respect to the data processed?

We want you to know that you have the right:

  • to access your data and to receive a copy of it. You have the right to obtain confirmation from us as to whether we are processing your personal data, and if we are, you have the right:
    • to gain access to your personal data,
    • to obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the intended period of storage of your data or the criteria for determining that period, your rights under the GDPR and your right to lodge a complaint with the supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Economic Area,
    • to obtain a copy of your personal data.
  • to rectify (amend) data. You have the right to rectify and complete your personal data. With respect to other personal data, you also have the right to request us to rectify that data (if it is incorrect) and to complete it (if it is incomplete). For this purpose you should contact us.
  • to have your data deleted (right to be forgotten). If in your opinion there are no grounds for us to process your data, you can request that we delete it. You have the right to request deletion of your personal data if:
    • you have withdrawn specific consent, to the extent that personal data was processed based on your consent,
    • your personal data is no longer necessary for the purposes for which it was collected or processed,
    • you have objected to the use of your data for marketing purposes,
    • you have objected to the use of your data for the purpose of conducting statistics on the use of the Services and satisfaction surveys, and your objection is deemed to be valid,
    • your personal data is being processed unlawfully.

Despite your request to delete your personal data, due to an objection or withdrawal of consent, we may retain certain personal data to the extent necessary for the purposes of establishing, pursuing or defending claims. This includes, but is not limited to, your name, surname and e-mail address, which we retain for the purpose of handling complaints and claims relating to the use of our Services.

  •  to restrict data processing. You may request that we restrict the processing of your personal data to the sole purpose of storing it or carrying out activities that have been agreed upon with you, if in your opinion we have incorrect data about you or are processing it unjustifiably, or you do not want us to delete it because you need it to establish, pursue or defend claims, or for as long as you object to the data processing. You have the right to request restrictions on the use of your personal data in the following cases:
    • when you question the accuracy of your personal data, in which case we will limit its use for the time needed for us to verify the accuracy of your data,when the processing of your data is unlawful and instead of deletion you request the restriction of its use,when your personal data is no longer necessary for the purposes for which we collected it or used it, but you need it to establish, pursue or defend claims,
    • where you have objected to the use of your data, in which case the restriction shall be for the time necessary for us to consider whether, in view of your particular situation, the protection of your interests, rights and freedoms outweighs the interests we exercise by processing your personal data.
  • to object to the processing of your data for direct marketing purposes. If you exercise this right, we will stop processing your data for this purpose. If your objection proves to be valid and we have no other legal basis for processing your personal data, then we will delete this of your data that you have objected to the use of.
  • to data portability. You have the right to receive from us, in a structured, commonly used machine-readable format, such as CSV, personal data about you that you have provided us based on your consent. You can also instruct us to send this data directly to another entity.
  • to lodge a complaint with a supervisory authority. You may submit complaints, inquiries and requests to us regarding the processing of your personal data and the exercise of your rights. If you believe that we are processing your data unlawfully, you may file a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office with its registered office at ul. Stawki 2 in Warsaw.

Is your data safe?

We have implemented technical, organisational and administrative measures to sufficiently protect the personal data transmitted to us. We encrypt data during both transmission and storage. Access to the data is restricted and subject to a confidentiality obligation. We ensure that all appropriate safeguards are in place whenever personal data is transferred, including outside the EU and EEA.

Our services are hosted, for example, in security-certified Amazon Web Services (AWS), Salesforce and Heroku data centres. In addition, we ensure that data transfers take place on the basis of appropriate documents guaranteeing adequate security of the data transferred, including the DPA. You can find a full list of processing subcontractors below.

How long do we store your data?

We store your data for as long as required, taking into account the purpose for which the data was collected so as to ensure the correct functioning of the Product you are using. We may be obliged to keep certain data for a longer period of time if the applicable law so provides. For Products downloaded from the Atlassian Marketplace, we store your data for 12 months from the date of upload. We may also decide to stop processing your data at any time if we determine that the consents we have received from you are no longer valid or if the processing of your data for the remaining purposes is no longer necessary for their performance, e.g. in the event of the end of a contract between you and us or in the event of performance of an obligation for which the data was collected.

How can you contact us

If you wish to contact us, you can do so by writing an e-mail to: deviniti@deviniti.com.

The Data Processing Agreement is an integral part of the Policy. Read its contents using the link below:


List of Processing Subcontractors