Protecting your data and your privacy is a high priority and is very important to us. Pristine Bytes is pursuant to German law (“We”, “us” or “our”) adhere to a strict policy for ensuring the security and privacy of your data, in particular, your personally identifiable information (such as name, address, email address, and/or other identifiable information, collectively such personally identifiable information “Personal Data”).
We provide hosted services (“Cloud Apps”) for Atlassian Cloud Products (“Atlassian Cloud Product”) via the Atlassian Marketplace (https://marketplace.atlassian.com/). The apps are delivered through the Atlassian Connect framework (“Atlassian Connect”). Cloud Apps can be identified by the “Cloud” category in the corresponding Atlassian Marketplace listing.
In the following, all data processed by you via an Atlassian Cloud Product and one of our Apps are defined as “Customer Data”.
2. Name and Address of the Controller pursuant to Art. 4 No. 7 GDPR
Phone: +49 721 90 981 444
3. General Information regarding the Data Processing
a) Scope of the data processing
We only collect and use personal data of our users insofar as this is necessary to provide our services. The collection and use of personal data of our users regularly takes place only with the user’s consent. An exception applies in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
b) Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para.1 s.1 lit.a GDPR serves as the legal basis.
If the processing of personal data is required for the performance of a contract to which the data subject is a party, Art. 6 para.1 s.1 lit.b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para.1 s.1 lit.c GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para.1 s.1 lit.f GDPR serves as the legal basis for processing.
c) Data deletion and storage period
Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Data may be stored beyond that time if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which we are subject.
The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
4. Your Rights as Data Subject
You have the following rights towards us regarding your personal data:
- Right to information,
- Right to correction or deletion,
- Right to restrict processing,
- Right to object to the processing,
- Right to data transferability.
Please send an email to email@example.com in order to exercise one or more of the aforementioned rights. If you believe that the processing of personal data concerning you violates the GDPR, you have the right of appeal to a supervisory authority, without prejudice to any other remedies.
If you have given your consent to the processing of your data, you can revoke this at any time. Such revocation affects the permissibility of processing your personal data after you have given it to us.
If we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case if processing is not necessary, in particular, to fulfil a contract with you, which is described by us in the following description of the functions. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons for protection, on the basis of which we will continue processing.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising contradiction under the following contact data: firstname.lastname@example.org.
5. General Information regarding Data Processing with our Cloud Apps
Unless otherwise stated below our Cloud Apps do not store Customer Data locally, but store Customer Data in the corresponding Atlassian Cloud Product.
Account Data: Our Cloud Apps store Customer Data provided and generated by Atlassian, that are required for license validation, contract administration and communication with you as our customer. This includes your customer ID, URL of the Atlassian Cloud Product instance, installation details and access keys.
Operation Data: Our Cloud Apps temporarily store Customer Data which is required for the operation of the service. Such data for example includes macros, webhooks, issue and page content or other content accessible by the app.
Customer Uploaded Data: Our Cloud Apps store Data created with and for the Cloud Apps and stored within the Cloud Apps by you using the user interface. This includes for example templates (e.g. word documents, pdf-documents), configuration data or metadata.
Session Data: Our Cloud Apps store data resulting from your use of the service. This includes:
- date and time of the request
- time zone difference to Greenwich Mean Time (GMT)
- content of the request (specific page)
- access status/HTTP status code
- the amount of data transferred in each case
- website from which the request comes
- operating system and its surface
- language and version of the browser software.
6. Specific Information regarding particular Cloud Apps
- Bulk Attachment Download: No additional data is stored.
- Mind Maps for Confluence: No additional data is stored.
7. Data Location
Error and access reports are stored with Sentry. The Sentry privacy statement can be found at https://sentry.io/privacy/.
8. Access to Customer Data
To some extent, we use external service providers to process your data (e.g. AWS). These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly. Our external service providers process your personal data on the basis of a data protection agreement that complies with legal requirements.
These service providers belong to the following categories:
- hosting service providers,
- billing service providers,
- payment settlement service providers,
- user authentication service providers,
- communication service provider,
- fault and malfunction analysis service providers,
- analytics service providers,
- customer relationship management service providers.
Some of the external service providers are located in so-called third countries outside the European Union. In order to guarantee an adequate level of data protection, the service providers have either (i) submitted to the EU-US Privacy Shield (see https://www.privacyshield.gov/EU-US-Framework), or (ii) we have concluded data protection agreements with the providers on the basis of the so-called EU standard contract clauses, https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=EN.
The inclusion of the service providers is based on Art. 6 para.1 s.1 lit.f GDPR. It is necessary in order to be able to provide the services.