Effective starting: July 7, 2019
The protection and privacy of your data, including personal data, is very important to Innovalog (“Innovalog” or “we”).
The first category is data processed through Innovalog’s Jira Misc. Workflow Extensions (“JMWE”) for Jira Cloud app (the “Cloud App”) which is used in conjunction with your Atlassian Jira Cloud instance. Please note, if you are using Innovalog’s Jira Misc. Workflow Extensions for Jira Server or Jira Data Center, or Jira Misc. Custom Fields for Jira Server or Jira Data Center (collectively the “Server-Apps”), Innovalog does not process or see any of the data you process through the Server Apps as the data does not leave your Jira Server or data center.
The second category is information received from: (1) our Website (www.innovalog.com); (2) our Blog (www.innovalog.com/jira-blog); (3) our newsletter subscription forms (“Newsletters”); (4) our Support Help Desk; (5) our user engagement activities (“Surveys”); and (6) from the Atlassian Marketplace (collectively these are referred to as “Standard Services”).
By utilizing the Apps and Standard Services, you expressly acknowledge and accept this Policy, and such consent grants us the faculty to treat your personal data (“Personal Data”) as set forth herein and in accordance with the laws, regulations and other applicable legislation within the Territories (as defined below) applicable to your use.
Collection and Usage of Information processed by the Apps (JMWE and JMCF)
Innovalog does NOT collect or store any information or data you process through the Apps.
The data you process through the Apps is transferred from your Jira instance to the Apps processors which are provided through Innovalog’s account with Heroku (“Heroku”). Heroku utilizes Amazon’s secure data centers and the Amazon Web Service (“AWS”) technology. Processed information and data from the Apps is then transferred back to your Jira instance. Innovalog does not collect, retain, or store your data.
The data you process through the Apps is protected and secured by Heroku’s security which you can learn about here: https://www.heroku.com/policy/security. You can learn about AWS’ security here: https://aws.amazon.com/security/.
Logs are created when you process data through the Apps. Innovalog uses Loggly, a third-party service, to store and manage these logs. These logs are automatically deleted on a 30-day schedule.
Other than the logs, Innovalog does not collect usage data of your use of the Apps.
Collection and Usage of Standard Services Information
Website, Blog, Newsletters, Support, Surveys, and the Atlassian Marketplace
Website: Innovalog uses Google Analytics to track user flow on our Website and for such purposes uses a cookie. In addition, if you sign up for one of Innovalog’s Newsletters we will store and use your email and any other information you provide to send product information and updates.
Blog: Innovalog uses Google Analytics to track user flow on our Blog and for such purposes uses a cookie. For unregistered users, browsing on the Blog is anonymous. However, if you choose to leave comments you can do so anonymously or can sign up for an account. If you create or have an account, we use a cookie to track your session and we receive and store your name, email, and any other information you provide.
Support: As an active or potential customer through Atlassian, you may register for one or more of our Support Service Desks in order to submit support tickets or by submitting a support request through email. In such instances, Innovalog will store your name (if entered), email address, and support details in our Jira Service Desk instance running in the Atlassian Cloud.
Surveys: You may participate in one of our Surveys. In such instances, we collect and store the information you provide within our Google Forms’ account. Data related to surveys are stored in Google Forms. You can review Google’s security practices here: https://cloud.google.com/security/.
How We Use the Information
We use the information we collect for: (1) personalizing your experience; (2) communication and marketing; (3) research and development of features and products; (4) safety and security; (5) legal rights and business interest; and (6) where you provide consent for a specific purpose. How we use the information we collect also depends in part on which Standard Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the Personal Information we collect about you.
- To provide the Standard Services and personalize your experience: We use Personal Data to provide customer support and to operate and maintain the Services. Where you use multiple Services, we may combine information about you and your activities to provide an integrated experience, such as to allow you to find information from one Standard Service while searching from another or to present relevant product information.
- Communication: We use your contact information to send certain communications via email, including responding to your comments, questions and requests, providing customer support, and sending you technical notices or updates, security alerts, and administrative messages.
a. We use Mailchimp, a third-party email marketing platform, for sending product related emails. You can control whether you want to receive these communications by opting-out whenever you receive such a communication from Innovalog by using the included opt-out link in any such communication.
3. For research and development: We are always looking for ways to make our Cloud App and Standard Services smarter, faster, better integrated, more secure and useful to you. We use collective learnings about how people use our Cloud App and Standard Services and feedback provided to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Cloud App and Standard Services. We also use Surveys and test and analyze certain new features with some users before rolling the feature out to all users. We also use third-party analysis tools like Zoho Analytics to analyze our Standard Service related data for improving our Standard Services.
4. For safety and security: We use information about you and your use of the Cloud App and Standard Services to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of our policies.
5. To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
6. With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories with your permission. Such consent may be provided through your acceptance of our end user agreement or consent you provided through one of our third-party partners (i.e. Atlassian) in accepting their end user agreement.
7. Legal bases for processing (for EEA users): If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal basis for doing so under applicable EU laws. The legal basis depends on the Standard Services you use and how you use them. This means we collect and use your information only where:
• we need it to provide you with the Standard Services pertaining to the Apps;
• it satisfies a legitimate interest which is not prohibited by your data protection rights, such as for research and development or to protect our legal rights;
• you give us consent to do so for a specific purpose; or
• we need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time through exercise of your Personal Rights as set forth below. However, this will not affect any processing of your information that has already taken place.
Security, Storage and Data Retention
Security and Storage for Information processed through the Apps: As described above, Innovalog does NOT collect or store any information or data you process through the Apps. The information and data you process through the Cloud App is transferred from your Jira Cloud instance to the Cloud App processors which are provided through Innovalog’s account with Heroku. Heroku utilizes Amazon’s secure data centers and AWS technology. Processed data from the Cloud App is then transferred back to your Jira instance. Innovalog does not collect, retain, or store your data related to the Cloud App or Server Apps.
Security and Storage for Standard Services Information: The security and storage of information related to our Standard Services is dependent upon which of the Standard Services (Website, Blog, Newsletters, Support, and the Atlassian Marketplace) you utilize. We use various service providers to host the data we collect, and we use technical measures to secure your data. We ensure a variety of security measures are implemented by such service providers, including firewalls, Secure Socket Layer (SSL) technology, encryption and authentication tools, to help protect your information. We protect your Personal Data with the same or better security measures than we protect our company data. Specifically, the following service providers are used for the identified Standard Services:
- Surveys: Data related to surveys are stored in Google Forms. You can review Google’s security practices here: https://cloud.google.com/security/
- Newsletters: Data related to the Newsletters is stored in Mailchimp’s system. You can review MailChimp’s security practices here: https://mailchimp.com/legal/privacy/
- Support: Data related to Support is securely stored in an Atlassian Jira Service Desk Cloud instance.
Personal Data Retention
Innovalog will retain Personal Data for as long as needed to provide the Standard Services to you. Innovalog will also retain Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce this Policy and our agreements.
Account information: We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Standard Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Standard Services. Where we retain information for Apps or Standard Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
How We Share Information
Innovalog does not sell or rent your Personal Data to any third party without your consent. We do share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Apps or Standard Services as outlined below.
Service Providers: We work with third-party service providers to provide application development, hosting, maintenance, newsletters, support, logs, marketplace, backup, storage, virtual infrastructure, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
With your consent: We share data about you with third parties when you give us consent to do so. For example, we often display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name alongside the testimonial. Such consent may be provided through your acceptance of our end user agreement or consent you provided through one of our third-party partners (i.e. Atlassian) in accepting their end user agreement.
Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights: In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect Atlassian, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person. For more information on how we respond to government requests, see our Guidelines for Law Enforcement and our Transparency Report.
We may transfer your Personal Data to third parties in the following situations:
- When you have given us consent to do so;
- In response to subpoenas, court orders, or legal process by disclosing your data and other related information, if necessary or to establish or exercise our legal rights or defend against legal claims; or
International transfers of information we collect
We collect information globally and primarily store that information with our service providers. Some of those service providers have their data stored in the United States. We may transfer, process and store your information outside of your country of residence, to wherever we, or our third-party service providers, operate for the purpose of providing you the Apps or Standard Services. Whenever we transfer your information, we take steps to protect it.
Information for EU Data Subjects Related to Personal Data
- For the Cloud App, Innovalog is considered a processor. Innovalog may use sub-processors. Innovalog has entered into appropriate Data Processing Agreements with our sub-processors setting forth the protection of Personal Data. We may transfer Personal Data to third party processor companies (i.e. cloud data and server services) that help us provide our Apps or Standard Services. Such third-party processors are controlled by data processing agreements providing the same protections of your Personal Data as set forth herein.
- For the Standard Services, Innovalog is considered a controller. Innovalog may use processors. Innovalog has entered into appropriate Data Processing Agreements with our sub-processors setting forth the protection of Personal Data. We may transfer Personal Data to third party processor companies (i.e. cloud data and server services) that help us provide our Standard Services. Such third-party processors are controlled by data processing agreements providing the same protections of your Personal Data as set forth herein.
- Only Innovalog’s authorized employees and subcontractors have access to Personal Data relevant to the activities and services they provide to Innovalog. All subcontractors used by Innovalog are contractually bound to the same data security and privacy standards that apply to our employees.
Managed accounts and administrators: If you register or access the Cloud App or Standard Services using an email address with a domain that is owned by your employer or organization, and such organization wishes to establish an organization account, certain information about you including your name, profile picture, contact info, content and past use of your account may become accessible to that organization’s administrator and other users sharing the same domain. If you are an administrator for a particular organization within the Cloud App or Standard Services, we may share your contact information with current or past Service users, for the purpose of facilitating Service-related requests.
Issue Tracker: We offer a publicly accessible issue tracker. You should be aware that any information you provide through the issue tracker - including profile information associated with the account you use to post the information - may be read, collected, and used by any member of the public who accesses the issue tracker. Your posts and certain profile information may remain even after you terminate your account. We urge you to consider the sensitivity of any information you input into the issue tracker. To request removal of your information from the publicly accessible issue tracker operated by us, please contact us as provided below. In some cases, we may not be able to remove your information.
Business Transfers: We may share or transfer information we collect under this Policy in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Standard Services if a transaction takes place, as well as any choices you may have regarding your information.
Links to Other Sites
In addition to the above, the following additional privacy aspects apply:
Innovalog’s use of Personal Data is fully intended to be in compliance with the obligations as set forth in the various laws of the countries the Apps and Standard Services are deployed including, but not limited to, the: United States, Canada, Mexico, countries within the European Union, Australia, and New Zealand (collectively the “Territories”). In accordance with the various Privacy Laws of the Territories which are applicable to you, you are provided the Personal Rights as detailed below.
You are, as data-owner and user of the Standard Service, entitled to (i) access your Personal Data and be informed about the way in which your information is treated, (ii) rectify your personal data in case it is not up-to-date, it is inaccurate or incomplete, (iii) ask for your data to be removed if you consider that it is not used in accordance with the applicable principles, duties and obligations, and (iv) object to the processing of your Personal Data for specific purposes. These rights are known as “Personal Rights”.
How to Exercise Your Personal Rights
- Your ID information and, if applicable, the information of your legal representative. For legal representative, please attach a copy of his/her power-of-attorney.
- A clear and precise description of the Personal Data about which the Personal Rights are to be exercised, as well as the right or rights that are to be exercised.
- An address where you desire to hear and receive Innovalog’s response and any future communications and/or notifications, or, in its case, your desire to receive our response and/or future notifications or responses via email, providing us with your email address.
- If you prefer to correspond via email, you must expressly state your desire to receive Innovalog’s response through an email communication, specifying the corresponding email address.
- As stated above in this Policy, Innovalog does not collect or store any information or data you process through the Apps and logs created from any processing through the Apps are automatically deleted. Therefore, there is no ability or need to request removal of any data related to the Apps.
If your request refers to your right to access data, Innovalog will provide you with copies of the information and/or scanned documents.
Innovalog may refuse the exercise of your Personal Rights in instances permitted by the laws and regulations of the Territories which are applicable to your use and shall inform you about such decision. The refusal may be partial, in which case Innovalog will carry out the access, rectification, cancellation, deletion, or objection in the corresponding part.
Revocation of Your Consent to The Treatment of Personal Data
You, as data-owner, can revoke your consent to the treatment of your personal data in accordance with the procedure set forth above “How to Exercise your Personal Rights”, in the understanding that once we receive your request to revoke your consent we will issue our response within a five-day period.
Options to Limit the Use and Disclosure of Your Personal Data
You, as data-owner, can limit the use and disclosure of your personal data in accordance with the procedure set forth above “How to Exercise your Personal Rights”, in the understanding that once we receive your request to revoke your consent we will issue our response within a five-day period.
Where the Cloud App are made available to you through an organization (e.g. your employer), that organization is the administrator of the Cloud App and is responsible for the accounts and/or Cloud App over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Cloud App is subject to that organization's policies. We are not responsible for the privacy or security practices of an administrator's organization, which may be different than this Policy.
Administrators are able to:
- require you to reset your account password;
- restrict, suspend or terminate your access to the Cloud App;
- access information in and about your account;
- access or retain information stored as part of your account;
- install or uninstall third-party apps or other integrations
In some cases, administrators can also:
- restrict, suspend or terminate your account access;
- change the email address associated with your account;
- change your information, including profile information;
- restrict your ability to edit, restrict, modify or delete information
Even if the Cloud App or Standard Services are not currently administered to you by an organization, if you use an email address provided by an organization (such as your work email address) to access the Cloud App or Standard Services, then the owner of the domain associated with your email address (e.g. your employer) may assert administrative control over your account and use of the Cloud App or Standard Services at a later date.
If you do not want an administrator to be able to assert control over your account or use of the Cloud App or Standard Services, use your personal email address to register for or access the Cloud App or Standard Services. If an administrator has not already asserted control over your account or access to the Cloud App or Standard Services, you can update the email address associated with your account through your account settings in your profile. Once an administrator asserts control over your account or use of the Cloud App or Standard Services, you will no longer be able to change the email address associated with your account without administrator approval.
Please contact your organization or refer to your administrator’s organizational policies for more information.
Last Updated: July 31, 2019