Privacy Policy
Introduction
The document covers personal data handling aspects in products created by Big Fig Tree – Atlassian Marketplace vendor. The products include add-ons for Atlassian ecosystem and bigfigtree.com website service.
If it is not explicitly stated otherwise in notification, information, agreement or communicated in a similar manner, Big Fig Tree shall be understood as vendor.
The Privacy Policy applies to end-user of our products and visitors of our website.
If you disagree with any the document statement you will need to stop using our products and the service.
Personal information
We collect and process the minimum data required and they may include the following personal data:
- Name, surname, email address, Atlassian user key, user add-on settings
- Client IP address, license number
- Technical contacts
- Information about access and use of our website including through the use of Internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider
- additional personal information that you provide to us
- any other personal information requested by us and/or provided by you or a third party
Use of personal information
We may process, store and use personal information for the following purposes:
- Make our products fully operational
- To contact and communicate with you, including sending feedback, best practices and marketing information
- To improve our products and services
- Tax and accounting
Disclosure of personal information to third parties
We use third party service providers to host our website, add-ons, provide data storage and backup system. This service providers may process your personal information for the purpose of providing those services for us. We require that used third party services either comply with the privacy shield principles set out in the GDPR or another mechanism set out by applicable EU & Swiss data protection laws for the transfer and processing of personal information.
We use the following third party services to store and process your personal information:
- Atlassian
- Amazon Web Services
- ObjectLabs Corporation
User rights
User of our products have the following rights:
- The right to be informed – users have the right to be informed about the collection and use of their personal data. Our Privacy Policy contains this information.
- The right of access – users have the right to access their personal data
- The right to rectification – users have the right to to have inaccurate personal data rectified, or completed if it is incomplete
- The right to erasure – we remove personal data on authorized user request
- The right to restrict processing – users have the right to request that we temporarily suspend all our processing of your personal data with the exception of storing them.
- The right to data portability – users have the right to obtain and reuse their personal data for their own purposes
- The right to object – users have the right to stop their data being used for direct marketing
Changes to our Privacy Policy
If we change our Privacy Policy, we will post the amendments on this page to keep you up-to-date on what has changed. Adjustments to this Privacy Policy are effective from the date they are posted on this page.
Contact
If you have any questions or concerns regarding privacy, please send us an email message to support@bigfigtree.com. Your data security is important to us and we will do our very best to resolve your concerns.
Data Processing Addendum
Introduction
The document describes how Big Fig Tree – an Atlassian Marketplace vendor (“Processor”) will process personal data on behalf of the customer (“Controller”). If it is not explicitly stated otherwise in notification, information, agreement or communicated in a similar manner, Big Fig Tree shall be understood as the both vendors (1) (2).
Data Processing
The Processor will process certain categories and types of Controller’s personal data on behalf of the Controller. Personal data includes “any information relating to a living, identified or identifiable natural person” as defined in GDPR Art. 4, 1.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The Processor processes the following types of personal data:
- Name, surname, email address, Atlassian user key, user add-on settings
- Client IP address, license number
- Technical contacts
- Information about access and use of our website including through the use of Internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider
- additional personal information that you provide to us
- any other personal information requested by us and/or provided by you or a third party
- in case of add-on products developed by Big Fig Tree and purchased via Atlassian Marketplace , some data (including without limitation, your name, company name (if any), addresses (including e-mail address) and phone number) was shared by Atlassian Pty Ltd, an Australian corporation (ABN 53 102 443 916) on the basis of your consent granted by acceptance of Atlassian Marketplace Terms of Use.
Data Processing Scope
The Processor only performs processing activities necessary to make its products and services operational.
The Controller guarantees to process personal data in accordance with the requirements of Data Protection Laws and Regulations.
The Controller will be solely responsible for the accuracy, quality, and legality of Personal Data and the means by which they were obtained.
Confidentiality
The Processor shall treat the personal data as strictly confidential information.
The Processor will not access or use, or disclose to any third party, any personal data, except, in each case, as necessary to maintain or provide its products operational, or as necessary to comply with the law.
The personal data may not be copied, transferred or otherwise processed in conflict with the Privacy Policy and Data Processing Addendum documents.
The Processor access personal data by trained personnel only.
The Processor imposes appropriate contractual obligations upon its personnel, including relevant obligations regarding confidentiality, data protection and data security.
Security of Data Processing
Big Fig Tree provides the following security statement with a promise to adhere to the highest effective industry standards. We implement appropriate technical safeguards as HTTPs to guard your personal data, however, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers.
The personal data will be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage.
In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures such as encryption of personal information, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
We cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent Privacy Policy or Data Processing Addendum documents.
Limitation of Liability
The total aggregate liability towards the Customer, of whatever nature, whether in contract, tort or otherwise, of the Data Processor for any losses whatsoever and howsoever caused arising from or in any way connected with this engagement shall be subject to the “Limitation of Liability” clause set out in the EULA. Nothing in this DPA will relieve the processor of its own direct responsibilities and liabilities under the GDPR.
Remuneration and costs (Optional)
The Data Controller shall upon request remunerate the Data Processor based on the time spent to perform the obligations regarding ‘Data protection impact assessments and prior consultation’, ‘Rights of the data subjects’, ‘Personal Data Breaches’, and ‘Documentation of compliance and Audit Rights’ of this Data Processor Agreement based on the Data Processor’s hourly rates.
Duration
The Data Processor Addendum shall remain in force until the support service is provided under EULA.
Security Breach Notification
The Processor will notify the Controller of security incident without undue delay after becoming aware of the security incident.
The Processor will take reasonable steps to mitigate the effects and to minimise any damage resulting from the security incident.
Transfers of Personal Data
Ordinarily, the Data Processor will not transfer your data to countries outside the European Economic Area. In some cases, personal data will be saved on storage solutions that have servers outside the European Economic Area (EEA), [for example, Amazon Web Services or Google Drive]. Only those storage solutions that provide secure services with adequate relevant safeguards will be employed.
Subprocessors
The Processor uses following third party service providers and authorizes them to process the personal data:
- Amazon Web Services, Inc.
- ObjectLabs Corporation
- Atlassian Corporation Plc
- Google, Inc.
According to GDPR regulations this service providers are Subprocessors.
The Processor shall monitor and control its Subprocessors if they follow GDPR regulations.
Termination of the DPA
This DPA shall continue in force until the support service is provided under EULA.
In case of termination of the DPA, the Processor will delete the Controller’s personal data with exception of data removal from a backup storage.