Protecting your personal data is very important to us. This is why we believe in the principle of data avoidance. All information on our web site is available to you without the need to provide any personal data. Only if you require assistance and open a support ticket or book a screen share session, personal data such as your name and email address is recorded, and it is only used for getting in touch with you, sorting out your problem, and following up thereafter. By providing these details to us, you agree that we use this data for these purposes.
We store your data on servers in the European Union and in the United States of America, and we do not pass them on to anyone, except if we receive a request for information from competent authorities, or if we have requested and received your explicit permission.
Your data is stored in a secured environment, and all transmission while you provide your details to us or while we are processing them is encrypted (except if you choose not to use encryption when visiting our web site). There is of course no such thing as absolute security.
Legal basis of this Data Protection Statement is the European General Data Protection Regulation EU GDPR.
We want you to be able to understand what we write, and we therefore use terms in accordance with the DS-GVO, defined as follows.
All information related to an identified or identifiable natural person, e.g. name, address, phone number or email address. Affected person An individual whose personal data is stored and processed by us.
Any procedure (collection, storage, modification, extraction, use, or deletion) that makes use of your personal data.
Natural or legal person making decisions about the processing of your data. In our case, this is the board of directors of the company.
By providing your personal data to us, you give consent to process your data in accordance with this Data Protection Statement. We do not acquire personal data from sources other than yourself.
Log data are automatically collected and stored records of activity and exceptional events. Some cloud-based apps may write log data, but it will not contain any personal data. Log data is also recorded when you use our web site, and even though no personal data is contained in these records, it may be possible to attribute such records with personal data if you are accessing our support web site. These records are only collected for diagnostic purposes; they are kept for a few days at most. The same holds true for debugging output of our servers and their software.
Authorities of the Federal Republic of Germany who are entitled by law to request information from us about your personal data.
3. Name and address of responsible person
Responsible person in terms of the Data Protection Regulation and other data protection laws and regulations within the jurisdiction of the European Union is the board of directors.
You may contact us at:
- resolution Reichert Network
Solutions GmbH Oklahomastr. 14
66482 Zweibrücken Deutschland
5. Log data of our web site
While you are using our web site, each access to elements on it will be logged. We record a time stamp, the source IP address, what has been accessed, as well as your web browser’s and your operating system’s make and version, if provided by your web browser. We also record the so-called referer (i.e. the web page you came from) if sent by your browser. While you are logged in to our web site, your account name is logged along with these data. No personal data is contained in the web server log.
The log is only used for analyzing bugs and problems, and for defensive purposes. No-one (except for entitled authorities on request) outside the company has access to this log. All log records are automatically deleted after a few days.
6. Debugging output of servers, programs, and scripts
It is possible that debug output of programs and scripts on our servers contains personal data (but this will be limited to names and email addresses). Only very few people have access to this debug output. Such output is only used for debugging purposes. No-one outside the company (except entitled authorities) is given access to debug output, and all such output is deleted automatically after several days.
7. Google Analytics, Google Tag Manager
8. Your rights as an affected person
Right of verification
You are entitled to require verification whether or not your personal data is stored and processed by us. However, you may assume that this is only the case if you have provided these data to us when requesting support or have otherwise contacted us.
If you still require information from us, please contact us. We are here to help!
Right of information
- Of course you are entitled to require information from us about your personal data that we store and process. Rest assured though that this will be no other data than details you have provided to us. Regardless, affected persons may request information about:
- Reasons for processing
- Categories of personal data that are processed
- Who has access to your personal data
- Retention periods
- Your right to correct or delete personal data
- Your right to object or limit processing of personal data
- Your right to complain to regulating authorities
- Source of data, if not provided by the affected person
We believe that we are providing answers to all these informatory rights, but you may of course request such information from us.
Right of correction
Have you noticed that we have mis-spelt your name or that something else we have recorded about you is not correct? Let us know, and we will fix it.
Right of deletion (“right to be forgotten”)
If you would like us to delete all personal data we have recorded during customer support activity, just let us know. You need to understand, however, that we will no longer be able to assist you in this case.
Right of limited processing
We only store very little personal data. If there is something you would not like us to further store and process, please let us know. It may mean, however, that we need to delete all your personal data with all consequences.
Right of data transferral
We do not have any data records in transferrable form. If you would like us to provide all personal data we have on record about you, we can only do this in free-text form.
Right of objection
You may object to processing of your personal data. This is most easily done by not providing those details to us in the first place, or by requesting deletion of your personal data.
Automated decisions, including profiling
We do not perform any kind of profiling or automated decision making.
Revocation of consent
You consent that we store and process your personal data by providing these data. This implicit consent is of course revocable. Please note however that this is likely equal to requesting deletion of all your personal data.
9. App-specific information
All data related to the configuration the user puts in (short URL, long URL, anchor, note), is stored on customer premises. If the user activates the recording of access events, this data is stored on the user site too. I contains the accessor’s anonymized IP address, their user agent and the page they accessed. This option is disabled by default. The app does not establish contact to anything outside of the Confluence system(s) it is installed on.
The apps are run on servers provided by Heroku (a Salesforce company) in the USA.
For regular operation, logs contain some anonymized metadata about operations. In case of program errors, logs are more detailed and may contain personal information. These logs are only used to debug the apps and can only be accessed by the cloud admins (i.e. specific people within resolution GmbH). Logs are hosted on Papertrail by SolarWinds in the USA and retained for up to 1 year. An example of such data is the text of messages that caused the issue and the error that occurred, e.g. a message that encountered a conversion error in Joint Rooms.
Data learned by the apps during their operation that is not needed for their proper function (e.g. messages that were scanned for relevant triggers but that didn’t contain any) is immediately discarded.
Some of our apps request access to user data (name, email). Such data is never used outside of the context of the apps and is also never stored in any database. It is always requested from Atlassian services ad-hoc. An example would be the names that need to be transmitted during operation of Joint Rooms or in the outgoing webhooks in Unified Webhooks.
For our Stride apps, all configuration data and data necessary to run the apps which needs to be saved for a short time (e.g. the room codes for Joint Rooms or temporarily cached site information) are also stored in mLab databases. Access to these databases is restricted to the cloud admins, but it may be accessed by support personnel while dealing with support cases and for analytics purposes. An example for such data is anything that’s entered into the configuration interface, as well as (due to a technical problem in the API) the site name.
Data storage for Google Analytics for Confluence and Out of Office for Jira Cloud happens on the instances they are installed on, with the exception of authorization data for those instances. This authorization data is stored in databases provided by mLab and hosted by Heroku in the USA. The authorization data consists of randomly generated secrets that are shared between Atlassian and our apps.
There is additional information available for our cloud apps:
Have you got further questions? Please do not hesitate to contact us, we are here to help!