Protecting your personal data is very important to us. This is why we believe in the principle of data avoidance. All information on our web site is available to you without the need to provide any personal data. Only if you require assistance and open a support ticket or book a screen share session, personal data such as your name and email address is recorded, and it is only used for getting in touch with you, sorting out your problem, and following up thereafter. By providing these details to us, you agree that we use this data for these purposes.
We store your data on servers in the European Union and in the United States of America, and we do not pass them on to anyone, except if we receive a request for information from competent authorities, or if we have requested and received your explicit permission.
Your data is stored in a secured environment, and all transmission while you provide your details to us or while we are processing them is encrypted (except if you choose not to use encryption when visiting our web site). There is of course no such thing as absolute security.
Legal basis of this Data Protection Statement is the European General Data Protection Regulation EU GDPR.
Personal DataAll information related to an identified or identifiable natural person, e.g. name, address, phone number or email address.
Affected personAn individual whose personal data is stored and processed by us.
Data processingAny procedure (collection, storage, modification, extraction, use, or deletion) that makes use of your personal data.
Responsible personNatural or legal person making decisions about the processing of your data. In our case, this is the board of directors of the company.
ConsentBy providing your personal data to us, you give consent to process your data in accordance with this Data Protection Statement. We do not acquire personal data from sources other than yourself.
Log dataLog data are automatically collected and stored records of activity and exceptional events. Some cloud-based apps may write log data, but it will not contain any personal data. Log data is also recorded when you use our web site, and even though no personal data is contained in these records, it may be possible to attribute such records with personal data if you are accessing our support web site. These records are only collected for diagnostic purposes; they are kept for a few days at most. The same holds true for debugging output of our servers and their software.
Entitled AuthoritiesAuthorities of the Federal Republic of Germany who are entitled by law to request information from us about your personal data.
2. Name and address of responsible person
Responsible person in terms of the Data ProtectionRegulation and other data protection laws and regulations within the jurisdiction of the European Union is the board of directors.
You may contact us at:
- resolution Reichert Network
Solutions GmbH Oklahomastr. 14
66482 Zweibrücken Deutschland
4. Log data of our web site
While you are using our web site, each access to elements on it will be logged. We record a time stamp, the source IP address, what has been accessed, as well as your web browser’s and your operating system’s make and version, if provided by your web browser. We also record the so-called referer (i.e. the web page you came from) if sent by your browser. While you are logged in to our web site, your account name is logged along with these data. No personal data other than this is contained in the web server log.
The log is only used for analyzing bugs and problems, and for defensive purposes. No-one outside the company (except for entitled authorities on request) has access to this log. All log records are automatically deleted after a few days.
5. Debugging output of servers, programs, and scripts
It is possible that debug output of programs and scripts on our servers contains personal data (but this will be limited to names and email addresses). Only very few people have access to this debug output. Such output is only used for debugging purposes. No-one outside the company (except entitled authorities) is given access to debug output, and all such output is deleted automatically after several days.
6. Google Analytics, Google Tag Manager
We make use of Google Tag Manager (GTM). GTM does not collect any personal data. It is a tool that facilitates the integration and management of our tags. Tags are small code elements that are used to measure traffic and site visitor beavior, and they also permit measurement of the impact of online advertising and social channels, to set up remarketing and targeting, and to test and optimize our web site. We use GTM only for Google Analytics and GA Audiences.
Google uses this information, by order of resolution Reichert Network Solutions GmbH, to evaluate the use of the web site, to create reports on web site activity for resolution Reichert Network Solutions GmbH, and to provide further services related to web site and Internet use. Google only forwards this information to third parties if this is stipulated by law or if such third parties process the information on behalf of Google. Third-party providers, including Google, use the cookies stored in order to publish advertisements on the basis of a user’s previous visits to this web site.
By using our web sites you declare that you agree to the processing of recorded data as described above and for the purposes specified above. Furthermore, we use Google Analytics in order to obtain data from AdWords for statistic analysis.
Google provides tools for opting out. Please refer to https://www.google.com/policies/privacy/ads/. We advise you, however, that such deactivation may prevent your intended use of all the functionality of our web sites. If you do not wish us to track information about your visit to our web site, you may deactivate this in the Ads Preference Manager at https://www.google.com/settings/ads/onweb/ or at https://www.google.com/settings/ads/anonymous.
7. Your rights as an affected person
Right of verification
You are entitled to require verification whether or not your personal data is stored and processed by us. However, you may assume that this is only the case if you have provided these data to us when requesting support or have otherwise contacted us.
If you still require information from us, please contact us. We are here to help!
Right of informationYou are, of course, entitled to request information from us about your personal data that we store and process. Rest assured, though, that this will be no other data than details you have provided to us. Regardless, affected persons may request information about:
- Reasons for processing
- Categories of personal data that are processed
- Who has access to your personal data
- Retention periods
- Your right to correct or delete personal data
- Your right to object or limit processing of personal data
- Your right to complain to regulating authorities
- Source of data, if not provided by the affected person
Right of correctionHave you noticed that we have mis-spelt spelled your name or that something else we have recorded about you is not correct? Let us know, and we will fix it.
Right of deletion (“right to be forgotten”)If you would like us to delete all personal data we have recorded during customer support activity, just let us know. You need to understand, however, that we will no longer be able to assist you in this case.
Right of limited processingWe only store very little personal data. If there is something you would not like us to further store and process, please let us know. It may mean, however, that we need to delete all your personal data with all consequences.
Right of data transferralWe do not have any data records in transferrable form. If you would like us to provide all personal data we have on record about you, we can only do this in free-text form.
Right of objectionYou may object to processing of your personal data. This is most easily done by not providing those details to us in the first place, or by requesting deletion of your personal data.
Automated decisions, including profilingWe do not perform any kind of profiling or automated decision–making. However, DoS defense mechanisms may interfer interfere with your access to resources like our web pages when we are under attack. Don’t take it personally, because it isn’t meant that way.
Revocation of consentYou consent that we store and process your personal data by providing these data. This implicit consent is of course revocable. Please note however that this is likely equal to requesting deletion of all your personal data.
8. App-specific information
All data relating to the configuration the user puts in (short URL, long URL, anchor, note), is stored on customer premises. If the user activates the recording of access events, this data is stored on the user site too. I contains the accessor’s anonymized IP address, their user agent and the page they accessed. This option is disabled by default. The app does not establish contact to with anything outside of the Confluence system(s) it is installed on.
Cloud apps (Out of Office Assistant, Google Analytics)
The apps are run on servers provided by Heroku (a Salesforce company) in the USA.
For regular operation, logs contain some anonymized metadata about operations. In case of program errors, logs are more detailed and may contain personal information. These logs are only used to debug the apps and can only be accessed by the cloud admins (i.e. specific people within resolution GmbH). Logs are hosted on Papertrail by SolarWinds in the USA and retained for up to 1 year. An example of such data is the text of messages that caused the issue and the error that occurred, e.g. a message that encountered a conversion error in Joint Rooms.
Data learned by the apps during their operation that is not needed for their proper function (e.g. messages that were scanned for relevant triggers but that didn’t contain any) is immediately discarded.
Some of our apps request access to user data (name, email). Such data is never used outside of the context of the apps and is also never stored in any database. It is always requested from Atlassian services ad-hoc. An example would be the names that need to be transmitted during operation of Joint Rooms or in the outgoing webhooks in Unified Webhooks.
For our Stride apps, all configuration data and data necessary to run the apps which needs to be saved for a short time (e.g. the room codes for Joint Rooms or temporarily cached site information) are also stored in mLab databases. Access to these databases is restricted to the cloud admins, but it may be accessed by support personnel while dealing with support cases and for analytics purposes. An example for such data is anything that’s entered into the configuration interface, as well as (due to a technical problem in the API) the site name.
Data storage for Google Analytics for Confluence and Out of Office for Jira Cloud happens on the instances they are installed on, with the exception of authorization data for those instances. This authorization data is stored in databases provided by mLab and hosted by Heroku in the USA. The authorization data consists of randomly generated secrets that are shared between Atlassian and our apps.
There is additional information available for our cloud apps: