This GDPR Data Policy explain, how we comply with General Data Protection Regulation (GDPR).
1. Controller of Personal Information
ALDEVA DIGITAL s. r. o. Tolstého 5 811 06 Bratislava Slovakia registered in the Commercial Register, Entry number 155276/B, section Sro, maintained by the District Court, Bratislava, Slovak Republic. ID: 54005949.
2. Basic terms
“Aldeva Digital”, “we“, “our“, “our organisation“, or “us” is data controller of personal information collected and processed through our services.
“Atlassian” – a company Atlassian Pty Ltd, Level 6, 341 George Street Sydney, NSW 2000 Australia
“You”, “Customer“, “Your” or “User” – a person or a company having installed our addon from Atlassian Marketplace
“Atlassian Marketplace” – an online service provided by Atlassian
“Services“, “Application” – the services we provide to the Customer through our website, application programming interfaces, applications and the content of aldevadigital.com
DATA PROTECTION OFFICER:
E-mail Address: firstname.lastname@example.org
Postal Address: ALDEVA DIGITAL s.r.o. Tolstého 5, 811 06 Bratislava, Slovakia
RULES ON PERSONAL DATA PROTECTION
Your personal data are only processed in compliance with statutory requirements stipulated in the Regulation or Act on Personal Data Protection.
You are a data subject in the course of processing of personal data by the controller, which means that you are the person to whom processed personal data relate.
Your personal data shall be stored safely, in accordance with the security policy of the Controller and the processor and only for the period necessary to meet the purpose of processing. Your personal data shall be only accessible to persons entrusted by the Controller with personal data processing who process such data upon the instructions of the Controller and in compliance with the Controller’s security policy.
Your personal data are backed up in compliance with the Controller’s retention rules. Your personal data shall be fully deleted from the back-up data storage site as soon as possible in accordance with the retention rules.
The purpose of personal data stored at back-up data storage sites is to prevent security incidents, in particular impaired data availability due to a security incident. The Company is obliged to ensure data back-up in compliance with the security requirements in the Regulation and the Act on Personal Data Protection.
YOUR RIGHTS PURSUANT TO THE REGULATION AND THE ACT ON PERSONAL DATA PROTECTION
Right to information
If the data Controller processes your personal data, it must provide you with the information concerning the data concerning you – even without your special request thereof – including the main characteristics of the data processing such as the purpose, legal basis for the processing and the time period for which the personal data will be stored, the identity and the contact details of the Controller and its representative (where applicable), the recipients of the personal data (in case of data transfer to third countries indicating also the adequate and appropriate guarantees), the legitimate interests of the data Controller and/or third parties in case of data processing based on a legitimate interest, furthermore your data protection rights and your possibilities of seeking a legal remedy (including the right of lodging a complaint with the supervisory authority).
Right of access to data
You have the right to obtain from the Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain information related to the data processing such as the purpose of the data processing, the categories of the personal data concerned, the recipients of the personal data, the envisaged period for which the personal data will be stored, the data subject’s data protection rights and possibilities of seeking a legal remedy (including the right of lodging a complaint with the supervisory authority), furthermore information on the source of the data where the personal data are not collected from the data subject.
Upon your request, the Controller shall provide a copy of your personal data undergoing processing. For any further copies requested by you, the Controller may charge a reasonable fee based on administrative costs. The right to obtain a copy shall not adversely affect the rights and freedoms of others. The Controller gives you information on the possibility, the procedure, the potential costs and other details of providing the copy after receiving your request.
Where you make the request by electronic means, and unless otherwise requested by you, the information shall be provided to you in a commonly used electronic form.
Right to rectification
You have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning you. With regard to the purposes of the processing, you have the right to have incomplete personal data completed, including by providing a supplementary statement.
Right to erasure (“right to be forgotten“)
You have the right to obtain from the Controller the erasure of personal data concerning you without undue delay, and the Controller has the obligation to erase personal data without undue delay where certain grounds or conditions are given.
Among other grounds the data Controller is obliged to erase your personal data upon your request for example if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing; if the personal data have been unlawfully processed; or if you object to the processing and there are no overriding legitimate grounds for the processing; if the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject; or if the personal data have been collected in relation to the offer of information society services.
The Controller shall not be able in some cases to satisfy your request; for example that processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest; for reasons of public interest in the area of public health; for archiving purposes in the public interest, for the establishment, exercise or defence of legal claims.
Right to restriction of processing
You have the right to obtain from the Controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling the Controller to verify the accuracy of the personal data;
- the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
- the Controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
- you have objected to processing, pending the verification whether the legitimate grounds of the Controller override your legitimate ground
Where the processing has been restricted for the above-mentioned reasons, with the exception of storage, the personal data shall only be processed with your consent or to establish, exercise or defend legal claims or to protect the rights of another natural or legal person or due to an important public interest of the Union or a Member State. You shall be informed by the Controller before the restriction of processing is lifted.
Right to data portability
You have the right to receive the personal data concerning you, which you provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided, where:
- the processing is based on your consent or on the performance of a contract (to which you are a party); and
- the processing is carried out by automated means.
In exercising your right to data portability, you have the right to have the personal data transmitted directly from one Controller to another, where technically feasible. The right to data portability shall be without prejudice to the provisions governing the right to erasure. The right to data portability shall not adversely affect the rights and freedoms of others.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on the legitimate interests of the Controller, including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to withdraw consent at any time
Where processing is based on your consent, you have right to withdrawal consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. It shall be as easy to withdraw as to give consent.
You may deliver your withdrawal of consent to the address of registered seat of the Controller or to E-mail of the Data Protection Officer or in the manner indicated in the granted consent.
Right to lodge a complaint with a supervisory authority
If you consider that the processing of personal data relating to you infringes the Regulation or Act on Personal Data Protection, you have the right to lodge a complaint with a supervisory authority which is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, telephone No.: +421 /2/ 3231 3214, E-mail: email@example.com, https://dataprotection.gov.sk.
Right to an effective judicial remedy
You shall have the right to an effective judicial remedy where you consider that your rights have been infringed as a result of the processing of your personal data in contradiction to the Regulation/Act on Personal Data Protection. Proceedings against a Controller shall be brought before the courts of the Member State where the Controller has an establishment or where you have your habitual residence (domicile).
Right to compensation and liability
Any person who has suffered material or non-material damage as a result of an infringement of the Regulation or Act on Personal Data Protection shall have the right to receive compensation from the Controller for the damage suffered.
The Controller involved in processing shall be liable for the damage caused by the processing which infringes the Regulation respectively the Act on Personal Data Protection (for a damage caused by unlawful processing). The Controller shall be exempt from liability for the damage caused by the unlawful processing if it proves that it is not in any way responsible for the event giving rise to the damage (if the Controller has not caused the damage).
In case of any questions concerning the processing of your personal data, you may contact us via our Data Protection Officer.
All changes in the conditions of processing and protection of personal data are published at our website www.aldevadigital.com in the form of an update of this GDPR Data Policy notice.
This way, we will ensure that you always have current information about the terms and conditions under which your personal data are processed.
What If I Have Questions or Concerns?
If you have any questions or concerns regarding this GDPR Data Policy and our practices in accordance with thereof, please send us a detailed message at firstname.lastname@example.org. We will make every effort to resolve your concerns.
ALDEVA DIGITAL s.r.o.
811 06 Bratislava
Effective from: 1st October, 2021