Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy covers the following topics:
This policy covers the information we collect about you when you use our products or services, or otherwise interact with us (for example, by communicating with us), unless a different policy is displayed. "STAGIL", "we" and "us" refer to STAGIL GmbH, STAGIL Corp. and any of our corporate affiliates. We offer a wide range of products, including our cloud, server and data center apps. We refer to all of these products, together with our other services and websites as "STAGIL Services" in this policy.
In that sense STAGIL Services include our:
- Websites (STAGIL's websites, including but not limited to stagil.com, stagil.atlassian.net, and any related websites, sub-domains and pages)
- SaaS products (Cloud Apps developed by STAGIL)
- Downloadable products (On-premises Apps developed by STAGIL)
This policy also explains your choices surrounding how we use information about you, which include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use our STAGIL Services or interact with any other aspect of our business.
Where we provide the STAGIL Services under contract with an organization (for example, your employer) that organization controls the information processed by the STAGIL Services. This policy does not apply to the extent we process personal information in the role of a processor within the meaning of the General Data Protection Regulation (GDPR) on behalf of such organizations.
Information about the controller
We, STAGIL, are as controller within the meaning of the General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG) as well as other data protection regulations responsible for data processing within the scope described above. Comprehensive information about our company can be found in the imprint.
Name and address of the controller
Email address: firstname.lastname@example.org
Data protection officer
Our data protection officer can be reached via the following contact details:
Email address: email@example.com
Collection of personal data and information
We collect information about you when you provide it to us, when you use our STAGIL Services, and when other sources provide it to us, as further described below.
Information you provide to us
We collect information about you when you input it into STAGIL Services or otherwise provide it directly to us.
Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the processing of data transmitted in the course of interacting with our STAGIL Services (legitimate interests pursued by the controller).
Additionally, Art. 6 para. 1 lit. b) GDPR serves as the legal basis, If the request is aimed at the conclusion of a contract (fulfillment of a contract). Also the registration and the login area are required to fulfill contractual purposes or implement pre-contractual measures.
Account and profile information
We collect information about you when you register for an account, create or modify your profile, set preferences, use, access, interact with, sign-up for or make purchases through the STAGIL Services (including but not limited to when you upload, download, collaborate on or share content). Information we collect includes:
Contact information (such as name, email address, postal address and phone number)
Payment information (such as bank account details and billing address)
Profile information (such as a username, profile photo, and job title, date and time of registration)
Preferences information (such as notification and marketing preferences)
In some cases another user (such as a system administrator) may create an account on your behalf and may provide your information, including personal data (most commonly when your company requests that you use our STAGIL Services). We collect information under the direction of our customers and often have no direct relationship with the individuals whose personal data we process. If you are an employee of one of our customers and would no longer like us to process your information, please contact your employer. If you are providing information (including personal data) about someone else, you must have the authority to act for them and to consent to the collection and use of their personal data as described in this policy.
Content you provide through our STAGIL Services
We collect and store content that you create, input, submit, post, upload, transmit, store or display in the process of using our products or websites. Such content includes any personal data or other sensitive information that you choose to include.
We collect other information that you submit to our websites or as you participate in any interactive features of the STAGIL Services, participate in a survey, contest, promotion, sweepstakes, activity or event, apply for a job, request customer support, communicate with us via third party social media sites or otherwise communicate with us.
Information we collect automatically when you use our STAGIL Services
We collect information about you when you use our STAGIL Services, including browsing our websites and taking certain actions within the STAGIL Services.
Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the processing of these data (legitimate interests pursued by the controller).
Additionally, Art. 6 para. 1 lit. a) GDPR serves as the legal basis for the usage of cookies and other tracking technologies (data subject has given consent to the processing).
General data and information collected by our website
Our website collects a series of general data and information when you or an automated system calls up the website. This general data and information are stored in the server log files. Collected may be:
- the browser types and versions used
- the operating system used by the accessing system
- the Internet service provider of the accessing system
- an Internet protocol address (IP address)
- the date and time of access to the website
- the website from which an accessing system reaches our website (so-called "referrers")
General data and information collected by our SaaS products
Our SaaS products collect a series of general data and information when a you access their URLs. This general data and information are stored in the server log files and includes usernames as well as elements of content (such as JIRA project names, project keys, status names, JQL filters, Confluence page titles and space names) as necessary for the SaaS product to perform the requested operations.
Occasionally, we connect personal data to information gathered in our log files as necessary to improve STAGIL Services for individual customers. In such a case, we would treat the combined information in accordance with this policy.
Analytics information from our SaaS products
We collect analytics information when you use our SaaS products to help us improve our products and services. This analytics information consists of the feature and function of the Atlassian product being used, the associated license identifier (SEN) and domain name, the username and IP address of the individual who is using the feature or function (which will include personal data, if incorporated into the username), the sizes and original filenames of attachments, and additional information required to detail the operation of the function and which parts of the STAGIL Services are being affected. For example:
- In JIRA, analytics information that we collect when a user creates a project includes the system-generated numeric identifier of the project, the project key, input by the user, the name of the template used (if any) and the name of the project. Similarly, analytics information that we collect when an issue is edited includes the system-assigned numeric issue id, the issue key (which consists of the project key and a system-generated sequence number), whether the edit is made by a user or automatically generated by the system, and whether email notifications are to be sent.
- In Confluence, analytics information that we collect when a user creates a page includes the system-generated numeric identifier of the page, the blueprint used to create the page, the key of the space in which the page is being created, and the page title. An example of analytics information that we collect when a user creates a new blueprint includes the system-generated numeric identifier of the blueprint, the key of the space in which the blueprint is being created, and the blueprint name and description.
As shown in the examples above, the analytics information we collect includes elements of content related to the function the user is performing. As such, the analytics information we collect may include personal data or sensitive business information that the user has included in content that the user chose to upload, submit, post, create, transmit, store or display in an Atlassian product.
Analytics information from downloadable products
We collect analytics information when you use our downloadable products to help us improve our products and services. Our downloadable products contain a feature that sends information about the technical operation of the downloadable products on your systems ("System Information") to us. This includes information about:
- Server environment in which the downloadable product is operating: OS type and version, JVM version, Java environment properties, CPU type, RAM allocation, language and locale settings, database type and version, and disk utilization.
- User client information, for example: browser type and version, native client type and version, and client device specifications (e.g. screen resolution, OS version, device type, etc.).
In addition, we collect analytics information from downloadable products that is a subset of the analytics information described above for websites and SaaS products. As with websites and SaaS products, the analytics information we collect includes elements of content related to the function the user is performing, but with an important caveat. With the downloadable products, before sending the information to Atlassian's servers, we filter the analytics information to remove elements that we believe may contain sensitive or personal data. For example:
- We conduct a one-way hash of usernames and hostnames before collecting them.
- We filter any content elements we collect to discard all words except those on a list of common business and IT terminology.
You can disable our collection of analytics information from downloadable products via the administrator settings or by blocking collection at the local network level.
Installer analytics, software updates & license information from downloadable products
During the installation of our downloadable products, the installer sends analytics information to Atlassian to allow us to understand where in the installation process users are experiencing trouble or dropping out. Our downloadable products also communicate with Atlassian servers for licensing purposes, as well as to check for updates, patches, and compatibility with apps. Examples of information we collect for these purposes include the name and version of the downloadable product and the server ID, SEN, and IP address of the customer instance.
Cookies and other tracking technologies
Cookies can be classified as either "essential" or "non-essential".
- Essential cookies are strictly necessary to provide our STAGIL Services and, therefore, must be accepted by you to be able to make use of it.
- Non-essential cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyse your behavior on a website or cookies used to display advertisements to you. These cookies will be not set unless you have given consent to the processing.
At any time you can change your cookie preferences as described below under "Cookie Consent Banner".
Our website uses Google Analytics, a web analysis service from Google Inc. ("Google"). It collects data on which website you have come to a website from (so-called "referrers"), which subpages of the website were accessed or how often and for which period of time a subpage was viewed. The information generated by the cookie about your behavior is generally transmitted to and stored by Google on servers in the United States. As IP anonymization is activated on our website, however, Google must first truncate your IP address in an EU or EEA country (only in the event of technical outage in Europe, for instance, is the IP address first truncated in the U.S.). Google will use this information on behalf of us for purposes of evaluating usage of our website, compiling reports on website activity and providing us with other services relating to website and Internet usage. The statistics we obtain help us to regularly improve usage of our website.
Google Tag Manager
For the purpose of the optimization of our website we use Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland ("Google"). This allows us to manage the website analysis and tracking services described in this privacy statement into a single interface. In doing so, your browser automatically connects to Google's servers, where the data referred to above under "General data and information collected by our website" is transferred from the browser to Google. We have no control over this data transfer and the further data processing by Google. According to Google, the Tag Manager itself does not process any personal data of the data subject. More information can be found in the Google Tag Manager Use Policy. Further information on the purpose and scope of the data collection and its processing by Google, your rights and privacy settings can be found here.
Information we collect from other sources
We also obtain information from third parties and combine that with information we collect through STAGIL Services. For example, we may have access to certain information from a third party social media or authentication service if you log into STAGIL Services through that service or otherwise provide us with access to information from that service. Any access that we may have to such information from a third party social or authentication service is in accordance with the authorization procedures determined by that service. By authorizing us to connect with a third party service, you authorize us to access and store your name, email address(es), current city, profile picture URL, and other information that the third party service makes available to us, and to use and disclose it in accordance with this policy. You should check your privacy settings on these third party services to understand and change the information sent to us through these services.
Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the processing of these data (legitimate interests pursued by the controller).
Usage of personal data and information we collect
How we use the information we collect depends in part on which STAGIL Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
- provide, operate, maintain, improve, and promote STAGIL Services
- enable you to access and use STAGIL Services, including uploading, downloading, collaborating on and sharing content
- process and complete transactions, and send you related information, including purchase confirmations and invoices
- send transactional messages, including responding to your comments, questions, and requests; providing customer service and support; and sending you technical notices, updates, security alerts, and support and administrative messages
- send promotional communications, such as providing you with information about services, features, surveys, newsletters, offers, promotions, contests and events; and providing other news or information about us and our selected partners (you have the ability to opt out of receiving any of these communications as described below under "Opt out of communications")
- monitor and analyze trends, usage, and activities in connection with STAGIL Services and for marketing or advertising purposes
- investigate and prevent fraudulent transactions, unauthorized access to STAGIL Services, and other illegal activities
- personalize STAGIL Services, including by providing content, features, or advertisements that match your interests and preferences
- enable you to communicate, collaborate, and share content with users you designate
- for other purposes about which we obtain your consent
Notwithstanding the foregoing, we will not use personal data appearing in our analytics logs or web logs for any purpose. The use of information collected through our STAGIL Services shall be limited to the purposes disclosed in this policy.
Sharing of personal data and information we collect
We will not share or disclose any of your personal data or content with third parties except as described in this policy. We are not in the business of selling information about you to advertisers or other third parties.
When you use STAGIL Services, content you provide will be displayed back to you. Certain features of STAGIL Services allow you or your administrator to make some of your content public, in which case it will become readily accessible to anyone. We urge you to consider the sensitivity of any data you input into STAGIL Services.
As a natural result of using STAGIL Services, you may create content and grant permission to other Atlassian users to access it for the purposes of collaboration. Some of the collaboration features of STAGIL Services display your profile information, including personal data included in your profile, to users with whom you have shared your content. Where this information is sensitive, we urge you to use the various security and privacy features of the STAGIL Services to limit those who can access such information. Your sharing settings may make any information, including some personal data, that you submit to the STAGIL Services, visible to the public, unless submitted to a restricted area.
Access by your system administrator
You should be aware that the administrator of your instance of STAGIL Services may be able to:
access information in and about your STAGIL Services account
access communications history, including file attachments, for your STAGIL Services account
disclose, restrict, or access information that you have provided or that is made available to you when using your STAGIL Services account, including your content
control how your STAGIL Services account may be accessed or deleted
Service providers, business partners and others
We work with third party service providers to provide website, application development, hosting, maintenance, back-up, storage, virtual infrastructure, payment processing, analysis and other services for us. These service providers may have access to or process your information for the purpose of providing those services for us. Some of our webpages utilize white-labeling techniques to serve content from our service providers while providing the look and feel of our website. Please be aware that you are providing your information to these third parties acting on behalf of Atlassian.
Third party apps
Links to third party sites
We may display personal testimonials of satisfied customers on the STAGIL Services. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us using the contact information above.
Compliance with laws and law enforcement requests; protection of our rights
We may disclose your information (including your personal data) to a third party, if:
- we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request
- to enforce our agreements, policies and terms of service
- to protect the security or integrity of Atlassian's products and services
- to protect Atlassian, our customers or the public from harm or illegal activities
- to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
We may share or transfer your Information (including your personal data) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the STAGIL Services of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
Aggregated or anonymized data
We may also share aggregated or anonymized information that does not directly identify you with the third parties described above.
With your consent
We will share your personal data with third parties when we have your consent to do so.
How to access and control your information
Accessing and updating your information
You may correct, update, amend, or remove your personal data in your account settings or by directing your query to your account administrator. You may also contact us by postal mail using the address listed above. We will respond to your request for access within thirty (30) days.
You can remove content using editing tools associated with that content. In some cases, you may need to contact your administrator to request they remove the content.
You or your administrator may be able to deactivate your STAGIL Services account. If you can deactivate your own account, you can most often do so in your account settings. Otherwise, please contact your administrator. To deactivate an organization account or to deactivate an account made for you without authorization, please contact us (see contact information above).
We will retain your account information for as long as your account is active, or as reasonably useful for commercial purposes or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If your account is managed by an administrator, that account administrator may have control with regards to how your account information is retained and deleted.
Request that we stop using your information
In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don't have the appropriate rights to do so. For example, if you believe a STAGIL Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. When you make such requests, we may need time to investigate and facilitate your request. If there is delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved, provided your administrator does not object (where applicable). If you object to information about you being shared with a third-party app, please disable the app or contact your administrator to do so.
Opt out of communications
You may opt out of receiving promotional communications from Atlassian by using the unsubscribe link within each email, updating your email preferences at my.atlassian.com or within your Atlassian Service account settings menu, or emailing us to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow up to thirty (30) days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding Atlassian's Services. You can opt-out of some notification messages in your account settings.
Cookie Consent Banner
At any time you can change your cookie preferences by using our Cookie Consent Banner.
Your rights as a data subject within the meaning of the GDPR
Whenever your personal data are processed, you are a "data subject" within the meaning of the General Data Protection Regulation (GDPR). The data subject has the following rights towards us as controller:
- Right of confirmation
- Right to rectification
- Right of restriction of processing
- Right to erasure (Right to be forgotten)
- Right of access
- Right to data portability
- Right to object
- Right to withdraw consent
- Right to complain to a supervisory authority
Your requests and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. Where you have asked us to share data with third parties, for example, by installing third-party apps, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted.