We collect information from you at several different points, including but not limited to the following:
– Information we get from your use of the Services.
This is primarily non-personally-identifying information of the sort that web browsers, servers, and services like Google Analytics* typically make available, such as the browser type, language preference, referring site, and the time of each visit. Other non-identifying information that we might have access to includes how you use the Service (e.g. search queries), your approximate location, cookies, etc.
We collect this non-personally-identifying information in order to better understand how visitors use the Services and, where possible, to improve their experience. For instance, we log the time it takes to run database queries so that we can improve performance. In some cases, we may publicly display information that is not personally identifying in the aggregate, (e.g., by publishing a report on trends in the usage of our Services) or may provide the aggregate data to third parties.
When you use the Services, we also collect potentially personally identifying information in the form of Internet Protocol (IP) addresses, the Uniform Resource Locator (URL) accessed (which may reference the name of a board, card, case, wiki, or organization), and the unique identification number associated with the account. We don’t use that information to identify you, with one exception: we may discover, by reviewing log files, that a particular account is using the Services in a way that is degrading the experience for all the Services’ users. If this is discovered, we may look up personally identifiable information associated with that account in order to contact the account owner. We handle and disclose this information in the same way we handle other potentially personally identifying information as described below.
– Information you provide to us directly.
Certain visitors to our Services choose to interact with them in ways that may require them to provide us with personally identifying information. The amount and type of information that is provided depends on the nature of the interaction. For example, we ask visitors who sign up for our Services to provide a real name, username, and email address. Organizations and individuals who engage in financial transactions to purchase paid services are asked to provide additional information, such as the personal and financial information required to process those transactions. In each case, we only collect as much information as is necessary or appropriate given the type of interaction. We do not disclose personally identifying information other than as described below. And you can always refuse to supply personally identifying information, with the caveat that it may prevent you from engaging in certain activities.
If you send us a request, such as emailing us for support, we reserve the right to publish it (absent any personally identifying information) in order to help us clarify or respond to your request or help other users.
In the process of supporting our Services, we may discover personally identifiable information associated with your account. The only personally identifiable information we may discover during the support process without your consent includes your email address and the names of any organizations to which you belong. Any further information will not be discovered without your consent. In the process of supporting our Services, we may need to investigate the data within your account, including data you have entered into private boards, cases, wikis, etc. If this occurs, we will always request your explicit permission before looking at the data in your account.
INFORMATION YOU CHOOSE TO DISPLAY PUBLICLY ON OUR SERVICES. Some users may elect to publicly post personally identifying or sensitive information about themselves in their normal use of our Services. This could occur through use of optional profile fields, in interactions on public boards, wikis, cases and forums, or if a previously private interaction is made public. Information like that, which is voluntarily posted in publicly visible parts of our Services, is considered to be public, even if it would otherwise be considered to be personally identifying or sensitive. As such, it is not subject to the protocols listed below, because we don’t control it; you do.
Additionally, voluntarily publicizing such information means that you lose any privacy rights you might normally have with regards to that information. It may also increase your chances of receiving unwanted communications, like spam. Please also remember that if you choose to provide personally identifiable information using certain public features of the Services, individuals reading such information may use or disclose it to other individuals or entities without our control and without your knowledge, and search engines may index that information. We therefore urge you to think carefully about including any specific information you may deem private in content that you create or information that you submit through our Services.
INFORMATION YOU GIVE TO OTHER PARTIES. This Policy only applies to information collected by DevFactory FZ-LLC. It does not apply to the practices of companies that we don’t own or control, or employees or contractors that we don’t manage. Information on our Services’ boards, wikis, cases and forums may contain links to third party websites, and any information you provide to those sites will be covered by any privacy policies they may have. Please be sure to read the privacy policies of any third-party sites you visit. It is those sites’ responsibility to protect any information you give them, so we can’t be held liable for their wrongful use of your personally identifying information.
DevFactory may use information that we collect about you to:
Please note that these third parties may be in other countries where the laws on processing personal information may be less stringent than in your country.
DevFactory uses industry-standard technologies when transferring and receiving data exchanged between DevFactory and other companies to help ensure its security. This site has security measures in place to help protect information under our control from the risk of accidental or unlawful destruction or accidental loss, alteration or unauthorized disclosure or access. However, “perfect security” does not exist on the Internet. Also, if this website contains links to other sites, DevFactory is not responsible for the security practices or the content of such sites.
– Web Beacons.
DevFactory and third parties may also use small pieces of code called “web beacons” or “clear gifs” to collect anonymous and aggregate advertising metrics, such as counting page views, promotion views, or advertising responses. These “web beacons” may be used to deliver cookies that conform to our Company’s cookie requirements.
– Web Analytics Services.
– Website Links.
We may create links to other web sites. We will make a reasonable effort to link only to sites that meet similar standards for maintaining each individual’s right to privacy. However, many other sites that are not associated with or authorized by DevFactory may have links leading to our site. DevFactory cannot control these links and we are not responsible for any content appearing on these sites. Since this website does not control the privacy policies of third parties, you are subject to the privacy practices of that third party. We encourage you to ask questions before you disclose any personal information to others.
– App Links.
With respect to personal data collected from individuals from the European Economic Area, the United Kingdom or Switzerland, our legal basis for collecting and using the personal data will depend on the personal data concerned and the specific context in which we collect it. DevFactory will normally collect personal data from you only where: (a) we have your consent to do so, (b) where we need the personal data to perform a contract with you (e.g. to deliver the services you have requested), or (c) where the processing is in our or a third party’s legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms).
DevFactory identifies the purposes for which the information is being collected before or at the time of collection. The collection of your personal data will be limited to that which is needed for the purposes identified by DevFactory . Unless you consent, or we are required by law, we will only use the personal data for the purposes for which it was collected. If DevFactory will be processing your personal data for another purpose later on, DevFactory will seek your further legal permission or consent; except where the other purpose is compatible with the original purpose. We will keep your personal data only as long as required to serve those purposes. We will also retain and use your personal data for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We are a global company. Information collected from you may be stored and processed in the European Economic Area, the United States or any other country in which DevFactory or agents or contractors maintain facilities, and by accessing our sites and using our services, you consent to any such transfer of information outside of your country. Such countries may have laws which are different, and potentially not as protective, as the laws of your own country.
Whenever we share personal data originating in the European Economic Area, the United Kingdom or Switzerland, we will rely on lawful measures to transfer that data, such as the Privacy Shield or the EU standard contractual clauses. If you reside in the EEA or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your personal data to the United States and other jurisdictions in which we operate. By providing your personal data, you consent to any transfer and processing in accordance with this Policy.
We do our best to ensure that the personal data we hold and use is accurate. We rely on the customers we do business with to disclose to us all relevant information and to inform us of any changes.
Reasonable access to your personal data may be provided upon request made to DevFactory at the contact information provided below. If access cannot be provided within that time frame, DevFactory will provide the requesting party a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied. We may charge a reasonable fee in advance for copying and sending the information requested.
If you would like us to delete any personal Data held about you, we will do so on request unless we need to hold the information as part of the provision of products and services to you.
We offer those who provide personal contact information a means to choose how we use the information provided. You may manage your receipt of marketing and non- transactional communications by clicking on the “unsubscribe” link located on the bottom of our marketing emails.
If you reside in the European Economic Area, the United Kingdom or Switzerland, you may have the right to exercise additional rights available to you under applicable laws, including:
If you would like to exercise any of the above rights, please contact our support team or contact our Data Protection Officer (see our contact details in Section 17 below). We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal data for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Most of our services are intended for use by organizations. Where the services are made available to you through an organization (e.g. your employer), that organization is the administrator of the services and is responsible for the accounts and/or service over which it has control. Please direct your data privacy questions to your administrator, as your use of the services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.
Administrators may be able to:
Please contact your organization or refer to your administrator’s organizational policies for more information.
Because of the nature of our business, our services are not designed to appeal to minors. We do not knowingly attempt to solicit or receive any information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us immediately.
DevFactory does not currently respond to browser “Do Not Track” (DNT) signals or other mechanisms. Third parties may collect personal data about your online activities over time and across sites when you visit the Site or use the Service.
If you are a California resident, California Civil Code Section 1798.83 permits you to request certain information regarding our disclosure of personal data to third parties for the third parties’ direct marketing purposes. To make such a request, please contact us by sending an e-mail to email@example.com.
Our site, products, and services are not intended to appeal to minors. However, if you are a California resident under the age of 18, and a registered user of our Site or Service, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an e-mail with a detailed description of the specific content or information to firstname.lastname@example.org.
Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
Under California law, California residents who have an established business relationship with us may opt-out of our disclosing personal data about them to third parties for their marketing purposes.
“Personal Data” means information that (1) is transferred from the EEA, the UK or Switzerland to the United States; (2) is recorded in any form; (3) is about or pertains to a specific individual; and (4) can be linked to that individual.
“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.
DevFactory may receive Personal Data from its own personnel as well as from its affiliates, resellers, customers, end-users and other parties located in the EEA, the UK or Switzerland.
DevFactory is the controller of its own human resources data. In addition, DevFactory acting as a data processor or sub-processor may receive Personal Data via its customers. DevFactory executes data processing agreements with such customers which set out the parties’ obligations and responsibilities to comply with the Principles. DevFactory will cooperate with its customers to enable them to comply with the Principles.
Whenever DevFactory processes Personal Data, DevFactory complies with the Principles (as each Principle is applicable to the Company’s role):
a. Human Resources Data. If your complaint involves human resources data transferred to the United States from the EEA, UK or Switzerland in the context of the employment relationship, and DevFactory does not address it satisfactorily, DevFactory commits to cooperate with the panel established by the data protection authorities (DPA Panel) and the Swiss Federal Data Protection and Information Commissioner, as applicable and to comply with the advice given by the DPA panel and Commissioner, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
b. Non-Human Resources Data. DevFactory has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint was not resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
This Privacy Statement may be amended from time to time consistent with the requirements of the Shield Frameworks. We will post any revised policy on this website.
We are committed to following the Principles for all Personal Data within the scope of the Privacy Shield Frameworks. However, certain information is subject to policies of FogBugz that may differ in some respects from the general policies set forth in this Privacy Statement.