Privacy Policy Support Services

January 28, 2023

General information about the processing of your data

We are obliged by law to inform you about the processing of your personal data (hereinafter referred to as “data”) when you download and use our apps. This data protection notice informs you about the details of the processing of your data and about your legal rights in this regard. For terms such as “personal data” and “processing”, the legal definitions pursuant to Art. 4 GDPR apply. We reserve the right to adapt the privacy policy with future effect, in particular in the event of further development of the mobile apps, the use of new technologies or changes to the legal bases or the corresponding case law. We recommend that you read this privacy policy from time to time and take a printout or a copy for your records.

Scope

This privacy policy applies to all pages of https://codeclou-support.atlassian.net/servicedesk/customer/portals. It does not cover any linked websites of other providers.

Controller

The following party is known as the controller under data protection law and therefore responsible for the processing of personal data within the scope of this privacy policy:

codeclou GmbH
HUerivnareivcphu--DQiverhuly--SFtgre.. 22
9900555522 REöötghuernaboancphu anna dqerre PCergtnaivtgzm
Deutschland
Tel.: ++4499 991111 3311110099990033
E-Mail: vasb@pbqrpybh.vb

Questions about data protection

If you have any questions about data protection with regard to our company or our app, you can contact us using the contact details provided under “Controller”.

Security

We have taken comprehensive technical and organisational precautions to protect your personal data from unauthorised access, abuse, loss and other external disruption. To this end, we regularly review our security measures and adapt them to the latest standards.

Your rights

You have the following rights with regard to the personal data concerning you that you can assert against us:

Right of access: You can request access to the personal data concerning you which we process, as set forth in Art. 15 GDPR.
Right to rectification: If the information concerning you is not (or no longer) correct, you can request its rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
Right to erasure You may request the erasure of your personal data in accordance with Art. 17 GDPR.
Right to restriction of processing: Pursuant to Art. 18 GDPR, you have the right to demand that the processing of your personal data be restricted.
Right to object to processing: Pursuant to Art. 21(1) GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data which occurs based on Art. 6(1) Sentence 1(e) or (f) GDPR. If you object, we will not process your data further, unless we can prove compelling legitimate reasons for the processing which override your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend legal claims (Art. 21(1) GDPR). Furthermore, under Art. 21(2) GDPR you have the right to object at any time to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that this is related to such direct marketing. In this privacy policy, we draw your attention to this right to object when describing each processing operation.
Right to withdraw your consent: If you have given your consent for processing, you have a right to withdraw that consent under Art. 7(3) GDPR.
Right to data portability: You have the right to receive the personal data you have given us in a structured, commonly used, machine-readable format (“data portability”) and the right to transfer this data to another controller, if the prerequisites of Art. 20(1)(a), (b) GDPR are fulfilled (Art. 20 GDPR).

You can assert your rights by informing us using the contact details specified under “Controller” above.

If you believe that the processing of your personal data violates data protection law, then under Art. 77 GDPR you also have the right to lodge a complaint with a data protection supervisory authority of your choice. This includes the data protection supervisory authority responsible for the controller:

Bayerisches Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, postal address: Postfach 1349, 91504 Ansbach, phone: +49981/180093-0, email: poststelle@lda.bayern.de, https://www.lda.bayern.de

Using our website

In principle, you can use our website for purely informational purposes without disclosing your identity. When you access the individual pages of the website in this sense, this only results in access data being transferred to our web hosting service so that the website can be displayed to you. This involves the following data being processed:

Browser type / browser version
Operating system used
Language and version of the browser software
Date and time of access
Hostname of the accessing device
IP address
Content of the request (specific page)
Access status / HTTP status code
Websites accessed via the website
Referrer URL (website visited before)
Notification of whether the access was a success and
Volume of data transferred

It is necessary for this data to be processed temporarily in order to make it technically possible for you to visit our website and to deliver the website to your device. The access data is not used to identify individual users and is not combined with other data sources. The data is also stored in log files, in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. We have legitimate interests in ensuring the functionality, integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to detect and prevent misuse. This includes, for example, defending against requests that would overload the service as well as against bots. The access data will be erased as soon as it is no longer required for achieving the purpose of its processing. In the case of recording the data to provide the website, this is the case when you end your visit to the website. The log data is generally stored directly and in such a way that it can only be accessed by administrators, and it is erased after fourteen days at the latest.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Device information

In addition to the aforementioned access data, technologies are used when you use the website which store information in your device (e.g. desktop PC, laptop, tablet or smartphone) or access information which is already stored on your device. These technologies may include, for example, cookies, pixels, local storage, session storage, IndexedDB or browser fingerprinting technologies. These technologies can be used to recognise you across devices and websites.

According to Sect. 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), we generally require your consent for the use of these technologies. According to Sect. 25(2) TTDSG, this is only not required if the technologies either enable the transmission of a message via a public telecommunications network or if they are absolutely necessary to provide a telemedia service that you have expressly requested:

Technically necessary device information

Some elements of our website serve the sole purpose of transmitting a message (Sect. 25(2) No. 1 TTDSG) or are absolutely necessary to provide you with our website or individual features thereof (Sect. 25(2) No. 2 TTDSG).

Language settings
Browser time zone
Login information

The elements are erased after storage is no longer required.

You can prevent processing by adjusting your browser settings accordingly. For elements whose storage duration is not limited to the session, you can adjust your browser settings so that the elements are erased after your session has expired.

Contacting our company for support / customer service purposes

You have the following options to contact us with a support request:

Email

When you contact our company by emailing our support email address (support@codeclou-support.atlassian.net), we will process the personal data you provide so that we can respond to your request. Based on your email, we will create a support ticket. The rest of the procedure is the same as described under “Support requests via the support desk or via the support portal with login area”.

The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR and Art. 6(1) Sentence 1(b) GDPR, if the contact is made with the intention of concluding or executing a contract. If the request is aimed at concluding a contract, it is necessary for you to provide your data. If you do not provide your data, it will not be possible to conclude/execute a contract and process the request.

We will erase your data as soon as processing is no longer necessary – usually two years after the end of the communication – or, if statutory retention obligations apply, restrict processing of the data.

Support requests via the support desk or via the support portal with login area

When you submit a support request via the support desk, we will process the personal data you provide so that we can respond to your request. In order to submit a support request via the support desk, it is essential that you provide an email address. At the time the message is sent to us, your IP address and the date and time of sending the request will also be processed. You will receive a confirmation of your request by email. This confirmation email will contain a link. You can track the status of your support request using this link. It is necessary to log in to your customer account to do this.

To create a customer account, you will first need to register with your email address at https://codeclou-support.atlassian.net/servicedesk/customer/portal/3/user/login?destination=portal%2F3. After you have entered your email address, you will receive an email containing a sign-up link. Only after entering your first and last name and a password of your choice will your customer account be created and the registration process complete. You do not have to enter a real name and are free to use the website pseudonymously. When you register, your IP address and the date and time of registration will also be processed.

In order to log in on subsequent occasions, you will need to enter your login details (user ID and password) you selected when you first registered. If you do not confirm using the link we send you within 24 hours, we will block the information transferred to us and erase it automatically after one month at the latest. Furthermore, your data will be erased as soon as it is no longer required for achieving the purpose of the processing. This is the case for the data collected during the registration process if the registration on the website is cancelled or modified.

The following functions are available to you in the login area:

Edit your profile data and
View requests that have been submitted and
Submit support requests

If you use the login area, e.g. to edit your profile data or to view your previous requests, we also process the data about your person required for the initiation or performance of the contract, such as your email address and, if applicable, your first and last name.

The support desk and the support portal are provided and hosted via the Jira Service Management Cloud of Atlassian, Pty Ltd (Level 6, 341 George Street Sydney NSW 2000, Australia, hereinafter referred to as “Atlassian”). Atlassian also processes your data in Australia. No EU Commission adequacy decision exists for data transfers to Australia. We have concluded so-called standard contractual clauses with Atlassian in order to commit Atlassian to an appropriate level of data protection. A copy is of course available on request. For more information, please refer to Atlassian’s privacy statement at: https://www.atlassian.com/legal/privacy-policy. When you use the support desk or the support portal, the data provided in the process as well as the data processed when you use the support form or the portal is processed on Atlassian’s servers. Atlassian acts as our processor and is contractually limited in its authority to use your personal data for purposes other than to provide services to us in accordance with the applicable data processing agreement.

If in a support request you ask for a personal video conference appointment, you will receive an email with available appointments. We use the services of “Calendly” to schedule appointments. The appointment will then be saved in our Google Calendar with your email address (see “Scheduling services”).

After selecting an appointment, we will send you an email containing a link to the Zoom video conferencing tool.

The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR and Art. 6(1) Sentence 1(b) GDPR, if the support request is made with the intention of concluding or performing a contract. If the request is aimed at concluding or performing a contract, it is necessary for you to provide your data. If you do not provide your data, it will not be possible to conclude/execute a contract and process the request. The other data processed during the submission process serves to prevent any misuse of the support desk and to ensure the security of our information technology systems. As soon as processing is no longer necessary, we erase the data generated here – usually two years after the end of the communication or when erasing the customer account – or, if statutory retention obligations apply, restrict processing of the data.

The legal basis for using the Jira Service Management Cloud is Art. 6(1) Sentence 1(f) GDPR. We have a legitimate interest in processing support requests in a customer-friendly and efficient manner.

You may object to the processing, insofar as it is based on Art. 6(1) Sentence 1(f) GDPR. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details under “Controller” above.

Scheduling services

We use the following scheduling services:

Calendly, which is provided by Calendly, LLC (3423 Piedmont Road NE, Atlanta, GA 30305-1754, US; hereinafter referred to as “Calendly”); Calendly also processes your data in the US. No EU Commission adequacy decision exists for data transfers to the US. We have concluded so-called standard contractual clauses with Calendly in order to commit Calendly to an appropriate level of data protection. A copy is of course available on request. For further information, please refer to Calendly's privacy policy at: https://calendly.com/privacy
Google Calendar, which is provided by Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, US; hereinafter referred to as “Google”); Google also processes your data in the US. No EU Commission adequacy decision exists for data transfers to the US. We have concluded so-called standard contractual clauses with Google in order to commit Google to an appropriate level of data protection. A copy is of course available on request. For further information, please refer to Google’s data protection information at: https://developers.google.com/fonts/faq and Google’s privacy policy: https://policies.google.com/privacy

If you contact us regarding a personal virtual appointment, the data you provide, in particular your email address, will be processed on the servers of the services mentioned above. Each of these services acts as our processor and is contractually limited in its authority to use your personal data for purposes other than to provide services to us in accordance with the applicable data processing agreement.

The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. We have legitimate interests in using an external scheduling service so that we can optimise and better manage our support requests.

Processing for contractual purposes

We process your personal data if and to the extent necessary for the initiation, creation, execution and/or termination of a legal transaction with our company. The legal basis for this results from Art. 6(1) Sentence 1(b) GDPR. It is necessary for you to provide your data in order to conclude the contract and you are contractually obliged to provide your data. If you do not provide your data, it will not be possible to conclude and/or execute a contract. Once the purpose has been achieved (e.g. contract processing), the personal data will be blocked for further processing or erased, unless we are entitled to keep processing the data on the basis of a consent granted by you (e.g. consent to the processing of your email address for sending promotional emails), a contractual agreement, a statutory authorisation (e.g. authorisation to send direct marketing) or on the basis of justified interests (e.g. retention for asserting claims).

Your personal data will be passed on to third parties if

it is necessary for the creation, execution or termination of legal transactions with our company (e.g. when transmitting data to a payment service provider to process a contract with you) (Art. 6(1) Sentence 1(b) GDPR), or
a subcontractor or party we use to perform our obligations, which we use exclusively within the framework of providing the offers or services requested by you, needs this data (unless you are expressly informed otherwise, such auxiliary parties are only entitled to process the data insofar as this is necessary for the provision of the offer or service), or
there is an enforceable official order (Art. 6(1) Sentence 1(c) GDPR), or
there is an enforceable court order (Art. 6(1) Sentence 1(c) GDPR), or
this is necessary for the establishment, exercise or defence of legal claims (Art 6(1) Sentence 1(c) GDPR)
we are legally obliged to do so (Art. 6(1) Sentence 1(c) GDPR), or
the processing is necessary in order to protect the vital interests of the data subject or another natural person (Art. 6(1) Sentence 1(d) GDPR), or
this is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6(1) Sentence 1(e) GDPR), or
we can cite our overriding legitimate interests, or those of a third party, in the disclosure (Art. 6(1) Sentence 1(f) GDPR)

Your personal data will not be transmitted to other persons, companies or bodies unless you have effectively consented to such transmission. The legal basis for the processing is then Art. 6(1) Sentence 1(a) GDPR. In this privacy policy, we draw your attention to the respective recipients when describing each processing operation.

Content delivery network

Amazon CloudFront

Jira Service Management uses the services of the CloudFront content delivery network, which is provided by Amazon Web Services, Inc. (440 Terry Ave N, Seattle, WA 98109, US; hereinafter referred to as “CloudFront”), for the purpose of allowing Atlassian to be displayed more quickly. When you visit Jira Service Management, a library is loaded and temporarily stored on your device in order to avoid reloading the content. This involves your IP address being processed by the provider. CloudFront processes your data in part in the US. No EU Commission adequacy decision exists for data transfers to the US. So-called standard contractual clauses have been concluded with CloudFront in order to commit CloudFront to an appropriate level of data protection. Atlassian will provide you with a copy on request. The legal basis of the data processing is Art. 6(1) Sentence 1(f) GDPR. CloudFront is used in the pursuit of the legitimate interest in faster website retrieval as well as a more effective and improved presentation of the website. Further information, in particular on the storage period, can be found at: https://aws.amazon.com/de/privacy/