Privacy Policy

Privacy Policy Introduction

Your privacy and trust are important to us and this Privacy Policy (“Policy”) provides important information about how The Plugin People Ltd (“Company” “we” or “us”) handle personal information. This Policy applies to personal information which we process in the course of doing business including information processed through the Company’s website and the services we provide (collectively, our “Services”).

Please read this Policy carefully and contact us if you have any questions about our privacy practices or your personal information choices.

It is important that you check back often for updates to this Policy. If we make changes we consider to be important, we will let you know by placing a notice on the relevant Services and/or contact you using other methods such as email.

This Policy was last updated on 12 OCT 2020.

Purpose of the processing, legal basis and retention periods

We may process personal information about you in different ways depending on our relationship with you. Please follow the headings below that most closely identifies your relationship with us:

  1. You are or were a customer or an employee of a customer, using our Cloud apps

  2. You are or were a customer or an employee of a customer, using our Server / Data Center apps

  3. You are or were a customer or an employee of a customer, using our support services

  4. You are a supplier or an employee of a supplier to us

  5. You are a third party with whom we are in contact during the delivery of services to our customers or the possible delivery of services to prospective customers

  6. You are: (a) a prospective customer or an employee of a prospective customer; or (b) a prospective supplier or an employee of a prospective supplier

  7. You are an employee, former employee or a relative of either

  8. You are a prospective employee

  9. We have received your information from a third party

  10. Your relationship with us is not covered by any of the above

(1) Customers and employees of customers using our apps Cloud apps

Customers who install our Cloud applications do so through Atlassian Marketplace. Atlassian collects information and handles the billing in relation to the application and do not provide your personal data to us. You should therefore review Atlassian’s privacy policy here in relation to how they use your personal data.  Our Cloud applications enable the user to control what user information is entered into the app and we will process that information in accordance with the licence agreement between us and the end user.  Where we are storing this information on behalf of the end user, we will do so in accordance with the user’s instructions. The end user is the controller of your information and we are acting only as the processor. If we are storing information in this way it is because it is in our legitimate interest to do so in order to perform the Services with the end user.

At times, you may require additional capacity for some of our Applications that may currently only be purchased by credit-card through our e-store (using a 3rd party card clearing service), or directly through us by direct bank transfer. We will collect and store personal information including email addresses and billing details of customers whom we supply an increased data capacity in Jira. This is so that we can provide our Services in accordance with our contract with you and end users. We will retain that information and any information relating to the contract between us for a period of three years following completion or termination of the contract(s) between us so that we can review our performance if any complaints or issues arise after completion or termination of the contract.

Unless you request us not to do so, we may also contact those employees of the customer who are involved in the delivery of the contract with pro-active advice on configuration, or more general service-related announcements. This contact may be made by e-mail. We will only do this if we believe that it is in our legitimate interests to keep you informed of our products and services and if we believe that you would reasonably expect us to contact you in this way. We will not send you general marketing information as part of a group e-mailing campaign unless you have consented to being contacted in this way.

Cloud App Legitimate Interest Assessments

(2) Customers and employees of customers using our Server / Data Center apps

We will collect and store personal information including billing details and email addresses of our customers and those employees of the customer who are involved in the purchase of JEMH or other software directly from us for use on a server or in a Data Center. As part of our order process, we track conversations, generate quotes by email and though Jira, and retain records of order data, quotes, invoices and purchase order documents. This is so that we can provide our Services in accordance with our contract with you. We will retain that information and any information relating to the contract between us for a period of up to seven years following completion or termination of the contract(s) between us so that we can review our performance if any complaints or issues arise after completion or termination of the contract.

Currently, JEMH Server billing is done directly by us. We collect information related to the transactions, and accept payment via bank transfer and credit card checkout cleared through PayPal.  Sometimes Atlassian Partners broker the transaction on behalf of the customer.  See the Paypal Privacy Policy, and your Atlassian partner for theirs.

Where users supply an email address to us for the purpose of sending generated licence keys or as part of the eval - license checkout on our e-store, we will retain that email address for auditing and detection of compliance with our licence terms, but will not use those email addresses for any other purpose.

For customers who download Paid-via-Atlassian apps through Atlassian Marketplace, Atlassian collects information and handles the billing in relation to the purchase of the application and do not provide your personal data to us. You should therefore review Atlassian’s Privacy policy in relation to how they use your personal data.

Unless you request us not to do so, we may also contact those employees of the customer who are involved in the delivery of the contract and end users on an individual basis, with pro-active advice on configuration, or more general service-related announcements. This contact may be made by e-mail. We will only do this if we believe that it is in our legitimate interests to keep you informed of our products and services and if we believe that you would reasonably expect us to contact you in this way. We will not send you general marketing information as part of a group e-mailing campaign unless you have consented to being contacted in this way.

(3) Customer or an employee of a customer, using our support services

We will collect and store personal information including email addresses, website URL's, usernames, service licence details and contact details of end users who contact us for support.  If an end user sends to us comments, log files, screenshots, exports of customer email or personal information about their clients, suppliers, employees or other contacts as part of their request for support, then we will store that information as part of our records in relation to the support services which we provide. We may also process and store personal information, such as e-mail addresses, when running test cases for end users. We are processing this personal data because it is in our legitimate interests to do so in order to perform the services with the end user. 

We will retain information relating to the support services which we provide for a period of 3 years so that we can review our performance, improve the services and respond to any complaints or issues that arise. We remove attachments attached to emails sent to us as part of our support services within 12 months of a case being resolved and clear the support ticket history every 3 years.

(4) You are a supplier or an employee of a supplier to us

We will collect and store personal information including contact details of our suppliers and those employees of the supplier who are involved in the delivery of the contract so that we can receive your services in accordance with our contract with you. We will also retain that information and any information relating to the contract between us for a period of seven years following completion or termination of the contract(s) between us so that we can review your performance if any complaints or issues arise after completion or termination of the contract.

We may also contact you about new business opportunities for us to work together with you and to keep you informed of our activities. We are processing your personal information in this way because it is in our legitimate interests to grow our business and explore new business opportunities with you. We will only do this if we believe that you would reasonably expect us to contact you in this way and that such processing does not have an impact on you in a way that would make this processing unfair.

We will not send you general marketing information as part of a group e-mailing campaign unless you have consented to being contacted in this way.

(5) You are a third party with whom we are in contact during the delivery of services to our customers or the possible delivery of services to prospective customers

We will collect and store personal information including contact details of third parties with whom we are in contact during the delivery of Services to our customers or discussions relating to Services to prospective customers. We may receive that information from you, a customer, a supplier, an introducer or otherwise as a result of an interaction between you and our supplier or customers. We process that information because it is in our legitimate interests to do so in order for us to be able to perform our contracts for our customers or pitch for work from prospective customers. We believe that you would reasonably expect us to process your personal information in this way and that such processing does not an impact on you in a way that would make this processing unfair.

Where your personal information is kept as part of a file relating to the performance of a contract with one of our customers, we will also retain that information and any information relating to that contract for a period of seven years following completion or termination of that contract(s) so that we can review the file if any complaints or issues arise after completion or termination of the contract. Where your information is stored in our contacts database, email archive or other records but is not kept in a customer or supplier file, we carry out a review of our records every three years when we consider whether or not we still have a legitimate interest to keep your contact information. Where we consider that we no longer have a legitimate interest to keep your contact information we will delete it.

We may also contact you about new business opportunities for us to work together with you and to keep you informed of our activities. We are processing your personal information in this way because it is our legitimate interests to grow our business and explore new business opportunities with you. We will only do this if we believe that you would reasonably expect us to contact you in this way and that such processing does not have an impact on you in a way that would make this processing unfair.

We will not send you general marketing information as part of a group e-mailing campaign unless you have consented to being contacted in this way.

(6) You are: (a) a prospective customer or an employee of a prospective customer; or (b) a prospective supplier or an employee of a prospective supplier.

We will collect, store and use personal information including contact details of people who we might do business with as a supplier or a customer for the purpose of growing our business and exploring new business opportunities. We may collect this information from you, when you contact us (including through this website) or from a mutual contact. We will only collect contact information from your website or another third party website if we have identified you specifically as someone who may be interested in receiving a Service from us or delivering goods or services to us. We may contact you about new business opportunities for us to work together with you and to keep you informed of our activities.

We are processing your personal information in this way because it is in our legitimate interests to grow our business and explore new business opportunities with you. We believe that you would reasonably expect us to process your personal information in this way and that such processing does not have an impact on you in a way that would make this processing unfair.

Where your information is stored in our contacts database but is not kept in a customer or supplier file, we carry out a review of our contacts database every three years when we consider whether or not we still have a legitimate interest to keep your contact information. Where we consider that we no longer have a legitimate interest to keep your contact information we will delete it.

We will not send you general marketing information as part of a group e-mailing campaign unless you have consented to being contacted in this way.

Employees should refer to the Employee Privacy Notice for further information about our privacy policy in respect of employees.

Where an employee has provided us with personal information about a spouse, civil partner or other family member/friend (perhaps in relation to sharing a Company car, private medical insurance or other benefits or as an emergency contact), it is the employee’s responsibility to inform that person that the employee has provided us with their details and that we will be processing it in connection with the relevant benefit and/or policy in accordance with this privacy policy.

(8) You are a prospective employee or a referee of a prospective employee

If we have received your details in response to a recruitment initiative, we will store the personal information that either you, your recruitment agent or another third party has provided us with. We process that information because it is in our legitimate interests to do so in order for us to be able to make an informed decision about whether to interview you and, ultimately, recruit you. We believe that you would reasonably expect us to process your personal information in this way and that such processing does not an impact on you in a way that would make this processing unfair. Where your personal information is kept as part of a file relating to prospective employees of the Company, we will retain that information and any information relating to that matter. This is so that we can review the file if any complaints or issues arise after the recruitment process. The length of time that we keep prospective employee files is usually 6 months after conclusion of the relevant recruitment process.

Unless you request us not to do so, we may also contact those individuals who are referred to in any information you provide us with, for example referees, this contact may be made by telephone, e-mail or post. We will only do this if we have your express permission to contact them in this way.

Where you have provided us with personal information about a referee or a previous employer, it is your responsibility to inform that person that you have provided us with their details and that we will be processing it in connection with your employment application. You should also give them our contact details (below) should they wish to discuss this with us.

(9) We have received your information from a third party

If we have received your personal information from a third party, for example an introducer, your employer or service provider, that third party will be the controller in relation to that personal information and we will be processing it on their behalf. You should therefore contact that third party to review their privacy policy.

If you become a customer or a prospective customer as a result of an introduction, the Company will become a controller in relation to your personal information and the relevant sections of this policy will apply.

(10) Your relationship with us is not covered by any of the above

We may hold your contact details and personal information as a result of an interaction between you and one of our employees or prospective employees. This interaction could be as a result of business development and/or business networking. We are processing your personal information in this way because it is in our legitimate interests to retain a record of our employees’ engagement with third parties. We believe that you would reasonably expect us to process your personal information in this way and that such processing does not impact on you in a way that would make this processing unfair. We carry out a review of our contacts database every three years when we consider whether or not we still have a legitimate interest to keep your contact information. Where we consider that we no longer have a legitimate interest to keep your contact information we will delete it safely.

Personal information we hold and where we collect it

The information we collect about you depends on the products and services you use and how you purchase those products and services. It includes (but isn’t limited to):

  • Your name, address, e-mail address and other contact details

  • Who you work for

  • Website urls, usernames

  • Financial details, including bank details to process payments only

  • Your communications with us, including support cases, bug reports, posts on forums we host, data you have provided to use through support for analysis (customer emails, configuration files and application log files) as well as notes, recordings of phone/video calls and physical letters you send to us.

  • Where you purchase our products and services from the Atlassian Marketplace, Atlassian will collect your personal information and do not share that information with us. You should therefore review Atlassian’s Privacy policy in relation to how they use your personal data.

We will collect the information from you directly:

  • where you purchase our products and services directly from us through our website, our sales partners or otherwise; and

  • where you contact us to provide support for our products and services or to make an enquiry.

We would not normally process sensitive information, for example, relating to your health, religious belief or sexuality. If that information is relevant to the services we are providing or receiving from you, then we will agree with you at the time whether we can process that information.

Some of our services involve data and document storage as an integral part of the product or solution offering. We may also receive personal information as an incidental part of providing our support services. Documents and data received by us or stored by us on behalf of customers may contain personal or business information, for example in relation to our customers, their employees, their customers and suppliers or other third parties.

Any information stored by or on behalf of our customers is controlled and managed by our customers and we are processing this information on their behalf and only made accessible to those customers or others our customers may authorise from time to time. Our access to this information is limited to the Company personnel who require access in order to provide our Services or for any other critical business reason. If we are holding your personal information on behalf of a customer, you should review that customer’s privacy information and/or your contract with that customer.

Cookies

As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.

We use cookies to monitor site visitors to better understand how they use the website. The software will save a cookie to your computer’s hard drive to track and monitor your engagement and usage of the website.

Users are advised that if they wish to deny the use and saving of cookies from this website on to their computer’s hard drive they should take all necessary steps within their web browser’s security settings to block all cookies from our website.

Please see our Cookie Policy for further details.

When we share personal information

The Company shares or discloses personal information only when necessary to provide Services or conduct our business operations as described below. When we share personal information, we do so in accordance with data privacy and security requirements. We do not sell, share or otherwise disseminate any personal information to third parties. Below are the parties with whom we may share personal information and why.

Third party apps or providers: You may choose to integrate our Services with other apps or third party services or integrate them with your third party email provider or cloud storage provider to add new functionality or change the behaviour of the Services. Doing so may give third-party apps access to your account with us and any information about you like your name and email address, and any content you choose to use in connection with those apps. Third–party provider’s policies and procedures are not controlled by us, and this privacy policy does not cover how third-party providers use your information. We encourage you to review the privacy policy of third parties before connecting to or using their applications or services to learn more about their privacy and information handling practices.

Our third-party service providers: We partner with and are supported by service providers around the world. Personal information will be made available to these parties only when necessary to fulfill the services they provide to us, including (without limitation) software, system, and platform support; payment providers, cloud hosting services; and data analytics. Our third-party service providers are not permitted to share or use the personal information we make available to them for any other purpose than to provide services to us.

Other third parties: We will share personal information when we believe it is required or in our legitimate interests to do so, such as:

  • to comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities;

  • in the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings);

  • to protect our rights, users, systems, and Services.

Limited Use Requirements

Google API Services

Where our products (such as JEMHC) make use of information received from Google APIs, they will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Where we store and process personal information

We take steps to ensure that the information we collect is processed according to this Policy and the requirements of applicable law wherever the data is located.

We store information in a cloud hosting service, through the provider Amazon Web Services, located in the USA. We also store information on servers hosted by Google and Mailtrap. We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within the Company or to third parties in areas outside of your home country.

International transfers to third parties

Amazon Web Services, Atlassian, Mailtrap, Google and other third parties described in this privacy policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the county in which you reside. When we share information of customers in the EEA, we ensure that the third parties make use of the EU – US– US Privacy Shield Frameworks, European Commission approved standard contractual data protection clauses, binding corporate rules for transfers to data processors, or other appropriate legal mechanisms to safeguard the transfer. Amazon Web Services and Atlassian are self-certified under the EU-US Privacy Shield.

How we secure personal information

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed when using our services in isolation. In addition, we limit access to your personal data which we control to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. However, when you use our Services in connection with other apps or third party services, we are not able to control the security measure applied by those third parties and it is the end user’s responsibility to determine appropriate security measures for the processing of their data in an environment where our services are used in conjunction with other third party services provided.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long we keep personal information

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

When we no longer need personal information, or when you request us to delete your information, where this is legal, we will securely delete or destroy it. See section “Purpose of the processing, legal basis and retention periods” for further information on our retention periods.

Your legal rights

We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or safely delete your personal information.

Access to personal information: You have the right to request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. If you request access to your personal information, we will gladly comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data.

Object to processing: of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing: of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request erasure: of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request

Request the transfer: of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Correction of your data: You have the right to request that we correct your personal information if it is inaccurate or requires updating or complete your personal information if the information we hold is incomplete.

Withdrawal of consent: If we are processing your personal information on the basis that you have given your consent to us processing that personal information, you have a right to withdraw your consent at any time by letting us know in writing, by email or by telephone.

Marketing preferences: To opt out of email marketing, you can use the unsubscribe link found in the email communication you receive from us or you can use the preference centre option on our website or let us know in writing, by email or by telephone.

Filing a complaint: If you are not satisfied with how the Company manages your personal data, you have the right to make a complaint to the Information Commissioner’s Office (https://ico.org.uk).

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please let us know by using the “Contact Us” option on our website or let us know in writing, by email or by telephone.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Third-party links

Our website has links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Children’s privacy

Our Services are not directed to children under 13. If you learn that a child under 13 has provided us with personal information without consent, please contact us.

How to contact us

Please contact us with any requests related to your personal information.

We understand that you may have questions or concerns about this Policy or our privacy practices or may wish to file a complaint. Please feel free to contact us:

Email: privacy@thepluginpeople.com

Address: The Plugin People Ltd, Pure Offices Cheltenham Office Park, Hatherley Lane, Cheltenham, Gloucestershire, GL51 6SH

Appendix E : GDPR, Article 27 : Authorised Representative

When contacting our Representatives please ensure you include our company name The Plugin People Ltd in any correspondence.

UK Authorized Representative

For United Kingdom GDPR and the Data Protection Act 2018 is DataGuard:

Email address: privacy@dataguard.co.uk

Telephone number: +44 2035146557 

Address: DataCo International UK Limited, Suite 1, 7th Floor, 50 Broadway, London, SW1H 0BL

EU Authorized Representative

To comply with (Art. 27 GDPR – Representatives of controllers or processors not established in the Union - General Data Protection Regulation (GDPR) ), we have appointed IT Governance Europe Limited to act as our EU Representative. If you wish to exercise your rights under the EU General Data Protection Regulation (GDPR), or have any queries in relation to your rights or privacy matters generally as applicable to EU customers please email our Representative:

Email: eurep@itgovernance.eu

Address: EU Representative, IT Governance Europe, The Mill Enterprise Hub, Stagreenan, Drogheda,

Co. Louth, A92 CD3D, Ireland.