2.1 The terms below shall have the following meanings:
2.1.1 "Personal Data Breach," "Controller," "Processor", "Data Subject", "Personal Data", "Processing," "Special Category Data", and "appropriate technical and organisational measures” as used in this Policy shall have the meanings given in the GDPR irrespective of whether GDPR, UK GDPR, or U.S. Data Protection Law applies.
2.1.2 "Data Protection Law" means European Data Protection Law including UK GDPR and U.S. Data Protection Law that are applicable to the processing of Personal Data under this Policy.
188.8.131.52 "European Data Protection Law" means any data protection and privacy laws of Europe applicable to the Personal Data in question, including where applicable
184.108.40.206.1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)("GDPR"); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) any applicable national implementations of (i) and (ii); (iv) the Swiss Federal Data Protection Act of 19 June 1992 and its Ordinance; and (v) in respect of the United Kingdom, the Data Protection Act 2018, UK GDPR and any applicable national legislation that replaces or converts in domestic law the GDPR or any other law relating to data and privacy as a consequence of the United Kingdom leaving the European Union; in each case as may be amended, superseded or replaced from time to time;
220.127.116.11 “U.S. Data Protection Law” means data protection or privacy laws applicable to Personal Data in force within the United States, including the CCPA.
Totem Dev is committed to working with you to ensure compliance with all applicable laws and regulations concerning the protection of Personal Data. Should you wish to exercise any of the rights outlined in this Policy, or have further queries with regards to this Policy, please contact us at firstname.lastname@example.org.
4. Your Usage of websites
4.1 Software downloads
We may make certain software available for download on our websites and may link to software on other, third party websites. This software may be created by Totem Dev or by third party vendors. The software may be programmed to access our servers and/or third party servers in order for the software to operate and in order to check for program upgrades or enhancements. From time to time, new files may be added to your computer in order to upgrade the software or add new functionality to it. These changes may occur without notice to you. Use of such software will be governed by any associated or referenced terms and conditions, and instructions on uninstalling such software will similarly accompany or be referenced. In the event that such software is an Totem Dev product, use of the product will be governed by a separate Totem Dev End User License Agreement.
4.2 Privacy of other websites
Our websites may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we are not responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.
4.3 Users of age 16 and under
If you are aged 16 or under, please get your parent/guardian’s permission beforehand whenever you provide personal information to our websites. Users without this consent are not allowed to provide us with personal information.
4.4 Comments and Ratings
Should any pages on any of our systems allow posting of comments, your username may be associated with any comments (except in areas where anonymous comments are permitted, your post and username will be displayed alongside those comments to anyone who has access to see them).
4.5 Offensive language and behavior
Totem Dev reserves the right to, at its sole discretion, remove any content on its websites
and specifically for content which is offensive, abusive, provocative or discriminatory language posted on or sent through our Services, at its sole discretion, Totem Dev reserves the right to remove this content and to remove any user's access to its Services.
5. What information we collect related to you
5.1 Information we get
When you use our Services or have any Interactions with us, we may collect data related to you, your use of Services, and Interactions. Broadly speaking, this data can be categorized as:
Cookies and Pixels,
Product Data (data generated through use of our products in various forms),
Interaction data (data generated through interactions with us on phone, via email, via the website, or other means), and
Transactional and Commerce Data (data generated through an actual order or sale of a product or service).
This data (which may include Personal Data) can be described in more detail as:
Identification information, which may include name, email address, billing or shipping addresses, telephone numbers, screen names, user IDs (potentially with password). This might also include IP addresses;
Commercial information, which may include payment or financial information which would be appropriately handled (for example through a third party payment platform);
Technical platform information, which relates to the technical means by which you interact with us, such as operating system, web server type, browser type, or other information regarding your device;
Web related information, including things such as referring domain;
Activities related to your use of Services, including website use and records of actions and activities, including search, and communication preferences;
Educational information, which includes your education history; grades
Professional information, such as employer or organisational affiliation for a customer or partner; the contents of your resume;
Geolocation data, which might be extrapolated from other data;
Communication information, which may include audio, electronic, visual information, as well as any data in any files uploaded, emailed or otherwise provided, and the contents of your communications with us via email, social media, telephone or voice calls, or via whatever Interaction you participated in.
5.2 How we get the information
We collect data, including Personal Data, from a variety of sources depending on the nature of the Services you use or Interaction you have. Sources may include:
Your direct submission: You may provide information to us via one of our Services or via Interactions. This may unstructured information (such as that in an email) or a response to a survey, web-form, or other data gathering mechanism.
Indirectly via your use: We may collect information from you in the course of your using Services or our providing services to you. For example, we may observe your actions on one of our websites.
From Third Parties: We may be provided, or collect, information from various third parties with whom we may contract, or share an integrated service, in connection with our Services. For example:
(i) third party vendors that help us build or supplement contact lists or information, for example webinar platforms or market intelligence providers; and
(ii) third parties that help us verify records or enrich information we capture about you; and
(iii) third party providers of services (such as online recruiting services) whereby information is sent to us automatically or via request; and
(iv) transactional information from third parties, including information regarding your purchases or evaluations of any of our Services. This may include data from companies such as Atlassian (via Atlassian Marketplace or other means).
5.3 Use of your information
To the extent permitted by law, we will use data provided, including Personal Data, to:
Provide our Services, including their administration, operation and support, communications related to the Services, and commercial related aspects such as purchasing;
Meet our legal and regulatory obligations, such as in the area of security;
Carry out marketing including advertising of our Services, which may include passing your information to external social media platforms (see Marketing Providers) for profiling & deriving new target audiences to whom we may advertise on those platforms.
All marketing email communications from Totem Dev shall provide the option to unsubscribe at any time.
6. Retention of data
With regards specifically to Personal Data, Totem Dev will keep and process your Personal Data only for as long as is necessary for the purposes for which it was collected, unless Totem Dev has a legal obligation to retain the data for a longer period.
Where we disclose Personal Data to third parties who act as a Processor, this data will be retained by the third party in accordance with our specific requirements.
7. Disclosure of data
In general, there are various people within Totem Dev who may need access to the information that you provide us. They may need this for technical, commercial or compliance reason, and this will be done in accordance with Totem Dev's internal access control policy.
7.2 Access and administration
The information you provide to us will be held on our computers and may be accessed by or given to our staff, affiliates or subcontractors. You should be aware that the administrator of the Services may be able to:
access information in and about your account;
disclose, restrict, or access information that you have provided or that is made available to you when using your account, and;
control how your account may be accessed or deleted.
7.3 Promotional reference
Clients who purchase goods or services from Totem Dev may be referenced in our promotional material and websites. We may identify you by name, trade name, logo and trademark. Should you not want to be listed, please contact us at here.
7.4 Third parties and sub-processors
We may use information you provide, including Personal Data, in conjunction with third parties, who may act as Sub-Processor of such data. See Totem Dev Third Parties for more information.
7.5 Joint ventures, mergers and acquisitions
Finally, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.
8. Third Parties
We collaborate with third parties that help us operate, provide, improve, integrate, customize, and support our Services.
8.2 Service Providers
We work with third-party service providers to supply websites and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you that you supply. This may include Personal Data.
8.3 Marketing Providers
We work with third-party service providers to enable us to further market and advertise our Services. In order to do this, we may provide them with Personal Data which will be processed in a manner compliant with the appropriate Data Protection Law. Marketing Providers may establish a profile of potential people to whom we might advertise, based on data we provide them. Marketing Providers may include, but are not limited to the following and any further third parties listed in section "Cookies and Pixels:"
Our products integrate with third parties products. We may share your information with these third parties in connection with their services, which will be described in relevant product documentation. Additionally, you may choose to make use of third-party add-ons in conjunction with Totem Dev services. Third-party add-ons are software written by third-parties to which you grant access privileges to your content. We may also share information with these third parties where you have agreed to that sharing. Totem Dev Integrated Partners may include, but are not limited to:
Cookies are text files placed on your computer to collect visitor behavior information.
When you visit our websites, or download our products, we collect information on usage from you automatically through cookies. First-party and third-party cookies are used to improve your online experience. Cookies allow you to log in to our systems, connecting various page views together into a session. When you use our products and services you may be asked to provide certain information about yourself, including your name and contact details. We may also collect information about your usage, as well as information you provide during such usage. This includes using our websites, products and services, as well as any correspondence or communication you send.
9.2 Overview of Pixels
10. Specific Types of Cookies and Pixels
10.1 Functionality Cookies
10.2 Marketing and Analytics Cookies and Pixels
We send data collected through these cookies to a variety of tools and providers that help us improve our products and services. These tools include but are not limited to the following list. For further details, please see individual privacy policies for each tool or provider:
Cookies and pixels allow Totem Dev to collect information that enables us to personalize and measure the effectiveness of advertising on our site, in our products and on other websites. For example, we may serve you a personalized ad based on the pages you visit on our websites. Our company might share some limited aspects of this strictly anonymized data with third parties for advertising purposes. Advertising cookies on this site include:
Essential cookies are necessary for a website, or for our products, to function as intended. These could include us storing your website data collection preferences so we can honor them if you return to our websites. You cannot opt-out of the essential cookies and doing so would render some of the websites and/or product functionality unusable.
10.5 How to manage cookies
You can often allow or disallow certain types of cookies. Accepting cookies is usually the best way to ensure you get the most from a website. You can normally change your browser settings to restrict, block or delete cookies if you want. Each browser is different, so check the ‘Help’ menu of your particular browser to learn how to change your cookie preferences. Many browsers have universal privacy settings for you to choose from. Get more help about how cookies work with specific browsers. Please note, these instructions may change from time to time.
11. Product Data
There are various forms of data that are generated and collected from your use of products. Reasonable efforts are made to encrypt or encode Personal Data data where we know it is present in Product Data.
Broadly, the data generated and collected from your use of products can be categorized as follows:
11.1 Data Types: In-Product Analytics
We analyse behavior patterns in order to develop product improvements. Such data is exclusively used in order to improve our Services. Totem Dev may capture information such as the page that is viewed, the referrer, or the actions actions performed (such as a clicked button). Note that:
IP addresses may be supplied and in some cases can be resolved to a person, which would render them Personal Data.
In some cases, we track the software instance that data comes from. In the Atlassian context, this ties to a SEN number.
You can also set your firewall to disallow (block) this traffic.
11.2 Data Types: Diagnostic Data ( Error Logs data )
Our Cloud Apps track errors of our Cloud Apps' resources executed in the end users' browsers in real-time. This includes for example AddOnKey, ClientKey, BaseUrl, anonymised TrackingID, error messages and information about the environment such as browser type, browser version and operating system. It is exclusively used in order to improve our service.
In addition, by seeking product support, you may provide log and other information, voluntarily, to our Support staff for analysis and review. It is possible that this can contain Personal Data depending on how you use and configure your products and systems. Application logs may be sent to sub-processors or stored.
11.2.1 Log and supplied information
This is information given voluntarily by client to our support staff by a client. In theory, this could contain Personal Data embedded within user generated content. This depends on the client manages Personal Data.
Some of this data may be processed and stored on Totem Dev's AWS based servers.
11.2.2 General Diagnostics
This includes error detection and alerting data. Sentry is running in browser and will diagnose issues. IP address is included, and this can at times be resolved to an individual, which means it can be Personal Data.
This information is sent to Sentry for processing and storage. Depending on configuration, information may also be sent to Slack as there is a slack add-on for notifications.
11.2.3 Aggregated Diagnostics and Session Data
This includes data from each customer's use of products which, such as for example usage statistics of product functionality such as the total number of product functions used per day. This data is anonymized. Therefore, we cannot identify the end user this data relates to.
Application metrics are sent to Sentry for analysis and reporting in order for us to monitor the applications performance. This will include anonymized organisational data and aggregated data, but no Personal Data by design.
11.3 Data Types: General Data
This includes user generated or configured content or data such as scripts or configuration of cloud based products.
We store customer data for specific Cloud Apps such as Skills for Jira inside your own Jira entities and storage specific to your instance provided by the Atlassian Forge platform. Customer data is not stored on our own servers and is not available to our staff unless explicitly shared by the customer as part of the communication with Totem Dev support.
By design there is normally no Personal Data contained in this data category, though an end user may at their choice configure the products otherwise.
11.4 Data Types: Administrative data
If you are using our Hosted Services for Atlassian Cloud products, Totem Dev may have access to data available to an administrator based on the specific applications scopes granted (please see https://developer.atlassian.com/platform/forge/manifest-reference/permissions/ for more information on application scopes). Access to this information is strictly controlled and will only be used for specific application functionality which requires it and support services such as initial configuration, routine maintenance such as backups and changes to server configuration and also any bespoke content production or alterations we make upon your request.
In addition, Atlassian will have to retain a copy of your contact details and license key of the Atlassian products for their own records, along with any correspondence you may have with them directly.
11.5 Data Types: Personal Profile Data
Integrated Partners such as Atlassian have very specific ways of defining Personal Data. For Atlassian, this includes data held in a specific set of tables and for a narrow purpose of logically identifying users. Such data may also be processed by service providers such as AWS Cognito in order to enable profile related product features for Totem Dev offerings.
This data does not include information which may still resolve to an individual (i.e. be Personal Data within the definition prescribed by the GDPR) and which may be embedded in content throughout various applications.
In order to ensure we harmonize in certain instances with our Integrated Partners from a policy standpoint, we recognize this distinctive category of data as Personal Profile Data.
11.6 On-premises products versus Hosted Services (including Cloud Apps)
Totem Dev may provide on-premises products for which you can acquire a license to use. Use of such products is governed by the Totem Dev End User License Agreement. On-premises products include Atlassian-based "Server" and "Data Center" variants of our products. These products, by their nature, will be installed in an environment that a client controls.
Totem Dev also provides hosted products for Atlassian Cloud and in addition, Cloud Apps are part of "Hosted Services," which also contain other online services that may be made available by Totem Dev.
11.7 Hosted Services: Note on Slack apps
When you install Slack apps created by Totem Dev into your Slack workspace, you acknowledge and understand that other users of your Slack workspace may be able to interact with Totem Dev and as such their Personal Data may be visible to Totem Dev. Totem Dev does not record, disseminate or share with third parties any personally identifiable data from other users of your workspace. However, statistical data (such as the number of users in the Slack workspace) is monitored for the purposes of improving, tracking and developing the software only.
12. Interaction Data
This is the sum of the digital presence which may be left behind as a result of any Interactions you may have had with Totem Dev which falls outside of the scope of a formalized agreement. This includes, but is not limited to, any information you may provide us through our website, through any communications you may have with Totem Dev or any Totem Dev employee in the course of their employment, or through any social media platform. You warrant not to provide Totem Dev with any Special Category Data through such interactions unless explicitly requested by Totem Dev.
13. Transactional and Commerce Data
Data regarding any orders / purchases for use of our Services is referred to as Transactional and Commerce Data. This includes (but is not limited to) orders / purchases of:
licenses to use our software (including products) in whatever form,
licenses to use 3rd party software, or services, sold through Totem Dev.
Transactional and Commerce Data may be provided to us via your placing an order on the phone, via our own online marketplace facilities, via 3rd party marketplace facilities such as the Atlassian Marketplace, our website, officially authorized 3rd party partners or representatives, or other sources.
When placing orders / making purchases, it is important to note and agree to any terms and conditions imposed by third parties, such as Service Providers with whom we may be working to facilitate the order or purchase.