SPARTEZ can refer to:
(1) Spartez Software sp. z o.o. sp.k. with registered seat in Gdańsk, ul. Norwida 2, Poland, Court Registration Number (KRS) 0000764266, VAT No. PL5833005538, and
(2) SPARTEZ Sp. z o.o. Sp.k. with registered seat in Gdańsk, Norwida 2, Court Registration Number (KRS) 0000572100, VAT No. PL5842727722.
If it is not explicitly stated otherwise in notification, information, agreement or communicated in a similar manner, SPARTEZ shall be understood as the entity indicated in (1).
SPARTEZ is responsible for the processing of your personal data (the Controller). However, SPARTEZ may also be processing your personal data in the capacity of a Processor, as further described in the “SPARTEZ as Processor” section below.
Right of access: You have the right to obtain from us information as to whether we are processing your personal data, and where that is the case, access the personal data and information regarding the processing, for example the purposes of processing and categories of personal data concerned.
Right to rectification: If you believe we store incorrect information about you, you can request that we correct or supplement your data.
Right to erasure: You have the right to request that we delete your personal data. You can make such a request if for example you believe that we no longer need to keep your personal data to fulfil our purposes of processing such information, or if you have withdrawn your consent for us to further use your personal data.
Right to restriction of processing: You have the right to require that we temporarily suspend all our processing of your personal data with the exception of storing them. You can exercise this right if for example we do not agree if your personal data are accurate, or you believe our processing of your personal data is unlawful.
Right to object: You have the right to object at any time to the processing of personal data concerning you, including marketing activities.
You may opt out of receiving promotional communications from SPARTEZ by using the unsubscribe link within each email or by emailing us to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed.
Right to data portability: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance, where our processing is based on your consent or on a contract and where the processing is carried out by automated means.
Right to lodge a complaint with a supervisory authority: If you are not satisfied with the way SPARTEZ processes your personal data or responds to your application or request, you have the right to lodge a complaint with a supervisory authority.
The controller of personal data provided in connection with starting collaboration with us, in accordance with the master agreement under which you started the collaboration, is Spartez Software sp. z o.o. sp.k. ul. Norwida 2 80-280 Gdańsk, KRS 0000764266, NIP 5833005538 or Spartez sp. z o.o. sp. k., in Gdańsk 80-280, St. Norwida 2, KRS 0000572100, NIP 5842727722.
Personal data are processed for the purpose of performance under the agreement entered into, for tax or accounting purposes, as well as for direct marketing of our own products and services. Contact information is recorded so that we are able to contact you to inform you of offerings, best practices as well as provide marketing information about our services and products. We may also contact you or your employees via given contact information with request to provide feedback or product requests. Contact information is also stored to provide support, answer your questions or handle issues.
Data are provided to the controller voluntarily and the processing is conducted on the basis of an agreement, therefore, if you refuse to provide the data, no agreement will able to be concluded or executed.
Personal data will be processed solely for the purposes indicated above and for the period of performance under the agreement; after termination of the agreement, the data will be processed until the expiry of the period of limitation for reciprocal claims and the period of storing of accounting documents required by law.
Personal data will not be disclosed to any other entities save for those entities commissioned by the Controller to process such data for the purpose of proper handling of the collaboration processes. However, such entities process the data on the basis of an agreement concluded with the Controller and solely as instructed by the Controller, and may not use personal data for other purposes. We work with third party service providers to provide website, application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us. These service providers may process your information for the purpose of providing those services for us. Therefore, personal data may be transferred to a third country on the basis of standard data protection clauses adopted or accepted by the European Commission or on the basis of Privacy Shield participation clause. Customer’s or Contractor’s data may be also disclosed to authorized entities as long as it is required by the generally applicable law.
Personal data will not be used for automated decision-making processes, including profiling.
Each person whose personal data are processed has the right of access, demand rectification, erasure or restriction of processing of personal data, the right to object processing of personal data, the right to transfer personal data (data portability), and the right to lodge a complaint with a supervisory authority.
In case of products, in all cases connected with processing personal data by the Controller, including information about adequate safeguards on protection of personal data applied in connection with sharing personal data with third parties, please contact the Data Protection Officer at the e-mail address: email@example.com.
The controller of personal data provided in connection with the conducted recruitment processes, including the personal data contained in the enclosed application documents, in accordance with the application filed and consent granted, is Spartez Went Wspólnicy Sp. j., Na Zboczu 33, 80-110 Gdańsk, Spartez sp. z o.o. sp. k., Norwida 2, 80-280 Gdańsk, or in case of selecting both, these selected companies as independent controllers.
Personal data are processed solely for the purpose of recruitment.
In the case of job application, data in the scope specified in the Labour Code – the Act of 26 June 1974 (Dz.U. [Polish Journal of Laws] of 1974 No. 24 item 141 as amended) and implementing acts are provided voluntarily and processed on the basis of the above-mentioned laws. Additional data in the application documents, as well as data provided when applying for a collaborator (a civil law contract) are provided voluntarily and processed on the basis of consent which may be withdrawn at any time without affecting the lawfulness of data processing carried out on the basis of the consent before its withdrawal. In both cases, participation in the recruitment process is impossible if the data are not provided.
Candidates’ data – their first and last name and the date of birth – will be processed for 18 months following the completion of the recruitment process in which a given candidate participated. This results from the recruitment policy adopted by our companies which excludes a candidate from participating in another recruitment process in less than 18 months. If a candidate voluntarily consents to participating in future recruitments, his or her personal data will be processed for 18 months following the completion of the recruitment processing which this candidate participated.
Personal data of candidates will not be disclosed to any other entities save for those entities commissioned by the Controller to process such data for the purpose of proper handling of the recruitment processes, e.g. IT services providers, business consultants. However, such entities process the data on the basis of an agreement concluded with the Controller and solely as instructed by the Controller, and may not use personal data for other purposes. Therefore, personal data may be transferred to a third country on the basis of standard data protection clauses adopted or accepted by the European Commission.
Personal data will not be used for automated decision-making processes, including profiling.
Each person whose personal data are processed has the right of access, demand rectification, erasure or restriction of processing of personal data, the right to object processing of personal data, the right to transfer personal data, and the right to lodge a complaint with a supervisory authority.
In all cases connected with processing personal data by the Controller, including information about adequate safeguards on protection of personal data applied in connection with providing personal data, please contact the Data Protection Officer at the e-mail address: firstname.lastname@example.org.
Web and product logs: are gathered for the purpose to understand effectiveness of our website pages and usability of our products. We gather certain information and store it in log files when you interact with our websites or products. This information includes internet protocol (IP) addresses as well as browser type, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences.
Analytics Information: are recorded for the purpose to understand effectiveness of our website pages and products. We collect analytics information when you use our websites or products to help us improve our products and services.
Product errors: SPARTEZ products have a mechanism which sends logs to our servers in the case of serious error detection. These data contain information on error details, information on the product structure at the moment of error occurrence. These data may also include SEN and Server ID for JIRA licenses, the first and last name (if the latter is provided) of a technical contact person of Users as well as their email address.
Mailing lists and privacy contact: If one consented for receiving marketing information via email, we may use the first and last names of users as well as email address to maintain mailing lists and send out product and marketing information. You can unsubscribe from product or marketing information by sending us notice to email@example.com
General Uses: We use the Information we collect about you (including personal data to the extent applicable) to provide, operate, maintain, improve, and promote our websites and products; to monitor and analyse trends, usage, and activities in connection with our websites; to investigate and prevent unauthorised access to our websites and other illegal activities.
Testimonials: We may display personal testimonials of satisfied customers on the SPARTEZ products. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
Compliance with Laws and Law Enforcement Requests; Protection of Our Rights: We may disclose your Information (including your personal data) to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of our products and services, (d) to protect SPARTEZ, our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
For how long do we keep your personal data?
In general terms, we don’t keep your personal data longer than necessary for the purposes for which the personal data are processed. After such time, we will either delete or anonymise your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
SPARTEZ provides the following security statement with a promise to adhere to the highest effective industry standards. We implement appropriate technical safeguards as HTTPs and organizational measures to guard your personal data, however, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers.
In relation to the Jira Cloud plugins' performance SPARTEZ does not store any critically vulnerable user or client data. Nevertheless due to the nature of JIRA API we might store e.g. userKeys to provide product functionalities.
People and Access
Only authorized SPARTEZ employees have access to the application data. Jira Cloud plugins created by SPARTEZ are designed to allow application data to be accessible only with appropriate credentials. Users and clients are responsible for maintaining the security of their own login information.
SPARTEZ understands the importance of ensuring privacy of the personally identifiable user and client information. We do not share any kind of private information regarding users or clients, nor their activity.
For Security measures applied to our products please refer to our product documentation pages: https://confluence.spartez.com/
SPARTEZ provides services to various customers. If you are an end-user of SPARTEZ products as a customer, then SPARTEZ may be processing your personal data in the capacity of a Processor, in which case the customer (your employer/principal) acts as the Controller of your personal data processing. Our customers determine the purposes of personal data processing by adapting and configuring the products. Such processing carried out by SPARTEZ is regulated by data processing agreements with customers, whereby SPARTEZ only processes personal data on documented instructions from the Controller. If you have any questions or requests with respect to such processing, you should contact your employer/principal. If you are an employee of one of our customers and would no longer like us to process your information in connection with SPARTEZ services please contact your employer.
If you are a Controller and believe SPARTEZ is processing your personal data in the capacity of a Processor, you may request signing Model Data Processor Agreement for SPARTEZ Add-On Customers (DPA) as provided below in Addendum 1. In that case please let us know at email@example.com.
This agreement regarding processing of personal data (the “Data Processor Agreement”) regulates Spartez Software sp. z o.o. sp.k. ul. Norwida 2 80-280 Gdańsk, Poland, registration number (KRS) 0000764266, VAT No. PL5833005538 (the “Data Processor”) the processing of personal data on behalf of the customer (the “Data Controller”) and is attached as an addendum to the EULA in which the parties have agreed the terms for the Data Processor’s delivery of services to the Data Controller.
The Data Processor Agreement shall ensure that the Data Processor complies with the applicable data protection and privacy legislation (the “Applicable Law”), including in particular The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
The purpose of processing under the EULA is the provision of the Services by the Data Processor as specified in the EULA. In connection with the Data Processor’s delivery of the Services to the Data Controller, the Data Processor will process certain categories and types of the Data Controller’s personal data on behalf of the Data Controller.
”Personal data” includes “any information relating to an identified or identifiable natural person” as defined in GDPR, article 4 (1) (1) (the ”Personal Data”). The categories and types of Personal Data processed by the Data Processor on behalf of the Data Controller are:
The Data Processor processes the following types of Personal Data in connection with its delivery of the Services under EULA:
The Data Processor processes personal data about the following categories of data subjects on behalf of the Customer:
The Data Processor only performs processing activities necessary and relevant to provide the Services. The categories and types of Personal Data processed by the Data Processor shall be updated whenever changes occur that require an update.
The Data Processor may only act and process the Personal Data in accordance with the documented instruction from the Data Controller (the “Instruction”), unless required by law to act without such instruction. The Instruction at the time of entering into this Data Processor Agreement (DPA) is that the Data Processor may only process the Personal Data with the purpose of delivering the Services as described in the EULA.
The Data Controller guarantees to process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. The Data Controller will be solely responsible for the accuracy, quality, and legality of Personal Data and the means by which they were obtained.
The Data Processor will inform the Data Controller of any instruction deemed to be in violation of the Applicable Law and will not execute the instructions until they have been confirmed or modified.
The Data Processor shall treat all the Personal Data as strictly confidential information. The Personal Data may not be copied, transferred or otherwise processed in conflict with the EULA or DPA, unless the Data Controller has agreed to same in writing.
The Data Processor’s employees shall be subject to the confidentiality obligation to ensure that they treat all the Personal Data under this DPA with strict confidentiality.
Personal Data will only be made available to that personnel which require access to such Personal Data for the purpose of providing Services under EULA and this Data Processor Agreement.
The Data Processor shall implement the appropriate technical and organizational measures as set out in this Agreement and in the Applicable Law, including GDPR, article 32. The security measures are subject to technical progress and development. The Data Processor may update or modify the security measures from time to time provided that such updates and modifications do not result in degradation of the overall security. The Data Processor shall provide documentation for the Data Processor’s security measures if requested by the Data Controller in writing.
If the Data Processor’s assistance is necessary and relevant, the Data Processor shall assist the Data Controller in preparing data protection impact assessments in accordance with GDPR, article 35, along with any prior consultation in accordance with GDPR, article 36.
If the Data Controller receives a request from a data subject for the exercise of the data subject’s rights under the Applicable Law and the correct and legitimate reply to such a request necessitates the Data Processor’s assistance, the Data Processor shall assist the Data Controller by providing the necessary information and documentation. The Data Processor shall be given reasonable time to assist the Data Controller with such requests in accordance with the Applicable Law.
If the Data Processor receives a request from a data subject for the exercise of the data subject’s rights under the Applicable Law and such request is related to the Personal Data of the Data Controller, the Data Processor must immediately forward the request to the Data Controller and must refrain from responding to the person directly.
The Data Processor shall give immediate notice to the Data Controller in the event of any breach which can lead to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed with reference to the Personal Data processed on behalf of the Data Controller (a “Personal Data Breach”).
The Data Processor shall make reasonable efforts to identify the cause of such a breach and take such steps as are deemed necessary to establish the cause, and to prevent such a breach from reoccurring.
Upon request by a Data Controller, the Data Processor shall make available to the Data Controller all relevant information necessary to demonstrate compliance with this DPA, and shall allow for and reasonably cooperate with audits, including inspections by the Data Controller or an auditor mandated by the Data Controller. The Data Controller shall give notice of any audit or document inspection to be conducted and shall make reasonable endeavours to avoid causing damage or disruption to the Data Processors premises, equipment and business in the course of such an audit or inspection. Any audit or document inspection shall be carried out with reasonable prior written notice of no less than 90 days, and shall not be conducted more than once a year.
The Data Controller may be requested to sign a non-disclosure agreement reasonably acceptable to the Data Processor before being furnished with the above.
Ordinarily, the Data Processor will not transfer your data to countries outside the European Economic Area. In some cases, personal data will be saved on storage solutions that have servers outside the European Economic Area (EEA), [for example, Amazon Web Services or Google Drive]. Only those storage solutions that provide secure services with adequate relevant safeguards will be employed.
The Data Processor is given general authorisation to engage third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorization from the Data Controller, provided that the Data Processor notifies the Data Controller via SPARTEZ website or e-mail, in-app notification about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Processor, the Data Controller shall give notice hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed consent to the relevant Sub-Processor.
In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Services by providing written notice to the Data Processor.
The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing.
The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions.
The Data Processor is at the time of entering into this Data Processor Agreement using the Sub- Processors listed in sub-appendix A. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix A.
The Data Controller shall upon request remunerate the Data Processor based on the time spent to perform the obligations regarding ‘Data protection impact assessments and prior consultation’, ‘Rights of the data subjects’, ‘Personal Data Breaches’, and ‘Documentation of compliance and Audit Rights’ of this Data Processor Agreement based on the Data Processor’s hourly rates.
The total aggregate liability towards the Customer, of whatever nature, whether in contract, tort or otherwise, of the Data Processor for any losses whatsoever and howsoever caused arising from or in any way connected with this engagement shall be subject to the “Limitation of Liability” clause set out in the EULA.
Nothing in this DPA will relieve the processor of its own direct responsibilities and liabilities under the GDPR.
The Data Processor Agreement shall remain in force until the support service is provided under EULA.
The Data Processor will appoint a Data Protection Officer where such appointment is required by Data Protection Laws and Regulations.
Following expiration or termination of the DPA, the Data Processor will delete the Data Controller’s all Personal Data in its possession except to the extent the Data Processor is required by the Applicable Law to retain some or all of the Personal Data (in which case the Data Processor will archive the data and implement reasonable measures to prevent the Personal Data from any further processing). The terms of this DPA will continue to apply to such Personal Data.
The contact information for the Data Processor is provided in the EULA.
The following Sub-Processors shall be considered approved by the Data Controller :
For product specific sub-processors please refer to documentation: https://confluence.spartez.com/