[02 August 2023 version, with self-hosting regulation]
We, Kantega SSO AS, business registration no. 921 336 195, Bassengbakken 4, 7042 Trondheim, Norway (“Kantega”), strive for full transparency of the way we process personal data for you when you use our products and services.
- use our services and applications (collectively, “apps”) we make available in the Atlassian Marketplace, see below,
- visit our website, or
- contact us for support.
2. What kind of data do we collect and why?
2. 1 When you visit our website
When you visit our website, we collect the following information from your device:
- IP address,
- date and time of the access,
- name and URL of the accessed file,
- browser type and version, and
- further information sent by the browser (such as your computer’s operating system, the name of your access provider, geographical origin, etc.).
We only process these data to ensure trouble-free connection to the website, comfortable use of our website, for evaluating system security and stability, and for administrative purposes, unless otherwise stated in sec. 2.7 (cookies) and 3.1.3 (YouTube). The processing is necessary for the performance of a contract with you or to fulfill requests (General Data Protection Regulation (GDPR) art. 6 (1) b).
Please note that we are not responsible nor can control how third parties’ websites that we link to from our website process personal data.
2.2 Onboarding of new customers
When you install one of our apps, we process:
- email address,
- customer location,
- company name, and
- name of the purchaser.
The processing is necessary for the performance of a contract to which the legal entity that you represent is a party.
The legal basis for the processing is the performance of our contract with you (GDPR art. 6 (1) b).
Duration of processing is for as long as you use any of our apps and further in accordance with legal requirements that apply to our business, such as bookkeeping requirements.
2.3 When you use our supplier-hosted Atlassian Cloud apps
When you use our apps that we make available in Atlassian Cloud (supplier-hosted) center, we process the following personal data:
- user ID in Atlassian services
- user details that you have registered in Atlassian like email address, position, telephone number, etc, and
- technical and behavioural data, such as user events and log files.
The above data is hosted by Atlassian.
We process the personal data to authorize and onboard new users and provide our service in accordance with customer agreements and the users’ instructions. We perform such processing a data processor, subject to the relevant data processing agreement.
We collect personal data as a data controller, including:
- user ID in Atlassian services
- technical and behavioural data, such as user events and log files, and/or
- user feedback.
When we collect such personal data, the purposes are analytics and product development and security. For instance, we want to analyse how you and others use our apps so that we can gain insights about usage patterns and the needs of our users. Such data are de-identified and processed on an aggregated level so that you or other users are not identified.
The legal basis for this processing is our legitimate interest (GDPR art. 6 (1) f). You can, however, opt out of processing of technical and behavioural data and it is voluntary to provide us with feedback.
Duration of processing of data used for analytics and product development is 36 months so that we can see how our products are used over time. Duration of processing for data used for security purposes are 18 months or less.
2.4 When you self-host our apps
If you operate our apps on premises or otherwise under your control, such as with your cloud or data center provider (self-hosting), we will process personal data on your behalf only if we provide you with support. If so, see sec. 2.5 (support) and any applicable data processing addendum for support.
We offer support through three different channels based on your choice:
- Inquiries by e-mail to firstname.lastname@example.org
- Kantega service portal
- Online meeting with support team
- your name,
- email address,
- IP address,
- country of residence,
- relevant product information, and
- other personal data you choose to share with us,
in order to answer your questions or respond to your request, comment, or complaint.
The processing is necessary for the performance of a contract with you (GDPR art. 6 (1) b).
Duration of processing depends on the nature of the support request. If you stop using our apps, we typically delete personal data included in support request after six months after termination or up to three years in cases of disputes.
2.6 Marketing communications and social media
If you sign up for our newsletters, attend one of our events or we otherwise send you marketing communication in accordance with our customer relationship, we process the following personal data:
- your name,
- email address,
- company name
We process such personal data to register you in our CRM system and send you marketing communication. The legal basis for this processing is legitimate interest (GDPR art. 6 (1) f). You may opt-out of receiving marketing communication by using the unsubscribe functionality in the message you receive from us.
We also use marketing services from third party providers, including social media providers, to engage with or show you relevant ads on their platform. Our processing is based on our legitimate interest in reaching customers and potential customers (GDPR. Art. 6 (1) f). Please refer to sec. 3.1.1 (Facebook and LinkedIn), 3.1.2 (Twitter) and 3.1.3 (YouTube) for more information.
Duration of processing is as long as you use one of our apps and a period after (six to 12 months) or until you opt-out of receiving marketing from us.
We may process personal data which are necessary in connection with disputes. Personal data for this purpose is processed because we have a legal obligation to do so, cf. GDPR Art. 6 (1) c), or based on our legitimate interest in documenting and promoting our view in the event of a dispute, cf. GDPR art. 6 (1) f).
Duration of processing depends on the nature of dispute and any legal obligations we need to consider, such as bookkeeping requirements.
2.8 CookiesA “cookie” is a piece of data sent from a website that is visited and stored locally on your browser. The purpose of cookies is to maintain data related to user preferences, account settings, and evaluate and compile statistics about user activity. Please find our list of cookies we use on our website and other services here.
You can choose whether to accept cookies by editing your browser settings. However, if cookies are refused, some features on our website may not work as intended. Information about the procedure to follow in order to enable or disable cookies can be found at:
For more information about other commonly used browsers, please refer to http://www.allaboutcookies.org/manage-cookies/.
3. Where we process your data/Third parties
3.1 Service providers
We use third-party services for analytics, marketing, support and hosting.
3.2 Facebook and LinkedIn
We have an account on Facebook and LinkedIn to present our products and Kantega.
Kantega will be the controller of the personal data we process for our own purposes of advertising and communication through Facebook and LinkedIn. However, the social platforms will be the controller of the personal data they process for their own purposes.
3.3 TwitterWe use Twitter to present our products and Kantega. The only personal data we can see is your interactions with our tweets.
Kantega will be the controller of the personal data we process for our own purposes of advertisement and communication through Twitter. However, Twitter will be the controller of the personal data it processes for its own purposes.
We use YouTube (Google app) to show videos on our website for providing our users with instructions, advertising, and analytical purposes.
We can see the usernames of our followers and anyone who comments on our videos. Any comments will automatically be deleted after 60 days. YouTube does not share personal data with us but provides us with analytics of the users who watches our videos.
Read more: https://policies.google.com/privacy?hl=en
We use HubSpot as a content management system (CMS) to host our website and publish content. See sec. 2.1. ‘When you visit our website,’ to see what personal data is processed on the website. We have attempted to configure HubSpot in a privacy-friendly way, including limiting the tracking functionality
We also use HubSpot as a customer relationship management (CRM) system to provide important communications and updates to our existing customers, track leads that can sign up to newsletters and otherwise maintain connections with our leads and customers. When managing contacts in the CRM, we process your email, name, company and work position.
The personal data on our site is stored in the EEA. Read more: https://legal.hubspot.com/privacy-policy
4 .Safety measures
The protection of your personal data is a high priority for us. Our security measures include physical, technical, and organizational measures. Everyone at Kantega who handles personal data has received training and guidance on how to handle personal data safely and are bound with confidentiality obligations. We adopt industry-standard software and guidelines to protect your personal data and other confidential information. Our organization follows industry best practices for ensuring the confidentiality, integrity, and availability of your data. For more information, see info on our security practices.
5. For how long do we store personal data
We will retain and use personal information as necessary to comply with legal obligations, resolve disputes, and to deliver our services in accordance with customer agreements or otherwise as long as necessary for the purpose of the processing. For further details see the various purposes under sec. 3 above.
6. Your rights as a data subject
Subject to applicable law, you may have certain rights with respect to our processing of your personal data.
We will provide you with the right to have access to a copy of, rectify, correct, and update the personal data that we have about you in accordance with GDPR chapter 3. You may also have the right to restrict processing or have your data deleted. If our processing is based on your consent, you may also withdraw any consents you have given at any time. Please contact us at email@example.com..
You may also opt-out of certain processing activities as described in sec. 2.3 and 2.5.
Please let us know if you consider that our processing of your personal data infringes applicable law.
If you believe that we process your data in violation of your rights, you have the right to complain to the Norwegian Data Inspectorate (“Datatilsynet”). You should always contact us before sending a complaint to Datatilsynet so that we can try to resolve or clarify the issue.
7. CCPA and other US privacy laws
If you are a California resident, there are some additional rights that may be available to you under the California Consumer Protection Act (“CCPA”). Depending on which state you live in, on the other US state privacy laws may also give you rights with regards to how we process your personal data.We inform specifically that we do not sell or share information under the CCPA.