Privacy Policy

Riada AB

Effective starting: 10-Dec-2017

Introduction

This Privacy Policy describes what personal data that Riada AB (“Riada”) processes about you, for what purposes such information is processed and what we do with that personal data.

Riada AB, Org Reg No 556686-2032 with the address Kungsgatan 58, SE-111 22 Stockholm, telephone number +46 (0)8-733 31 25, is responsible for the processing of your personal data (the Controller). However, Riada may also be processing your personal data in the capacity of a Processor, as further described in the “Riada as Processor” section  below.

Riada strives to protect your personal data in the best possible way and to comply with all applicable laws and regulations for the protection of personal data. In the end of this Privacy Policy you find our contact details if you have any questions or concerns about this Privacy Policy or Riada’s processing of your personal data.

Definitions

App: a bundle of code, resources and configuration files that can be used with a Riada product to add new functionality or to change the behaviour of that product’s existing features.

Atlassian Marketplace: B2B marketplace for Apps related to Atlassian Pty. Ltd. products. Riada products and third party Apps can be downloaded via the Atlassian Marketplace.

Content: Any information or data that you upload, submit, post, create, transmit, store or display in a Riada Service.

Controller: means the natural or legal person or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Downloadable Products: Riada’s downloadable software products and mobile applications that are installed by customers on an infrastructure of their choice. Downloadable Products do not include Apps created by third parties, even when they are available through the Atlassian Marketplace.

GDPR: Means the regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Information: All of the different forms of data, Content, and information collected by us as described in this Privacy Policy.

Processor: Means a natural or legal person or other body which processes personal data on behalf of the Controller.

Riada Services: Refers to our (i) Websites, (ii) SaaS Products and (iii) our Downloadable Products.

SaaS Products: Riada’s “Cloud” hosted solutions.

Websites: Riada’s websites, including but not limited to riada.se, documentation.riada.se, support.riada.se, order.riada.se, portal.riada.se, partners.riada.se, join.riada.se, enterpriseday.riada.se and any related websites, sub-domains and pages.

Riada as Processor

Riada provides the Riada Services as well as the SaaS Products to various customers. If you are an end user of Riada’s SaaS Products and/or our Downloadable Products at a customer, then Riada may be processing your personal data in the capacity of a Processor, in which case the customer (your employer/principal) acts as the Controller of the processing of your personal data. Our customers determine the purposes of the processing of personal data by adapting and configuring the SaaS Products and our Downloadable Products. Such processing carried out by Riada is regulated by data processing agreements with customers, whereby Riada only processes personal data on documented instructions from the Controller. If you have any questions or requests with respect to such processing, then you should contact your employer/principal. If you are an employee of one of our customers and would no longer like us to process your information in connection with the Riada Services or our SaaS Products, please contact your employer.

Collection of your Personal Data (Riada as a Controller)

This Privacy Policy applies to the information that we obtain through your use of our Websites or when you otherwise interact with Riada as a representative of a customer or a possible customer.

We collect the following information from you.

Contact Information: We collect information about you and your company as customers or possible customers. Information we collect includes:

  • Contact information such as name, email address, mailing address, and phone number
  • Billing information such as billing address and billing references.

We collect Information under the direction of our customers and often have no direct relationship with the individuals whose personal data we process. If you are providing information (including personal data) about someone else, you must have the authority to act for them in relation to the collection and use of their personal data as described in this Privacy Policy.

Other submissions: We collect other data that you submit to our Websites, participate in a survey, activity or event, apply for a job, request customer support or otherwise communicate with us.

Web Logs: We gather certain information and store it in log files when you interact with our Websites. This information includes internet protocol (IP) addresses as well as browser type, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences.

Analytics Information from Website: We collect analytics information when you use our Websites to help us improve our products and services.

As of the date this policy came into effect, we use Google Analytics as an analytics provider. To learn more about the privacy policy of Google Analytics, refer to Google’s Policies and Principles. Use the Google Analytics Opt-out Browser Add-on to prevent analytics information from being sent to Google Analytics.

Cookies: Riada may use cookies to collect information. Cookies are small data files stored on your hard drive or in device memory. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of our Websites.

For what purposes do we use your personal data?

Contact Information: For the purpose of being able to contact you to inform you of offerings and information about best practices as well as our services and products.

Other submissions: For the purpose of being able to contact you to support you in your questions or issues.

Web Logs: For the purpose to understand effectiveness of our website pages and to analyze where our visitors comes from.

Analytics Information from Website: For the purpose to understand effectiveness of our website pages and to analyze where our visitors comes from.

Cookies: We use cookies to improve and customise Riada Websites and your experience; to allow you to access and use the Websites without re-entering your username or password; and to count visits and understand which areas and features of the Websites are most popular.

General Uses: We use the Information we collect about you (including personal data to the extent applicable) for the following purposes:

  • Provide, operate, maintain, improve, and promote the Websites;
  • Process and complete transactions, and send you related information, including quotes, purchase confirmations and invoices;
  • Send promotional communications, such as providing you with information about services, features, surveys, newsletters, offers, promotions, contests, events and providing other news or information about us and our select partners;
  • Monitor and analyse trends, usage, and activities in connection with the Websites;
  • Investigate and prevent fraudulent transactions, unauthorised access to the Websites, and other illegal activities;

The use of Information collected through our Websites is limited to the purposes disclosed in this policy.

Information sharing and disclosure

We will not share or disclose any of your personal data or Content with third parties except as described in this policy. We do not sell your personal data. We do not share personal data about you with third parties for their marketing purposes (including direct marketing purposes).

Service Providers, Business Partners and Others: We work with third party service providers to provide website, application development, hosting, maintenance, back-up, storage, virtual infrastructure, payment processing, analysis and other services for us. These service providers may have access to or process your Information for the purpose of providing those services for us. Some of our pages utilise white-labeling techniques to serve content from our service providers while providing the look and feel of our site. Please be aware that you are providing your Information to these third parties acting on behalf of Riada.

Links to Third Party Sites: The Websites may include links to other websites whose privacy practices may differ from ours. If you submit personal data to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

Testimonials: We may display personal testimonials of satisfied customers on the Riada Services. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us using the information below.

Compliance with Laws and Law Enforcement Requests; Protection of Our Rights: We may disclose your Information (including your personal data) to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of Riada’s products and services, (d) to protect Riada, our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.

Business Transfers: We may share or transfer your Information (including your personal data) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Websites of any change in ownership or uses of your personal data, as well as any rights you may have regarding your personal data.

The legal basis for Riada’s use of your personal information

The legal basis for the processing of your personal data is the principle of legitimate interest (under point (f) of Article 6(1) of the GDPR), where the legitimate interests pursued by Riada are the interest to be able to contact you as a customer, to promote, for support, billing or other issues, or as a possible customer regarding your interest in or questions regarding Riada’s Services or our SaaS Products and to promote the same. Regarding information collected by our Websites, Riada’s interest is to be able to understand our Websites’ visitors’ interest in order to improve our Websites and to customise our Websites for you. Regarding information collected by our Websites to identify fraudulent transactions, unauthorised access to the Websites or other illegal activities, Riada has an interest to detect and monitor any such activities as a security measure.

For how long do we keep your personal data?

In general terms, we don’t keep your personal data longer than necessary for the purposes for which the personal data are processed. More specifically, we keep personal data of customers’ contact information for no longer than one year counted from last date of business. Customer individuals can have roles like billing contact, technical contact or business contact which is necessary for us to keep in order to run our business efficiently. Personal data collected that are not associated with a customer is kept for a maximum of one year. Personal data of customer individuals is deleted when we identify that the individual has left the customer company or do no longer have any of the above-mentioned roles within the customer organisation.

Your rights as data subject

Right of access: You have the right to obtain from us information as to whether we are processing your personal data, and where that is the case, access to the personal data and information regarding the processing, for example the purposes of the processing and the categories of personal data concerned.

Right to rectification: If you believe we store incorrect information about you, you can request of us to correct or supplementing your information.

Right to erasure: You have the right to request of us to delete your personal data. You can make such a request if you for example believe that there no longer is a need for us to keep your personal data to fulfil our purposes for processing such information or if you have withdrawn your consent for us to use your personal data further.

Right to restriction of processing: You have the right to require us to temporarily hold all our processing of your personal data with the exception of storing it. You can use this right if for example we do not agree if your personal data is accurate, or you believe our processing of your personal data is unlawful.

Right to object: You have the right to object at any time to the processing of personal data concerning you where we process it on the legal basis of public interest or legitimate interests (points (e) or (f) of Article 6(1) under the GDPR), including profiling based on those provisions. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You may opt out of receiving promotional communications from Riada by using the unsubscribe link within each email or emailing us to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. In any event such actions should be handled within one month of receipt of the request.

Right to data portability: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance, where our processing is based on your consent or on a contract and where the processing is carried out by automated means.

Security

While we implement appropriate technical and organizational measures to guard your personal data, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers.

Where data is transferred over the Internet as part of a Website, the data is encrypted using industry standard SSL (HTTPS).

Transfer of your personal data

The personal data processed by Riada are stored in the European Union or within European Economic Area (EEA). If we need to transfer data outside of the EU/EEA we will only do so if this is possible from a legal standpoint and based on a legitimate interest of Riada or specific consent from the individuals. For example, if we would like to transfer your personal data to the US then we may rely on the Privacy Shield Framework between the EU and US. If a country lacks an adequacy decision from the EU, we would sign the EU Model Contract Clauses with the recipient. If Riada will transfer personal data outside the EU/EEA, then Riada will update this Privacy Policy with the applicable adequacy decision by the Commission regarding the transfer to such country, or a reference to the appropriate or suitable safeguards. It will be possible to obtain a copy of such appropriate or suitable safeguards by contacting Riada as provided below.

Changes to our Privacy Policy

This Privacy Policy may be changed from time to time. If we make any changes, we will notify you by revising the “Effective Starting” date at the top of this Privacy Policy. If we make any material changes, we will provide you with additional notice (by sending you an email notification).

Contact us

If you have questions or concerns about this Privacy Policy or our processing of your personal data, we encourage you to contact us in order for us to be able to resolve such matters us using the contact information below:

Riada AB
Kungsgatan 58
SE-111 22 Stockholm
Sweden
E-mail: trust@riada.se

Riada has appointed a data protection officer. You may contact our data protection officer by sending an e-mail to trust@riada.se.

Compliance

If you for any reason would be dissatisfied with our use of your personal data, do not hesitate to contact us as provided above. If you, however, despite your contacts with us would consider that your rights under the General Data Protection Regulation (the GDPR, the EU regulation 2016/679) have been infringed, then you have the right to lodge a complaint with a supervisory authority. Contact information, and how you can proceed with this can be found at www.datainspektionen.se.