Effective starting: 10-Dec-2017
Riada AB, Org Reg No 556686-2032 with the address Kungsgatan 58, SE-111 22 Stockholm, telephone number +46 (0)8-733 31 25, is responsible for the processing of your personal data (the Controller). However, Riada may also be processing your personal data in the capacity of a Processor, as further described in the “Riada as Processor” section below.
App: a bundle of code, resources and configuration files that can be used with a Riada product to add new functionality or to change the behaviour of that product’s existing features.
Atlassian Marketplace: B2B marketplace for Apps related to Atlassian Pty. Ltd. products. Riada products and third party Apps can be downloaded via the Atlassian Marketplace.
Content: Any information or data that you upload, submit, post, create, transmit, store or display in a Riada Service.
Controller: means the natural or legal person or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Downloadable Products: Riada’s downloadable software products and mobile applications that are installed by customers on an infrastructure of their choice. Downloadable Products do not include Apps created by third parties, even when they are available through the Atlassian Marketplace.
GDPR: Means the regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Processor: Means a natural or legal person or other body which processes personal data on behalf of the Controller.
Riada Services: Refers to our (i) Websites, (ii) SaaS Products and (iii) our Downloadable Products.
SaaS Products: Riada’s “Cloud” hosted solutions.
Websites: Riada’s websites, including but not limited to riada.se, documentation.riada.se, support.riada.se, order.riada.se, portal.riada.se, partners.riada.se, join.riada.se, enterpriseday.riada.se and any related websites, sub-domains and pages.
Riada provides the Riada Services as well as the SaaS Products to various customers. If you are an end user of Riada’s SaaS Products and/or our Downloadable Products at a customer, then Riada may be processing your personal data in the capacity of a Processor, in which case the customer (your employer/principal) acts as the Controller of the processing of your personal data. Our customers determine the purposes of the processing of personal data by adapting and configuring the SaaS Products and our Downloadable Products. Such processing carried out by Riada is regulated by data processing agreements with customers, whereby Riada only processes personal data on documented instructions from the Controller. If you have any questions or requests with respect to such processing, then you should contact your employer/principal. If you are an employee of one of our customers and would no longer like us to process your information in connection with the Riada Services or our SaaS Products, please contact your employer.
We collect the following information from you.
Contact Information: We collect information about you and your company as customers or possible customers. Information we collect includes:
Other submissions: We collect other data that you submit to our Websites, participate in a survey, activity or event, apply for a job, request customer support or otherwise communicate with us.
Web Logs: We gather certain information and store it in log files when you interact with our Websites. This information includes internet protocol (IP) addresses as well as browser type, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences.
Analytics Information from Website: We collect analytics information when you use our Websites to help us improve our products and services.
Contact Information: For the purpose of being able to contact you to inform you of offerings and information about best practices as well as our services and products.
Other submissions: For the purpose of being able to contact you to support you in your questions or issues.
Web Logs: For the purpose to understand effectiveness of our website pages and to analyze where our visitors comes from.
Analytics Information from Website: For the purpose to understand effectiveness of our website pages and to analyze where our visitors comes from.
General Uses: We use the Information we collect about you (including personal data to the extent applicable) for the following purposes:
The use of Information collected through our Websites is limited to the purposes disclosed in this policy.
We will not share or disclose any of your personal data or Content with third parties except as described in this policy. We do not sell your personal data. We do not share personal data about you with third parties for their marketing purposes (including direct marketing purposes).
Service Providers, Business Partners and Others: We work with third party service providers to provide website, application development, hosting, maintenance, back-up, storage, virtual infrastructure, payment processing, analysis and other services for us. These service providers may have access to or process your Information for the purpose of providing those services for us. Some of our pages utilise white-labeling techniques to serve content from our service providers while providing the look and feel of our site. Please be aware that you are providing your Information to these third parties acting on behalf of Riada.
Testimonials: We may display personal testimonials of satisfied customers on the Riada Services. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us using the information below.
Compliance with Laws and Law Enforcement Requests; Protection of Our Rights: We may disclose your Information (including your personal data) to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of Riada’s products and services, (d) to protect Riada, our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
Business Transfers: We may share or transfer your Information (including your personal data) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Websites of any change in ownership or uses of your personal data, as well as any rights you may have regarding your personal data.
The legal basis for the processing of your personal data is the principle of legitimate interest (under point (f) of Article 6(1) of the GDPR), where the legitimate interests pursued by Riada are the interest to be able to contact you as a customer, to promote, for support, billing or other issues, or as a possible customer regarding your interest in or questions regarding Riada’s Services or our SaaS Products and to promote the same. Regarding information collected by our Websites, Riada’s interest is to be able to understand our Websites’ visitors’ interest in order to improve our Websites and to customise our Websites for you. Regarding information collected by our Websites to identify fraudulent transactions, unauthorised access to the Websites or other illegal activities, Riada has an interest to detect and monitor any such activities as a security measure.
In general terms, we don’t keep your personal data longer than necessary for the purposes for which the personal data are processed. More specifically, we keep personal data of customers’ contact information for no longer than one year counted from last date of business. Customer individuals can have roles like billing contact, technical contact or business contact which is necessary for us to keep in order to run our business efficiently. Personal data collected that are not associated with a customer is kept for a maximum of one year. Personal data of customer individuals is deleted when we identify that the individual has left the customer company or do no longer have any of the above-mentioned roles within the customer organisation.
Right of access: You have the right to obtain from us information as to whether we are processing your personal data, and where that is the case, access to the personal data and information regarding the processing, for example the purposes of the processing and the categories of personal data concerned.
Right to rectification: If you believe we store incorrect information about you, you can request of us to correct or supplementing your information.
Right to erasure: You have the right to request of us to delete your personal data. You can make such a request if you for example believe that there no longer is a need for us to keep your personal data to fulfil our purposes for processing such information or if you have withdrawn your consent for us to use your personal data further.
Right to restriction of processing: You have the right to require us to temporarily hold all our processing of your personal data with the exception of storing it. You can use this right if for example we do not agree if your personal data is accurate, or you believe our processing of your personal data is unlawful.
Right to object: You have the right to object at any time to the processing of personal data concerning you where we process it on the legal basis of public interest or legitimate interests (points (e) or (f) of Article 6(1) under the GDPR), including profiling based on those provisions. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
You may opt out of receiving promotional communications from Riada by using the unsubscribe link within each email or emailing us to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. In any event such actions should be handled within one month of receipt of the request.
Right to data portability: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance, where our processing is based on your consent or on a contract and where the processing is carried out by automated means.
While we implement appropriate technical and organizational measures to guard your personal data, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers.
Where data is transferred over the Internet as part of a Website, the data is encrypted using industry standard SSL (HTTPS).
SE-111 20 Stockholm
If you for any reason would be dissatisfied with our use of your personal data, do not hesitate to contact us as provided above. If you, however, despite your contacts with us would consider that your rights under the General Data Protection Regulation (the GDPR, the EU regulation 2016/679) have been infringed, then you have the right to lodge a complaint with a supervisory authority. Contact information, and how you can proceed with this can be found at www.datainspektionen.se.