Privacy Policy

Your privacy is important to us, and so is being transparent about when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

This policy does not apply to any websites that may have a link to ours.

We may change this policy periodically by updating this page. You should check this page from time to time to ensure you are happy with any changes.

Who we are

As an essential part of our business, AssertThat collect and manage client and non-client data, when you use our products or services, or otherwise interact with us, unless a different policy is displayed. In doing so, we observe UK data protection legislation, and are committed to protecting and respecting clients’ and non-clients’ privacy and rights. Specifically, we act as a ‘Data Controller’ in respect of the information gathered and processed by us.

 “AssertThat”, “we” and “us” refers to the legal partnership AssertThat which carries on the business of a software enterprise which develops products for software developers, project managers, and content management, in particular, software specification and testing applications. We offer a wide range of products and services, which together we refer to as "Services" in this policy. A list of Partners is available for inspection at AssertThat’s place of business, known as 2 The Paddocks, Long Lane, Waverton, Chester CH3 7RB.

What information we collect

When you use our Services, you may be asked to provide certain information about yourself, including your name and contact details. We may also collect information about your usage, as well as information you provide during such usage. This includes using our Services, as well as any correspondence or communication you send. We may also collect information when other sources provide it to us, as further described below. 

Information you provide to us

We collect information about you when you input it into the Services or otherwise provide it directly to us, through:

  • Account and Profile Information
  • Content you provide through our products
  • Content you provide through our website
  • Information you provide through our support channels
  • Payment Information
    • All payments for Marketplace products use the Atlassian Licensing API.
    • For consultancy work we ask you to designate a billing representative, including name and contact information. You might also provide payment information, such as payment card details, which we collect via secure payment processing services.
Information we collect automatically when you use the Services

We collect information about you when you use our Services, including browsing our website and taking certain actions within the Services.         

  • Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services.
  • Device and Connection Information: We collect information about your computer, phone, tablet, or other devices you use to access the Services using Google Analytics. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services
  • Cookies and Other Tracking Technologies: AssertThat and our third-party partners, such as our analytics partners, use cookies and other tracking technologies to provide functionality and to recognize you across different Services and devices.
Information we receive from other sources

We receive information about you from:

  • Other Service users
  • Third-party services
  • Our business and channel partners
  • Other services you link to your account
    • We receive information about you when you or your administrator integrate or link a third-party service with our Services.
    • For example, if you create an account or log into the Services using your Google credentials, we receive your name and email address as permitted by your Google profile settings in order to authenticate you.

Why we need it and how we use it

The main reason for asking you to provide us with your personal data, is to allow us to carry out your requests and provide you with the Services you require.

How we use the information depends in part on which Services you use, how you use them, and any preferences you may have communicated to us.  For example, if you send us an email we will use your information to reply to your message. In other cases, we may use your information to enable us to provide you with access to some or all parts of our website. We may also use and analyse the information we collect (for example page rankings and emails) so that we can administer, support, improve and develop our business.

We collect information to facilitate your order through the Atlassian Marketplace, to contact you for your views on our products and services, and to notify you occasionally about important changes or developments to the website or our products and Services.

Below are the specific purposes for which we use the information we collect about you.

  • For research and development
  • To communicate with you about the Services
  • To market, promote and drive engagement with the Services
  • Customer support: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyse crash information, and to repair and improve the Services.
  • To protect our legitimate business interests and legal rights
  • With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.   

Who has access to it

We have policies in place to oversee the effective and secure processing of your personal data. But we make collaboration tools, and we want them to work well for you, so this means sharing information through the Services and with certain third parties.  We share information we collect about you in the ways discussed below, but we will not sell or rent your information to third parties, and we will not share your information with third parties solely for marketing purposes.

  • Sharing with other Service users: When you use the Services, we share certain information about you with other Service users, for collaboration purposes. You can create content, which may contain information about you, and grant permission to others within the same account and project to see, share, edit, copy and download that content based on settings you or your administrator (if applicable) select. Some of the collaboration features of the Services display some or all of your profile information to other Service users when you share or interact with specific content.
  • Sharing with third parties: We share information with third parties that help us operate, provide, improve, integrate, customise, support and market our Services, as follows:
    • Service Providers: We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
    • AssertThat Partners: We work with third parties who provide consulting, sales, and technical services to deliver and implement customer solutions around the Services.
    • Social Media Widgets: The Services may include links that direct you to other websites or services whose privacy practices may differ from ours. Your use of and any information you submit to any of those third-party sites is governed by their privacy policies, not this one.
    • Third-Party Widgets: Some of our Services contain widgets and social media features, such as the Twitter "tweet" button. These widgets and features collect your IP address, which page you are visiting on the Services, and may set a cookie to enable the feature to function properly. Widgets and social media features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing it.
    • With your consent: We share information about you with third parties when you give us consent to do so. For example, and as referred to above, we often display personal testimonials of satisfied customers on our website. With your consent, we may post your name alongside the testimonial.
    • Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights: In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, such as the prevention of financial crime and terrorism, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect AssertThat, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
    • Business Transfers: If our business enters into a joint venture with or is sold to or merged with another business entity, the information we collect about you under this privacy policy may be disclosed to our new business partners or owners. You will be notified via email and/or a prominent notice on the Services if such a transaction takes place, as well as any choices you may have regarding your information.

In the event any of your information is shared with the aforementioned third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.

There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.

How we protect your personal data

We recognise that your information is valuable and we take all reasonable measures to protect it whilst it is in our care.

We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction, damage and unauthorised alteration.

We use physical, electronic, and procedural safeguards to protect any personally identifiable data stored on our computers. Only authorised employees have access to the information you provide us.

While we cannot guarantee that loss, misuse or alteration to data will never occur, we take many precautions to prevent such unfortunate occurrences and have measures in place to detect any such security breaches.

In the event of a security breach, we will notify anyone whose personal data may have been compromised as well as the law enforcement authorities in the United Kingdom and other countries as applicable.

You are ultimately responsible for the security of any user names and passwords we supply to you. Please take care when using and storing them. AssertThat recommends that you do not divulge your password to anyone. You should log out of your browser at the end of each computer session to ensure that others cannot access your personal information and correspondence, especially if several people have access to your personal computer or you are using a computer in a public place like a library or Internet cafe.

As part of the requirements of the General Data Protection Regulation (GDPR), AssertThat have registered with the Data Commissioner in the United Kingdom and you can see our notification report on their website (after clicking the link, enter "AssertThat" as the name and click the ‘Search Register’ button).

Any information will be collected, stored and processed within countries that comply with the GDPR. Primarily data is stored within UK / EU / USA data centres, all of which have the appropriate compliance frameworks – including support for GDPR and EU Privacy Shield.

We validate that all our suppliers comply with the same standards and regulations that we adhere to ourselves.

If you have any specific concerns about our data handling, please contact us.

How long will we keep it for

Any personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfil the purposes for which the information was collected, or as required by law, or as long as is set out in any relevant contract you may hold with us.  For example, as long as necessary to carry out your Services.

What are your rights?

You are entitled to ask us for a copy of any personal data that we hold about you. This is known as a ‘Subject Access Request’. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost. We will send you a copy of the information within 30 days of your request.

To make a Subject Access Request, please do so in writing addressed to AssertThat’s business address.

A Subject Access Request means you are entitled to a copy of the data we hold on you (such as your name, address, contact details, date of birth, information regarding your health, etc.) but it does not mean you are entitled to the documents that contain this data. 

Under the data protection legislation, you also have the following rights:

  1. The right to be informed: which is fulfilled by way of this privacy policy and our transparent explanation as to how we use your personal data
  2. The right to rectification: you are entitled to have personal data rectified if it is inaccurate or incomplete
  3. The right to erasure / ‘right to be forgotten’: you have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing. This right only applies in the following specific circumstances:
  • Where the personal data is no longer necessary in regards to the purpose for which it was originally collected
  • Where consent is relied upon as the lawful basis for holding your data and you withdraw your consent
  • Where you object to the processing and there is no overriding legitimate interest for continuing the processing
  • The personal data was unlawfully processed
  • Where you object to the processing for direct marketing purposes
  1. The right to object: you have the right to object to processing based on legitimate interests, and direct marketing. This right only applies in the following circumstances:
  • An objection to stop processing personal data for direct marketing purposes is absolute – there are no exemptions or grounds to refuse – we must stop processing in this context
  • You must have an objection on grounds relating to your particular situation
  • We must stop processing your personal data unless:
    • We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
    • The processing is for the establishment, exercise or defence of legal claims.
  1. The right to restrict processing: you have the right to request the restriction or suppression of your data. When processing is restricted, we can store the data but not use it. This right only applies in the following circumstances:
  • Where you think it is inaccurate – we should restrict the processing until we have verified the accuracy of that data
  • Where you object to the processing (where it was necessary for the performance of a public interest or purpose of legitimate interests), and we are considering whether our firm’s legitimate grounds override your right
  • Where you believe our data processing is unlawful but you do not want your data erased
  • If we no longer need the personal data but you want us to retain it in order to establish, exercise or defend a legal claim
  1. The right to data portability: if you would like to move, copy or transfer the electronic personal data that we hold about you to another organisation, please contact us
Children under the age of 18

Our website and services are not aimed specifically at children. We ask that minors do not submit any personal information to us.  We will not knowingly accept any data from a person who is under the age of 18 years.

Complaints about the use of personal data

If you wish to raise a complaint on how we have handled your personal data, you can contact us at [email protected]

Alternatively, you have the right to complain to the Information Commissioner’s Office (ICO) who may be contacted at Wycliffe House, Water Lane, Wilmslow SK9 5AF or https://ico.org.uk

 

This website contains general information based on English law and, although we endeavour to ensure that the content is accurate and up to date, users should seek appropriate legal advice before taking or refraining from taking any action. The contents of this site should not be construed as legal advice and we disclaim any liability in relation to its use.