We process your Personal Information in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679), the GDPR, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of Section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR”), including its respective amendments, and all other legal acts applicable to Favro.
For more information about how Favro's services may be used to facilitate your processing of personal data, and Favro’s responsibility and undertakings in relation thereto, please refer to our Terms of Service.
3. THE KIND OF INFORMATION WE COLLECT AND THE LEGAL BASIS FOR IT
We may collect both Personal Information (as defined above) and Non-Personal Information (that is information, which is not Personal).
If we have collected information, which consists of both Personal and Non-Personal (“Combined Information”), we will treat the Combined Information as Personal Information.
We will handle your Personal Information in order to comply with the contractual obligations we have under the agreement with you. We may also rely on our legitimate interest to handle your Personal Information (e.g. when necessary for internal administrative purposes, service improvement or to maintain a high level of security) or as required by law. See further below in section 4.
Personal Information will be requested when you engage in the following activities:
• When you subscribe to Favro
When you subscribe to Favro we will collect personal information about you, e.g. your name, title, email and physical location, and we will also have our payment services subcontractor collect your credit card information.
• When you visit our homepage
We gather information from your browser when you access our homepage in order to measure the number of visitors and from where you are accessing the homepage, including your IP address. You can read more about cookies later in this document.
• When you request our help
Personal information may be stored in our internal systems when a request is sent to support and/or requests are sent for training and demos. The information provided during such communication would be name and email address; however additional information could be requested depending on the type of support needed.
• When you send us data to troubleshoot an issue
Sometimes a request to our support results in that we may ask you for a crash dump, a copy of your database or other information that might be sensitive for various reasons and that may include Personal Information. This information may also be submitted to us through a dialog that appears if you encounter a crash. This information will solely be used for troubleshooting and we will delete the information after we are done with the troubleshooting.
• Other Submissions
If you participate in a survey, contest, promotion, events, communicate with us via social media, post a comment to one of our blog posts or otherwise communicate with us where Personal Information is included we may collect this. This could be for example Personal Information you include if you post something to our Twitter account about an issue you are experiencing. Note that if this information is not posted in a secure area, it may be visible to the public.
4. HOW WE USE YOUR PERSONAL INFORMATION
The main purpose of processing your Personal Information is to provide you with information, products, and/or services that you request from us or to carry out our obligations arising from any agreements entered into between us.
We may monitor, use and store the Personal Information you provide to us to improve and develop our products and services and improve your user experience, for customizing content of messages, our website and other means of communicating with you. This processing is necessary to serve our legitimate interest to facilitate such improvements of our products and services.
Customer specific Personal Information is occasionally given to us to resolve and troubleshoot issues customers may be experiencing. If such data is provided, you grant Favro the right to access such data for the purpose of identifying and resolve the issue within your organization. Upon request, we can provide a confidentiality agreement as well as providing safe methods to transfer data. This processing is necessary for the performance of the agreement we have with you, as well as to serve our legitimate interest to ensure your best experience and resolve any potential issues related to our products and services.
We may also use Personal Information for preventing misuse of the software, and to keep our service secure and to prevent abuse or fraud. This processing is necessary to serve our legitimate interest to ensure security and integrity of our services and products.
4.1 SHARING WITH THIRD PARTIES
We may share aggregated and non-personally identifiable information with our partners or others for business or research purposes.
4.2. OUR TRUSTED PARTNERS
We collaborate with third parties, agents and service providers to be able to offer our services and fulfill our obligations to our customers. For example, we may share billing information with our service providers for the purposes of processing invoices, or share data with a security consultant to help us get better at preventing unauthorized access, or with an email vendor to send messages on our behalf. We may also share data with hosting providers, payment processors, marketing vendors, and other consultants who work on our behalf and under contractual promises of confidentiality.
4.3. GOOGLE USER DATA
If you sign in or sign up to Favro with Google or GitHub we will use your email address to verify your identity and your name and profile picture so that users know who they are collaborating with.
If you integrate Favro with Google calendar you will thereby grant us permission to manage your Google calendars and share data with Google. We will use this information to create calendar events from cards in Favro.
When you integrate Favro with Google Drive you will thereby grant us permission to view the files in your Google drive. We will use this information so that you can attach Google drive files to cards in Favro.
4.4 SYNCHRONIZATION WITH JIRA
Kindly note that it is your organization who is the controller for the processing of personal data that ensues from the integration of Favro as a third-party app in Atlassian’s Jira. Favro is a processor to your organization in this regard. Therefore, please see your own organization’s privacy notice for more details regarding the processing of personal data in connection with the use of Favro.
4.5. WHERE WE PROCESS YOUR PERSONAL INFORMATION
The information we collect from you may be transferred to, and stored at, various locations depending on where our company’s systems are hosted. The data may be processed by employees who work for us or by our suppliers who may be situated in a country outside of EU/EEA or UK, as applicable. If there is no decision from the competent authority that the country which the personal data will be transferred to provides adequate data protection legislation to ensure the safety of the personal data, we will use relevant safeguards to ensure the safety of the personal data. If you want to know more about the safeguards we use, please contact us for more information. You will find our contact information in section 6 below.
4.6. HOW LONG WE KEEP PERSONAL INFORMATION
We maintain information about you for as long as we provide services to you, and as long as it is required for us to perform any related business activities. After your information is no longer necessary for our business purposes, we will destroy the information unless we have agreed with you that we should keep the information, or a court or administrative order is made to preserve the information, or if it is otherwise stipulated by law.
We will take all reasonable technical and organization actions to protect your personal data from loss, misuse, and unauthorized access or disclosure. If a reportable security breach should occur, which relates to your Personal Information, we will inform you of this as soon as practicable.
4.8 DO NOT TRACK
We do not respond to Do Not Track requests.
6. YOUR CHOICES
We will on our own initiative, or upon the request of you, rectify, delete, or complete any Personal Information in the register which we find is incorrect, unnecessary, inadequate, or outdated. You have the right to have incorrect details revised under certain circumstances. Please send such requests to firstname.lastname@example.org specifying what you would like to modify.
We will respond and/or implement your preferences within 30 days of receiving your request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. In order to provide any Personal Information to you, we will verify your identity and authenticate your access right before doing so.
You can also object to certain Personal Information about you being processed and request that processing of your Personal Information be limited. Please note that the limitation or deletion of your Personal Information may mean we will be unable to provide you with our Services. You also have the right to receive your Personal Information in a machine-readable format and have the data transferred to another party responsible for data processing.
Favro is committed to handle any request, complaint or concern that you may have about our use of your personal information in a fair and transparent way. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to file a complaint with the data protection authority in your country (if one exists in your country) or supervisory authority.
If you are located in the UK, please note that Favro has appointed a UK representative in accordance with the UK GDPR. You may contact our UK representative Agnieta Malinauskaite via e-mail email@example.com.
Our site and services may contain links to and from the websites of third parties such as our partner network. If you follow the link to any of these websites, please note that these websites may have their own privacy policies and we do not accept any responsibility or liability for the websites or these policies.