Data privacy policy
This Privacy Policy applies to all customers (“Customer”) of Seibert, Seibert – draw.io, Seibert – Appanvil, Seibert – Junovi, Seibert – lovebyte.codes who use Cloud Services provided by Seibert (“Services“).
The responsibility for the processing of personal data on these internet pages within the meaning of the general data protection regulation (GDPR) lies with:
Seibert Group GmbH
Luisenstrasse 37-39
Wiesbaden, Germany
Represented by: Martin Seibert, Joachim Seibert, Sebastian Martini
Email: gdpr@seibert.group
General provisions
§ 1 Information Collected relating to the service provided
Seibert may collect and process “Personal Data” within the meaning of the General Data Protection Regulation (“GDPR”) in connection with Customers access and use of the Services.
1.1. Scope
This Privacy Policy only applies to Personal Data that is collected by Seibert in its role as data controller as is necessary for Seibert to provide the Services to the Customer in the form of the apps included in this list.
1.2. Categories of Data
As data controller, Seibert processes the following categories of Personal Data:
- Contact Data, eg first name, last name, email address, user-avatar, country, job title, phone number, fax number, company name, used products of Seibert and additional information provided when contacting Seibert using the Services, especially information provided in free text fields of contact forms;
- Browser Data, eg. Personal Data sent by the Customer’s web browser, i.e. information about the type of web browser, the operating system and selected settings (e.g. language, region, font size, font types and other configuration) may be collected;
- Usage Data, eg. IP address, information about the amount of data transferred, stored in access log files;
- functions used/clicked in a cloud product by a certain user (“Product Usage Data”) may be collected.
§ 2 Purposes and lawfulness of the data processing
Seibert processes Personal Data to the extent required to fulfil the respective purposes:
- Providing the Services
Seibert collects processes and uses Personal Data for the purpose of providing the Services, preventing, or addressing service or technical problems, in connection with a Customer support matter, for billing, customization, training or as required by law based on Art. 6 (1) (a), (b) GDPR. Without using this Personal Data it would be not possible to receive the Services offered by Seibert.Within this purpose also falls the hosting of data and files as well as authentication so that the services can be managed and used. Furthermore, these offerings can provide a pre-built infrastructure that handles specific functions or entire components for the services.
- Messaging and communication
The purpose is to enable Seibert to communicate and collaborate and provide infrastructure for running internal applications.If the Customer contact Seibert, Seibert will process the Customers Personal Data to process the enquiry and in the event that follow-up questions arise. The legal basis for this is Art. 6 (1) (a) GDPR.
If the data processing is carried out for the implementation of pre-contractual measures, which are carried out in response to the Customers enquiry, or, if the Customer is already Seibert’s customer, for the implementation of the contract, the legal basis for this data processing is Art. 6 (1) (b) GDPR.
Seibert also uses these services to analyse and evaluate Services usage in order to provide individual support in the use of the Services and to optimise the Services in terms of user-friendliness. The legal basis for this is Art. 6 (1) (f) GDPR.
- Security Purposes
Seibert will use Usage Data based in Art. 6 (1) (f) GDPR for internal system-specific purposes to secure the Services and IT systems from malicious attacks by third parties. The lawfulness is a balancing of interests of the conflicting interests of the security of the IT systems on Seibert’s part and the Customer’s potentially conflicting interests in a non-processing of the Usage Data by Seibert. Taking into account the security and organizational measures of the processing of the Usage Data by Seibert, Seibert considers Customer rights and interests appropriately taken into account and protected. - Improvement and analysis
Seibert will use Usage Data and Browser Data for market research and the improvement of its Services, and to improve the user experience. The lawfulness for processing this data is the Supplier’s legitimate interest (Art. 6 (1) (f) GDPR).
Beyond these purposes, Seibert uses and processes Personal Data only if prior consent has been expressly granted thereto and if information about the purposes has been provided. In particular, Seibert does not use Personal Data for automated individual decisions and profiling.
§ 3 Data Recipients
The recipients of your data are service providers and companies that are required for the operation and maintenance of the Services and act on a legal basis for us.
This includes
- Processors according to Art. 28 GDPR
- affiliated companies
- IT service provider
If the recipient of the data is located in a third country, the data will only be transferred in compliance with the requirements of Art. 44 ff GDPR.
§ 4 Data Retention
Personal Data will be kept by Seibert as long as necessary to provide the Customer with the requested Services. If Seibert no longer needs the Customers Personal Data to comply with contractual or legal obligations, they will be deleted from the systems or anonymized accordingly, so that identification is not possible, unless Seibert has to keep the information, including Personal Data, to comply with legal or regulatory obligations.
Data that is processed on the basis of consent is deleted as soon as consent is withdrawn and there are no other legal obligations prohibiting it.
§ 5 Security
Seibert implements the technical and organizational measures that are commercially reasonable in relation to the respective purpose of data protection, in order to protect the information provided by the Customer against abuse and loss. Such data is stored in a secure operating environment that is not accessible to the public. In addition, each of Seibert’s employees is instructed on data protection and obliged to enter into a confidentiality agreement. .
App specific information
The following section provides general information about the processing of personal data and the tools we use for this purpose. As not all information applies to all apps, we refer you to this table, which contains further app-specific details.
§ 6 Cookies; local storage
Seibert does not use Cookies.
Seibert may use local storage within your browser to enhance the functionality and performance of our Cloud Apps. Local storage, similar to cookies, allows us to store data on your device.
§ 7 Tracking and analysis tools
The purpose of these types of services is to allow Seibert to monitor and analyse traffic and track Customers behaviour. The legal basis for this is Art. 6 (1) (a) GDPR.
Google Analytics for Firebase
Seibert uses the Google Analytics for Firebase service, which transmits the information generated about the use of the Services with an anonymised IP address to a Google server and stores it there. The IP anonymisation function in Analytics sets the last octet of IPv4 user IP addresses and the last 80 bits of IPv6 addresses in memory to zero. This means that the Customers exact IP address is not stored.
Google will use this information for the purpose of evaluating the Customers use of the Services, compiling reports on Services activity for Seibert. Google may also transfer this information to third parties.
The Customer can also prevent the storage of cookies by setting the Customers browser software accordingly; however, Seibert would like to point out that in this case the Customer may not be able to use all the functions of the Services to their full extent.
The Customer can also prevent Google from collecting the data generated by the cookie and related to the Customers use of the Services (including the IP address) as well as Google from processing this data by downloading and installing the browser plug-in available under the following link. The current link is: https://tools.google.com/dlpage/gaoptout?hl=en.
address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data residency: Europe (Ireland)
data privacy notice:https://www.google.com/policies/privacy/
Firebase Services:
More Information about how the following services works can be found here: https://firebase.google.com/support/privacy?hl=en
PostHog
PostHog is a tracking service especially for products, Services and well suited for customized analytics needs including personalized insights and Services personalization. We are using the service to ensure we can improve our software. This service offers a data residency option. We are using the EU servers of Posthog. The data is hosted and managed on PostHog Cloud. We fully comply with GPDR according to their docs.
- No info is ever passed on to people outside our company for marketing or advertising purposes.
- We do not pass on any data that we can access to any third parties apart from subprocessors who work for us and are obliged to abide by the same standards.
- We do not use any information for other reasons than improving our software product or making the software work for our customers as intended.
Amplitude
Amplitude, Inc. is a cloud-based product-analytics platform that helps customers build better products. We are using the service to ensure we can improve our software.
You can find more information with regard to Amplitude on their website: https://amplitude.com/privacy
Mix Panel
Mixpanel is an analytics platform that helps businesses understand user interactions within their applications to drive informed decisions and improve user experience.
https://mixpanel.com/legal/privacy-policy/
§ 8 Hosting and backend infrastructure
The purpose of these types of services is to host data and files so that the services can be managed and used. Furthermore, these offerings can provide a pre-built infrastructure that handles specific functions or entire components for the services. The legal basis for this is Art. 6 (1) (f) GDPR and Art. 28 GDPR.
- Firebase Cloud Firestore and Firebase Cloud Functions
Firebase Cloud Firestore and Firebase Cloud Functions are web hosting and backend services provided by Google Ireland Limited.Address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data residency: Europe (Ireland)
data privacy notice: https://policies.google.com/privacy
- Firebase Cloud Storage and Firebase Hosting
Firebase Cloud Storage and Firebase Hosting are web hosting services provided by Google Ireland Limited.Address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data residency: Europe (Ireland)
data privacy notice: https://policies.google.com/privacy
- Vercel
Vercel is a frontend cloud for deploying and scaling frontend applications. Their Developer Experience Platform and Managed Infrastructure services provide us with the ability to build applications and create, share and collaborate on deployments.Address: Vercel Inc., 440 N Barranca Ave Pmb 4133 Covina, CA, 91723-1722 United States
Data privacy policy: https://vercel.com/legal/privacy-policy
- LinuxIT
LINUXIT provides hosting services to ensure the reliable operation and accessibility of our app services. These services include the provision of server infrastructure, data storage, and network connectivity necessary for our services.Address: LINUXIT König OG, Weizeneggerstrasse 1, 6850 Dornbirn, Austria
Data privacy policy: https://www.linuxit.at/impressum.html - Amazon Web Services (AWS)
Amazon Web Services (AWS) is a comprehensive cloud platform providing services such as computing power, data storage, and content delivery.Address: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg, Luxembourg
Data privacy policy: https://aws.amazon.com/privacy/?nc1=f_pr
§ 9 Authentification
The purpose of these types of services are to enable end-user authentication, and facilitate end-user account management. The legal basis for this is Art. 6 (1) (f) GDPR.
- Firebase Authentication
Firebase Authentication is a registration and login service provided by Google Ireland Limited. Firebase Authentication uses the data to enable end-user authentication, and facilitate end-user account management. It also uses user-agent strings and IP addresses to provide added security and prevent abuse during sign-up and authentication.
Address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data residency: Europe (Ireland)
Data privacy notice: https://policies.google.com/privacy
§ 10 Search engine: Typesense
Typesense is an open source, typo tolerant search engine that is optimized for instant sub-50ms searches, while providing an intuitive developer experience.
§ 11 Customer Rights
The Customer has the rights detailed below in this Section. Each Customer also has the right to file a complaint with a data protection supervisory authority.
- Right of access:
The Customer may request information from Seibert at any time as to whether Seibert has stored Customers Personal Data and which Personal Data Seibert has stored. Seibert is required to provide this information to the Customer free of charge.The right of access does not exist or is subject to limitations if and to the extent that confidential information, such as information that is subject to professional secrecy, is disclosed.
- Right to rectification:
If Customers Personal Data which is stored by Seibert is inaccurate or incomplete, you have the right to demand at any time that Seibert rectify this.
- Right to erasure:
The Customer has the right to demand that Seibert erase Customers Personal Data if and to the extent that the data is no longer needed for the purposes for which it was collected or if the data is processed on the basis of the Customers consent and the Customer has opted to revoke Customers consent. In such cases, Seibert must cease processing Customers Personal Data and remove that data from its IT systems and databases.
The Customer does not have a right to erasure if- the data may not be deleted due to a statutory obligation or must be processed due to a statutory obligation;
- the processing of data is necessary for the establishment, exercise or defence of legal claims.
- Right to restriction of processing:
The Customer has the right to demand that Seibert restrict the processing of Customers Personal Data.
- Right to data portability:
The Customer has the right to receive from Seibert the data provided by the Customer in a structured, commonly used, machine-readable format as well as the right to have these data transmitted to a different controller. This right exists only if the Customer has made this data available to Seibert on the basis of consent or an agreement entered into with the Customer; the processing is carried out by automated means.
- Right to object to processing:
If the Customers data is processed by Seibert on the basis of Article 6 (1) (f) GDPR, the Customer may object at any time to processing by Seibert.
To exercise these rights and/or to address any questions, comments, or complaints regarding this Privacy Policy or the privacy practices of Seibert, please contact gdpr@seibert-media.net.
You can contact our data protection officer by e-mail at dsb@seibert.group or by mail at the above address with the addressee “The Data Protection Officer”.
Data Processing Agreement
If Seibert processes Personal Data as a data processor on the Customer’s behalf, a Data Processing Agreement needs to be signed by both parties. Personal Data is processed on the Customer’s behalf if the Customer determines the purposes and means by which such Personal Data is processed.
The link to the DPA can be found in the marketplace entry of the app in the Atlassian Marketplace.
| App Name | Cookies1; local storage | Google Analytics In-App | Hosting | Firebase Authentication | Tracking and analysis tools | Typesense |
|---|---|---|---|---|---|---|
|
Agile Hive Cloud |
❌ |
❌ |
❌ 100% Atlassian Forge |
❌ |
❌ |
❌ |
|
Agile Hive Cloud – Migration Helper |
❌ |
❌ |
✅ Google Cloud Run and Firebase Functions |
❌ |
❌ |
❌ |
|
Didit |
❌ |
❌ |
✅ Google Cloud Run and Firebase Hosting/Functions |
✅ |
✅ |
✅ |
|
Navigation Menus |
❌ |
❌ |
✅ Google Cloud Run and Firebase Hosting/Functions |
❌ |
✅ Posthog |
❌ |
|
Spacecraft |
❌ |
❌ |
✅ GCP & Vercel |
❌ |
✅ |
❌ |
|
AutoPage |
❌ |
❌ |
100% Atlassian Forge |
❌ |
❌ |
❌ |
|
PageBeam |
❌ |
❌ |
✅ Atlassian Forge + small backend in GCP for sending Mails, more info here: |
❌ |
❌ |
❌ |
|
Viable Issues |
❌ |
❌ |
✅ LinuxIT (Webserver, PostgreSQL for OAuth 2.0 (3LO), UserID, order of issue fields) |
❌ |
❌ |
❌ |
|
Aura |
✅ local storage |
❌ |
✅ GCP / Firebase |
❌ |
✅ Posthog |
❌ |
|
Mantra |
✅ local storage |
❌ |
✅ GCP / Firebase |
❌ |
✅ Posthog |
❌ |
|
Karma |
✅ local storage |
❌ |
✅ GCP / Firebase |
❌ |
✅ Posthog |
❌ |
|
Aura Table Filters |
✅ local storage |
❌ |
Runs on Atlassian |
❌ |
Posthog |
❌ |
|
Aura Analytics |
❌ |
❌ |
Runs on Atlassian |
❌ |
Posthog |
❌ |
|
Aura Workflows |
❌ |
❌ |
Forge |
❌ |
Posthog |
❌ |
|
Properties |
❌ |
❌ |
✅ GCP / Firebase |
❌ |
✅ MixPanel, non-PII events |
❌ |
|
Templating.app |
✅ local storage |
❌ |
❌ 100% Atlassian Forge |
❌ |
Posthog |
❌ |
|
Jigo |
✅ |
❌ |
✅ AWS, Frankfurt |
❌ |
✅ MixPanel |
❌ |
|
Awesome Custom Fields |
❌ |
❌ |
❌ |
❌ |
Posthog |
❌ |