celix Privacy Policy

Effective starting: July 31st 2023

General

At celix Solutions GmbH, we are committed to ensuring the protection and privacy of your personal information. As part of this commitment, we maintain a comprehensive Privacy Policy that outlines how we collect, use, and safeguard your data when you interact with our website, online services, and apps sold on the Atlassian Marketplace.

Our Privacy Policy is regularly reviewed and updated to reflect legal changes, advancements in data protection practices, and improvements to our and products. These updates are essential to ensure that your personal information remains secure and in compliance with applicable data protection laws and regulations.

By continuing to use our website, online services, and apps after any modifications to the Privacy Policy, you acknowledge your acceptance of the revised terms and consent to the updated data practices.

We encourage you to review our Privacy Policy periodically to stay informed about how we are protecting your personal information and to understand your rights regarding the data you share with us.

If you have any questions, concerns, or require further clarification about our Privacy Policy or any updates therein, please don’t hesitate to contact us using the information provided in the “Contact Us” section of the Privacy Policy.

1. Privacy Principles

The protection of your privacy and the security of your personal data is a matter of great importance to us.

All data applications operated by celix Solution GmbH comply with the provisions of the GDPR as well as other area-specific regulations. In accordance with Article 5 GDPR, all employees are required to process your personal data in a lawful and fair manner, and in a way that is comprehensible to you and in compliance with data secrecy in accordance with Section 6 Data Protection Act (DPA).

Compliance with the data protection and data security regulations is guaranteed across the entire Group by the following binding measures:

Privacy Concept
Privacy Policy
Privacy Program
Privacy Management System

2. Privacy Concept

The Privacy Concept lays down the desired level of data protection security (the protection requirements) as defined by the legal representatives of the celix Solution GmbH. This serves as the basis for the development of the demands on Privacy Policy and on the continuous privacy improvement process within the entire celix Solution GmbH.

3. Privacy Policy

On account of the assessment of privacy-related processes and the relevant data protection legislation, a written Privacy Policy was drawn up for the celix Solution GmbH to serve as a basis for the implementation of the Privacy Program and the establishment of the Privacy Management System.

4. Privacy Program

As part of the Privacy Program, data protection goals are continuously being specified and the measures to be implemented are defined in the form of a work program and provided with corresponding implementation deadlines.

5. Privacy Management System

The Privacy Management System defines the rules, policies, measures, resources, methods, responsibilities, procedures and organization structures for implementing and monitoring the Privacy Program.

Modeled on the international standards ISO 9001:2015 and ISO/IEC 27001:2017, our Privacy Policy was designed along the lines of the PDCA (Plan, Do, Check, Act) model to achieve continuous improvement.

6. Processing activities

In accordance with Article 30 GDPR, celix Solution GmbH maintains a so-called “record of processing activities” in which the data applications operated by celix Solution GmbH as well as the relevant processing activities are documented. This existing record should always be kept up-to-date in accordance with the data protection provisions of Article 30 GDPR.

We take data security seriously and have implemented appropriate technical and organizational measures to protect your data from unauthorized access, loss, alteration, or disclosure. Your data is stored securely in accordance with industry best practices and relevant data protection regulations.

7. Special categories of personal data

celix Solution GmbH does not process any special categories of personal data within the meaning of Article 9(1) GDPR on its website.

8. Guaranteed Data Protection

In principle, we do not process your personal data without your consent or within the framework of the existing contractual relationship with you and for the agreed purpose. We store your personal data in accordance with the applicable prescribed statutory time periods.

We retain your data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, as required by law, and to comply with our legal obligations.

9. Transferring and Surrendering Data

Any transfer of personal data to third parties is made only with your consent. Excepted from this are data transfers that are necessary due to a legal obligation or for fulfilment of a contract. The transfer of personal data to processors (service providers) shall, in principle, be limited to those undertakings providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing the personal data complies with the requirements of the GDPR and ensures the protection of the rights of the data subject.

We do not sell, rent, or trade your data with third parties for marketing purposes. Your data is not shared with any external entities except as outlined in this Privacy Policy or when required by law.

10. Data Security

The technologies employed by the celix Solution GmbH to process your personal data (hardware, software, network, infrastructure) comply with state-of-the-art security technologies. Appropriate technical and organisational measures have been set for these procedures, in order to comply with the requirements of the GDPR.

11. Information to be provided

We hereby inform you about the personal data processed by celix Solutions GmbH and the claims and rights to data protection, to which you are entitled.

11.1. Categories of personal data

Personal data that you enter yourself when filling in the forms for “Information request”, “Application” and “Contact us” are processed. celix Solution GmbH processes your personal data exclusively in the context of the purpose for which you voluntarily provided your data in exercising your right to informational self-determination. This consent to the processing your personal data for the stated purposes remains valid until you revoke it, at any time, within the scope of the data protection regulations.

11.2. Right of access to personal data

In accordance with the provisions of the GDPR, you have the right to information at any time about the data processed in the celix Solution GmbH to your person, their origin as well as possible recipients of transmissions and the purpose of the data use. Information can be obtained, based on your written request, from the Group Legal Compliance Department of the celix Solution GmbH, listed under point 11.10. If all legal requirements for the processing of your request for access to personal data have been met, we will comply with it and grant you the relevant access to your personal data within a period of 1 (one) month.

11.3. Right to erasure

In accordance with the provisions of the GDPR, you have the right at any time to the erasure of your personal data which were processed by celix Solution GmbH, provided that your request for erasure does not conflict with any potential statutory retention periods or other legal obligations. If all preconditions for implementing your request for erasure, we will comply with and erase your data within a period of 1 (one) month.

11.4. Right to object

In accordance with the provisions of the DSGVO, you have the right – insofar as the processing of your personal data is not provided for by law – to object to the violation of your overriding confidentiality interests, which are worthy of protection. If these preconditions have been met, we will delete your data within a period of 1 (one) month, taking into account any legal retention periods.

11.5. Right to restriction of processing

In accordance with the provisions of the GDPR, you have the right to restrict processing of personal data under certain conditions. If all statutory preconditions have been met, we will restrict the processing of your personal data within a period of 1 (one) month.

11.6. Categories of recipients

The data will not be passed on to recipients who use this data for their own purposes. No transfer to recipients in a third country (outside the EU) or to an international organisation is envisaged. There is no automated decision-making process.

11.7. Right to data portability

There is no right to data portability.

11.8. Revocation of consent

In accordance with the provisions of the GDPR, you have the right to revoke your consent to the processing of your personal data at any time, without stating any reasons. In this case, we will not process your data further and will erase them, taking into account any statutory retention periods, within a period of 1 (one) month.

11.9. Information obligation in accordance with Art. 13 GDPR concerning video surveillance

Name and contact data of the controller:

celix Solution GmbH
Gumpendorfer Straße 59-61/2/1-Lokal, 1060 Wien, Austria
Phone: +43 (0)1 503061 11 / email: trust@celix.at

Contact data of the Data Protection Officer:

trust@celix.at

Purposes of the data processing:

Video surveillance with digital image recording for the purpose of self-protection (protection of business and operational secrets, protection of property and protection of the client’s employees) and the protection of accountability (perception of traffic safety obligations) as well as for the purpose of preventing, containing and clarifying criminally relevant behavior, with exclusive evaluation in the case defined by the purpose.

Legal basis of data processing

Art. 6 lit. 1 f DSGVO in conjunction with §§ 12 and 13 DSG 2018

Legitimate interests, which are being pursued:

Protection of property

Storage period:

A maximum of 30 days

11.10. Complaints to the Austrian Data Protection Authority (DSB)

In accordance with the provisions of the GDPR and the Austrian Data Protection Act (DSG), you have the right to complain to the Austrian Data Protection Authority if you believe that the processing of your personal data violates the GDPR or the Austrian Data Protection Act.

11.11 Contact us – Further Information

Your trust is very important to us. If you have further questions regarding the processing of your personal data by celix Solution GmbH, please do not hesitate to contact the celix Solution GmbH in writing at this address

celix Solution GmbH
Gumpendorfer Straße 59-61/2/1-Lokal
1060 Wien
Austria
E-mail: trust@celix.at

Website

At celix Solutions GmbH, we are committed to safeguarding your privacy and ensuring the security of your personal information. This Section is designed to help you understand how we collect, use, disclose, and protect your data when you visit and interact with our website.

It is generally possible to use our website without the disclosure of personal data. The following Privacy Statement will provide you with an overview of how the celix Solution GmbH guarantees the protection of your privacy, the type of data being collected as well as its main purpose.

12. IP Adress

The IP address is transmitted on every server request to let the server know where the response has to be sent. Your Internet Service Provider (ISP) gives you an IP address as soon as you connect to the Internet, and the ISP can retrace which IP address was assigned to which of its customers at any given time. For as long as the IP address is saved, it is theoretically possible to identify the owner of the Internet connection via the ISP. For this reason, we and our statistics providers do not save the IP address permanently but only temporarily for session recognition and for security reasons (for example to ward off hacker attacks). The IP address is then immediately deleted, so that any collected data are made anonymous and it is no longer possible to identify the user, not even via the ISP.

13. Cookies

13.1. The Purpose of Cookies

To allow you to use the celix Solution GmbH’s website without any restrictions, we use what are referred to as session cookies. Session cookies are tiny parcels of information that are automatically saved to the memory of the website visitor’s web-browser. In a session cookie a randomly created and unique identification number is deposited, a so-called session ID. A cookie additionally contains information on its origin and its life span. These cookies are unable to save any other kind of data. Placing session cookies on your computer does not enable us to see the files on your computer.

After you conclude your session, i.e. after you close your browser window, the session cookies are automatically deleted.

You need to activate session cookies to be able to use website services which require authentication.

13.2. Tracking Cookies

Whenever you visit our website, some of the data we collect is used for statistical evaluation. The extent of such data is described below. The data are only used internally and serve primarily to continuously improve our website and adapt it to suit your business or personal requirements.

For tracking purposes, we employ the Piwik tool (piwik.org). During a visit to our website we collect and evaluate the following data which your browser sends to our server. The data are collected using JavaScript which is run from each web page. JavaScript places a tracking cookie on your computer to identify your browser session and to recognize repeated access to the website.

The following data are collected:

Request (name of the requested data file) (e.g. www.beispiel.de/index.html) including parameters
Browser type and version (e.g. Google Chrome 114)
Browser language (e.g. German)
Operating system used (e.g. Windows 11)
Internal resolution of your browser window
Screen resolution
JavaScript activation
Installed plugins (Java, …)
Cookies on/off
Color bit depth
Referrer URL (the previously visited website including parameters, e.g. search items in search engines, …)
IP address to identify country of origin. The IP address itself is only used for geographical allocation and to identify the provider, and is immediately deleted again afterwards.
Time and date of accessing
Clicks

Any personal details you have entered in one of our forms, either to request information, apply for a job or get in touch with us, are also saved. The celix Solution GmbH will use your personal data exclusively in accordance with the relevant laws and regulations.

13.3. Handling Cookies

We process your personal data on the basis of your consent, which you have given us by the settings of your Internet browser as well as on the basis of our predominant legitimate interests.

13.4. Facebook Remarketing

Within the web-based content of celix Solution GmbH, so-called „Facebook-Pixels“ of the social network Facebook (“Facebook”), which is being operated by Facebook Inc. (1 Hacker Way Menlo Park, CA 94025, USA) or if you are based in the EU, by Facebook Ireland Ltd. (4 Grand Canal square, Grand Canal Harbor, Dublin 2, Ireland) are being utilized.

With the help of the Facebook-Pixel, Facebook is able to designate you as a target group for the display of ads, so-called “Facebook-Ads”. Accordingly, we use the Facebook-Pixel to display these Facebook-Ads only to those Facebook-Users, who have shown interest in the web-based content of celix Solution GmbH. In other words, with the help of the Facebook-Pixel, we want to make sure that our Facebook-Ads are in line with the potential interest of users and are not deemed annoying. With the help of a Facebook-Pixel, celix Solution GmbH can also track the effectiveness of Facebook-Ads for statistical and market research purposes as well as track whether users have been redirected to the celix Solution GmbH website after clicking on a Facebook-Ad.

The Facebook-Pixel is directly implemented by Facebook when being redirected to the celix Solution GmbH websites and can place a so-called Cookie, which can be understood as placing a small file on your device. If you subsequently log in to Facebook or visit Facebook in the logged-in state, your visit to our websites will be recorded in your profile.

The data collected about you remains anonymous to celix Solution GmbH and therefore does not enable any inference on the identity of any user. Nevertheless, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible. The processing of data by Facebook is part of Facebook’s data usage policy. Accordingly, you can view more information on how the “Remarketing-Pixel” works, and more generally how Facebook-Ads are displayed in Facebook’s Data Usage Policy at https://www.facebook.com/policy.php.

You may object to being designated by a Facebook-Pixel and the processing of your data for the display of Facebook-Ads. To that end, we kindly ask you to visit the Facebook page, where you can find more information about the usage-based advertising settings: https://www.facebook.com/settings?tab=ads.

Any declaration of objection is available any time via the US website http://www.aboutads.info/choices or the EU website http://www.youronlinechoices.com/. The settings are platform independent, meaning they apply for all devices such as desktop computers or mobile devices.

Cloud and Data Center Apps

At celix Solutions, we offer a range of Cloud and Data Center Apps on the Atlassian Marketplace. This section of the celix Privacy Policy outlines how celix handles the collection and use of customer data while you use the Atlassian Apps developed and sold by us on the Atlassian Marketplace.

14. Data Collection

When you install and use our Cloud and Data Center Apps, we may collect certain information necessary to provide you with the functionality and features of these Apps. This may include:

Atlassian account information: We may collect data linked to your Atlassian account, such as your username and email address, to facilitate the integration and interaction with our Apps.
App usage data: We may gather non-personal information related to how you use our Apps, such as feature utilization, preferences, and performance data. This helps us improve and optimize our Apps’ functionality and overall user experience.

The data we collect from our Cloud and Data Center Apps is used solely for the following purposes:

Account Data necessary for License Validation. This is crucial for confirming the authenticity of users and avoiding any potential fraudulent activities.
Providing the intended functionality of the Apps: We utilize the information collected to deliver the features and services offered by our Apps and to ensure their proper operation.
App improvements and optimizations: The non-personal usage data we gather helps us identify areas for enhancement, bug fixes, and performance optimizations to continuously improve our Apps.

At celix Solutions GmbH, we are committed to safeguarding the privacy of your information and the customer data generated by end users of the Atlassian product. The technologies employed by the celix Solution GmbH to process your personal data comply with state-of-the-art security technologies. Appropriate technical and organisational measures have been set for these procedures, in order to comply with the requirements of the GDPR.

Please read our Privacy Policy carefully to understand our practices and your rights in relation to your data. By using our Apps, you consent to the collection, storage, and use of your information as described in this policy. If you do not agree with the terms of this Privacy Policy, please do not use our Apps.

Your trust is invaluable to us. We are committed to protecting your information and using it responsibly. If you have any questions or concerns about our privacy practices, please don’t hesitate to contact us using the information provided in the “Contact Us” section of this Privacy Policy.

15. Cloud Apps

Our Cloud Apps are designed such that they do not store customer data locally, but in the Atlassian Cloud Product. This is to ensure that the data is secured and protected by Atlassian’s advanced security measures. For details refer to the Atlassian Security Practices documented online the Atlassian Trust Center.

Our Apps are designed using the Atlassian Connect App Framework, with your privacy being our top priority. We ensure that any data processed is limited to the necessary information required to deliver the intended functionality and enhance your user experience.

While our apps do not store customer personal data, it’s essential to note that we may interact with data available to us through the Atlassian Cloud platform. We handle this data responsibly and strictly in accordance with Atlassian’s data usage policies and guidelines.

We take rigorous security measures to safeguard any information processed within our apps. Our security practices are designed to protect against unauthorized access, disclosure, alteration, or destruction of data.

This Privacy Policy is accompanied by a Data Processing Addendum (DPA). We understand that our Cloud App customers, particularly those handling personal data of individuals within the European Economic Area (EEA), the UK, or the region governed by comparable data protection laws, might be required to have such an addendum in place to comply with data protection regulations such as the General Data Protection Regulation (GDPR).

A Data Processing Addendum outlines the rights and responsibilities of both parties (data controller and data processor) regarding the handling, protection, and processing of personal data. It provides an extra layer of security and trust, ensuring the compliance of our services with the respective data protection regulations.

For those customers who need a DPA to meet their compliance requirements, it can be requested via email. Please send your request to trust@celix.at, and we will provide you with the necessary documentation.

16. Data Center Apps

Our Data Center Apps store customer data within the Atlassian Data Center Product. This approach aligns with our commitment to maintain the integrity and security of your information.

While our apps keep all data with the Atlassian Data Center Product, it’s essential to note that we may interact with data available to us through the Atlassian Data Center product. We handle this data responsibly and strictly in accordance with Atlassian’s data usage policies and guidelines.

17. Atlassian Marketplace and Data Processing

Please note that your interactions with our Cloud and Data Center Apps on the Atlassian Marketplace are also subject to Atlassian’s own Privacy Policy and Terms of Service. We recommend reviewing Atlassian’s policies to understand how they handle your data within their platform.