Privacy Notice

Version: 1.2

Published on the following date: October 2, 2019.

This Privacy Notice ( "Privacy Notice" ) provides you with information regarding the processing of your personal data carried out by Bitrise Limited (registered seat: 3 Waterhouse Square, 138-142 Holborn, London, England, EC1N 2SW); email: letsconnect@bitrise.io) ( "Controller" , "We" or "Us" ) via the bitrise.io website ( "Website" ) and the Bitrise application ( "Application" , or "Services" ) provided by Us.

Please be aware that no data protection officer is operating in relation to data processing carried out by Us.

Definitions used in this Privacy Notice

In this section you can find the definitions for the purpose of this Privacy Notice.

"Personal Data" means any information relating to you through which We can identify you directly or indirectly; it means in particular your name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of yours.

"Data Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"You" means any user of the website or the application whose data is processed by Us.

"Service(s)" means all the services described in the Controller's Terms of Use, available at https://www.bitrise.io/terms, without regard to whether it is provided through the Website or the Application.

"Data Processor" means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of Us.

I. Data Processing Principles

  1. We process your Personal Data in compliance with all the relevant laws, fairly and in a transparent manner.
  2. We process your Personal Data only for specified and legitimate purposes as described in this Privacy Notice.
  3. We do not process your Personal Data which is not adequate, relevant or necessary for the purposes set out in this Privacy Notice.
  4. We do our best to keep your Personal Data accurate and up to date. We take every reasonable step to ensure that inaccurate Personal Data is erased or rectified without delay.
  5. We keep your Personal Data in a form which enables Us to identify You for no longer than needed, for the purposes for which your Personal Data is processed.
  6. We process your Personal Data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

II. Why, and how are We processing your Personal Data?

In most cases, We are processing your Personal Data in order to provide You with our Services. However, other purposes may apply (e.g., to fulfill our statutory obligations). Please find detailed information on the purpose and other relevant circumstances of processing categorized by the purposes below.

We will always process your Personal Data in compliance with European standards on data protection. We provide an adequate level of protection to your Personal Data by E.U. standards, even in cases when We transfer your Personal Data outside the European Economic Area.

Please note, that in the event of any inquiries coming from state, administrative or investigative authorities, We may be obligated to provide these authorities with your Personal Data.

a. Registration

The purpose of processing your Personal Data: Registration on the Website and use of the Application offered on the website.

The legal basis for the processing: Your consent.

The categories of personal data concerned: Data provided by you, in the course of the registration and database ID generated by Us to store your data.

The period for which the personal data will be stored: This data will be deleted 30 days following the deletion of your profile.

b. Using the Application

The purpose of processing your Personal Data: We process your Personal Data while You are using our Services. This data is necessary for providing our Services to You, enhancing our Services, payment purposes, as well as for information security purposes.

The legal basis for the processing: The processing is necessary for the performance of the service contract concluded between You and Bitrise.

The categories of personal data concerned: Data provided by You, in the course of the registration, or while you are using our Services, logged event data, data necessary for invoicing our services, and payment.

The period for which the personal data will be stored: This data will be deleted 5 years following the deletion of your profile.

c. Newsletters and direct marketing offerings

The purpose of processing your Personal Data: Informing our users about Bitrise news, and our best offers.

The legal basis for the processing: Your consent.

The categories of personal data concerned: Data provided by You.

The period for which the personal data will be stored: We will store the relevant Personal Data until you revoke your consent (i.e., unsubscribe from our newsletter).

d. Customer support, and contacting us via e-mail.

The purpose of processing your Personal Data: Provide more efficient and timely support to You when using our services, such as the support chatbox on our Website and emails.

The legal basis for the processing: Your consent.

The categories of personal data concerned: Data provided by you, your IP address, data collected from publicly available sources.

The period for which the personal data will be stored: This data will be deleted 5 years following the day your profile is deleted. For messages sent by non-registered users, we may also store the messages for 5 years following their delivery.

e. Job application

The purpose of processing your Personal Data: Processing your job application and related hiring matters.

The legal basis for the processing: Your consent.

The categories of personal data concerned: Data provided by you in the course of the application process. You may be required to present a certificate of good conduct ("erkölcsi bizonyítvány") in the course of the application process.

The period for which the personal data will be stored: In case of a successful application the Bitrise Employee Privacy Notice will be applicable. In case of an unsuccessful application, to the extent We process your Personal Data subject to the GDPR, We rely on legitimate interests to process your data.

F. Third Parties We Use

With respect to the Personal Data we describe in Sections II.A to II.E, to be able to provide our services to you and to run our business, we share data with third parties from the following categories:

Please see a list of these subprocessors and related information as to how we use them at this link.

III. Transferring your Personal Data within the Bitrise Group

Please note, that We are using data processors for business and related support services, and these data processors receive your Personal Data for the purpose of providing Us with such services. Section II above describes the data processors We use.

We may also transfer your Personal Data to current and future entities within the Bitrise Group (currently consisting of Us, and Bitrise Inc., a U.S. company, registered seat: 3500 S DUPONT HWY, DOVER, Kent, DE, 19901) for the Data Processing purposes listed in Section II. above.

We ensure that appropriate and suitable safeguards are in place when we transfer data within the Bitrise group internationally, outside the EEA.

For our vendors based in the U.S., we ensure that these vendors are part of the EU-U.S. and Swiss-U.S. Privacy Shield Framework. For further information please see https://www.privacyshield.gov/welcome

Bitrise Limited and Bitrise Inc. have concluded a model contract issued by the European Commission to ensure that sufficient safeguards are in place on data protection for any data transferred between these entities.

IV. Your rights regarding the Data Processing carried out by Us

You have the following rights regarding Data Processing carried out by Us in relation to your Personal Data:

    right to access

You have the right to request from Us access to your Personal Data processed by Us and obtain information regarding the purpose of processing, what categories of Personal Data are processed, for or towards who We are transferring or disclosing your Personal Data, for what period We are processing your Personal Data, your rights in connection with Data Processing carried out by Us regarding your Personal Data, your right to lodge a complaint with a supervisory authority regarding the processing. Additionally, in the case We collect your Personal Data from other sources than from You, any available information as to the source, and the existence of automated decision-making and related information, including the logic involved, as well as the significance and the envisaged consequences of such processing for You, whether your Personal Data is transferred outside the EEA, and the conditions of these transfers.

We will provide You with a copy of your personal Data processed by Us in case You require Us to do so.

    right to rectification

You have the right to request Us to rectify your inaccurate Personal Data and to request Us to complete your incomplete Personal Data by means of providing Us with a supplementary statement.

    right to erasure

We erase any of your Personal Data without delay if You request Us to do so in the event of the following:

1.

  1. Your Personal Data is no longer necessary for the concerning purpose;
  2. You withdraw your consent and there is no other legal basis for the processing;
  3. You object to the processing and there are no overriding legitimate grounds for the processing;
  4. Your Personal Data has been processed unlawfully;
  5. Your Personal Data has to be erased according to relevant laws.

Please note that We are entitled to not erase your Personal Data if it is necessary - among others - for exercising the right of freedom of expression and information, compliance with legal obligation, establishment, exercise or defense of legal claims.

    right to restriction of processing

You have the right to obtain from Us restriction of processing where one of the following applies:

1.

  1. You have contested the accuracy of your Personal Data, for a period enabling Us to verify the accuracy of your Personal Data;
  2. the processing is unlawful and You oppose the erasure of your Personal Data and request the restriction of their use instead;
  3. We need no longer your Personal Data for the purposes of the processing, but they are required by You for the establishment, exercise or defense of legal claims.

Where processing has been restricted, such Personal Data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.

    right to object to processing

Where Personal Data is processed for direct marketing purposes, You have the right to object at any time to the processing of Personal Data concerning You for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You also generally have the right to object to the processing of Personal Data where the legal basis of the processing activity is Our legitimate interest, or the legitimate interest of a third party.

    right to data portability

You have the right to receive your Personal Data, which You have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from Us. You also have the right to have your Personal Data transmitted directly from Us to another controller, where technically feasible.

    right to withdraw your consent

You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before its withdrawal.

We take actions requested in relation to exercising your above rights without undue delay and in any event within one month of receipt of your request. This period may be extended by two months where necessary, with a reasoned notification to You, taking into account the complexity and number of requests.

In the event when You make such a request by electronic means, We provide You with information by electronic means where possible, unless You request otherwise.

In case We do not take any action regarding your request, We will inform You as to the reasons within one month of receipt of your request. We will take necessary actions regarding exercising your rights in relation to the processing free of charge except when your request is manifestly unfounded or excessive.

In case We have reasonable doubts as to the identity of the natural person making the request, We may request additional information necessary to confirm the identity of such person.

V. Remedies

In case You do not agree with our response or action or if You consider that your rights have been infringed, You may lodge your complaint with the Information Commissioners Office (address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, web: https://ico.org.uk/global/contact-us/).

VI. Miscellaneous

Please note that We review this Privacy Notice on occasions and amend it as necessary. When We amend this Privacy Notice, We will announce and publish it by the usual means (e.g., via e-mail or on the Website). We encourage You to review this Privacy Notice regularly.