{{ headerCtrl.currentUserBonusExpiry.inDays }}

day{{ headerCtrl.currentUserBonusExpiry.inDays == 1 ? "" : "s" }} until your
Team plan trial ends

Only a few hours left until
your Team plan trial ends

Privacy Notice

Version: 1.0

Published on the following date: May 25, 2018.

This Privacy Notice ("Privacy Notice") provides you with the information regarding the processing of your personal data carried out by Bitrise Limited (registered seat: 7 Bodmin Road, Chelmsford, Essex CM1 6LH, United Kingdom; e-mail: letsconnect@bitrise.io; represented by: Barnabás Birmacher as Managing Director) ("Controller", "We" or "Us") via the bitrise.io website ("Website") and the Bitrise application ("Application", or "Services") provided by Us.

Please be aware that no data protection officer is operating in relation to data processing carried out by Us.

Definitions used in this Notice

In this section you can find the definitions for the purpose of this Privacy Notice.

Personal Data: means any information relating to you through which We can identify you directly or indirectly; it means in particular your name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of yours;

Data Processing: means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

You: means any user of the website or the application whose data is processed by Us.

Service(s): without regard to whether it is provided through the Website or the Application, means all the services described in the Controller's Terms of Use, available at: https://www.bitrise.io/terms

Data Processor: means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of Us.

I. Data Processing Principles

  1. We process your Personal Data in compliance with all the relevant laws, fairly and in a transparent manner.
  2. We process your Personal Data only for specified and legitimate purposes as described in this Privacy Notice.
  3. We do not process your Personal Data which is not adequate, relevant or necessary for the purposes set out in this Privacy Notice.
  4. We do our best to keep your Personal Data accurate and up to date. We take every reasonable step to ensure that inaccurate Personal Data is erased or rectified without delay.
  5. We keep your Personal Data in a form which enables Us to identify You for no longer than needed, for the purposes for which your Personal Data is processed.
  6. We process your Personal Data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

II. Why, and how are We processing your Personal Data?

In most cases, We are processing your Personal Data in order to provide You with our Services. However, other purposes may apply (e.g., to fulfil our statutory obligations). Please find detailed information on the purpose and other relevant circumstances of processing categorised by the purposes below.

We will always process your Personal data in compliance with the highest European standards on data protection. We provide an adequate level of protection to your Personal Data by E.U. standards, even in cases when We transfer your Personal Data outside the European Economic Area.

Please note, that in the event of any inquiries coming from state, administrative or investigative authorities, We may be obliged to provide these authorities with your Personal Data if they request Us to do so.

We do not carry out any automated decision-making or profiling activities while processing your Personal Data, unless directly stated otherwise in our information provided to You.

a. Registration

The purpose of processing your Personal Data: Registration on the Website and use of the Application offered on the website.

The legal basis for the processing: your consent.

The categories of personal data concerned: Data provided by you, in the course of the registration, database ID generated by Us to store your data.

The period for which the personal data will be stored: This data will be deleted 30 days following the deletion of your profile.

The recipients of the Personal Data:

Name Details Category
Recurly Inc. Software as a service provider, offering billing and subscription management services. Data processor
Salesforce.com Inc. We are using Heroku, a Salesforce.com company as an infrastructure as a service provider. Data processor
Amazon Web Services Inc. We are using AWS, as an infrastructure as a service provider. Data processor
Google Inc. We are using Google Cloud Storage, as an infrastructure as a service provider. Data processor

b. Using the Application

The purpose of processing your Personal Data: We process your Personal Data while You are using our Services. This data is necessary for providing our Services to You, enhancing our Services, payment purposes, as well as for information security purposes.

The legal basis for the processing: The processing is necessary for the performance of the service contract concluded between You and Bitrise.

The categories of personal data concerned: Data provided by You, in the course of the registration, or while you are using our Services, logged event data, data necessary for invoicing our services, and payment.

The period for which the personal data will be stored: This data will be deleted 5 years following the deletion of your profile.

The recipients of the Personal Data:

Name Details Category
Recurly Inc. Software as a service provider, offering billing and subscription management services. Data processor
Salesforce.com Inc. We are using Heroku, a Salesforce.com company as an infrastructure as a service provider. Data processor
Amazon Web Services Inc. We are using AWS, as an infrastructure as a service provider. Data processor
Google Inc. We are using Google Cloud Storage, as an infrastructure as a service provider. Data processor
Segment.io, Inc. We are using Segment.io as a Software as a Service provider. Data processor
Amplitude, Inc. We are using Amplitude as a Software as a Service provider. Data processor

c. Newsletters and direct marketing offerings

The purpose of processing your Personal Data: Informing our users about Bitrise news, and our best offers.

The legal basis for the processing: your consent.

The categories of personal data concerned: Data provided by You.

The period for which the personal data will be stored: We will store the relevant Personal Data until you revoke your consent (i.e., unsubscribe from our newsletter).

The recipients of the Personal Data:

Name Details Category
Intercom Inc. We are using the Intercom messaging platform to send weekly newsletter. Data Processor
The Rocket Science Group LLC We are using Mailchimp to send you weekly updates and weekly newsletter Data Processor

d. Costumer support, and contacting us via e-mail.

The purpose of processing your Personal Data: We use Intercom (https://www.intercom.com) to provide more efficient and timely support to You when using our services. By using the support chatbox on our Webiste, or by sending us an e-mail.

The legal basis for the processing: your consent.

The categories of personal data concerned: Data provided by you, your IP address, data collected by Intercom from publicly available sources.

The period for which the personal data will be stored: This data will be deleted 5 years following the day your profile is deleted. In case of messages sent by non-registered users we may also store the messages for 5 years following their delivery.

The recipients of the Personal Data:

Name Details Category
Intercom Inc. We are using the Intercom messaging platform for customer support purposes. Data Processor

e. Job application

The purpose of processing your Personal Data: Processing your job application sent to us via e-mail on the https://www.bitrise.io/jobs site.

The legal basis for the processing: your consent.

The categories of personal data concerned: data provided by you in the course of the application process. You may be required to present a certificate of good conduct ("erkölcsi bizonyítvány") in the course of the application process.

The period for which the personal data will be stored: In case of a successful application the Bitrise Employee Privacy Notice will be applicable. In case your application is unsuccessful we will delete all personal data provided by you immediately following the decision.

The recipients of the Personal Data:

Name Details Category
Intercom Inc. Messages sent to us are processed through the Intercom messaging platform. Data Processor

III. Data Processors, transferring your personal data within the Bitrise Group

Please note, that We are using data processors for business related support services and these data processors receive your Personal Data for the purpose of providing Us with such services. Section II. above describes the data processor We use.

We may also transfer your Personal Data to current and future entities within the Bitrise Group (currently consisting of Us, and Bitrise Inc., a U.S. company, registered seat: 3500 S DUPONT HWY, DOVER, Kent, DE, 19901) for the Data Processing purposes listed in Section II. above.

We always ensure that appropriate and suitable safeguards are in place when we transfer data within the Bitrise group internationally, outside the EEA. For our vendors based in the U.S. we ensure that these vendors are part of the he EU-U.S. and Swiss-U.S. Privacy Shield Framework. For further information please see:

https://www.privacyshield.gov/welcome

Bitrise Limited and Bitrise Inc. concluded a modell contract issued by the European Commission in order to ensure that sufficient safeguards are in place on data protection for the data to be transferred to the U.S. For further information contact us at letsconnect@bitrise.io.

IV. Your rights regarding the Data Processing carried out by Us

You have the following rights regarding Data Processing carried out by Us in relation to your Personal Data:

  • right to access

    You have the right to request from Us access to your Personal Data processed by Us and obtain information regarding the purpose of processing, what categories of Personal Data are processed, for or towards who We are transferring or disclosing your Personal Data, for what period We are processing your Personal Data, your rights in connection with Data Processing carried out by Us regarding your Personal Data, your right to lodge a complaint with a supervisory authority regarding the processing. Additionally, in the case We collect your Personal Data from other sources than from You, any available information as to the source, and the existence of automated decision-making and related information, including the logic involved, as well as the significance and the envisaged consequences of such processing for You, whether your Personal Data is transferred outside the EEA, and the conditions of these transfers.

    We provide You with a copy of your personal Data processed by Us in case You require Us to do so.

  • right to rectification

    You have the right to request Us to rectify your inaccurate Personal Data and to request Us to complete your incomplete Personal Data by means of providing Us with a supplementary statement.

  • right to erasure

    We erase any of your Personal Data without delay if You request Us to do so in the event of the following:

    1. Your Personal Data is no longer necessary for the concerning purpose;
    2. You withdraw your consent and there is no other legal basis for the processing;
    3. You object to the processing and there are no overriding legitimate grounds for the processing;
    4. Your Personal Data has been processed unlawfully;
    5. Your Personal Data has to be erased according to relevant laws.

    Please note that We are entitled to not erase your Personal Data if it is necessary - among others - for exercising the right of freedom of expression and information, compliance with legal obligation, establishment, exercise or defense of legal claims.

  • right to restriction of processing

    You have the right to obtain from Us restriction of processing where one of the following applies:

    1. You have contested the accuracy of your Personal Data, for a period enabling Us to verify the accuracy of your Personal Data;
    2. the processing is unlawful and You oppose the erasure of your Personal Data and request the restriction of their use instead;
    3. We need no longer your Personal Data for the purposes of the processing, but they are required by You for the establishment, exercise or defense of legal claims.

    Where processing has been restricted, such Personal Data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.

  • right to object to processing

    Where Personal Data is processed for direct marketing purposes, You have the right to object at any time to the processing of Personal Data concerning You for such marketing, which includes profiling to the extent that it is related to such direct marketing.

    You also generally have the right to object to the processing of Personal Data where the legal basis of the processing activity is Our legitimate interest, or the legitimate interest of a third party.

  • right to data portability

    You have the right to receive your Personal Data, which You have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from Us. You also have the right to have your Personal Data transmitted directly from Us to another controller, where technically feasible.

  • right to withdraw your consent

    You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before its withdrawal.

We take actions requested in relation to exercising your above rights without undue delay and in any event within one month of receipt of your request. This period may be extended by two months where necessary, with a reasoned notification to You, taking into account the complexity and number of requests.

In the event when You make such a request by electronic means, We provide You with information by electronic means where possible, unless You request otherwise.

In case We do not take any action regarding your request, We inform You as to the reasons within one month of receipt of your request. We take the necessary actions regarding exercising your rights in relation to the processing free of charge except when your request is manifestly unfounded or excessive.

In case We have reasonable doubts as to the identity of the natural person making the request, We may request additional information necessary to confirm the identity of such person.

V. Remedies

In case You would not agree with our response or action or if You consider that your rights have been infringed, You have the possibility to lodge your complaint with the Information Commissioners Office (address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, web: https://ico.org.uk/global/contact-us/

VI. Miscellaneous

Please not that We review this Privacy Notice on occasions and amend it as necessary. In case We amend this Privacy Notice, We announce and publish it by the usual means (e.g., via e-mail, or on the Website). We would like to encourage You to review this Privacy Notice occasionally.