Last revision date – August 4February 9, 20232024.
In this Customer Privacy Policy, you will find information about how we may process your personal data and what rights you have during the processing when you use our Apps, and your company acts as the Customer of Broken Build under the EULA.
Via Atlassian monday.com Marketplace, we provide two types of Apps. We provide Cloud Apps designed to be used with Atlassian’s monday.com’s hosted services. We also provide Software Apps that are downloadable for the Customer’s data center. This Customer Privacy Policy applies to all types of our Apps.
Broken Build mostly processes the data of the Customers and End Users of the Apps as a data processor. This applies to the data we receive from your company (our Customer) as the controller. Such practices are strictly limited to those allowed by the Atlassian Marketplace Partner Agreement monday.com Marketplace Listing Terms. Although the data shared with us to provide Services to our Customers may include personal data, accessing personal data is not our main objective. In some instances, access to personal data is purely incidental and, therefore, very limited in practice. Our rights and obligations , as well as and the details on of the transferred data are described in detail in our data processing agreement with your company.
In other cases, Broken Build is the data controller of personal data. This means that we decide what data should be processed, how, and why. Such cases are limited to entering into the agreement, certain cases of improvement of our Apps, and some marketing activities. For more details please Please check the tables below and our Marketing Privacy Policy for more details.
Who we are
When we refer to Broken Build, we mean Broken Build LLP, a company registered in the United Kingdom (OC445385) with a registered address at 61 Bridge 44 Broadway Street, KingtonLondon, HerefordshireLondon, HR53DJE151XH, United Kingdom.
If you have questions, concerns, or complaints, or would like to exercise your rights, we are available at infosec@brokenbuild.net.
...
The data we process is both the data of your company (our Customer under the EULA) and you (End User, for whom the Customer has paid the required fees and to whom access is given to the App). Please keep in mind that we process both “personal data” within the meaning of law (relates to identified or identifiable person) and other data that is not “personal data”. Such non-personal data could still be regarded as “End User Data” within the meaning of the Atlassian Marketplace Partner Agreement. For your convenience, below we describe our processing with regard to all types of data we process, marking separately when the data is personal.
...
The information below is classified by the purpose of data processing:
To implement the Apps functionality |
Advanced Velocity Chart |
Role of Broken Build: processor | ||
Which Service it relates to: Cloud Apps | ||
Processing we perform | Data we process | Legal basis for the processing |
Implement the App’s functionality. | Although data shared to achieve that purpose may include personal data, accessing personal data is not our main objective. In some instances, access to personal data is purely incidental and therefore very limited in practice to: End User data stored (does not contain personal data):
End User data processed:
| |
Changelog - may contain personal data
App (chart) configuration including:
Chart title
JQL filter - may contain personal data
Not applicable
(data is provided to perform obligations before the Customer under the EULA, as described in the DPA)
Data retention period: data may be processed and stored during the term of EULA and up to 12 months after the termination of EULA.
Sub-processors engaged:
AWS Elastic Kubernetes Service (AWS EKS) (Amazon Web Services, Inc.) is aimed to store data necessary for the App to properly function.
Amazon RDS for MySQL(Amazon Web Services, Inc.) is also aimed to store data necessary for the App to properly function.
To implement the Apps functionality
Agile Reports and Gadgets
Role of Broken Build: processor
Which Service it relates to: Cloud Apps
Processing we perform
Data we process
Legal basis for the processing
Implement the App’s functionality.
Although data shared to achieve that purpose may include personal data, accessing personal data is not our main objective. In some instances, access to personal data is purely incidental and therefore very limited in practice to:
End User data stored (does not contain personal data):
Anonymized user ID
Jira issue standard fields:
Issue key
Issue type
Issue status
End User data processed:
Anonymized user ID
Jira issue standard fields:
Issue key
Issue type
Issue status
Assignee (anonymized user ID, username, full name, URL to avatar, status) - personal data
Sprint ID
Created date
Reporter (anonymized user ID, username, full name, URL to avatar, status) - personal data
Changelog - may contain personal data
App (chart) configuration including:
Chart title
JQL filter - may contain personal data
Not applicable
(data is provided to perform obligations before the Customer under the EULA, as described in the DPA)
Data retention period: data may be processed and stored during the term of EULA and up to 12 months after the termination of EULA.
Sub-processors engaged:
AWS Elastic Kubernetes Service (AWS EKS) (Amazon Web Services, Inc.) is aimed to store data necessary for the App to properly function.
Amazon RDS for MySQL(Amazon Web Services, Inc.) is also aimed to store data necessary for the App to properly function.
To implement the Apps functionality
Subcomponents for Jira Cloud
Role of Broken Build: processor
Which Service it relates to: Cloud Apps
Processing we perform
Data we process
Legal basis for the processing
Implement the App’s functionality.
Although data shared to achieve that purpose may include personal data, accessing personal data is not our main objective. In some instances, access to personal data is purely incidental and therefore very limited in practice to:
End User data stored (does not contain personal data):
Anonymized user ID
Project ID
Project component ID
Project version ID
End User data processed:
Anonymized user ID
Jira project details
Jira project components
Jira project versions
App configuration settings including:
Feature enablement status
| Not applicable (data is provided to perform obligations before the Customer under the EULA, as described in the DPA) | |
Data retention period: data may be processed and stored during the term of EULA and up to 12 months after the termination of EULA. | ||
Sub-processors engaged:
| ||
To proactively monitor App health and fix issues | ||
Role of Broken Build: processor | ||
Which Service it relates to: Cloud Apps | ||
Processing we perform | Data we process | Legal basis for the processing |
Proactively monitor App health and fix issues (troubleshooting) | End User data processed and stored:
| Not applicable (data is provided to perform obligations before the Customer under the EULA, as described in the DPA) |
Data retention period: Data may be processed and stored only for 2 days following the collection of data. | ||
Sub-processors engaged:
| ||
To support End Users, to fix issues in the Apps | ||
Role of Broken Build: processor | ||
Which Service it relates to: Cloud |
Apps | ||
Nature and purpose(s) of processing | Data we process | Legal basis for the processing (if applicable) |
Answer End Users support requests regarding bugs, product usage, feature requests etc. | The data is both processed and stored:
2. Personal data related to our Customer:
| |
|
Billing contact data (email address, full name).
3. End User data:
4. Non-personal company data, including: company name, license information, Atlassian host ID, Jira version, App version. 5. App environment data: Atlassian host ID, Jira version, App version. 6. Other information you provide to us in connection with the support matter (screenshots, screen casts, HAR files etc.). We encourage you not to share sensitive personal data with us, as well as excessive data which we do not need to resolve your issue. | Not applicable (data is provided to perform obligations before the Customer under the EULA, as described in the DPA) | |
Data retention period: We will store the data from when the support request was initiated, until we resolve the matter. We intend to store your personal data for up to 12 months afterwards, to make sure the future requests regarding product usage are properly satisfied, taking into account the history of the requests. However, we aim to delete sensitive attachments such as HAR files within 3 months of the closure of your request. | ||
Sub-processors engaged:
| ||
To enter into an agreement with the Customer and administer our relationship | ||
Role of Broken Build: controller | ||
Which App it relates to: |
Cloud |
Apps | ||
Processing we perform | Data we process | Legal basis for the processing |
Enter into an agreement with the Customer under the EULA, including any negotiations between us in order to conclude the agreement, as covered by the Atlassian Marketplace Partner Agreement. Administer our relationship with the Customer, i.e. send information about our terms and other information that the Customer needs, as allowed by the Atlassian Marketplace Partner Agreement. | The data is both processed and stored:
| Entering into and performance of a contract (Article 6.1(b) GDPR). |
Data retention period: We will store the data during the term of EULA and for up to 12 months afterwards. | ||
Sub-processors engaged:
| ||
To improve our Apps | ||
Role of Broken Build: controller | ||
Which Service it relates to: Cloud |
Apps | ||
Processing we perform | Data we process | Legal basis for the processing |
Analyze the Apps to optimize user experience. Test and develop new features and functions. | The data is both processed and stored:
2. End user data:
3. Non-personal company data, including: company name, license information. 4. App environment data:
5. Personal data related to our Customer:
6. End User requests and feedback on improving the Apps. We encourage you not to share sensitive personal data with us, as well as excessive data which we do not need to resolve your issue. | Consent (Article 6.1(a) GDPR) Legitimate interest (Article 6.1(f) GDPR). |
Data retention period: We will retain your data related to our Customer during the term of EULA and for up to 12 months afterwards. End User data will be deleted 12 months after the last request/communication of the End User. | ||
Sub-processors engaged:
| ||
We may also process data to perform legal duties, responsibilities, and obligations and to comply with laws and regulations that apply to us. For example, we could store data about emails and names of subscribers to our newsletters, as well as their choices and consent - to make sure we comply with laws on e-communication.
...
We may also share your data with service providers that help us operate, provide, support and enhance our Services. If a service provider needs to access your data, they do so under appropriate security and confidentiality measures designed to protect your data. You should always check the privacy settings and notices in these third-party services to understand how those third parties may use your data. You may find a complete list of service providers (sub-processors) we involve following this link.
In exceptional circumstances, we may disclose data with law enforcement agencies, courts, fraud prevention agencies, or other third parties, where we think it is necessary to comply with applicable laws or regulations or to defend our legal rights (where possible, we will notify you of this type of disclosure).
...
When we use and share your data, it may be transferred to and processed in countries other than your country or residence. We process and store data in the countries you may check in the list of service providers we involve following this link.
Where we transfer your data, we put safeguards in place to ensure your data remains protected. For individuals in the UK or EEA, this means that your personal data may be transferred outside of the UK or EEA. When this is the case, it will be transferred to countries where we have compliant transfer mechanisms in place, in particular, the implemented European Commission’s Standard Contractual Clauses to agreements with entities and independent contractors the data is transferred to or other appropriate legal mechanisms to safeguard the transfer.
...
You may read a more detailed description on how we protect your data in DPA Annex 1( Section C) available via the link.