Privacy and cookies policy

PRIVACY AND COOKIES POLICY

We understand the importance of privacy. Therefore, we are committed to ensure the measures that protect your personal information when you visit us or have decided to share your data with us. The following information is designed to help visitors, partners, customers and applicants understand what information we collect from our sites and how we handle and use the information after that. This Privacy and Cookies Policy (“ The Policy”) explains our practices, including your choices and rights, regarding the collection, use, and processing of certain information, including your personal information, by the Qinshift Group of companies (“Qinshift”).

We own and/or manage for third parties multiple websites for services, products, campaigns and career purposes. This Policy is extended and applied to all websites owned and/or managed by Qinshift, (“the Sites” or “websites”).

1. Contacting Us

Qinshift is a multinational group of companies, thus we have offices around the globe. Our leading entity which is deemed leading data controller is Qinshift AB located in Malmö. The leading data authority is deemed to be The Swedish Authority for Privacy Protection (“Integritetsskyddsmyndigheten”). However, in case you provide and share information for the purposes of interaction with a particular Qinsift entity (for example, sending a CV on our Career site for a job application in a specific Qinshift entity), then such Qinshift entity shall be deemed your data controller and the respective local supervising data protection authority shall be the corresponding authority.

In order to achieve high level of protection of your data, we have established safeguards and measures on group level and applied them so adequate organization, administrative and technical protection is achieved and applied through our corporate and intercompany policies.

For questions specifically about this Policy, or our collection and/or processing of your personal information, cookies or similar technologies, please contact us by email at privacy@qinshift.com You may also contact the Group Data Protection Officer at dpoqinshiftgroup@qinshift.com or send a letter via traditional post at:

Voctarova 20a,

Prague 8, 18000,

Czech Republic

2. Collection and Use of Information

The collection and use of information, enable us to provide the services and products we offer, meaning, they are inevitable in order to be able for us to perform our business and provide services or offer products to you. We do not use or share your information in any other way except what is prescribed in this Policy.

Information you provide to us, such as e-mail address, name and surname, address or postal code, telephone number, can be collected by us in a number of ways, if the website you contact offers the type of way prescribed here, such as:

When applying for a job position or contact us through our Carrier site:

When you contact us via our websites for possible business cooperation or contact us by sending e-mail to any of our contact mail addresses on the Sites

Schedule Demo Web Form

if you send us your CV via the Contact us forms on qinshift.com,

If you order, use or access any of Qinshift products and services, including Atlassian Apps.

If you apply for a job position at Qinshift :

(i) Categories of personal data we collect from you:

• Name and last name

• Date of birth (optional)

• Country of residence

• Email address

• Telephone number(s)

• Any personal data included in the CV, job reference and/or referrals provided

We process your personal data only as far as necessary for the recruitment process and in connection with any subsequent employment, unless otherwise indicated. We will not use your personal data for any other purposes, unless the further processing of the personal data is compatible with the purposes for which this data was originally processed.

Your information will be used by Qinshift for the purposes of carrying out its application and recruitment process which includes:

1. Recruitment, selection, evaluation and appointment of job candidates (temporary or permanent) for the job you have applied for and for subsequent job opportunities.

2. General HR administration and management (in case you become a Qinshift employee).

3. Carrying out satisfaction surveys (for example, to manage and improve the recruitment process).

4. Application analysis such as verification of your employment reference(s) that you have provided, background checks and related assessments.

5. Compliance with corporate governance and legal requirements (for example, to monitor diversity requirements).

6. Communicate with you and to inform you of current status of your application and future opportunities (unless you have told us that you do not want us to keep your information for such purposes).

If you are offered and accept employment with Qinshift, the information collected during the application and recruitment process will become part of your employment record.

(ii) Legal basis under which Qinshift processes your personal information:

Qinshift would prefer to process your personal data collected in the recruitment process, based on your consent which you can provide when applying for a job opportunity.

Howsoever, no matter if you have or haven`t provided your consent, the legal basis under which Qinshift further processes your personal data is comprised of the following:

• Qinshifts’ legitimate interests, namely the recruitment, selection, evaluation and appointment of new employees and the management and administration of the recruitment and HR process, to the extent these activities do not prejudice or harm your rights and freedoms.

• Compliance with Qinshifts` legal obligations where employment law or other laws require the processing of your personal information (for example to the extent the law requires the monitoring equality of opportunity and diversity).

• Other legal grounds where applicable such as in your vital interests (for example, health and safety reasons if you attend an interview at our site).

(iii) Who may have access to your personal data?

We may transfer your personal data to companies affiliated with us provided this is permissible within the scope of the purposes and legal bases outlined above. Your information will be shared internally for the purposes of the recruitment process, including but not limited to the members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy, internal and external auditors and IT staff if access to the data is necessary for the performance of their roles.

Qinshift will not share your data with third parties, unless your application for employment is successful and it makes you an offer of employment. Qinshift will then share your data with former employers to obtain references for you.

Qinshift may share your personal data with third parties in order to, obtain pre-employment references from other employers, obtain employment background checks from third party providers and to obtain necessary criminal record checks.

(iv) How long do we hold your personal data?

If you have provided us with your consent for personal data processing for recruitment purposes and in connection with any subsequent employment, and in case your job application was not successful, we will hold your data on file for 2 years after the end of the relevant recruitment process. At the end of that period, or once you withdraw your consent, your data is deleted, destroyed or anonymized.

If you have decided to proceed with applying for the job opportunity without providing us with your consent for personal data processing for recruitment purposes, we will keep your personal data collected in the recruitment process until its closure but in any case, no longer than 90 days from your application for such job opportunity.

If your application for employment is successful, in any case, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.

Please consider that you have the right to withdraw your consent for personal data processing at any time, which you can exercise by contacting us on privacy@qinshift.com

Information we collect automatically

In order to be able to conduct our business and offer you our services, we collect information about you and your use of the Sites automatically, such as:

• device IDs or other unique identifiers; device and software characteristics (such as type and configuration), connection information, statistics on page views, referral URLs, IP address (which may tell us your general location), browser and standard web server log information;

• Information collected via the use of cookies, web beacons and other technologies, including ad data (such as information on the availability and delivery of ads, the site URL, as well as the date and time, Heatmaps). See our Cookies Marketing and Advertising section for more details.

· Information from other sources:

We use platforms to track user behavior on our website, for website optimization purposes and analytics services.

We use Crazy Egg to record:

1. Mouse movement and clicks:

This information helps visualize how users engage with different elements on the website.

2. Scrolling behavior:

Data related to how far users scroll down a page is often collected. This helps in understanding content visibility and user interest.

3. Session recordings:

This feature captures a user's interactions during a specific visit to the website.

4. Heatmaps:

Heatmaps display aggregated data about where users are clicking the most, how far they scroll, and which areas of a page attract the most attention.

5. Referral Information:

Information about how users arrived at the website, such as referral sources.

6. Browser and device information:

Basic technical details like the user's browser type, device type, and operating system may be logged.

We use Dealfront to record pages viewed, visitor sources, and time spent on the site. The visitor (company) IP address is collected to detect the company and geographic location. All visit data is aggregated on the company level. Dealfront also enriches company data with contact data for individuals from publicly available data sources.

We collect the following information:

1. Pages accessed

2. Time of visit

3. Time of last visit

4. Name of the owner (legal entity) of the IP address

5. Reverse domain of the IP address

6. Referring site, application, or service, including the relevant search queries that led you to our website

7. Browser information

8. Operating system and device information

9. IP address (from company users signing in to the service, for security purposes)

We might supplement the information described above with information we obtain from other sources, including from both online and offline data providers. See our Cookies Marketing and Advertising section for more details.

Use of Information:

We use the information in the manner prescribed by corresponding applicable law and the General Data Protection Regulation - GDPR (in force as of May 25th 2018).

The use of your information, its collection, processing and transfer is done following the principles of the GDPR and under one or more of the lawful purposes specified in Article 6 of the GDPR

3. Disclosure of Information

We might transfer your data within Qinshift Group of companies in order to be able to achieve best possible service to you. Other companies within Qinshift Group of companies may each be data controllers, depending to which office you have shared your data. The companies within Qinshift Group regulates and safeguards the processing of your data through intercompany contracts and procedures and this Policy applies to all of them.

Personal data may also be disclosed to subcontractors and partners that Qinshift engages with, to perform a better service towards you, i.e. invitations, recruiting, partnering, subcontracting services for an end client, products purchases and promotions etc. Such contractors are personal data processors for Qinshift to which Qinshift requires the same level of organizational and technical measures to safeguard your data.

In connection with any reorganization, restructuring, merger or sale, or other transfer of assets, we will transfer information, including personal information, provided that the receiving party agrees to respect your personal information in a manner that is consistent with our Privacy and Cookies Policy and safeguard procedures, as well as applicable laws and regulations.

Personal data may be disclosed to the police or other authority provided that Qinsift is required to disclose the information by mandatory law or by mandatory ruling of an authority.

4. International Transfers of Information

How does Qinshift transfer information about you to other countries?

Whenever in the course of sharing information we transfer personal information to countries outside of the European Economic Area and other regions with comprehensive data protection laws, we will ensure that the information is transferred in accordance with this Policy, and as permitted by GDPR and the applicable laws on data protection.

Qinshift is multinational group of companies. For the purposes explained in this Policy, your information may be transferred to Qinshift group companies (including service providers operating on their behalf) and other third parties in countries which might not have the same level of data protection laws as those in the country where you are located. Each of those Qinshift group companies (and their authorized data processors) will however comply with Qinshift internal policies and procedures or have same level of their own policies and procedures, relating to collection and processing of personal data which complies with the key data protection principles of fair handling of personal data and ensuring adequate level of protection of personal data according to GDPR and the applicable laws on data protection.

5. Your Information and Rights

If you would like a copy of the personal information that we may have collected or process about you, you have the right to request it in writing be signed by you via e-mail or post. You may be asked to provide some proof of identification so that we can verify that it is you making the request.

This is in addition to your legal rights, including the right to access a copy of your personal information, the right to request the deletion or updating of any inaccurate personal data and the right to object or request suspension, in some cases, to our processing of your personal data.

You can exercise these rights by contacting us in the manner prescribed in our Contacting Us section.

In this section, we have summed up the rights that you have. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read this Policy in full, as well as if needed further relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Your principal rights with regard to your personal data are:

a) the right to access;

b) the right to rectification;

c) the right to erasure;

d) the right to restrict processing;

e) the right to object to processing;

f) the right to data portability;

g) the right to complain to a supervisory authority; and

h) the right to withdraw consent.

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. In some cases, you have the right to the erasure of your personal data without undue delay. Those circumstances include:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

you withdraw consent to consent-based processing;

the processing is for direct marketing purposes;

However, there are certain general exclusions of the right to erasure.

Those general exclusions include where processing is necessary:

for exercising the right of freedom of expression and information;

for compliance with a legal obligation or contract; or

for the establishment, exercise or defense of legal claims.

In some cases, you have the right to restrict the processing of your personal data. Those circumstances are:

you contest the accuracy of the personal data;

processing is unlawful but you oppose erasure;

we no longer need the personal data for the purposes of our processing,

but you require personal data for the establishment, exercise, or defense of legal claims;

and you have objected to processing, pending the verification of that objection.

Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for mandatory legal obligation prescribed by law; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party.

If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing or the processing is for the establishment, exercise or defense of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes. If you make such an objection, we will cease to process your personal data for this purpose.

You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

If you consider that our processing of your personal information is not compliant with applicable regulation, you have a right to lodge a complaint with our leading authority responsible for data protection. You may do so in the local data protection authority in your habitual residence, your place of work or the place of the considered noncompliance occurred.

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

We will only retain your personal data for as long as is reasonably necessary for the applicable purpose or to otherwise comply with any applicable laws and regulations concerning the mandatory retention of certain types of information. Should any personal data held by us no longer be required to be retained, we undertake to take reasonable steps to destroy or de-identify any personal data after a reasonable period of time has elapsed.

We may reject requests that are unreasonable or not required by law, including those that would be extremely impractical, impossible or absurd, could require disproportionate technical effort, or could expose us to operational risks such as free trial fraud. We may retain information as required or permitted by applicable laws and regulations, including to honor your choices, for our billing or records purposes and to fulfill the purposes described in this Policy.

6. Security and Encryption

Security

While no one in today’s world and technological growth, including us, can’t guarantee that unauthorized access will never occur, rest assured that we take great care in maintaining the security of your personal data to prevent unauthorized access to it, through the use of appropriate technology and internal procedures. We take a number of steps to protect your information from unauthorized access, use or alteration and unlawful destruction, including where appropriate:

Using Secure Sockets Layer (SSL) encryption when collecting or transferring sensitive information

Limiting access to the information we collect about you (for instance, only those of our personnel who need your information to carry out our business activities are allowed access)

Putting in place physical, electronic, and procedural safeguards in line with industry standards

Encryption

Any contact you initiate with us via the Sites, whether submitting an application or an enquiry on a corresponding form, will always be encrypted. However, Qinshift cannot accept any liability for e-mails sent via your respective service provider. When using this form of contact, please ensure that your message is encrypted. Please note that any information that is sent unencrypted is not protected from third-party access.

7. Other Websites, Platforms and Applications

The Sites may contain reference and linked third party websites, platforms, applications and advertisers. We are not responsible for the privacy practices or the content of such websites, so by clicking on those links you may be directed to those websites which are not under control of Qinshift and need to comply with those respective third party policies. If you have any questions about how these other websites use your information, you should review their policies and contact them directly.

Social plugins and social applications are operated by the social network themselves, and are subject to their terms of use and privacy policies.

8. Cookies, Marketing and Advertising

Our websites use cookies.

A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a piece of data stored by a website within a browser, and then subsequently sent back to the same website by the browser. Cookies were designed to be a reliable mechanism for websites to remember things that a browser had done there in the past, which can include having clicked particular buttons, logging in, or having read pages on that site previously.

Cookies are often designed to improve the usability of a website.

There are two types of cookie. The first saves a file for a longer time on the user's computer. It is used, for example, for functions that tell the user what is new since their last visit to the site. The second type of cookie is called a session cookie, and is temporarily stored in the user's computer's memory during the time the user is surfing the site. Session cookies are deleted when the browser is closed.

Cookies are categorized in 4 categories:

Strictly Necessary Cookies

These cookies are necessary for a website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not work then. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of the Sites. They help us to know which pages are the most and least popular and see how visitors move around the particular site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Functional Cookies

These cookies enables a website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Targeting Cookies

These cookies may be set through the Sites by our advertising partners or teams. They may be used by companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

You can choose whether you want to accept cookies or not or set up cookies settings.

Check out the Cookies we use and set your consent and settings of Cookies via our Cookies Settings.

In your browser's settings, you can set which cookies are allowed, blocked or deleted.

If you do not consent to the use of cookies, you can set your browser so that you automatically deny the storage of cookies. This may, however, mean that the services and features available might change functionality depending on your cookies settings.

If you have any questions about the cookies used on the Sites, please contact us at privacy@qinshift.com .

Marketing and Advertising

We may use information collected from users, for sales and marketing purposes, including email marketing. We may combine this information with data obtained from other sources to help us improve its overall accuracy and completeness, and to help us better tailor our interactions with users. Users may choose not to receive marketing materials by following the unsubscribe option, when we use campaign monitor platform or reply to the e-mail with request to be unsubscribed. Please note that the above does not affect users’ ability to reject cookies in accordance with this Policy.

In case of downloads of trials and materials, appropriate consent based opt in will apply.

9. Surveys and Contests

From time-to-time we collect information via surveys or for participation of any contests organized by us on the Sites. Participation in these surveys and/or contests is completely voluntary. You may choose whether or not to participate and thereby disclose any information about you.

Information requested may include contact information (such as name and shipping address), and/or demographic or similar information. By agreeing to participate in the survey, appropriate consent based opt in will apply.

10. Children

We do not knowingly collect any personal information from children. Children under the age of 16 should not use Qinshift sites. In the event that we learn that we have inadvertently gathered personal information from children under the age of 16, we will undertake proper measures and activate internal processes to promptly erase such information from our records and environment.

We invite you to report to us any information you may have regarding this at privacy@qinshift.com so we take appropriate measures.

11. Policy Effect and Changes to this Policy

We will update this Policy from time to time in response to changing legal, regulatory or operational requirements. We will provide notice of any such changes (including when they will take effect).

Your continued use of the Sites after any such updates take effect will constitute acceptance of those changes. If you do not accept any updates to this Policy, please do not use the Sites.

This Policy shall take effect on the date of public announcement. Any updates related with the GDPR shall be in effect as of May 25th 2018.