BITRISE PRIVACY POLICY


Effective date: October 4, 2021

Section 1 Introduction

1.1 This privacy policy (“Privacy Policy”) provides you with information regarding the processing of your personal data carried out by Bitrise Limited (registered seat: 483 Green Lanes London N13 4BS UK; email: support@bitrise.io; with establishment in the EU via its branch office in Hungary at the registered seat: H-1114 Budapest, Hamzsabégi út 37.; “Controller”, “We” or “Us”) via the bitrise.io website (the “Website”) and the Bitrise application (“Application”) provided by Us.

1.2 Please be aware that no data protection officer is operating in relation to Data Processing carried out by Us.

1.3 When We process your Personal Data on the basis of our legitimate interest (see below under Section 4), You have the right to object to that processing (for further explanation, see Section 7.6). If You wish to exercise this right, please contact Us at the email contact details specified above.

Section 2 Definitions used in this Privacy Policy

2.1 In this section You can find the definitions for the purpose of this Privacy Policy.

2.1.1 “Personal Data” means any information relating to You through which We can identify You directly or indirectly; this means in particular your name, identification number, location data, online identifier or one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.

2.1.2 “Data Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.1.3 “You” means any user of the Website or the application whose data is processed by Us or other identifiable natural person.

2.1.4 “Service(s)” means all the services described in the Controller's Terms of Service, available at https://www.bitrise.io/terms (or such other link as Bitrise may provide for its Terms of Service), without regard to whether it is provided through the Website or the Application.

Section 3 Data Processing Principles

3.1 We process your Personal Data in compliance with all the relevant laws, fairly and in a transparent manner. 

3.2 We process your Personal Data only for specified and legitimate purposes as described in this Privacy Policy.

3.3 We do not process your Personal Data, which is not adequate, relevant or necessary for the purposes set out in this Privacy Policy.

3.4 We do our best to keep your Personal Data accurate and up to date. We take every reasonable step to ensure that inaccurate Personal Data is erased or rectified without delay.

3.5 We keep your Personal Data in a form which enables Us to identify You for no longer than needed, for the purposes for which your Personal Data is processed.

3.6 We process your Personal Data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

Section 4 Why and how are We processing your Personal Data?

4.1 General

4.1.1 In most cases, We are processing your Personal Data in order to provide You with our Services. However, other purposes may apply (e.g., to fulfil our statutory obligations). Please find detailed information on the purpose and other relevant circumstances of processing categorized by the purposes below.

4.1.2 We will always process your Personal Data in compliance with European standards on data protection. We provide an adequate level of protection to your Personal Data by EU standards, even in cases when We transfer your Personal Data outside the European Economic Area.

4.1.3 Please note that in the event of any inquiries coming from state, administrative or investigative authorities, We may be obligated to provide these authorities with your Personal Data.

4.2 Registration

4.2.1 The purpose of processing your Personal Data: Registration on the Website and use of the Application offered on the Website.

4.2.2 The legal basis for the processing: Our legitimate interest in creating and managing your account and being able to provide Services as requested by You.

4.2.3 The categories of Personal Data concerned: Personal Data provided by You, in the course of the registration and database ID generated by Us to store your data.

4.2.4 The period for which the Personal Data will be stored: This data will be deleted in 30 days following the deletion of your profile.

4.3 Using the Application

4.3.1 The purpose of processing your Personal Data: We process your Personal Data while You are using our Services. This data is necessary for providing our Services to You, enhancing our Services, payment purposes, as well as for information security purposes.

4.3.2 The legal basis for the processing: Our legitimate interest in creating and managing your accounts and being able to provide Services as requested by You, in improving existing features and developing new functions to remain competitive, being able to collect fees for our Services, providing secure Services and avoiding fraudulent use.  

4.3.3 The categories of Personal Data concerned: Personal Data provided by You in the course of the registration, or while You are using Our Services, logged event data, data necessary for invoicing Our Services, and payment.

4.3.4 The period for which the Personal Data will be stored: This data will be deleted in 5 years following the deletion of your profile.

4.4 Newsletters and direct marketing offerings

4.4.1 The purpose of processing your Personal Data: Informing You about Bitrise news, and our best offers.

4.4.2 The legal basis for the processing: Your consent.

4.4.3 The categories of Personal Data concerned: Personal Data provided by You. 

4.4.4 The period for which the Personal Data will be stored: We will store the relevant Personal Data until You revoke your consent (i.e., unsubscribe from our newsletter). 

4.5 Customer support and contacting us via e-mail.

4.5.1 The purpose of processing your Personal Data: Provide more efficient and timely support to You when using our Services, such as the support chatbox on our Website, and emails.

4.5.2 The legal basis for the processing: Our legitimate interest in helping You to fix bugs or unintended functioning in an efficient and timely manner, increasing your loyalty and retaining our customers.

4.5.3 The categories of Personal Data concerned: Personal Data provided by You, your IP address, data collected from publicly available sources.

4.5.4 The period for which the Personal Data will be stored: This data will be deleted in 5 years following the day your profile is deleted. Regarding messages sent by non-registered users: We may also store the messages for 5 years following their delivery.

4.6 User research for improving our Services

4.6.1 The purposes of processing your Personal Data:

i. asking You via email or in-app messages to participate in our user research;

ii. collecting your feedback for user research when You interact with Us via our channels. 

iii. carrying out user interviews or user testing, or collecting your survey answers for user research.

4.6.2 The legal basis for the processing:

i. our legitimate interest to create Services that users find useful and enjoy;

ii. our legitimate interest to create Services that users find useful and enjoy;

iii. your consent.

4.6.3 The categories of Personal Data concerned:

i. Personal Data provided by You in the course of the registration, communications with Us or while You are using our Services, logged event data.

ii. Personal Data provided by You in the course of the registration, or while You are using our Services, when You interact with us via our channels, logged event data.

iii. Personal Data provided by You when filling out the survey or during the interviews, testing sessions. In case You are not our user, your contact details are provided by the tester sourcing tool.

4.6.4 The period for which the personal data will be stored:

i. This data will not be retained for this purpose after sending out requests to participate in user research.

ii. This data will be deleted or anonymized within 5 years after the feedback is received.

iii. This data will be deleted or anonymized once the research is finished or until the incentive is provided (whichever is longer).

Section 5 Business Partners We Use 

5.1 To be able to provide our Services to You and to run our business, We share Personal Data with recipients from the following categories: infrastructure as service providers, platform as service providers, application management providers, software development tools/environment providers, office management tool providers, collaborative office software providers, video conferencing tool providers, integration tool providers, e-signature tool providers, product management tool providers, service management and service improvement tool providers, analytics tool providers, billing and subscription management providers, payment processors, accounting service providers, security management providers, network analytics and log management tool providers, marketing tool providers, sales and customer relationship management (CRM) providers, marketing analytics providers, newsletter tool providers, messaging tool providers, support management tool providers, community discussion board providers, providers of survey tools and online forms, webinar platform providers, tester sourcing tool provider, legal consultants, and public authorities.

Section 6 Transferring your Personal Data 

6.1 Please note that We are using our business partners for business and related support services, and these business partners receive your Personal Data for the purpose of providing Us with such services. Section 5 above describes the categories of business partners We use. We may also transfer your Personal Data to current and future entities within the Bitrise Group (currently consisting of Us, and Bitrise Inc., a U.S. company, registered seat: 548 Market St, ECM #21638, San Francisco, CA 94104-5401) for the Data Processing purposes listed in Section 4 above.

6.2 We ensure that appropriate and suitable safeguards are in place when We transfer Personal Data within the Bitrise group or to our business partners internationally, outside the EEA. In particular, We ensure that standard contractual clauses issued by the European Commission are in place within the Bitrise Group and We ensure to conclude such standard contractual clauses with our business partners outside the EEA that receive Personal Data from Us. 

Section 7 Your rights regarding the Data Processing carried out by Us

7.1 You have the following rights regarding Data Processing carried out by Us in relation to your Personal Data:

7.2 Right to access

7.2.1 You have the right to request access from Us to your Personal Data processed by Us and obtain information regarding: the purpose of processing; what categories of Personal Data are processed; to whom We transfer or disclose your Personal Data; for what period We process your Personal Data; your rights in connection with Data Processing carried out by Us regarding your Personal Data; your right to lodge a complaint with a supervisory authority regarding the processing; in case We collect your Personal Data from other sources than from You, any available information as to the source; the existence of automated decision-making and related information, including the logic involved, as well as the significance and the envisaged consequences of such processing for You; whether your Personal Data is transferred outside the EEA and regarding the conditions of these transfers.

7.2.2 We will provide You with a copy of your Personal Data processed by Us in case You require Us to do so.

7.3 Right to rectification

7.3.1 You have the right to request Us to rectify your inaccurate Personal Data and to request Us to complete your incomplete Personal Data by means of providing Us with a supplementary statement.

7.4 Right to erasure

7.4.1 We erase any of your Personal Data if You request Us to do so in the event of the following:

i. your Personal Data is no longer necessary for the purpose concerned;

ii. You withdraw your consent and there is no other legal basis for the processing;

iii. You object to the processing and there are no overriding legitimate grounds for the processing;

iv. your Personal Data has been processed unlawfully;

v. your Personal Data has to be erased according to relevant laws.

7.4.2 Please note that We are entitled to not erase your Personal Data if it is necessary - inter alia - for exercising the right of freedom of expression and information, for compliance with legal obligations, and for establishment, exercise or defence of legal claims.

7.5 Right to restriction of processing

7.5.1 You have the right to obtain a restriction of processing from Us where one of the following applies:

i. You have contested the accuracy of your Personal Data (You will obtain restriction for a period enabling Us to verify the accuracy of your Personal Data);

ii. the processing is unlawful and You oppose the erasure of your Personal Data and request the restriction of their use instead;

iii. We no longer need your Personal Data for the purposes of the processing, but they are required by You for the establishment, exercise or defence of legal claims.

7.5.2 Where processing has been restricted, Personal Data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.

7.6 Right to object to processing

7.6.1 Where Personal Data is processed for direct marketing purposes, You have the right to object at any time to the processing of Personal Data concerning You for such marketing, which includes profiling to the extent that it is related to such direct marketing.

7.6.2 You also generally have the right to object to the processing of Personal Data on grounds relating to your particular situation, where the legal basis of the processing activity is our legitimate interest (or the legitimate interest of a third party). We shall no longer process the Personal Data unless We demonstrate compelling legitimate grounds, which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

7.7 Right to data portability

7.7.1 If certain conditions apply, You have the right to receive your Personal Data, which You have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from Us. You also have the right to have your Personal Data transmitted directly from Us to another controller, where technically feasible.

7.8 Right to withdraw your consent

7.8.1 You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before its withdrawal.

7.9 Our actions

7.9.1 We take actions requested in relation to exercising your above rights without undue delay and in any event within one month of receipt of your request. This period may be extended by two months where necessary, with a reasoned notification to You, taking into account the complexity and number of requests.

7.9.2 In the event when You make such a request by electronic means, We provide You with information by electronic means where possible, unless You request otherwise.

7.9.3 In case We do not take any action regarding your request, We will inform You as to the reasons within one month of the receipt of your request. We will take the necessary actions regarding exercising your rights in relation to the processing free of charge except when your request is manifestly unfounded or excessive.

7.9.4 In case We have reasonable doubts as to the identity of the natural person making the request, We may request additional information necessary to confirm the identity of such person.

Section 8 Remedies

8.1 In case You do not agree with our response or action, or if You consider that your rights have been infringed, You may lodge a complaint with the data protection supervisory authority in the UK or the EU Member State of your habitual residence, place of work or place of the alleged infringement, in particular, with the following data protection supervisory authorities: 

8.8.1 Information Commissioners Office (address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, web: https://ico.org.uk/global/contact-us/).

8.1.2 Hungarian National Authority for Data Protection and Freedom of Information (address: HU-1055 Budapest, Falk Miksa utca 9-11, mailing address: 1363 Budapest, Pf.: 9.; tel.: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu).

Section 9 Miscellaneous

9.1 Please note that We review this Privacy Policy on occasions and amend it as necessary. When We amend this Privacy Policy, We will announce and publish it by the usual means (e.g., via e-mail or on the Website). We encourage You to review this Privacy Policy regularly.