Versions Compared

Old Version 9

changes.mady.by.user Jana Winkelbauer

Saved on

compared with

New Version Current

changes.mady.by.user Jana Winkelbauer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. The Processor shall provide the Controller with software solutions in accordance with the apps EULA or, if not stated specifically, this Main Agreement. In doing so, the Processor shall obtain access to personal data and shall process such data exclusively on behalf of and in accordance with the instructions of the Controller. The scope and purpose of the data processing by the Processor are set out in the Main Agreement. The Controller is solely responsible for assessing the permissibility of the data processing in accordance with Art. 6 (1) GDPR. 

  2. The Parties conclude the present agreement to specify the mutual rights and obligations under data protection law. In case of doubt, the provisions of this Agreement shall take precedence over the provisions of the Main Agreement. 

  3. The provisions of this Agreement shall apply to all activities related to the Main Agreement in which the Processor and its employees or persons authorized by the Processor come into contact with personal data originating from or collected for the Controller or otherwise processed on the Controller's behalf.

  4. The term of this Agreement shall be based on the term of the Main Agreement, unless the following provisions give rise to obligations or rights of termination going beyond this. 

  5. The provision of the contractually agreed data processing usually takes place in a member state of the European Union or another contracting state of the Agreement on the European Contractual Area (Decision 94/1/EC). If the Processor transfers Personal Data to subcontractors outside the EU or the EEA, they have previously agreed to comply with the standard data protection clauses pursuant to Commission Implementing Decision (EU) 2021/914 of 4.6.2021 and thus ensure an adequate level of data protection within the meaning of Art. 46 (2) lit. c GDPR.

  6. To the extent that Provider Processes Customer Personal Data protected by Data Protection Laws in one of the regions listed in Annex 4 (Region-Specific Terms), then the terms specified therein with respect to the applicable jurisdiction(s) will apply in addition to the terms of this DPA.

...

If not stated otherwise, the Processing is hosted on cloud (AWS, see Annex 3). 

 Google Workspace for Jira

Purposes of processing 

Categories of processing 

Categories of personal data 

Categories of data subjects 

Connect Google apps and services with Jira. Optimize Jira with Google features and extend Google apps and services with Jira functionalities.  

We only store content that has been explicitly created by our apps. The most common data we store are:  

  • User / instance settings  

  • Metadata mappings between Atlassian & Google objects 

  • User login tokens retrieved by OAuth login 

We do not store Jira content (like Jira issues, comments, etc.) or Google content (like email content, event descriptions) on our servers. 

Reports on the 

  • Name of the JIRA instance 

  • Atlassian account ID 

  • Google account ID 

The app is unaware of the type of data supplied to it. Example categories of personal data are: 

  • Assignees, reporters, watchers and other participants of issues 

  • Field values and changes on fields & comments made by users of Jira

The Controller must inform the Processor if he processes additional categories of personal data inside Jira or the app. 

  • Jira user 

  • Google Users 

The Controller must inform the Processor if he processes additional categories of data subjects with this app. 

Annex 2 - Authorized persons, entitled persons, communication channel

...