top of page

Data Processing Addendum

Digital Toucan Limited, 59 Bromyard House, W3 7BE London, United Kingdom, hereinafter referred to as Digital Toucan, is an IT enabled company providing services and solutions for the Information Technology industry. “OKR Goals for Jira”, “Panorama Hierarchy and Structure for Jira”, “JQL Search Extensions for Jira & reports” provided by Digital Toucan Ltd are the names of three software SERVICES owned by Digital Toucan. 

 

This GDPR Data Processing Addendum (“DPA”) forms part of the Terms of Service available at https://www.digitaltoucan.com/eula or such other location as the Terms of Use may be posted from time to time (as applicable, the “Agreement”), entered into by and between the Licensee and Digital Toucan Ltd (“Digital Toucan”), pursuant to which Licensee has accessed Digital Toucan’s Services as defined in the applicable Agreement. The purpose of this DPA is to reflect the parties’ agreement with regard to the processing of personal data in accordance with the requirements of Data Protection Legislation as defined below.

 

Data Processing Terms

 

In this DPA, “Data Protection Legislation” means European Directives 95/46/EC and 2002/58/EC (as amended by Directive 2009/136/EC) and any legislation and/or regulation implementing or made pursuant to them, or which amends, replaces, re-enacts or consolidates any of them (including the General Data Protection Regulation (Regulation (EU) 2016/679)), and all other applicable laws relating to the processing of personal data and privacy that may exist in any relevant jurisdiction. Digital Toucan shall not be the Controller in respect thereof. Licensee further agrees that it is the responsibility of the Licensee to ensure that any and all Personal Data obtained and processed by it and inputted, entered, stored and processed by it to Service has been obtained and processed in accordance with all Applicable Data Protection Laws.

 

In the course of providing the Services to Licensee pursuant to the Agreement, Digital Toucan may process personal data on behalf of Licensee. Digital Toucan agrees to comply with the following provisions with respect to any personal data submitted by or for Licensee to the Services or collected and processed by or for Licensee through the Services. Any capitalized but undefined terms herein shall have the meaning set forth in the Agreement. “data controller”, “data processor”, “data subject”, “personal data”, “processing”, and “appropriate technical and organisational measures” shall be interpreted in accordance with applicable Data Protection Legislation;

 

The parties agree that Licensee is the data controller and that Digital Toucan is its data processor in relation to personal data that is processed in the course of providing the Services. Licensee shall comply at all times with Data Protection Legislation in respect of all personal data it provided to Digital Toucan pursuant to the Agreement.

 

The subject-matter of the data processing covered by this DPA are the Services ordered by Licensee. The processing will be carried out until the term of Licensee’s ordering of the Services ceases.

 

In respect of personal data processed in the course of providing the Services, Digital Toucan:

  • Digital Toucan will only process the Personal Data in accordance with the documented instructions of Licensee, including with regard to transfers of Personal Data to a third country and solely as strictly necessary for the performance of its obligations under this Agreement; The Instruction at the time of entering into this Terms and conditions agreement is that Digital Toucan may only process the Personal Data supplied by Licensee on its behalf with the purpose of delivering the Service, especially, Digital Toucan is allowed to contact Licensee Licensees via e-mail for purposes of delivering Service;

  • If Digital Toucan is required to process the personal data for any other purpose provided by the applicable law to which it is subject, Digital Toucan will inform Licensee of such requirement prior to the processing unless that law prohibits this on important grounds of public interest;

  • Digital Toucan shall ensure that the Authorized Licensees are bound by appropriate confidentiality obligations;

  • Digital Toucan is authorised to engage sub-processors in connection with the provision of the services under this Agreement. Digital Toucan shall inform Licensee if it intends to engage a sub-processor or replace a sub-processor, and will provide Licensee with an opportunity to object to such changes.

  • where any sub-contractor of Digital Toucan will be processing the Personal Data on behalf of Licensee, Digital Toucan shall ensure that a written contract exists between Digital Toucan and the sub-contractor containing clauses equivalent to those imposed on Digital Toucan. In the event that any sub- processor fails to meet its data protection obligations Digital Toucan shall remain fully liable to Licensee for the performance of the sub-processor’s obligations; Licensee consents to Digital Toucan engaging third party sub-processors to process the Licensee’s Data related to providing the Service based on the Terms and conditions agreement provided that: (i) Digital Toucan maintains an up-to-date list of its sub-processors which it shall update with details of any change in sub-processors prior to any such change. (ii) Licensee may object to Digital Toucan’s appointment or replacement of a sub-processor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. In such event, Digital Toucan will either not appoint or replace the sub-processor or, if this is not possible, Licensee may suspend or terminate the Service.

  • Digital Toucan shall, taking into account the nature of the processing, assist Licensee by implementing appropriate technical and organisational measures (insofar as this is possible) to assist Licensee to comply with requests from data subjects to exercise their rights under Data Protection Law [and any such assistance shall be at the cost of Licensee];

  • Digital Toucan shall assist Licensee in ensuring compliance with its obligations in respect of security of personal data, data protection impact assessments and prior consultation requirements under Data Protection Law [and any such assistance shall be at the cost of Licensee];

  • Digital Toucan shall: (i) at the choice of Licensee made in writing within 14 days from service termination date i.e. license expiration, delete or return the Personal Data to Licensee; and (ii) delete all existing copies of such personal data unless EU law or the laws of an EU Member State require storage of the personal data [and any such return or deletion of data shall be at the cost of Licensee];

  • Digital Toucan shall: (i) make available to Licensee all information necessary to demonstrate compliance with the obligations laid down in this clause; and (ii) allow for and assist with audits, including inspections, conducted by Licensee or another auditor mandated by Licensee, in order to ensure compliance with the obligations laid down in this clause [Digital Toucan shall be entitled to charge the Licensee any costs incurred in connection with compliance with the obligations at (i) and (ii) above and work performed at the request of the Licensee]. For the purposes of demonstrating compliance with the data security obligations under Data Protection Law, Licensee agrees that it shall be sufficient for Digital Toucan to provide evidence of adherence by Digital Toucan to an approved code of conduct or an approved certification mechanism;

  • Digital Toucan may transfer personal data from the EEA to the US for the purposes of this DPA pursuant to the EU-US Privacy Shield provided that Digital Toucan maintains its certification under the EU-US Privacy Shield;

  • Digital Toucan shall promptly inform the Licensee in the event that it receives an instruction that in its opinion would contravene Applicable Data Protection Law; and

  • taking into account the nature of the processing and the information available to Digital Toucan, Digital Toucan shall notify Licensee without undue delay after becoming aware of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, the Personal Data that is transmitted, stored or otherwise processed by Digital Toucan under this Agreement, and shall provide Licensee with such reasonable co-operation and assistance as may be required to mitigate against the effects of, and comply with any reporting obligations which may apply in respect of, any such breach. 

 

Digital Toucan shall provide the information requested by Licensee to demonstrate compliance with the obligations set out in this DPA.

 

Licensee shall be responsible for complying with any and all requests that it may receive from data subjects under any Applicable Data Protection Laws to obtain access to, have corrected, erased or blocked any Personal Data relating to such data subjects which is held on Service software. Licensee shall be responsible for implementing all other technical and organisational security measures required under Applicable Data Protection Laws in relation to its use of the Services, and the processing by it of any Personal Data on the Services.

 

Details of the Data Processing

 

Digital Toucan shall process information to provide the Services pursuant to the Agreement. Digital Toucan shall process information sent by Licensee’s end Licensees identified through Licensee’s implementation of the Services. As an example, in a standard programmatic implementation, to utilize the Services, Licensee may allow the following information to be sent by default as “default properties:”

 

Digital Toucan shall process the following Personal Data: 

  • email address

  • user name and display name of Atlassian Account (only if allowed in Atlassian Account Settings)

  • Atlassian Account Identifier

  • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;

  • additional personal information that you provide to us, directly or indirectly, through your use of our Services, 

  • your preferences and/or opinions provided to us via surveys

 

Digital Toucan shall process Personal Data on behalf of Licensee in the context of providing the services under this Agreement, for the duration of the term of this Agreement. The obligations and rights of Licensee shall be as set out in this Agreement.


 

List of associated data sub-processors
bottom of page