Former Workforce Privacy Notice
発効日: 2022 年 12 月 15 日
1. What this notice covers
This Former Workforce Privacy Notice (“Notice”) applies to the handling of your data (defined below) as a former employee or contingent worker (e.g., consultant, contractors) of Atlassian (collectively, "Atlassian Workers").
Your privacy is important to us, and we strive to provide clear and easy-to-understand information about how Atlassian collects, manages, uses, processes, and discloses Workforce Data. We collect and process this data, which can include Personal Data (i.e. information relating to you), in compliance with applicable law. For simplicity, we’ll refer to this data as “Workforce Data.”
For former contingent workers, Atlassian limits processing of Workforce Data to what is required to manage your assignment with us.
This Notice doesn’t cover personal use of Atlassian products (i.e. outside of your former employment or engagement with Atlassian, such as a personal Trello account). Learn more about Atlassian’s privacy practices for personal use of Atlassian products in our Atlassian Privacy Policy.
2. Information We Collect
We collect Workforce Data about you (and individuals associated with your relationship with Atlassian, such as dependents) in connection to your employment or engagement with us.
Categories of Workforce Data we may collect about you include, but are not limited, to:
- Contact Details. Your contact details may include your full name, home address, telephone or mobile number, email address or online identifier, and profile and avatar information.
- Government issued ID number or similar identifier: Your identification details may include your social security number, passport number, driver’s license number, citizenship status, residency, and work authorization (visa or permit) status.
- Financial account information. Your financial account information may include your bank account and portion of your credit or debit card number.
- Images, voice, or videos. Your likeness may include a headshot that you upload to our Human Resource Information System, a photo taken of you for promotional materials, or a video of you in a recorded meeting.
- Recruitment related information. Recruitment related information may be retained from your recruitment process, such as your skills assessments, employment information, and educational information. To learn more, please refer to our Careers Privacy Notice.
- Employment related information. Employment related information may include information related to your employment or assignment with Atlassian, such as your employment contract, offer letter, work location, hire date, termination date, craft expertise, skills, feedback, mandatory performance reviews and disciplinary records, compensation and allowance details, leave of absence, sick time, and vacation/holiday records.
- Compensation and Benefits (including health) information. Your compensation and benefits information may include information about you, your family members, your household, and other dependents to establish and administer benefits offered by Atlassian, such as health and wellness benefits, financial benefits, equity administration, and other related perks.
- Life Events and Time Away. We may collect information in the event of certain life and work events that may impact your relationship with Atlassian. If you take a leave of absence, we may collect the type of leave you are requesting, reason for leave (e.g., birth events, medical condition), dates of leave, and other details you may provide related to the life event. Depending on the event, some of the information collected may include health information.
- Work Content You Generate. You may create work content in Hello (e.g., Confluence, JIRA), and other electronic resources we provide to you. Per your employment or engagement related agreement (e.g., Atlassian Confidential Information and Invention Assignment Agreement), content you create in the performance of your duties and services, is owned by Atlassian.
- Information we collect automatically: We may automatically collect information about you when you use Hello or other electronic resources we provide to you. For example, we may collect logs and usage data within Hello, third party tools, or websites. We may also collect information relating to cookies and other tracking technologies (e.g., device identifiers, pixels) to provide functionality and to recognize you across Hello instances and devices. For more information, please see our Cookies and Tracking Notice, which includes information on how to control or opt out of these cookies and tracking technologies.
- Monitoring of Atlassian Networks and Resources. We may collect information related to your access and use of Atlassian devices, tools, systems, networks, and other resources per our internal policies. While we make efforts to limit collection of information related to your personal life, we may collect this information if you use an Atlassian-issued device (e.g., Atlassian MacBook) or a personal device connected to the Atlassian Network (e.g., the corporate wifi, Atlassian VPN client). For information about this may be used in investigations, please see Section 5 below.
- Voluntary Workforce Data that you choose to provide us. During your time at Atlassian, you may choose to participate in voluntary opt-in programs, such as survey-based research, video-based research, and workplace-related assessments (e.g., behavioral assessments, productivity assessments). Unlike mandatory programs, such as performance reviews, these programs are entirely optional and will be communicated as such. There will be no adverse consequences if you choose not to participate. If you do choose to participate, we will collect certain information relating to your participation in the program. The types of information we collect and how we will use and share your information will be made clear to you before you decide whether you want to participate in the program. You will also be able to withdraw your consent. For example, you will be able to stop participating in the program and request deletion of certain information you provided during the program.
While we treat all Workforce Data with care, some Workforce Data is more sensitive in nature so we refer to that as “Sensitive Workforce Data.” Sensitive Workforce Data may include information revealing racial or ethnic origin, demographics (e.g., date of birth, gender), sexual orientation, health data (e.g., reason for sick leave, special needs for reasonable accommodation, inferring someone’s mental health), veteran status, and background check results (e.g., criminal record data).
Atlassian limits collection of Sensitive Workforce Data. Except as noted below, where we do collect any it will be collected directly from you on a voluntary opt-in basis. Voluntary opt-in basis means:
- It will only be collected if you choose to provide opt-in consent;
- You can withdraw your consent at any time. For example, if you voluntarily choose to provide certain Sensitive Personal Data in our Human Resource Information System (e.g., sexual orientation) for purposes of our DEI program, you will be able to withdraw your consent and delete the Sensitive Workforce Data you have provided; and
- There will be no adverse consequences on your employment or engagement for not providing Sensitive Workforce Data or for withdrawing your consent.
Atlassian may collect and process Sensitive Workforce Data in the following ways that will not be based on voluntary opt-in consent:
- To comply with legal or contractual obligations (e.g., demonstrating compliance with anti-discrimination laws, conducting legally required background checks, conducting contractually required background checks)
- To verify the information you provided during the recruitment process (e.g., background check)
- For monitoring purposes set out in our internal policies
- To manage our employment or engagement with you (e.g., your date of birth may be required to process payments owed to you, health data in order to take long term sick leave).
3. Where We Collect Workforce Data From
In relation to your employment or engagement with Atlassian and in compliance with applicable law and internal policy, we may collect Workforce Data about you from the following sources:
- Directly from you. We collect Workforce Data directly from you, for example when you provide contact details for your Atlassian Account and when you provide financial account information so we can process payments owed to you.
- From other Atlassian Workers. We collect Workforce Data from other Atlassian Workers, for example when your colleagues provide feedback about you and when they reference you in work content (e.g., Jira issue).
- From third parties. We collect Workforce Data from third parties, for example we may receive Workforce Data from a benefits vendor to process benefits reimbursements. Depending on your role, we may also collect your Workforce Data from customers and partners.
- Automatically. When you access and use Atlassian devices, tools, systems, networks, and other resources, we automatically collect certain Workforce Data such as information relating to your online usage and device information (e.g., network monitoring).
4. How We Use Workforce Related Information
Atlassian strives to be transparent about how Workforce Data will be used. Atlassian uses Workforce Data for the following purposes:
- To administer and manage the Atlassian Workforce. We use Workforce Data to fulfill and manage our employment or engagement contracts with Atlassian Workers. For example, your financial account information to process payments and reimbursements, your home location for tax reporting, your financial account information to reimburse expenses, your work email to provision benefits, and your work content for performance reviews and career development.
- To support Atlassian’s business operations. We use Workforce Data to operate our business. For example, we may use your contact details to maintain our internal directory and manage business records related to your employment or engagement, your network monitoring information for purposes outlined in our internal policies, your work content to assess performance and capacity (e.g., cycle times, sales targets), and your tool and product usage data to gather various insights around ways of working (these insights are typically aggregated).
- To improve Atlassian products and services. We may use Workforce Data for research and development. For example, we may use your work content and Hello usage data to measure and improve our products or create new features and services.
- To offer products and services. We may use Workforce Data to offer products and services that may be of interest to employees. For example, using your work contact details and home location to offer health, wellness, and financial benefits.
- To market and advertise. We may use your likeness to market and advertise our products and services to customers and prospects (if we do so, we will inform you). For example, we may use your image in a marketing campaign.
- To mitigate risk. We may use Workforce Data to mitigate or respond to risk to Atlassian, Atlassian Workers, customers, and the general public, including for network monitoring, safety and building management, business continuity, physical security, health and safety, emergency notifications, and HR-related investigations regarding alleged misconduct (see Section 5). For example, we may use your contact details to contact you in an emergency.
- To protect Atlassian’s interests. We may use Workforce Data to protect our interests, including to protect our intellectual property rights and confidential company secrets, and in disputes or legal proceedings.
- To comply with legal requirements. We may use Workforce Data to comply with the law. For example, using your race/ethnicity (if provided) to comply with anti-discrimination laws (e.g., EEOC reporting), your government ID for immigration processing purposes, and providing certain employment related information to respond to subpoenas and other legal or governmental requests.
- For other purposes with your consent. If you voluntarily choose to participate in an optional program, we will use related Workforce Data with your consent and according to any purposes provided to you during the opt-in process. For example, if you choose to participate in an internal survey, we will use your survey responses according to the specific purposes provided to you (e.g., to help build better teams). If you choose to provide Sensitive Workforce Data in our Human Resource Information System for our DEI program, we will use it only for those purposes.
Atlassian may leverage technologies such as artificial intelligence to automatically process Workforce Data for these purposes. However, Atlassian does not make any automated decisions about you. Automated decisions means decisions without any human involvement that have a legal or significant affect (e.g., an effect on your employment or engagement).
Atlassian also shares Workforce Data within the Atlassian group of companies for the purposes described in this section.
4.1. Legal Bases for Atlassian Workers Based in the EEA, UK, or Brazil
If you are based in the European Economic Area (EEA), UK, or Brazil, we collect and process Workforce Data only where we have legal bases for doing so under applicable laws. The legal bases depend on the type of Workforce Data and the purpose we process it. This means we collect and process Workforce Data only where:
- We need it to administer our employment or engagement contract with you (e.g., to process payments owed to you);
- It satisfies a legitimate interest which is not overridden by your privacy rights (e.g., operating our business, improving our products, protecting our legal rights and interests);
- You provide us consent for a specific purpose; or
- We need to comply with a legal obligation (e.g., complying with anti-discrimination laws).
If you have consented to our use of Workforce Data for a specific purpose, you have the right to withdraw your consent, but this will not affect any processing that has already taken place. Where we are using Workforce Data because we have a legitimate interest to do so, you have the right to object to that use.
5. How We Use Information We Collect for Investigations
Atlassian may collect and use Workforce Data to investigate alleged misconduct, such as breaches of law or violations of the Atlassian Code of Business Conduct and Ethics or other policies. Workforce Data used for investigative purposes can include your access and use of Atlassian electronic resources, including information technology systems (such as email, chat, phone, and internet) and networks, and your access and retrieval of proprietary Atlassian systems, documents, and records. We may also use images from security cameras and other optical surveillance technologies. To the extent data collected will be accessed and used for investigation of misconduct, Atlassian is committed to maintaining the privacy of Atlassian Workers during investigations and will consult with appropriate personnel (e.g., Legal, Employee Relations) to ensure that access will be limited only to relevant information that supports a bona fide investigation. Atlassian will work to restrict the number of individuals with access to Workforce Data for investigative purposes to the smallest possible number of individuals who need access to data to conduct or fulfill a specific action.
6. How and Why We Disclose Information We Collect Outside of Atlassian
Atlassian will disclose your Workforce Data outside of Atlassian and its group of companies for the purposes defined in Section 4, including:
- To administer and manage our relationship with you. We may disclose Workforce Data in order to manage our employment or engagement contract with you, such as sharing with a necessary vendor (as defined below) to process payments owed to you.
- Necessary vendors on our behalf. We will disclose your Workforce Data with third party vendors, such as our payroll provider, Human Resource Information System provider, equity provider, fitness and wellness benefits provider, and health insurance providers. These third party vendors perform necessary duties and functions on our behalf (i.e. enable us to provide and administer our human resources and business functions). These third party vendors are typically only allowed to use your Workforce Data to provide services to Atlassian and cannot use any identifying information for their own independent purposes.
- As required by your role with Atlassian. Atlassian Workers may need to disclose Workforce Data externally for Atlassian’s business operations based on the nature of their role. We will take steps to protect your privacy. For example, if you are in a Customer Support role, only your public name will be used in our Support Help Desk.
- For marketing and advertising. We may disclose your Workforce Data for marketing and advertising our products and services (if we do so, we will inform you). For example, we may use your likeness in our external-facing marketing materials on our websites or social media posts.
- In a sale, merger or transfer. We may disclose your Workforce Data as part of a sale, merger, or transfer of any part of our business. In compliance with applicable law, we will notify you of such transfer of your Workforce Data.
- To mitigate risk. We may disclose your Workforce Data when we believe it is appropriate to protect the rights, property, or safety of Atlassian, our product or services, Atlassian customers or end users, our workforce or the public at large.
- Optional benefits vendors. We may disclose your Workforce Data with third party vendors (e.g., discount portal vendors) who provide optional benefits. The information we share is typically limited to what is required for verification and reporting. Since your participation with these benefits vendors is optional, you will be establishing an independent relationship with them. Use and sharing of Workforce Data in this context is covered by the optional benefit vendor’s contracts, policies, and privacy notices. Be sure to review the privacy notice or policy of any optional benefits vendor when you decide to establish a relationship with them.
- As legally required. We and our group of companies may disclose your Workforce Data with courts, law enforcement agencies, or other government bodies when Atlassian has a good faith belief it is required or permitted to do so under applicable law, including to meet national security or law enforcement requirements, to protect Atlassian or its affiliates, or to respond to a valid court order, subpoena, discovery request, search warrant, or other law enforcement request.
7. How to Exercise Your Rights
If you are a contingent worker, please contact the third party you are working through (e.g., staffing agency, independent company or consulting firm).
Depending on which jurisdiction you live in, you may have certain rights with respect to your Workforce Data. For example, you may have the right to request information about Atlassian's processing of your personal data, to request a copy of your personal data, to object to our use of your personal data, to request the deletion or restriction of your personal data, or to request the correction or update of your personal data. Below, we describe the tools and processes for making these requests.
7.1. Self-service controls
We respect and value your privacy, and strive to surface choice and controls wherever possible. You retain access to certain Necessary Vendors after your employment or engagement ends, and can access, update and delete certain Workforce Data through their self-serve features.
7.2. Limitations
Atlassian processes Workforce Data primarily to operate its business and manage relationships with Atlassian Workers. Therefore, your requests and choices may be limited in certain cases. For example:
- You may have limited control over how we use and disclose your personal data in order to process payments to you
- You won’t be able to delete personal data that is required to manage Atlassian’s relationship with you, that Atlassian is required to retain by applicable law, or that Atlassian has compelling legitimate interests to keep
- We may not be able to fulfill your request if it would reveal personal data about another individual (to protect their privacy)
- Where you have asked us to share data with an optional benefits vendor, you will need to contact that vendor directly to have your information deleted or otherwise restricted
To the extent we use Workforce Data for a purpose not disclosed in this Notice or other relevant internal policy or notice, we will inform you and offer an opportunity for you to withdraw your consent or object to such use.
7.3. Voluntary programs
If you’ve provided Atlassian voluntary consent to participate in an optional program, your Workforce Data will only be used according to the purposes provided in this Notice or the other policy or notice that was surfaced to you when you participated in the optional program. You may withdraw your consent at a later time, although that may not affect any processing that has already taken place.
7.4. Questions
Please email employeeprivacy@atlassian.com if you have any questions or would like to submit a request to access, correct, delete, or restrict your Workforce Data. You may also have your authorized agent make a request on your behalf. Depending on your request, you may be required to provide certain verification, such as confirming you have access to the email we have on file.
If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
8. How Long We Keep Information We Collect
Atlassian will collect, use, process, and retain Workforce Data in accordance with its internal policies and to comply with applicable laws and regulations, resolve disputes, and enforce our agreements. Atlassian will retain your Workforce Data no longer than necessary to carry out the purposes provided in this Notice (or any other applicable notice), and as required or permitted under applicable law.
9. How We Store and Secure Information We Collect
Atlassian is committed to safeguarding your Workforce Data and requires any personnel accessing or using Workforce Data of the Atlassian Workforce to be held accountable and comply with Atlassian’s privacy and security policies and procedures and the Atlassian Code of Business Conduct and Ethics, including specifically as it relates to the Protection and Proper Use of Company Assets. Read about Atlassian’s information security program.
While the broader Atlassian Workforce has access to certain Workforce Data as part of business operations (e.g., internal directory information, work content), access to other Workforce Data (e.g., Sensitive Workforce Data) is typically restricted to select personnel from certain departments who have a need to know. For example, select personnel from Finance may have access to your financial account information, select personnel from the People and IT teams may have access to Sensitive Workforce Data in our Human Resource Information System, and select personnel from IT, Security, and People may have access to your network logs.
Atlassian may notify you in the event of a security or privacy incident in accordance with its incident response procedures and applicable law.
9.1. Vendors
Before we share Workforce Data with necessary vendors, the vendor must be approved through our procurement process. This cross-functional review process requires the vendor’s internal controls and data flow to meet industry best-practices and requirements from various teams, including Security, Risk and Compliance and Privacy.
9.2. Privacy-enhancing measures
When possible and appropriate, Atlassian uses Workforce Data in an anonymized, aggregated and/or de-identified fashion so that an individual cannot be identified. For example, Sensitive Workforce Data will typically only be used at an aggregated and de-identified level. We may also share out anonymized metrics around certain Sensitive Workforce Data (e.g., race) in our external facing Sustainability report. If there is a need to use Workforce Data that identifies you, Atlassian will take measures to protect your privacy, such as establishing sufficient security controls and limiting access to those who have a valid business reason to access it.
10. How We Transfer Information We Collect Internationally
In order to operate as a global company, Atlassian transfers and processes Workforce Data outside your country of residence to other countries where Atlassian, its subsidiaries, affiliates, and its third party vendors operate. For example, our People Operations team is distributed throughout the globe and as a result, we may need to transfer your Workforce Data to where the relevant People Operations team is located in order to manage our employment relationship with you. These countries may have data protection laws that are different from the laws of your country. When Atlassian transfers your Workforce Data to another country, it will ensure that the transfer complies with applicable law.
Atlassian has entered into agreements ensuring appropriate and suitable safeguards with its entities and 3rd party vendors, including entering into the European Commission's Standard Contractual Clauses where appropriate.
11. For EU and UK Based Atlassian Workers: EU – U.S. Privacy Shield Notice
Atlassian has self-certified to and complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S Privacy Shield Framework. You can view Atlassian’s certification here. In the circumstance that the EU-US Privacy Shield has been invalidated as a data transfer mechanism, Atlassian remains committed to honoring its obligations regarding data protection under the Privacy Shield framework.
11.1. Information Collected and Purposes
Please refer to Section 2 and 3 for more information on the types of Personal Data Atlassian collects and for what purpose(s) it is processed.
11.2. 3rd Parties
Atlassian is responsible for the processing of Personal Data it receives and subsequently transfers to a 3rd party acting on Atlassian’s behalf (i.e. necessary vendors). Please refer to Section 4 for more information on how Atlassian discloses Personal Data with third parties.
Atlassian shall enter into contracts to ensure that any third parties to whom Personal Data may be disclosed is aware of and adheres to the EU-U.S. Framework (“Principles”) or is subject to law providing the same level of privacy protection as is required by the Principles and agrees to provide an adequate level of privacy protection. Atlassian shall also, upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing by third parties and agrees to provide a summary or a representative copy of the relevant privacy provisions of its contracts with agents of the Department of Commerce upon request.
The storage by Atlassian of Personal Data on servers and/or on software made available or hosted by third parties shall not be considered disclosures of Personal Data to a third party so long as the third party does not have direct access to the Personal Data stored or hosted. In all events, Atlassian shall ensure by contract that any such third party (a) is aware of the Principles or (b) is subject to laws providing the same level of privacy protection as is required by the Principles or (c) has contractual safeguards in place to protect the Personal Data.
Atlassian may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
11.3. Your Rights and Choices
Please refer to Section 7 for information how to access, correct, or delete your Personal Data. Please note that there may be limitations where (i) the burden or expense of providing access would be disproportionate to the risks to your privacy (ii) requests are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or (iii) the rights of other persons would be violated.
11.4. Questions or Complaints
Please reach out to employeeprivacy@atlassian.com. If you would like to contact the Data Protection Officer for Atlassian GmbH then please note this in your email to employeeprivacy@atlassian.com. If you have a complaint, you may submit it via http://www.atlassian.com/ethics . If you are based in the EEA or UK, please review Section 11 above for more details on raising your concerns regarding Atlassian’s compliance with Privacy Shield Principles.
11.5. Other important Privacy Shield Notices
Atlassian, Inc. and its U.S. subsidiaries participate in and comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and the Privacy Shield Principles regarding the collection, use, and retention of information about you that is transferred from the European Union, the UK, or Switzerland (as applicable) to the U.S. We ensure that the Privacy Shield Principles apply to all information about you that is subject to this privacy policy and is received from the European Union, the European Economic Area, the UK, and Switzerland.
Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, we are responsible for the processing of information about you we receive from the EU, the UK, and Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
12. What If I Have a Question or Complaint?
If you have a question about this Workplace Privacy Notice or Atlassian’s privacy practices, please reach out to employeeprivacy@atlassian.com. If you would like to contact the Data Protection Officer for Atlassian GmbH then please note this in your email to employeeprivacy@atlassian.com. If you have a complaint, you may submit it via http://www.atlassian.com/ethics . If you are based in the EEA or UK, please review Section 11 above for more details on raising your concerns regarding Atlassian’s compliance with Privacy Shield Principles.
13. Additional Disclosures for California Residents
The disclosures in this section apply only to California residents and are intended to supplement this policy with information required by California law.
The table below describes the categories of personal information we collected in the past 12 months, the purposes for which we may collect and disclose this information, and the categories of recipients of disclosures made for business purposes in the past 12 months. Atlassian does not sell any personal information or share it for cross-context behavioral advertising, including of consumers under 16 years of age. Atlassian has not disclosed your personal information to a third party for a business purpose in the preceding 12 months.
If you have questions about the categories of information we may collect about you or the sources of such information, please be sure to visit the section of this notice called, “2. Information We Collect.” For more details about the purposes we collect information for, please visit the section called, “4. How We Use Workforce Related Information.” For more information about how we may disclose information to parties outside of Atlassian, please visit the section called, “6. How and Why We Disclose Information We Collect Outside of Atlassian.”
Category of Information | Purpose(s) for Collecting & Disclosing | Recipients of Disclosures for Business Purposes | Recipients of “Sales” or “Sharing” |
---|---|---|---|
Identifiers, such as full name, home address, telephone or mobile number, email address or online identifier, profile and avatar information and onsite badge information | Purpose(s) for Collecting & Disclosing All processing purposes described in “4. How We Use Workforce Related Information” | Recipients of Disclosures for Business Purposes Necessary vendors on our behalf or optional benefits vendors, as described in “6. How and Why We Disclose Information We Collect Outside of Atlassian.” | Recipients of “Sales” or “Sharing” N/A |
Commercial information, such as your bank account and portion of your credit or debit card number, for payroll, expenses, and related purposes | Purpose(s) for Collecting & Disclosing To administer and manage the Atlassian Workforce, as described in “4. How We Use Workforce Related Information” | Recipients of Disclosures for Business Purposes Necessary vendors on our behalf or optional benefits vendors, as described in “6. How and Why We Disclose Information We Collect Outside of Atlassian.” | Recipients of “Sales” or “Sharing” N/A |
Internet or other electronic network activity information, such as cookie information, traffic data or profiles, and information related to your access and use of Atlassian devices, tools, systems, networks, and other resources | Purpose(s) for Collecting & Disclosing To support Atlassian’s business operations, to improve Atlassian products and services, to mitigate risk, to protect Atlassian’s interests, or to comply with legal requirements, as described in “4. How We Use Workforce Related Information” | Recipients of Disclosures for Business Purposes Necessary vendors on our behalf, as described in “6. How and Why We Disclose Information We Collect Outside of Atlassian.” | Recipients of “Sales” or “Sharing” N/A |
Visual information, such as your likeness (e.g., photos) | Purpose(s) for Collecting & Disclosing To support Atlassian’s business operations, to market and advertise, or for other purposes with your consent, as described in “4. How We Use Workforce Related Information” | Recipients of Disclosures for Business Purposes Necessary vendors on our behalf, as described in “6. How and Why We Disclose Information We Collect Outside of Atlassian.” | Recipients of “Sales” or “Sharing” N/A |
Professional or employment information, such as your educational information, employment contract, offer letter, work location, hire date, termination date, mandatory performance reviews and disciplinary records, sick time, and vacation/holiday records | Purpose(s) for Collecting & Disclosing To administer and manage the Atlassian Workforce, To support Atlassian’s business operations, to mitigate risk, to protect Atlassian’s interests, to comply with legal requirements, or for other purposes with your consent, as described in “4. How We Use Workforce Related Information” | Recipients of Disclosures for Business Purposes Necessary vendors on our behalf, as described in “6. How and Why We Disclose Information We Collect Outside of Atlassian.” | Recipients of “Sales” or “Sharing” N/A |
Geolocation data, such as your approximate location | Purpose(s) for Collecting & Disclosing N/A | Recipients of Disclosures for Business Purposes N/A | Recipients of “Sales” or “Sharing” N/A |
Inferences (drawn about you based on other personal information we collect), such as preferences, interests, user behavior data | Purpose(s) for Collecting & Disclosing To support Atlassian’s business operations, to administer and manage the Atlassian Workforce, to improve Atlassian products and services, to offer products and services, to mitigate risk, to protect Atlassian’s interests, to comply with legal requirements, or for other purposes with your consent, as described in “4. How We Use Workforce Related Information” | Recipients of Disclosures for Business Purposes Necessary vendors on our behalf, as described in “6. How and Why We Disclose Information We Collect Outside of Atlassian.” | Recipients of “Sales” or “Sharing” N/A |
Sensitive personal information, such as government IDs, race/ethnicity, sexual orientation, health data, precise geolocation, and login credentials and passwords | Purpose(s) for Collecting & Disclosing We do not use sensitive personal information for purposes other than permitted under California law.Government IDs: To administer and manage the Atlassian Workforce and to support Atlassian’s business operations, as described in “4. How We Use Workforce Related Information”Race/ethnicity, sexual orientation, health data: To comply with legal requirements or for other purposes with your consent, as described in “4. How We Use Workforce Related Information”Login credentials and passwords: For purposes described in our internal policies. | Recipients of Disclosures for Business Purposes We do not disclose sensitive personal information for purposes other than permitted under California law.Necessary vendors on our behalf or government bodies (if legally required) as described in “6. How and Why We Disclose Information We Collect Outside of Atlassian.” | Recipients of “Sales” or “Sharing” N/A |
De-identified data: We may de-identify personal information so that it cannot be used to identify you and is no longer considered personal information under California law. For example, we may de-identify certain data so that we can share it more widely in reports. If so, we will maintain and use that data only in de-identified form and will not attempt to re-identify the data.
Retention: We retain your personal information for as long as necessary to carry out the business purposes described in this policy, or as otherwise required under law. The length of retention may vary depending upon factors such as record keeping or legal compliance requirements, the need to resolve inquiries or complaints, and the existence of an ongoing relationship with you. Please visit the “9. How We Store and Secure Information We Collect” section of this notice for more information.
Exercising your rights: If you are a California resident, there are some additional rights that may be available to you under the California Consumer Protection Act (“CCPA”), including:
- The right to request information about how we process your personal information
- The right to request deletion of personal information we hold about you
- The right to request that we correct inaccurate information
- The right to request access to the specific pieces of personal information we have collected about you
- The right to request that we limit the use of your sensitive personal information (as Atlassian does not use sensitive personal information for purposes other than permitted under California law, this right does not apply in the employment context).
If you have any questions or would like to exercise your rights under the CCPA, you can reach out to us at employeeprivacy@atlassian.com.
In order to protect your information from unauthorized access or deletion, we may require you to provide additional information to verify your identity. If we cannot verify your identity, we will not be able to fulfill your requests to know, access, correct, or delete your information.
You will not be discriminated against for exercising any of your privacy rights under the CCPA.
Authorized agent: You may authorize an agent to exercise your rights on your behalf. Your authorized agent may make a request on your behalf by reaching out to employeeprivacy@atlassian.com . When your authorized agent makes a request on your behalf, we may require you to directly confirm the following with us:
- Your identity
- That you have provided the authorized agent permission to submit the request
14. Which Atlassian Entity is Responsible for My Information?
If you are a former contingent worker, please contact the 3rd party you are working through (e.g., staffing agency, independent company or consulting firm).
Depending on your location during your employment, a different Atlassian entity is primarily responsible for controlling and managing your information. The following entity is your "Data Controller" for purposes of this Notice:
If you are based, or work in: | Your Data Controller is: |
---|---|
Australia | Your Data Controller is: Atlassian Pty Ltd |
Brazil | Your Data Controller is: e-Core (Atlassian service provider) |
Canada | Your Data Controller is: Atlassian Canada Inc. |
France | Your Data Controller is: Atlassian France |
Germany | Your Data Controller is: Atlassian Germany GmbH |
India | Your Data Controller is: Atlassian India LLP |
Japan | Your Data Controller is: Atlassian K.K. |
New Zealand | Your Data Controller is: Atlassian New Zealand |
Philippines | Your Data Controller is: Atlassian Philippines, Inc. |
Poland | Your Data Controller is: Atlassian Poland Sp. z o.o. |
The Netherlands | Your Data Controller is: The Netherlands |
Turkey | Your Data Controller is: OpsGenie A.Ş. |
United Kingdom | Your Data Controller is: Atlassian (UK) Operations Limited |
United States | Your Data Controller is: Atlassian US, Inc. |
Stay informed
Subscribe to receive notifications from us about updates to our legal terms (including our legal policies) and our list of sub-processors.