Privacy Policy
Easy Agile Pty Limited ACN 605 474 977 (Easy Agile, us, we, our) takes your privacy seriously and is committed to responsible privacy practices.
Please read the following privacy policy (Privacy Policy) to understand how we collect, use, disclose, store, handle and protect your Personal Information. We hope that this will help you make an informed decision about sharing Personal Information with us. As well as applying to our interactions with you, this Privacy Policy also applies to all information collected through this website https://www.easyagile.com/ and any and all other websites, platforms and/or apps operated by us.
This Privacy Policy sits alongside our terms of our Subscription Agreement (Subscription Agreement).
1. Acknowledgment
By using our Products, you acknowledge that you have reviewed the terms of our Subscription Agreement and this Privacy Policy, have the authority to act on behalf of any person for whom you are using the Products, and agree that we may collect, use and transfer your Data in accordance with this Privacy Policy. It is the responsibility of the Customer to determine if the Privacy Policy is consistent with its own treatment of end user data. If you are using our Products on behalf of a company, then you acknowledge that you are binding your company to this Privacy Policy. If you do not agree with the terms of our Subscription Agreement or this Privacy Policy, please do not access or use our Products or services or interact with any other aspect of our business.
2. Definitions
- Easy Agile means Easy Agile Pty Limited ACN 605 474 977. The terms “we”, “us” and “our” when used in this Privacy Policy are a reference to Easy Agile;
- Customer means a Customer of Easy Agile. The terms “you”, “your” and “yours” when used in this Privacy Policy are a reference to the Customer;
- Data means Personal Information and User Data;
- Data Controller has the meaning given in Article 4(7) of the GPDR, that is, a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of Personal Information, where the purposes and means of processing are determined by EU or Member State laws, and for the purposes of this Privacy Policy, includes Australian Privacy Principle (APP) entities as defined by the Privacy Act;
- Data Processor has the meaning given in Article 4(8) of the GDPR, that is, a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, and for the purposes of this Privacy Policy, includes APP entities as defined by the Privacy Act;
- Data Subject has the meaning given in Article 4(1) of the GDPR, that is, a natural person who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, an online identifier, or to one more factors specific to the identity of that natural person;
- GDPR means the European Union General Data Protection Regulation (EU) 2016/679;
- Law means all relevant legal and regulatory requirements applicable to you or us (including, for the avoidance of doubt, the Australian Privacy Act 1988 (Cth) and Australian Privacy Principles, and the GDPR);
- Personal Data has the meaning given in Article 4(1) GDPR, that is, any information relating to a Data Subject;
- Personal Information has the meaning given to it by the Privacy Act, that is, information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not, and for the purposes of this Privacy Policy, is deemed to have a corresponding meaning as given by applicable privacy laws (including but not limited to the GDPR), as applicable;
- Privacy Act means the Australian Privacy Act 1988 (Cth);
- Products means all websites, platforms, apps and software operated, owned, developed and sold by us;
- Subprocessor means any processor engaged by us or by any other Subprocessor who agrees to receive from us or from any other Subprocessor, Personal Information exclusively intended for processing activities to be carried out on behalf of you after the transfer in accordance with your instructions, the terms of our Subscription Agreement and this Privacy Policy;
- Supervisory Authority means the authority with the primary responsibility for dealing with the relevant data processing activity; and
- User Data means all information collected from our Customers that is not Personal Information.
3. What types of Data do we collect?
Easy Agile collects both User Data and Personal Information.
Some types of Personal Information are classified as 'sensitive information', which are subject to additional protection under the Privacy Act.
The types of Personal Information we collect about you will depend on the purpose for which the Personal Information is collected. This can include:
- in the case of Customers procuring our Products – your name, billing or shipping address, email address, telephone number(s), and your order details;
- in the case of Customers using our Products – location data including the precise or approximate location information from Customer's mobile devices when our applications are running in the foreground (app open and on-screen) or background (app open but not on-screen) and transaction information relating to the use of our applications);
- in the case of Customers using our Products – usage data on how Customers interact with our applications, including access dates and times, app features or pages viewed, browser type, app crashes and other system activity;
- in the case of Customers using our Products – device data on how Customers interact with our Products, including hardware models, device IP address or other unique device identifiers, operating systems and versions, software, advertising identifiers, device motion data and mobile network data;
- if you have requested to receive news about exclusive offers, promotions, or events from us – your name, mailing or street address, email address, and telephone number(s);
- if you have contacted us to make a complaint, provide feedback, submit an enquiry, request a call-back – your name, mailing or street address, email address, and telephone number(s);
- in the case of prospective employees or contractors – information contained in your application or résumé, recorded during any interview, or obtained through any pre-employment checks, and government-issued identifiers such as tax file numbers; and
- in the case of our suppliers and distributors – your name, mailing or street address, email address, and telephone number(s).
Sensitive information may include information about your racial origin and health information. Generally, we will not collect sensitive information about you.
We do not, and will not, collect Personal Information on individuals under the age of 18 (a minor) and you should refrain from providing any such information to us. If you do provide us with Personal Information on a minor, either deliberately or accidentally, we will immediately remove and destroy this from our systems.
We also collect User Data that is technical information and general analytics, such as web browser type and browsing preferences, Internet service provider, referring/exit pages, date/time stamps, IP address, time zone and geolocation data (if applicable), some of which is collected automatically, arising from your use of our website and/or Products, as well as information about your usage of our website and/or Products when browsing (see: "How do we collect Data" below).
4. How do we collect Data?
We collect Data, including your Personal Information, directly from you, including when you:
- access or use our website;
- subscribe to or purchase our Products;
- use our Products;
- sign up to receive news and exclusive offers, promotions, or events;
- enter surveys, competitions, promotions or requesting information or material from us;
- make inquiries about us or our Products or otherwise communicate with us by email, by telephone, in person, via a website or otherwise; and
- apply to work with us or are engaged by us as a contractor.
Where it is reasonable and practicable to do so, we will only collect Personal Information about you from you directly and not from third parties.
In limited circumstances, we may collect Personal Information about you from e.g. publicly available sources (such as the internet) and from third parties (such as mutual contacts, or if someone makes a purchase on your behalf, or your referees provided during the recruitment process if you apply for a job with us). We may also collect Personal Information through third parties such as Atlassian, our service providers or through promotional and marketing activities.
Whilst we will always maintain robust privacy practices, we are not responsible for the privacy practices of third parties, including Atlassian, service providers, suppliers or subprocessors, so you should review their relevant privacy policy to satisfy yourself as to how they protect and handle your Personal Information.
We also use the following technologies to collect technical information and general analytics:
- cookies, which are data files that are placed on your device and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org;
- log files, which track actions occurring on our website; and
- tags and pixels, which are electronic files used to record information about how you browse our website.
You may disable your web browser from accepting cookies and other tracking technologies used to collect technical information and general analytics on you when browsing our website. If you do so, you can still access our website, but it may impact your user experience.
In addition to our cookies, certain third parties may deliver cookies to your device for a variety of reasons. For example, we sometimes use various web analytics tools that help us understand how visitors engage with our website. Any third party links or advertising on our website may also use cookies; you may receive these cookies by clicking on the link to the third party site or advertising. We do not control the collection or use of information by these third parties, and these third party cookies are not subject to this Privacy Policy. You should contact these companies directly if you have any questions about their collection and/or use of information. When linking to any other site, you should always check the relevant website's privacy policy before providing any Personal Information.
5. Can you choose not to disclose your Personal Information?
If you contact us to make a general enquiry about us or our business, you do not have to identify yourself or provide any Personal Information. Alternatively, you can also notify us that you wish to deal with us using a pseudonym.
If we cannot collect Personal Information about you or if you use a pseudonym, we may not be able to provide you with the information or assistance you require. For example, we will not be able to send you information you have requested if you have not provided us with a valid email address or telephone number.
6. How do we use Data?
We use Data, including your Personal Information, for purposes collected including managing our business and providing our Products to you, including to:
- provide our Products to our Customers or to receive goods or services from third parties;
- enable the proper operation and functionality of our Products;
- verify your identity (for example, if you request access to the Personal Information we hold about you);
- consider you for a job at Easy Agile (whether as an employee or contractor) or other relationships with us;
- update you on new Product versions;
- communicate with you, and to address any issues or complaints that we or you may have regarding our relationship and our Products;
- prevent, detect and investigate suspicious, fraudulent, criminal or other activity that may cause you, us or others harm, including in relation to our Products;
- comply with our legal obligations such as notifying you of matters that we may be required by law to do so;
- identify opportunities to improve our Products and to improve our service to you;
- gain insights about you so that we can serve you better, understand your preferences and interests, personalise your experience and/or enhance Products you are offered and receive;
- for direct marketing purposes (see "Direct Marketing Communications" below); and
- contact you regarding any of the above, including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner.
We may also use or disclose your Personal Information for our administrative, marketing (including direct marketing), planning, product or service development, quality control, survey and research purposes and for other purposes to which you have consented, or as otherwise permitted or required by Law.
If you submit unsolicited User Data, we will use it in accordance with the Privacy Policy. If you submit unsolicited Personal Information and we determine that we could not have collected the Personal Information in accordance with the Privacy Policy, we will destroy the information or ensure that the information is de-identified as soon as practicable. Otherwise, the Personal Information will be used in accordance with this Privacy Policy.
Technical information relating to your device, system, and use of the Product(s), is gathered periodically to facilitate the provision of software updates, gauging of usage patterns, product support, and sending you technical notices, updates, security alerts, and support and administrative messages. We may use this technical data and related information to the extent necessary to provide you with support, or communications to improve our Products or to provide services or technology to you.
7. Direct marketing communications
We will only send you direct marketing communications (either through mail, SMS or email), including services, features, surveys, newsletters, offers, promotions or providing you other news or information about us and our select partners, where you have consented to do so.
You may opt out of receiving direct marketing communications at any time by contacting us.
8. To whom do we disclose Data?
We may disclose Data, including your Personal Information, to third parties in connection with the purposes described above (see the "How do we use Data?" section).
This may include disclosing Data to the following types of third parties:
- our related companies;
- any potential third party acquirer of our business or assets, and advisors to that third party (as such Data may be part of our business or the transferred assets);
- our professional advisers (such as lawyers, accountants or auditors) and insurers;
- our employees, contractors and third party service providers who assist us in performing our functions and activities e.g. payment systems operators and financial institutions, cloud service providers, data storage providers, shipping companies, telecommunications providers and IT support services providers;
- organisations authorised by us to conduct promotional, research or marketing activities;
- third parties to whom you have authorised us to disclose your information (e.g. referees); and
- any other person as required or permitted by law to comply with legal obligations, to protect and defend the rights or property of the Easy Agile or to protect us against legal liability.
We work with Atlassian on certain business-related functions of our Products, such as the processing of payments. Atlassian has its own privacy policy, which you can find here https://www.atlassian.com/legal/privacy-policy.
We also use third party service providers to provide us with web analytics services. You can read more about how each service provider uses your Personal Information here.
If we disclose your Personal Information to third parties we will use reasonable commercial efforts to ensure that such third parties only use your Personal Information as reasonably required for the purpose of disclosure and in a manner consistent with applicable laws, for example (where commercially practical) by including suitable privacy and confidentiality clauses in our agreement with a third party service provider to which we disclose your Personal Information.
9. Subprocessing
Some of our obligations under this Privacy Policy and Subscription Agreement may be performed by Subprocessors. A Subprocessor will only be granted access to Data where:
- such access is for purposes consistent with this Privacy Policy; and
- the Subprocessor agrees to be bound by this Privacy Policy.
When we work with Subprocessors, we seek to provide the Subprocessor with only the Data the Subprocessor needs to perform its specific functions.
10. Cross-border transfer of Data
If you are using our Products in a country other than the United States, your use of the Products will result in the transfer of Data, including your Personal Information, across international boundaries.
We may disclose your Personal Information to overseas recipients, such as to resellers and service providers located overseas, in order to provide you with our Products and to obtain services connected with our business. Your Personal Information will likely be processed and stored by third party service providers located in the United States, Australia and countries within the European Union.
You acknowledge and agree that your Personal Information may be transferred from your current location to the offices and servers of Easy Agile and Subprocessors located primarily in Australia, the United States and countries within the European Union.
Cross-border transfers from Australia (Australian Customers)
Countries which are members of the European Union have data protection laws which protect Personal Information in a way which is at least substantially similar to the Privacy Act and the Australian Privacy Principles, and there will be mechanisms available to you to enforce protection of your Personal Information under those data protection laws. In these circumstances, we do not require the overseas recipients to comply with the Privacy Act and the Australian Privacy Principles and we will not be liable for a breach of the Privacy Act or the Australian Privacy Principles if your Personal Information is mishandled by overseas recipients.
For transfers of your Personal Information to the United States, you acknowledge that certain locations within the United States do not have data protection laws as comprehensive as Australia's, and we will accordingly take commercially reasonable steps to secure a contractual commitment from the recipient to handle your information in accordance with the Privacy Act and the Australian Privacy Principles. However, by consenting to us transferring your Personal Information to the United States in the knowledge that if your Personal Information is mishandled in that jurisdiction, we disclaim responsibility and you will not have a remedy under the Privacy Act.
Cross-border transfers outside of the European Economic Area or UK (EU/UK Customers)
Easy Agile may transfer your Personal Data to countries outside of the EEA or the UK including to such countries in which a statutory level of data protection applies that is not comparable to the level of data protection within the EEA or UK.
Whenever such transfer occurs, we will based the transfer on the European Commission Implementing Decision (EU) 2021/915 of June 4, 2021 on standard contractual clauses (EU Standard Contractual Clauses) and, as applicable, the UK International Data Transfer Addendum to the EU Standard Contractual Clauses (UK Addendum) in order to contractually provide that your Personal Data is subject to a level of data protection that applies within the EEA and UK. You may obtain a redacted copy (from which commercial information and information that is not relevant has been removed) of such Standard Contractual Clauses by sending a request to security@easyagile.com.
11. How do we protect your Data?
We implement reasonable measures to protect and safeguard your Data, including your Personal Information, from misuse, loss, theft and unauthorised access, modification or disclosure.
For information about the measures we take to protect and safeguard your Data, please refer to our Trust Report and Trust Center.
Where there has been a security breach, data leakage or Personal Information is lost, destroyed or becomes damaged, corrupted or unusable, we will notify you as soon as reasonably practicable. However, particularly for electronic data stores and due to the fact that the Internet is inherently insecure, we cannot guarantee the security of transmission of Personal Information disclosed to us online. Accordingly, you transmit your Personal Information to us online at your own risk and are encouraged to exercise care in sending Personal Information via the internet. Please notify us immediately if you know or reasonably suspect that your Personal Information has been subject to any data breach, breach of security or other unauthorised activity.
To the maximum extent permitted by applicable Law, we exclude all liability (including in negligence) for the consequences of any unauthorised access to, modification of, disclosure of, misuse of or loss or corruption of any Personal Information. Nothing in this Privacy Policy restricts, excludes or modifies or purports to restrict, exclude or modify any statutory consumer rights under any applicable law, including the Australian Competition and Consumer Act 2010 (Cth), or any liability which cannot be excluded due to the operation of applicable Laws.
12. How long do we keep your Personal Information?
Generally, we will retain your Personal Information for the period necessary for the purposes for which your Personal Information was collected (as outlined in this Privacy Policy) unless a longer retention period is required by law or if it is reasonably necessary for us to comply with our legal obligations, resolve a dispute or maintain security.
13. What are your rights in relation to your Personal Information?
You may request access to any Personal Information we hold about you at any time by contacting us at support@easyagile.com. We will provide access to that information in accordance with the Privacy Act, subject to any exemptions that may apply.
If you believe that Personal Information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it by contacting us at support@easyagile.com. Where we agree that the information needs to be corrected, we will update it. If we do not agree, you can request that we make a record of your correction request with the relevant information.
You can also ask us to notify any third parties that we provided incorrect information to about the correction. We’ll try and help where we can – if we can’t, then we’ll let you know.
To guard against fraudulent requests, we will require information to confirm your identity before granting access or making corrections. We may decline to provide you with access to your Personal Information including where we determine that the information requested:
- may disclose the Personal Information of another individual or trade secrets or other business confidential information;
- is subject to legal professional privilege;
- is not readily retrievable and the burden or cost of providing the information would be disproportionate to the nature or value of the information;
- does not exist, is not held, or cannot be located by us;
- would pose a serious threat to the life, health or safety of any individual, or to public health or safety if it were accessed; or
- is not permitted by Law to be accessed.
For EU/UK Customers:
Data Subjects have to the following rights under the GDPR:
- right to access – You have the right to request Easy Agile for copies of your Personal Data;
- right to rectification – You have the right to request that Easy Agile correct any information you believe is inaccurate. You also have the right to request Easy Agile to complete the information you believe is incomplete;
- right to erasure – You have the right to request that Easy Agile erase your Personal Data, under certain conditions;
- right to restrict processing – You have the right to request that Easy Agile restrict the processing of your Personal Data, under certain conditions;
- right to object to processing – You have the right to object to Easy Agile’s processing of your Personal Data, under certain conditions; and
- right to data portability – You have the right to request that Easy Agile transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at support@easyagile.com.
14. Questions or complaints?
If you have any questions, concerns or complaints about our collection, use, disclosure or management of your Personal Information, please contact us at:
Data Protection Officer
Nicholas Muldoon
Email: nick@easyagile.com
Phone: +61 447 541 202
If you no longer wish to receive communications from us, please unsubscribe by contacting us.
We are committed to resolving any complaints reasonably and to ensuring that we are doing the right thing by our customers. We will make all reasonable inquiries and your complaint will be assessed with the aim of resolving any issue in a timely and efficient manner.
If you have raised a complaint with us and you are unsatisfied with the outcome or have further concerns about the way we handle your Personal Information, you may complain to the Supervisory Authority.
For Australian Customers, the Supervisory Authority is the Office of the Australian Information Commissioner, whose contact details are set out below:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001 Australia
Phone: 1300 363 992
Online: www.oaic.gov.au
Email: enquiries@oaic.gov.au
For European Customers, the Supervisory Authority is the relevant data protection authority in your European Member State.
For UK Customers, the Supervisory Authority is the Information Commissioner's Office, whose contact details are set out below:
UK Information Commissioner's Office
Water Lane, Wycliffe House Wilmslow
Cheshire SK9 5AF UNITED KINGDOM
Phone: +44 1625 545 700
Online: ico.org.uk
Email: icocasework@ico.org.uk
For US Customers, please contact the data protection authority of your State.
Last updated: 15 June 2023