GDPR Compliance Summary

Effective Date: 28.07.2025

At Tegrilu SRL, we are committed to protecting your personal data and ensuring transparency in how we collect, use, and process it. This page outlines how our Jira plugin and related services comply with the General Data Protection Regulation (GDPR – Regulation EU 2016/679).

1. What Is GDPR?

GDPR is a European Union regulation that governs the collection, processing, and storage of personal data belonging to individuals in the EU/EEA. It gives users greater control over their personal information and imposes strict obligations on organizations that handle such data.

2. Our Role

In the context of our Jira plugin, we act as a:

  • Data Processor – when we process Jira-related personal data on behalf of our customers (the Data Controllers);
  • Data Controller – for limited customer account data (e.g., email, billing info) used to administer your account.

3. What Personal Data We Process

Depending on your use of the plugin, we may process:

  • Names, usernames, and email addresses of Jira users
  • Jira issue metadata (e.g., assignees, reporters, timestamps)
  • Account info and usage logs

4. Lawful Basis for Processing

We rely on the following legal bases:

  • Contractual necessity – to provide and support the plugin;
  • Legitimate interest – to improve performance and prevent abuse;
  • Consent – for optional features and analytics (where required).

5. Data Subject Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion (right to be forgotten)
  • Restrict or object to processing
  • Receive a copy of your data (data portability)
  • Lodge a complaint with a Data Protection Authority

To exercise your rights, contact us at privacy@example.com.

6. Data Retention

We only retain personal data for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations.

7. Security Measures

We use industry-standard security practices to protect your data, including:

  • Encryption in transit and at rest
  • Access controls and role-based permissions
  • Regular backups and audit logging

For more details, see our Security Policy.

8. International Data Transfers

If we transfer data outside the EU/EEA (e.g., to US-based subprocessors), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

9. Subprocessors

We use trusted third-party subprocessors to help us provide our services. All subprocessors are bound by data protection agreements. View our full Subprocessor List.

10. Data Processing Agreement (DPA)

We offer a pre-signed DPA that meets GDPR Article 28 requirements. If you need a signed copy, please contact us at privacy@example.com.

11. Contact Us

If you have any questions about our GDPR compliance or how we handle your data, contact our Data Protection Officer:
📧 contact@aperta.red