Data Privacy

Portfolio++™ PRIVACY STATEMENT

1. Introduction

Keeping your data safe and protected is very important for us.

The services offered by iTrellis LLC through its Portfolio++™ software products require processing of personal data. We ask you to take a moment to carefully read how we are storing and processing your data. Installation and Use of our software constitutes acknowledgement of and consent to the following terms.

2. Portfolio++™ Software Products

The Portfolio++™ software products help teams plan projects by providing an overview of project information that is stored in their Azure DevOps Organizations. As such, the Portfolio++™ software is integrated into the host system Azure DevOps. By nature, this requires storing and processing personal data.

The Portfolio++™ software products for Azure DevOps Services (in the ‘cloud’, also referred to as “Portfolio++™”, “extension”, “Software as a Service” or “SaaS”, including but not limited to "Portfolio++™" and "Portfolio+ Pro™", collectively referred to herein as our "Product") is an extension to the application lifecycle management environment “Microsoft Azure DevOps Services” (also referred to as the “host system”, “Azure DevOps” or “host”) and is offered as Software as a Service (“SaaS”).

3. Data Controller

For data collected by iTrellis LLC, the data controller for the purposes of the General Data Protection Regulation (GDPR) and other provisions related to data protection is:

Chris Johnson, chris@iTrellis.com

4. Data We Collect

Data Used to Provide Product Functionality

Our Product extends the host system with the capability to summarize, reformat, and browse project planning and key performance indicator data from throughout an Azure DevOps organization. To operate, the Product queries information stored within your Azure DevOps organization, reformats that information, and presents it. As such, the Product does not make or store a separate copy of your data, but instead relies on the data as already stored in your Azure DevOps organization. To this extent, iTrellis LLC. is a Processor or sub-Processor of this information. iTrellis LLC. does not share this information with third parties. Processing of this information is required to provide the functionality of the Product.

Data Used to Improve Product Functionality

The key performance indicator data collected and stored within your Azure DevOps organization includes information representing usage patterns of the Product. iTrellis LLC is a Processor or sub-Processor of this usage information and uses this information to improve its products. iTrellis LLC does not share this information with third parties.

Please find out more about the privacy statement from Microsoft, which governs information stored in your Azure DevOps organization, by following this link:

https://privacy.microsoft.com/en-us/privacystatement

4.1. Data Used for Billing – Portfolio++ Pro™

iTrellis LLC may process Personal Data from you in the course of our business, including but not limited to during the course of accepting payments for Subscriptions. The information that we process includes, in respect of individual end-users ("you"): (i) basic information, such as your name (including name prefix or title), (ii) contact information, such as your postal address, email address and phone number(s); (iii) financial information, such as payment-related information; (iv) technical and browser related information; (v) identification, location and background information provided by you; (vi) your Microsoft unique identifier, the number of years you have had a Microsoft license, and (vii) any other information relating to you which you may provide to us. Any Personal Data that we collect from you for these purposes is hereinafter referred to together as “Your Data”). iTrellis LLC is a Controller with respect to Your Data. Other than as necessary for billing, iTrellis LLC does not share any of Your Data with third parties.

If you are aged 18 or under, please get your parent/guardian’s permission before you provide Your Data to us.

4.2. Data Used for Communications

iTrellis LLC may collect Personal Data from you in order to communicate regarding our current and future product offerings, including but not limited to sending you electronic newsletters, product notifications, and updates. The information that iTrellis LLC. may collect and process for these purposes includes the information described in Section 4. iTrellis LLC is a Controller in respect of this communication data.

iTrellis LLC does not share this data for use by third parties, but may transmit this data to a third-party as a Processor or sub-Processor, such as the HubSpot customer relationship management platform, to process the data on behalf of iTrellis LLC.

5. COOKIES AND IP ADDRESSES

5.1 We collect IP addresses from visitors to our web site and users who access the Product (an IP address is a number that can uniquely identify a specific computer or other network device on the internet). This allows us to identify the location of users, and we analyze this data for trend and statistics reasons, which helps with the prioritization of future work. This allows us to identify the location of users, to block disruptive use and to establish the number of visits from different countries. We analyze this data for trend and statistics reasons, such as which parts of our web site and products users are visiting and how long they spend there.

5.2. A cookie is a small text file that is placed on your device by a web server which enables a website and/or mobile app to recognize repeat users, facilitate the user’s ongoing access to and use of a website and/or mobile app and allows the website and/or mobile app to track usage behavior and compile aggregate data that will allow content improvements and targeted advertising. We collate information in relation to our Products which is represented in aggregate format through cookies. They help us to improve our Products and to deliver many of the functions that make your browser experience more user-friendly, including providing you with personalized content and relevant advertising in respect of our goods/services.

5.3. By using our Product and accepting the terms of this Privacy Policy you acknowledge our legitimate interest to use cookies as described in this Privacy Policy (i.e. you are agreeing to the placement of cookies on your device unless you specifically choose not to receive cookies). You may be reminded of the use of cookies by our Products by way of a ‘pop-up’ or similar function from time to time.

5.4. The ‘Help Menu’ on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. You can also disable or delete similar data used by browser add-ons, such as flash cookies (HTML5 local storage), by changing the add-on’s settings or visiting the website of its manufacturer.

5.5. For more information about cookies and managing them including how to turn them off, please visit www.cookiecentral.com. However, because cookies may be needed to allow you to take advantage of some of our Product’s essential features, we recommend you leave them turned on as otherwise you may not be able to fully experience the interactive features of our Products or other related websites which you visit.

5.6. We may use third parties such as Google Analytics to collect user information, including through the use of cookies (flash and non-flash) and web beacons. They help us to improve our Products and to deliver many of the functions that make your browser experience more user friendly.

5.7. You should also be aware that there are cookies which are found in other companies’ internet tools which we may use to enhance our Products. You may see ‘social buttons’ during your use of our Products, including but not limited to LinkedIn, Twitter and Facebook, which enable you to share or bookmark certain web pages. These Platforms have their own cookies, which are controlled by them.

6. CONTACT

6.1. We may contact you:

6.1.1. for administration reasons related to our Products, e.g. activity or online content has been suspended for maintenance, or in response to a question that you ask us;

6.1.2. to provide you with information about our current Products, activities or online content, including sending e-newsletters or similar correspondence and updates or responding to any contact you have made with us, e.g. through use of our Products, by email, or via a contact form on our Web Site;

6.1.3. to provide you with information about future Products of which you are not currently a user; and/or

6.1.4. to invite you to participate in surveys about our products and services (participation is always voluntary).

6.2. You can change your stated interests in respect of whether or not you wish to receive direct marketing from us by clicking ‘unsubscribe’ on any direct marketing electronic communication which you receive from us.

7. WHAT RIGHTS DO YOU HAVE

7.1. As a Data Subject, you have the following rights under Data Protection Legislation and we, as Controller in respect of Your Data, will comply with such rights in respect of Your Data:

7.1.1 the right of access to Your Data relating to you;

7.1.2 the right to correct any mistakes in Your Data;

7.1.3 the right to ask us to stop contacting you with direct marketing;

7.1.4 rights in relation to automated decision taking;

7.1.5 the right to restrict or prevent Your Data being processed;

7.1.6 the right to have Your Data ported to another Controller;

7.1.7 the right to erasure; and

7.1.8 the right to complain to the DPC if you believe we have not handled Your Data in accordance with Data Protection Legislation.

7.2 If you have any comments, concerns or complaints about our use of Your Data, please contact us (see ‘HOW TO CONTACT US’ below). We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex or cumbersome, in which case we will respond within three months (we will inform you within the first month if it will take longer than one month for us to respond). Where a response is required from us within a particular time period pursuant to Data Protection Legislation, we will respond within that time period.

7.3 Rights in relation to automated decisions

7.3.1 Profiling may occur in relation to Your Data for the purposes of targeted advertising and de-targeting you from specified advertising. This allows us to tailor our advertising to the appropriate customers and helps to minimize the risk of you receiving unwanted advertising.

7.3.2 You may ask us to ensure that, if we are evaluating you, we don’t base any decisions solely on an automated process and have any decision reviewed by a member of staff. These rights will not apply in all circumstances, for example where the decision is (i) authorized or required by law, (ii) necessary for the performance of a contract between you and us, or (ii) is based on your explicit consent.

7.4 Right to restrict or prevent processing of Your Data

7.4.1 In accordance with Data Processing Legislation, you may request that we stop processing Your Data temporarily if:
- you do not think that Your Data is accurate;
- we no longer need Your Data for our processing; or
- you have objected to processing because you believe that your interests should override the basis upon which we process Your Data.

7.5 Right to data portability (if applicable)

7.5.1 In accordance with Data Protection Legislation, you may ask for an electronic copy of Your Data that you have provided to us and which we hold electronically, or for us to provide this directly to another party. This right only applies to Personal Data that you have provided to us – it does not extend to data generated by us. In addition, the right to data portability also only applies where:
- the processing is based on your consent or for the performance of a contract; and
- the processing is carried out by automated means.

7.6 Right to erasure

7.6.1 In accordance with Data Protection Legislation, you can ask us (please see ‘HOW TO CONTACT US’ below) to erase Your Data where:
- you do not believe that we need Your Data in order to process it for the purposes set out in this Privacy Policy;
- if you had given us consent to process Your Data, you withdraw that consent and we cannot otherwise legally process Your Data;
- you object to our processing and we do not have any legal basis for continuing to process Your Data;
- Your Data has been processed unlawfully or have not been erased when it should have been; or
- the Personal Data must be erased to comply with law.

7.6.2 We may continue to process Your Data in certain circumstances in accordance with Data Protection Legislation (i.e. where we have a legal justification to continue to hold such Personal Data, such as it being within our legitimate business interest to do so (e.g. retaining evidence of billing information etc.). Where you have requested the erasure of Your Data, we will inform recipients to whom that Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort. We will also inform you about those recipients if you request it.

7.7. Right to complain

iTrellis LLC commits to resolve complaints about our collection or use of your personal information.  European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact iTrellis LLC at:

chris@iTrellis.com

8. WITHDRAWAL OF CONSENT

If you no longer consent to our processing of Your Data (in respect of any matter referred to in this Privacy Policy as requiring your consent), you may request that we cease such processing by contacting us via the ‘HOW TO CONTACT US’ facility referred to below. Please note that if you withdraw your consent to such processing, it may not be possible for us to provide all/part of our Products to you.

9. WHO WE SHARE YOUR INFORMATION WITH

9.1 iTrellis LLC will not share Your Data without your consent or unless required by law (except as set out in this Privacy Policy). If iTrellis LLC becomes involved in a merger, acquisition, or any form of sale of some of all of its assets, Your Data will not be transferred to any third party other than a successor-in-interest to iTrellis LLC unless there are adequate safeguards in place with the recipient in respect of the security of Your Data.

9.2 We restrict access to personal information to employees/contractors who need to know that information in order to operate, develop, or improve our Products. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, civil litigation and/or criminal prosecution, if they fail to meet these obligations. We may also share Your Data with our suppliers/service providers for the purpose of providing the Products to you and improving the Products

9.3 Your Data may be transferred to, stored at, or accessed from a destination outside the European Economic Area (“'EEA”) for the purposes of us providing the Products. It may also be processed by staff operating outside the EEA who work for us, another corporate entity within our group, or any of our suppliers. By submitting Your Data, you explicitly consent to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that Your Data is treated securely and in accordance with this Privacy Policy. The safeguards in place with regard to the transfer of Your Data outside of the EEA to third parties are the entry by us into appropriate contracts with all transferees of such data.

9.4 All information you provide to us is stored on our (or contracted third party) secure servers, or within your organization within Microsoft Azure DevOps. Where we have given you (or where you have chosen) a password which enables you to access any part of our Products, you are responsible for keeping this password confidential. We ask you not to share a password with any person.

10. THIRD PARTY WEBSITES

This Privacy Policy applies to the Product(s) and Web Site(s) which are owned and operated by iTrellis LLC. We do not exercise control over the sites/applications that may be linked from our Products and Web Sites. These other sites/applications may place their own cookies or other files on your computer, collect data or solicit personal information from you. You acknowledge that the Products that we provide and our Web Site may enable or assist you to access the website content of, correspond with, and purchase products and services from, third parties via third-party websites and that you do so solely at your own risk. We make no representation or commitment and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with, any such third-party website, or any transactions completed, and any contract entered into by you, with any such third party and the use by any such third-party of your Personal Data. We do not endorse or approve any third-party website nor the content of any of the third-party website made available via our Products or Web Site. We encourage you to carefully familiarize yourself with the terms of use and privacy policies applicable to any websites and/or services operated by third parties. Please be aware that we are not responsible for the privacy practices of any third parties.

11. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?

11.1 We do our utmost to protect user privacy through the appropriate use of security technology. We restrict access to Your Data to employees, contractors and agents who need to know Your Data in order to operate, develop or improve the services that we provide. We ensure that we have appropriate physical and technological security measures to protect your information; and we ensure that when we outsource any processes that the service provider has appropriate security measures in place. However, our Products may contain hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, including cookies. We do not accept any responsibility or liability for the privacy or security practices of such third party websites and your use of such websites is at your own risk.

11.2 We will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks that are presented by the processing of Your Data. In particular, we will consider the risks presented by accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Your Data transmitted, stored or otherwise processed.

12. BREACH REPORTING

12.1 We will notify serious data breaches in respect of Your Data to the DPC without undue delay, and where feasible, not later than 72 hours after having become aware of same. If notification is not made after 72 hours, we will record a reasoned justification for the delay; however, it is not necessary to notify the DPC where the Personal Data breach is unlikely to result in a risk to the rights and freedoms of natural persons. A Personal Data breach in this context means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

12.2 We will keep a record of any data breaches, including their effects and the remedial action taken, and will notify you of any data breach affecting your Personal Data (which poses a high risk to you) when we are required to do so under Data Protection Legislation. We will not be required to notify you of a data breach where:

12.2.1 we have implemented appropriate technical and organizational measures that render the Personal Data unintelligible to anyone not authorized to access it, such as encryption; or

12.2.2 we have taken subsequent measures which ensure that the high risk to data subjects is not likely to materialize; or

12.2.3 it would involve disproportionate effort, in which case we may make a public communication instead.

13. RETENTION OF PERSONAL DATA

13.1 Your Data will be kept and stored for such period of time as we deem necessary taking into account the purpose for which it was collected in the first instance. This may include retaining Your Data as necessary to administer Your Account, comply with our legal obligations, to resolve disputes, to enforce our agreements with our Licensees, to support business operations, and to continue to develop and improve our Service.

13.2 Where we retain information for Product improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Products, not to specifically analyze personal characteristics about you.

14. AMENDMENTS TO PRIVACY POLICY

iTrellis LLC may change its Privacy Policy from time to time and at the sole discretion of iTrellis LLC. The date of the most recent revisions will appear at the beginning of the Privacy Policy. If you do not agree to these changes, please do not continue to use our Products or Web Site. If material changes are made to the Privacy Policy, we will notify you by placing a prominent notice on our Products, on our Web Site, or by sending you a notification in relation to this. We will not process Your Data in a manner not contemplated by this Privacy Policy without your consent.

15. HOW TO CONTACT US

If you need to contact us with regard to any of your rights as set out in this Privacy Policy, all such requests should be made in writing by email to chris@itrellis.com.