Atlassian Data Processing Agreement

5. Where the controller is required to provide to a public authority: the processor shall be required to provide the data subject or any other person with information on controllers or their processing, in particular by providing without delay all information and documents relating to the contractual processing of customer data, including the technical/organisational measures taken by the processor, the technical procedure for the use of customer data, the places of use of customer data and the personnel involved in the processing. Protecting our customers` information and the privacy of their users is extremely important to us. We are entrusted with some of our customers` most valuable data, which is why we have integrated security into every layer of the Atlassian Cloud architecture. We offer replication, backup and disaster recovery plans, encryption during transmission and standby, advanced threat detection, general controls and much more. Visit the Atlassian Security Practices page to learn more about our approach to security. The following sections write about our approach and investments in GDPR compliance for the service of our customers and individual data subjects. Send and GDPR Compliance If you would like to request a copy of the standard addition of data with standard clauses, please send an email to [email protected] 1. With regard to the processing of customer data, the processor is obliged to notify the controller of any disruption or violation of data protection legislation or its provisions by the processor (or with access to the customer`s data that it uses). The table below describes the processing of all of the subcontractor`s cloud applications. All data attached to a license under or in a license application to [email protected] is transferred to the subcontractor.

3.2. The processor processes the customer`s data exclusively as described in the privacy statement. The processing of customer data by the processor only concerns the categories of data subjects described below in the privacy statement. The processor has been prohibited from any different or additional processing of customer data, in particular the use of customer data for its own purposes. The controller is also obliged not to provide the processor with personal data that is not specified in the privacy statement until the privacy policy has been updated accordingly.