Right of access by data subject in Hipchat Server
Under Article 15 of the GDPR, individuals have the right to understand what personal data is being processed about them and the lawfulness of the processing. The GDPR requires that you take reasonable steps to provide this information to the individual, where requested. Whether or not you need to provide the individual with access to personal data stored within the product and the lawfulness of the processing will vary on a case-by-case basis, and is a determination you should always make with the assistance of legal counsel. Once you have determined you have an obligation to provide an individual with access to personal data processed through the product, we have provided the following instructions on how to do so within certain Atlassian products.
Description
The following table lists where user account-level personal data may be stored in a default Hipchat installation. Third party add-ons may store user data in their own data stores, and this list does not cover those cases.
| What is it? | What does it get used for? | Where is it stored |
|---|---|---|
| Full name | Your full name can be used by other authenticated users to find you in the:
| User information is stored in the database and may be cached in Redis cache |
| Mention name | Your mention name can be used by other authenticated users to find you in the:
| User information is stored in the database |
| Job title | Your job title is visible to other authenticated users in the Web UI profile page. | User information is stored in the database |
| Timezone | Your timezone is visible to other authenticated users in the one-to-one message dialog in the chat clients. | User information is stored in the database |
| Your Avatar | Your avatar helps identify you to other users of Hipchat. Generally, this is provided by you and can be edited. | User avatar is stored in the file store |
| Your email is stored so that Hipchat knows where to send notifications about messages. | User information is stored in the database | |
| Your email is stored so that you can log into Hipchat. | User information is stored in the database | |
| Your email appears in the system log when you log in or receive notifications. | The system logs are stored in the file store | |
| Mobile Device Identifiers | Your mobile device identifiers are stored so that Hipchat Server or Hipchat Data Center knows where to send you notifications about content. | User information is stored in the database |
Workaround
To remove or stop processing any or all of this user personal data, see either Hipchat Data Center: Right to erasure or Hipchat Server: Right to erasure depending on the specific Hipchat product you use.
To update any or all of the user personal data, see either Hipchat Data Center: Right to rectification or Hipchat Server: Right to rectification depending on the specific Hipchat product you use.
Limitations
- In some cases, your user data may be provided to Hipchat by an external user management system, such as Active Directory. In these cases, you'll need to make any edits or deletions of user personal data within the external user management system, as they cannot be modified from within Hipchat.
- Some of the chat messages and file attachments may contain personal data. After identifying the problematic message or file, you can follow either Hipchat Data Center Right to Erasure: Deleting Message or File Attachment or Hipchat Server Right to Erasure: Deleting Message or File Attachment depending on the specific Hipchat product you use.
- The personal data in the Audit Log is not modifiable and can not be erased by anyone. The goal of Audit Log is to make sure sure any changes to personal data are accounted for, and to assist in detecting malicious activities such as impersonation. The Audit Log is ONLY accessible to Hipchat Administrators.
Additional notes
There may be limitations based on your product version.
Note, the above-related GDPR workaround has been optimized for the latest version of this product. If you are running on a legacy version of the product, the efficacy of the workaround may be limited. Please consider upgrading to the latest product version to optimize the workarounds available under this article.
Third-party add-ons may store personal data in their own database tables or on the filesystem.
The above article in support of your GDPR compliance efforts applies only to personal data stored within the Atlassian server and data center products. To the extent you have installed third-party add-ons within your server or data center environment, you will need to contact that third-party add-on provider to understand what personal data from your server or data center environment they may access, transfer or otherwise process and how they will support your GDPR compliance efforts.
If you are a server or data center customer, Atlassian does not access, store, or otherwise process the personal data you choose to store within the products. For information about personal data Atlassian processes, see our Privacy Policy.