Former Workforce Privacy Notice

This Former Workforce Privacy Notice (“Notice”) applies to the handling of your data (defined below) as a former employee or contingent worker (e.g., consultant, contractors) of Atlassian (collectively, "Atlassian Workers").

Your privacy is important to us, and we strive to provide clear and easy-to-understand information about how Atlassian collects, manages, uses, processes, and discloses Workforce Data. We collect and process this data, which can include Personal Data (i.e. information relating to you), in compliance with applicable law. For simplicity, we’ll refer to this data as “Workforce Data.”

For former contingent workers, Atlassian limits processing of Workforce Data to what is required to manage your assignment with us.

This Notice doesn’t cover personal use of Atlassian products (i.e. outside of your former employment or engagement with Atlassian, such as a personal Trello account). Learn more about Atlassian’s privacy practices for personal use of Atlassian products in our Atlassian Privacy Policy.

We collect Workforce Data about you (and individuals associated with your relationship with Atlassian, such as dependents) in connection to your employment or engagement with us.

Categories of Workforce Data we may collect about you include, but are not limited, to:

• Contact Details. Your contact details may include your full name, home address, telephone or mobile number, email address or online identifier, and profile and avatar information.
• Government issued ID number or similar identifier: Your identification details may include your social security number, passport number, driver’s license number, citizenship status, residency, and work authorization (visa or permit) status. 
• Financial account information. Your financial account information may include your bank account and portion of your credit or debit card number.
• Images, voice, or videos. Your likeness may include a headshot that you upload to our Human Resource Information System, a photo taken of you for promotional materials, or a video of you in a recorded meeting.
• Recruitment related information. Recruitment related information may be retained from your recruitment process, such as your skills assessments, employment information, and educational information. To learn more, please refer to our Careers Privacy Notice.
• Employment related information. Employment related information may include information related to your employment or assignment with Atlassian, such as your employment contract, offer letter, work location, hire date, termination date, craft expertise, skills, feedback, mandatory performance reviews and disciplinary records, compensation and allowance details, leave of absence, sick time, and vacation/holiday records.
• Compensation and Benefits (including health) information. Your compensation and benefits information may include information about you, your family members, your household, and other dependents to establish and administer benefits offered by Atlassian, such as health and wellness benefits, financial benefits, equity administration, and other related perks. 
• Life Events and Time Away. We may collect information in the event of certain life and work events that may impact your relationship with Atlassian. If you take a leave of absence, we may collect the type of leave you are requesting, reason for leave (e.g., birth events, medical condition), dates of leave, and other details you may provide related to the life event.  Depending on the event, some of the information collected may include health information.
• Work Content You Generate. You may create work content in Hello (e.g., Confluence, JIRA), and other electronic resources we provide to you. Per your employment or engagement related agreement (e.g., Atlassian Confidential Information and Invention Assignment Agreement), content you create in the performance of your duties and services, is owned by Atlassian.
• Information we collect automatically: We may automatically collect information about you when you use Hello or other electronic resources we provide to you. For example, we may collect logs and usage data within Hello, third party tools, or websites. We may also collect information relating to cookies and other tracking technologies (e.g., device identifiers, pixels) to provide functionality and to recognize you across Hello instances and devices. For more information, please see our Cookies and Tracking Notice, which includes information on how to control or opt out of these cookies and tracking technologies.
• Monitoring of Atlassian Networks and Resources. We may collect information related to your access and use of Atlassian devices, tools, systems, networks, and other resources per our internal policies. While we make efforts to limit collection of information related to your personal life, we may collect this information if you use an Atlassian-issued device (e.g., Atlassian MacBook) or a personal device connected to the Atlassian Network (e.g., the corporate wifi, Atlassian VPN client). For information about this may be used in investigations, please see Section 5 below. 
• Voluntary Workforce Data that you choose to provide us. During your time at Atlassian, you may choose to participate in voluntary opt-in programs, such as survey-based research, video-based research, and workplace-related assessments (e.g., behavioral assessments, productivity assessments). Unlike mandatory programs, such as performance reviews, these programs are entirely optional and will be communicated as such. There will be no adverse consequences if you choose not to participate. If you do choose to participate, we will collect certain information relating to your participation in the program. The types of information we collect and how we will use and share your information will be made clear to you before you decide whether you want to participate in the program. You will also be able to withdraw your consent. For example, you will be able to stop participating in the program and request deletion of certain information you provided during the program.

While we treat all Workforce Data with care, some Workforce Data is more sensitive in nature so we refer to that as “Sensitive Workforce Data.” Sensitive Workforce Data may include information revealing racial or ethnic origin, demographics (e.g., date of birth, gender), sexual orientation, health data (e.g., reason for sick leave, special needs for reasonable accommodation, inferring someone’s mental health), veteran status, and background check results (e.g., criminal record data).

Atlassian limits collection of Sensitive Workforce Data. Except as noted below, where we do collect any it will be collected directly from you on a voluntary opt-in basis. Voluntary opt-in basis means:

• It will only be collected if you choose to provide opt-in consent;
• You can withdraw your consent at any time. For example, if you voluntarily choose to provide certain Sensitive Personal Data in our Human Resource Information System (e.g., sexual orientation) for purposes of our DEI program, you will be able to withdraw your consent and delete the Sensitive Workforce Data you have provided; and
• There will be no adverse consequences on your employment or engagement for not providing Sensitive Workforce Data or for withdrawing your consent.

Atlassian may collect and process Sensitive Workforce Data in the following ways that will not be based on voluntary opt-in consent:

• To comply with legal or contractual obligations (e.g., demonstrating compliance with anti-discrimination laws, conducting legally required background checks, conducting contractually required background checks)
• To verify the information you provided during the recruitment process (e.g., background check)
• For monitoring purposes set out in our internal policies
• To manage our employment or engagement with you (e.g., your date of birth may be required to process payments owed to you, health data in order to take long term sick leave).

In relation to your employment or engagement with Atlassian and in compliance with applicable law and internal policy, we may collect Workforce Data about you from the following sources:

• Directly from you. We collect Workforce Data directly from you, for example when you provide contact details for your Atlassian Account and when you provide financial account information so we can process payments owed to you.
• From other Atlassian Workers. We collect Workforce Data from other Atlassian Workers, for example when your colleagues provide feedback about you and when they reference you in work content (e.g., Jira issue).
• From third parties. We collect Workforce Data from third parties, for example we may receive Workforce Data from a benefits vendor to process benefits reimbursements. Depending on your role, we may also collect your Workforce Data from customers and partners.
• Automatically. When you access and use Atlassian devices, tools, systems, networks, and other resources, we automatically collect certain Workforce Data such as information relating to your online usage and device information (e.g., network monitoring).

Atlassian strives to be transparent about how Workforce Data will be used. Atlassian uses Workforce Data for the following purposes:

• To administer and manage the Atlassian Workforce. We use Workforce Data to fulfill and manage our employment or engagement contracts with Atlassian Workers. For example, your financial account information to process payments and reimbursements, your home location for tax reporting, your financial account information to reimburse expenses, your work email to provision benefits, and your work content for performance reviews and career development.
• To support Atlassian’s business operations. We use Workforce Data to operate our business. For example, we may use your contact details to maintain our internal directory and manage business records related to your employment or engagement, your network monitoring information for purposes outlined in our internal policies, your work content to assess performance and capacity (e.g., cycle times, sales targets), and your tool and product usage data to gather various insights around ways of working (these insights are typically aggregated).
• To improve Atlassian products and services. We may use Workforce Data for research and development. For example, we may use your work content and Hello usage data to measure and improve our products or create new features and services.
• To offer products and services. We may use Workforce Data to offer products and services that may be of interest to employees. For example, using your work contact details and home location to offer health, wellness, and financial benefits.
• To market and advertise. We may use your likeness to market and advertise our products and services to customers and prospects (if we do so, we will inform you). For example, we may use your image in a marketing campaign.
• To mitigate risk. We may use Workforce Data to mitigate or respond to risk to Atlassian, Atlassian Workers, customers, and the general public, including for network monitoring, safety and building management, business continuity, physical security, health and safety, emergency notifications, and HR-related investigations regarding alleged misconduct (see Section 5). For example, we may use your contact details to contact you in an emergency.
• To protect Atlassian’s interests. We may use Workforce Data to protect our interests, including to protect our intellectual property rights and confidential company secrets, and in disputes or legal proceedings.
• To comply with legal requirements. We may use Workforce Data to comply with the law. For example, using your race/ethnicity (if provided) to comply with anti-discrimination laws (e.g., EEOC reporting), your government ID for immigration processing purposes, and providing certain employment related information to respond to subpoenas and other legal or governmental requests.
• For other purposes with your consent. If you voluntarily choose to participate in an optional program, we will use related Workforce Data with your consent and according to any purposes provided to you during the opt-in process. For example, if you choose to participate in an internal survey, we will use your survey responses according to the specific purposes provided to you (e.g., to help build better teams). If you choose to provide Sensitive Workforce Data in our Human Resource Information System for our DEI program, we will use it only for those purposes.

Atlassian may leverage technologies such as artificial intelligence to automatically process Workforce Data for these purposes. However, Atlassian does not make any automated decisions about you. Automated decisions means decisions without any human involvement that have a legal or significant affect (e.g., an effect on your employment or engagement).

4.1. Legal Bases for Atlassian Workers Based in the EEA, UK, or Brazil

If you are based in the European Economic Area (EEA), UK, or Brazil, we collect and process Workforce Data only where we have legal bases for doing so under applicable laws. The legal bases depend on the type of Workforce Data and the purpose we process it. This means we collect and process Workforce Data only where:

• We need it to administer our employment or engagement contract with you (e.g., to process payments owed to you);
• It satisfies a legitimate interest which is not overridden by your privacy rights (e.g., operating our business, improving our products, protecting our legal rights and interests);
• You provide us consent for a specific purpose; or
• We need to comply with a legal obligation (e.g., complying with anti-discrimination laws).

If you have consented to our use of Workforce Data for a specific purpose, you have the right to withdraw your consent, but this will not affect any processing that has already taken place. Where we are using Workforce Data because we have a legitimate interest to do so, you have the right to object to that use.

Atlassian may collect and use Workforce Data to investigate alleged misconduct, such as breaches of law or violations of the Atlassian Code of Business Conduct and Ethics or other policies. Workforce Data used for investigative purposes can include your access and use of Atlassian electronic resources, including information technology systems (such as email, chat, phone, and internet) and networks, and your access and retrieval of proprietary Atlassian systems, documents, and records. We may also use images from security cameras and other optical surveillance technologies. To the extent data collected will be accessed and used for investigation of misconduct, Atlassian is committed to maintaining the privacy of Atlassian Workers during investigations and will consult with appropriate personnel (e.g., Legal, Employee Relations) to ensure that access will be limited only to relevant information that supports a bona fide investigation. Atlassian will work to restrict the number of individuals with access to Workforce Data for investigative purposes to the smallest possible number of individuals who need access to data to conduct or fulfill a specific action.

If you are a contingent worker, please contact the third party you are working through (e.g., staffing agency, independent company or consulting firm).

Depending on which jurisdiction you live in, you may have certain rights with respect to your Workforce Data. For example, you may have the right to request information about Atlassian's processing of your personal data, to request a copy of your personal data, to object to our use of your personal data, to request the deletion or restriction of your personal data, or to request the correction or update of your personal data. Below, we describe the tools and processes for making these requests.

We respect and value your privacy, and strive to surface choice and controls wherever possible. You retain access to certain Necessary Vendors after your employment or engagement ends, and can access, update and delete certain Workforce Data through their self-serve features.

Atlassian processes Workforce Data primarily to operate its business and manage relationships with Atlassian Workers. Therefore, your requests and choices may be limited in certain cases. For example:

• You may have limited control over how we use and disclose your personal data in order to process payments to you
• You won’t be able to delete personal data that is required to manage Atlassian’s relationship with you, that Atlassian is required to retain by applicable law, or that Atlassian has compelling legitimate interests to keep
• We may not be able to fulfill your request if it would reveal personal data about another individual (to protect their privacy)
• Where you have asked us to share data with an optional benefits vendor, you will need to contact that vendor directly to have your information deleted or otherwise restricted

To the extent we use Workforce Data for a purpose not disclosed in this Notice or other relevant internal policy or notice, we will inform you and offer an opportunity for you to withdraw your consent or object to such use.

If you’ve provided Atlassian voluntary consent to participate in an optional program, your Workforce Data will only be used according to the purposes provided in this Notice or the other policy or notice that was surfaced to you when you participated in the optional program. You may withdraw your consent at a later time, although that may not affect any processing that has already taken place.

Please email employeeprivacy@atlassian.com if you have any questions or would like to submit a request to access, correct, delete, or restrict your Workforce Data. You may also have your authorized agent make a request on your behalf. Depending on your request, you may be required to provide certain verification, such as confirming you have access to the email we have on file.

If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

Atlassian will collect, use, process, and retain Workforce Data in accordance with its internal policies and to comply with applicable laws and regulations, resolve disputes, and enforce our agreements. Atlassian will retain your Workforce Data no longer than necessary to carry out the purposes provided in this Notice (or any other applicable notice), and as required or permitted under applicable law.

Atlassian is committed to safeguarding your Workforce Data and requires any personnel accessing or using Workforce Data of the Atlassian Workforce to be held accountable and comply with Atlassian’s privacy and security policies and procedures and the Atlassian Code of Business Conduct and Ethics, including specifically as it relates to the Protection and Proper Use of Company Assets. Read about Atlassian’s information security program.

While the broader Atlassian Workforce has access to certain Workforce Data as part of business operations (e.g., internal directory information, work content), access to other Workforce Data (e.g., Sensitive Workforce Data) is typically restricted to select personnel from certain departments who have a need to know. For example, select personnel from Finance may have access to your financial account information, select personnel from the People and IT teams may have access to Sensitive Workforce Data in our Human Resource Information System, and select personnel from IT, Security, and People may have access to your network logs.

Atlassian may notify you in the event of a security or privacy incident in accordance with its incident response procedures and applicable law.

Before we share Workforce Data with necessary vendors, the vendor must be approved through our procurement process. This cross-functional review process requires the vendor’s internal controls and data flow to meet industry best-practices and requirements from various teams, including Security, Risk and Compliance and Privacy.

When possible and appropriate, Atlassian uses Workforce Data in an anonymized, aggregated and/or de-identified fashion so that an individual cannot be identified. For example, Sensitive Workforce Data will typically only be used at an aggregated and de-identified level. We may also share out anonymized metrics around certain Sensitive Workforce Data (e.g., race) in our external facing Sustainability report. If there is a need to use Workforce Data that identifies you, Atlassian will take measures to protect your privacy, such as establishing sufficient security controls and limiting access to those who have a valid business reason to access it.

In order to operate as a global company, Atlassian transfers and processes Workforce Data outside your country of residence to other countries where Atlassian, its subsidiaries, affiliates, and its third party vendors operate. For example, our People Operations team is distributed throughout the globe and as a result, we may need to transfer your Workforce Data to where the relevant People Operations team is located in order to manage our employment relationship with you. These countries may have data protection laws that are different from the laws of your country. When Atlassian transfers your Workforce Data to another country, it will ensure that the transfer complies with applicable law.

Atlassian has entered into agreements ensuring appropriate and suitable safeguards with its entities and 3rd party vendors, including entering into the European Commission's Standard Contractual Clauses where appropriate.

Atlassian has self-certified to and complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S Privacy Shield Framework. You can view Atlassian’s certification here. In the circumstance that the EU-US Privacy Shield has been invalidated as a data transfer mechanism, Atlassian remains committed to honoring its obligations regarding data protection under the Privacy Shield framework.

Please refer to Section 2 and 3 for more information on the types of Personal Data Atlassian collects and for what purpose(s) it is processed.

Atlassian is responsible for the processing of Personal Data it receives and subsequently transfers to a 3rd party acting on Atlassian’s behalf (i.e. necessary vendors). Please refer to Section 4 for more information on how Atlassian discloses Personal Data with third parties.

Atlassian shall enter into contracts to ensure that any third parties to whom Personal Data may be disclosed is aware of and adheres to the EU-U.S. Framework (“Principles”) or is subject to law providing the same level of privacy protection as is required by the Principles and agrees to provide an adequate level of privacy protection.  Atlassian shall also, upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing by third parties and agrees to provide a summary or a representative copy of the relevant privacy provisions of its contracts with agents of the Department of Commerce upon request.

The storage by Atlassian of Personal Data on servers and/or on software made available or hosted by third parties shall not be considered disclosures of Personal Data to a third party so long as the third party does not have direct access to the Personal Data stored or hosted. In all events, Atlassian shall ensure by contract that any such third party (a) is aware of the Principles or (b) is subject to laws providing the same level of privacy protection as is required by the Principles or (c) has contractual safeguards in place to protect the Personal Data.

Atlassian may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Please refer to Section 7 for information how to access, correct, or delete your Personal Data. Please note that there may be limitations where (i) the burden or expense of providing access would be disproportionate to the risks to your privacy (ii) requests are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or (iii) the rights of other persons would be violated.

Please reach out to employeeprivacy@atlassian.com. If you would like to contact the Data Protection Officer for Atlassian GmbH then please note this in your email to employeeprivacy@atlassian.com. If you have a complaint, you may submit it via http://www.atlassian.com/ethics . If you are based in the EEA or UK, please review Section 11 above for more details on raising your concerns regarding Atlassian’s compliance with Privacy Shield Principles.

Atlassian, Inc. and its U.S. subsidiaries participate in and comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and the Privacy Shield Principles regarding the collection, use, and retention of information about you that is transferred from the European Union, the UK, or Switzerland (as applicable) to the U.S.  We ensure that the Privacy Shield Principles apply to all information about you that is subject to this privacy policy and is received from the European Union, the European Economic Area, the UK, and Switzerland. 

Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, we are responsible for the processing of information about you we receive from the EU, the UK, and Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage. 

If you have a question about this Workplace Privacy Notice or Atlassian’s privacy practices, please reach out to employeeprivacy@atlassian.com. If you would like to contact the Data Protection Officer for Atlassian GmbH then please note this in your email to employeeprivacy@atlassian.com. If you have a complaint, you may submit it via http://www.atlassian.com/ethics . If you are based in the EEA or UK, please review Section 11 above for more details on raising your concerns regarding Atlassian’s compliance with Privacy Shield Principles.

The disclosures in this section apply only to California residents and are intended to supplement this policy with information required by California law.

The table below describes the categories of personal information we collected in the past 12 months, the purposes for which we may collect and disclose this information, and the categories of recipients of disclosures made for business purposes in the past 12 months. Atlassian does not sell any personal information or share it for cross-context behavioral advertising, including of consumers under 16 years of age. Atlassian has not disclosed your personal information to a third party for a business purpose in the preceding 12 months.

If you have questions about the categories of information we may collect about you or the sources of such information, please be sure to visit the section of this notice called, “2. Information We Collect.” For more details about the purposes we collect information for, please visit the section called, “4. How We Use Workforce Related Information.” For more information about how we may disclose information to parties outside of Atlassian, please visit the section called, “6. How and Why We Disclose Information We Collect Outside of Atlassian.”

If you are a former contingent worker, please contact the 3rd party you are working through (e.g., staffing agency, independent company or consulting firm).

Depending on your location during your employment, a different Atlassian entity is primarily responsible for controlling and managing your information. The following entity is your "Data Controller" for purposes of this Notice: