As part of our efforts to facilitate and make your experience with Tricentis as user-friendly, enjoyable and productive as possible, Tricentis may collect and use certain information you provide to us directly or we may receive indirectly from another legally permissible basis.
Please review the entire policy to learn about the types of Personal Data Tricentis processes, what Personal Data is disclosed to third-parties, and how Tricentis protects Personal Data.
1. Information Tricentis Collects – Categories of Personal Data
As you interact with Tricentis and use our Product and Sites, Tricentis collects and uses Personal Data such as:
· General contact information. Contact details include name, email address, physical (work) address, phone number, company, job title, gender ,as well as account information.
· Digital ID. Information regarding your digital identity, such as login name, screen name, nickname, or handle; device information like manufacturer and model of your device; Internet Service Provider (ISP); Internet Protocol (“IP”) address (or another device identifier); browser type; and operating system as well as metadata (e.g. location, cookies, access times and dates, referring/exit pages, clickstream data, pages of the Sites that you visit; the time spent on those pages or interacting with certain portions of the Sites, information you search for on the Sites).
· Any other not listed and voluntarily given personal information about you.
Tricentis does not collect or use any sensitive Personal Data and does not want you to provide us with such. Sensitive Personal Data are special categories of Personal Data which is by law considered more sensitive, such as: racial or ethnic origin, political opinions, religious and philosophical beliefs, or trade-union membership, genetic or biometric data, health data, sex life or sexual orientation.
2. How is Personal Data Collected – Source of processing
2.1. Information you directly provide to us. If you use our Products and Sites or communicate with us (by phone, chat, email, web forms, social media or other means of communication), you may be required to provide us certain information and Personal Data, in the following ways:
· by filling in forms on our Sites, subscribing to or using our Products, entering into an agreement with Tricentis, posting material, requesting further information or services;
· when you report a problem with or have a question about our Products;
· by responding to surveys that Tricentis ask you to complete for research purposes;
· by fulfilment of your orders;
2.2. Information indirectly provided by our business partners. Tricentis may receive Personal Data about you submitted to us by your employer (= Tricentis contracting party). Although, Tricentis requires our business partners not to share Personal Data, Tricentis cannot control what our business partners disclose. Our Products are intended to be accessed and used by multiple users, so our business partners may provide your Personal Data as contact person for using our Products.
2.3. Information from your use of our Products and Sites.
For improving our Products, Tricentis is using telemetry data on how you use our Products to our servers. All data are collected on a company and not on user level, therefore no Personal Data of you will be stored and/or processed. By installing our software, you may deactivate the option to provide us with such information (opt-out).
Tricentis collects your usage information on our Sites, including your access times, location, browser types and language, and IP addresses to track and aggregate information (e.g. Tricentis uses IP addresses to monitor the regions from which you navigate our Sites or when you log into our Sites as part of Tricentis’ features).
Tricentis may collect device-specific information when you access our Products and Sites, including your hardware model, operating system and version, unique device identifiers, mobile network information, and information about the device’s interaction with our Products and Sites.
This information is collected automatically by our servers when you access our Sites or use our Products and is statistical data, which may or may not include Personal Data, but Tricentis may maintain it or associate it with Personal Data Tricentis processes in other ways or receives from third-parties. It helps us to improve and to deliver better and more personalized services, including by enabling us to estimate our audience size and usage patterns, store information about your preferences, allowing us to customize our services according to your individual interests, speed up your searches and recognize you when you return to our Sites.
The technologies Tricentis uses for this automatic data collection may include:
o Web Beacons. Pages of our services or our e-mails may contain small electronic files known as Web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related Website statistics (for example, recording the popularity of certain Website content and verifying system and server integrity).
Tricentis also collects Personal Data from interactions with and use of certain functionalities, such as:
· Messaging. The Sites provide messaging to enable users to communicate with one another and/or with us. Tricentis collects communications made between users using the Sites’ messaging for legitimate business purposes, including in the course of customer service investigations regarding user complaints and disputes between users.
· Public Forums. If you use any bulletin board, chat room, comment posting feature, or other public communication service, forum, or feature offered through the Sites, or post any information available for viewing by other users, any of the information that you share will be visible to other users. The information that you make available can be read, used, and collected by other users to send you unsolicited messages outside of the Sites. Tricentis is not responsible the way the Personal Data that you decide to share in this way will be used by other users.
· Social Media. Tricentis operates and maintains networking pages on social media platforms such as Facebook, Twitter, and LinkedIn. Tricentis may import comments and posts from these third-party platforms to our Sites. If you post to any of our networking pages on third-party social media platforms, you are providing information to the public at your own risk. Please visit the privacy policies of any third-party social media platforms.
2.4. Information from Other Sources. Tricentis may also collect information about you from:
· third-parties, including but not limited to third-party verification services, mailing list providers;
· publicly available sources;
· our business partners, including our resellers, marketing partners, or service providers Tricentis engages to provide you with certain aspects of our Products, such as service providers or hosting services;
· our events you may attend, or from social networks, and
· third-party analytics service providers.
3. Legal basis for Personal Data Processing
Tricentis processes Personal Data about you only if we have a valid legal basis for such a processing, which may be as follows:
· Consent. You have given Tricentis or any third-party on behalf of Tricentis the consent that Tricentis is allowed to process your Personal Data. If the processing of your Personal Data is only based on your consent, you have the right to withdraw and/or reject your consent at any time (see section 8).
· Contract. For the performance of a contract between Tricentis and you or to take steps prior to entering into such a contract;
· Legitimate Interest. In case the processing is necessary to pursue the legitimate interest of Tricentis or a third-party. In all circumstances, Tricentis will limit a processing based on the legitimate interest to what is necessary for its purpose. If the processing of your Personal Data is only based on our legitimate interest, you have the right to object such processing of your Personal Data at any time (see section 8). Legitimate interest includes but is not limited to the following data collection:
o the performance of a contract between Tricentis and your employer (our business partner), or to take steps prior to entering into a contract between Tricentis and your employer (our business partner); additionally the performance of a contract between Tricentis and our business partner for the benefit of you or your employer, or to take steps prior to entering into a contract between Tricentis and our business partner for the benefit of you or your employer;
o intracompany transfers and data sharing for administration and organizational purposes within the Tricentis group companies;
o product development and enhancement to enable Tricentis to enhance, modify, personalize, or otherwise improve our services and communications for the benefit of our customers, and to better understand how users interact with our Products and Sites;
o communications, marketing and intelligence – including processing data for direct marketing purposes and to determine the effectiveness of our promotional campaigns and advertising;
o fraud detection and prevention (crime prevention);
o enhancement of our cybersecurity, including improving the security of our network and information systems; and
o general corporate operations and due diligence;
· Compliance. In case the processing is necessary for compliance with any legal rights and obligations to which Tricentis is subject.
4. Usage of your Personal Data
Tricentis uses Personal Data only in compliance with the purposes for which your Personal Data was collected or subsequently authorized by you. Tricentis will take reasonable technical and organizational measures to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.
|Purpose of Processing||Categories of Personal Data||Legal Basis|
|Contract. Tricentis uses your Personal Data to carry out our obligations and enforce our rights arising from any contracts entered into between you and/or our business partners and us, including for billing and collection and to notify you about changes about our Products Tricentis provides to you.||General Information||Fulfilment of a contract (if it is a direct contract) or our legitimate interest (if you are an employee of our contracting party) to fulfil our contractual obligations.|
|Customer Support. Tricentis uses your Personal Data (which may also include messages sent by you) to provide, maintain, personalize and improve our Products and Sites and to deliver the information and support you request, including support, complaint and administrative messages.|
Please note, that you cannot refuse to receive service messages from Tricentis including but not limited to account, safety and legal notices.
|General Contact Information|
|Fulfilment of a contract (if it is a direct contract) or our legitimate interest (if you are an employee of our contracting party) to fulfil our contractual obligations.|
|Marketing Communication. Tricentis uses your Personal Data to send you news and information and to communicate with you about our Products. You may opt-out at any time of receiving promotional emails from us by following the instructions in those emails.||General Contact Information|
|Your consent and/or our legitimate interest to promote our products and services.|
|Product Analysis. Tricentis uses your Personal Data to track and analyze trends and usage relating to our Products and Sites||General Contact Information|
|Our legitimate interest to improve our Products.|
|Compliance. to protect our rights or property to investigate and prevent fraud or other illegal activities||General Contact Information|
Any additionally given information
|Our legitimate interest and legal obligation to protect Tricentis’ interests|
|Data Accuracy. Tricentis uses your Personal Data to compare information for accuracy and verify your identity.||General Contact Information|
|Fulfilment of a contract (if it is a direct contract) or our legitimate interest (if you are an employee of our contracting party) to fulfil our contractual obligations, improve and secure our Products, customer support or any other communication.|
|Specific Purpose. Tricentis may use your Personal Data for any other purpose disclosed to you relating to our services or to fulfil any other purpose for which you provide your Personal Data.||General Contact Information|
Any additionally given information
|Your consent and/or our legitimate interest to such specific purpose.|
Tricentis may combine Personal Data about you that Tricentis has collected from different sources, for example, by combining publicly available information from various sources to help analyze sales opportunities.
Tricentis will never sell any Personal Data to a third-party.
5. Sharing of Personal Data – Recipients
Processors. Tricentis shares Personal Data with contractors, service providers and other third-parties who carry out the processing of Personal Data on behalf of Tricentis (“Processors”) under a written contract and only with such Providers who provide sufficient guarantees to implement appropriate technical and organizational measures to protection your Personal Data. Furthermore, Processors are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which Tricentis discloses Personal Data to them. Tricentis may provide Personal Data to our Processors including but not limited to facilitate the Sites; to provide the Sites or portions of the Sites on our behalf; to perform related services to our Products, including, maintenance services, database management, fulfilment, web analytics, and improvement of the features or functionality; or to assist us in analyzing how the Sites is being used.
Third-Parties. Tricentis shares Personal Data with third-parties who determine the purposes and means of processing on its own. Tricentis shares Personal Data for any lawful purpose to which you have expressly consented or directed, or to fulfil the purpose for which you provided the Personal Data to us or unless you expressly consent to share Personal Data with a specified third-party.. In case Tricentis may disclose Personal Data to another third-party not listed, Tricentis will inform about such a disclosure at the time first disclosed to such third-party. Please note, recipients of Personal Data may be in another state where you are located (see section International Transfer).
5.1. Law and Protection. Tricentis may release Personal Data when Tricentis believes in its sole discretion, that such release is appropriate and necessary: to comply with any court order, subpoena, law or legal process, including to respond to any government or regulatory request; to enforce agreements, Tricentis has with you or your employer; to protect the rights, property, or safety of Tricentis, our business partners or others; to prevent activity that Tricentis believes its discretion, may be or may become illegal, unethical, or legally actionable (including exchanging Personal Data with other companies and organizations for fraud protection).
5.2. Advertisers/Cookie Providers. Tricentis may release aggregate and anonymized/pseudonymized Personal Data to advertisers and other third-parties in order to promote or describe use of the Sites.
6. Retention of your Personal Data
Tricentis retains Personal Data for a period consistent with the purpose of processing. Tricentis keeps Personal Data for no longer than reasonably necessary for the use of our Products and Sites and for a reasonable period afterward. If you are a business partner’s employee, Tricentis will delete your Personal Data from our systems 7 years after termination of the agreement, insofar no other duration is necessary to be compliant with applicable laws. Tricentis also may retain Personal Data during the period needed for us to pursue our legitimate business interests (such as back up and archive, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.
7. Rights to Personal Data
· Right of access: You have the right to obtain a confirmation as to whether or not Personal Data concerning you are being processed by Tricentis and, where that is the case, access to the personal data and receive detailed information about the concrete processing.
· Right to rectification: You have the right to obtain correction or change of your Personal Data if your Personal Data are inaccurate or out of date. In addition, and considering the purposes of the processing, you have the right to have your Personal Data completed, including by means of providing a supplementary statement.
· Right to be forgotten: You have the right to obtain a deletion of your Personal Data if your Personal Data are no longer necessary for Tricentis to retain. If you want to completely delete all your Personal Data, your account may become deactivated and filed information will be irrevocable deleted. However, Tricentis may retain an archived copy of your records as required by law or based on our legitimate interest, to comply with our legal obligations, to resolve disputes, to enforce our agreements or for other legitimate business purposes. In such instance, Tricentis will inform you accordingly.
· Right to restriction: You have the right to obtain a restriction of the processing of your Personal Data, if you have contested the accuracy of your Personal Data, the processing if unlawful, Tricentis no longer needs the Personal Data or you have objected the processing of your Personal Data, provided that all legal requirements are met.
· Right to object/withdraw: You have the right to object to process your Personal Data, if Tricentis does not have no other legitimate grounds besides your consent on doing so, unless Tricentis can demonstrate compelling legitimate grounds for a further processing.
· Right to data portability: You have the right to receive a copy of your Personal Data which Tricentis processes.
· Right to lodge a complaint with a supervisory authority. Since Tricentis is headquartered in Austria, you have the right to lodge a complaint pursuant to Art 77 GDPR with the Austrian Data Protection Authority “Datenschutzbehörde” (www.dsb.gv.at).
Tricentis does not base its decisions solely on automated processing of Personal Data, including profiling, which would produce legal effects or similarly significantly effects on you.
If you have any question regarding your privacy rights or if you want to update or correct information about yourself you can contact us any time or in case you are a registered user of the Tricentis Support Portal, you may also use the online form https://tricentisit.service-now.com/sp/gdpr (see section, contact details below).
8. Third-Partys: Service Providers, Links to other Sites, Third-Party Advertising
9. International data Transfer
Tricentis processes and stores Personal Data in the European Union, the United States, Australia and other countries and uses third-party service providers, which may be outside of your country of origin.
Where the law of your country of origin requires your express consent to Tricentis disclosing Personal Data to services providers or Tricentis entities located in countries outside of your country of origin, you consent to such disclosure and acknowledge in respect of such disclosure that (i) you may not be able to seek redress under the laws applicable in your country of origin, (ii) the overseas recipient may not be subject to the same privacy obligations, (iii) you may not be able to seek redress in the overseas jurisdiction; and (iv) the overseas recipient may be subject to a foreign law that could compel the disclosure of personal information to a third-party, such as an overseas authority.
Tricentis implements suitable security measures to ensure that Personal Data is protected. Tricentis executes a Data Privacy and Data Security Agreement with third-parties with whom Tricentis shares Personal Data, if required by law.
10. Security measures
Tricentis employs administrative, physical, and technical measures designed to protect your information from unauthorized access. Tricentis takes a proactive approach to its security program to ensure the level of security is appropriate to the risk, considering technological reality, cost, the scope, context and purposes of processing weighted against the severity and likelihood that the processing could threaten individual rights and freedoms.
Please note that no security system is impenetrable. Accordingly, Tricentis cannot guarantee the security of our databases, nor that information you supply won’t be intercepted. Tricentis is not responsible for circumvention of any privacy settings or security measures contained on or within Products and Sites. Where you have chosen a password for access to certain parts of our Products and Sites, you are responsible for keeping this password confidential and you should not share your password with anyone.
Tricentis will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored Personal Data to you via email or posting through the Sites in the most expedient time possible and without unreasonable delay, as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
11. Children’s Privacy
Tricentis’ Products and Sites are directed to business customers only and not directed to minors younger than sixteen (16) years of age nor intends to process Personal Data from minors under 16. If you are under 16 years, do not use the Site and do not send any information about yourself to us.
12.1. Cookie Definition. Cookies are small files that are sent to and stored on your computer or mobile device. They are generally used to make websites and cloud-based services work better and more efficient, e.g. they can recognize you and remember important information that will make your visit of a website or cloud-based service more convenient (e.g., by allowing you to enter a password less frequently or remembering user preferences). Taken alone, cookies do not personally identify you – rather, they merely recognize your web browser. Unless you choose to identify yourself to Tricentis, either by opening an account, filling out a web form (such as by signing up for a free trial) or you have previously identified yourself to us, you remain anonymous.
12.3. Types of Cookies. Tricentis uses different types of cookies on our Sites to make your interaction easy and meaningful. The Sites may include first-party cookies, that send data directly to Tricentis and contractors acting on our behalf, including cookies used to monitor, analyze, and administer the Sites, and third-party cookies, that send data to our contractors for their own commercial use. Further, Tricentis use session cookies, which exist only during one session and disappear from your computer or device when you close your browser, and persistent cookies, which remain on your computer or device after you close your browser.
· Strictly Necessary Cookies. These cookies are essential to the operation of our Products and Sites. They are used to facilitate our log-in process, authenticate users, and enable you to navigate the Sites and to use their features. They are also used by our employees for in product messaging and analytics. Without these cookies, Tricentis may not be able to provide certain Products and the Sites may not perform as smoothly for you as Tricentis would like.
You have no option to opt-out of the use of strictly necessary cookies, since they are essential to operate our Products and Sites.
· Functionality Cookies. These cookies allow us to remember the choices you make while visiting our Sites and to provide enhanced and more personalized content and features, such as customizing a certain webpage or application page, remembering if Tricentis has asked you to participate in a promotion and for other services you request, like watching a video or commenting on a blog. To permit your connection to the Sites, our servers receive and record information about your computer and browser, potentially including your IP address, browser type, and other software or hardware information. These features help us to improve your visit and assist in navigation of the Sites’ features.
You may manage, or to opt out of the use of functionality cookies on our Sites, please see instructions below. Opting out may impact the functionality you receive when using our Sites.
· Analytics Cookies. Tricentis and our service providers may use analytics cookies, to collect information and enable us to improve them by collecting information how you use the Sites, for instance, which pages you go to most. The information allows us to see the overall patterns of usage, help us record any difficulties users may have while using the Sites and show us if our advertising is effective.
You may manage, or to opt out of the use of analytics cookies on our Sites, please see instructions below. Opting out may impact the functionality you receive when using our Sites.
You may manage, or to opt out of the use of advertising cookies on our Sites, please see instructions below. Opting out may impact the functionality you receive when using our Sites.
· Third-Party Cookies/Social Plugins. Tricentis may work with third-parties to provide services on our Sites. Tricentis uses analytics services supported by third-party companies who generate analytics cookies. Tricentis may not have access to these cookies, although Tricentis may use statistical information arising from the cookies provided by these third-parties to customize content and for the other purposes described above. These companies may also transfer this information to other parties where required to do so by law, or where such other parties process the information on their behalf.
12.5. “Do not Track”-Signal. Some web browsers may be configured to send “Do Not Track”-signals to websites, or users may use similar mechanisms, to indicate a user’s preference that certain web technologies may not be used to track the user’s online activity.
14. Contacting Tricentis
Attn.: Legal Department – Privacy
Tel: +43 1 263 2409 00
Via online form: Tricentis Support Portal
(only for registered users)
For a complete list of the Tricentis group, please see https://www.tricentis.com/about/locations/.
Data Protection Officer
c/o Tricentis GmbH
Attn.: Data Protection Officer – Privacy
15. Specific Privacy Information FOR Tricentis Products: SpecFlow, SpecFlow+, SpecFlow+LivingDoc, SpecMap
15.1. Support Tickets. Support tickets are handled using UserVoice. Information on how UserVoice complies with the GDPR can be found here. Access to the ticketing system is restricted to those employees at Tricentis who require access to the tickets in order to respond to customer inquiries, complete purchase orders and provide technical support (including troubleshooting and reproducing issues).
15.2. SpecFlow and SpecFlow+
· Usage Tracking with Azure Application Insights. To improve the quality of our extensions we are use Azure Application Insights, an analytics platform provided by Microsoft. Only anonymous usage data is transferred to Azure Application Insights, for further details, please see Microsoft’s documentation here. You can disable these analytics if you do not wish to share this information.
· SpecFlow. We collect the following anonymous data in SpecFlow:
o Unique anonymous user identifier
o Target framework(s) of projects that uses SpecFlow
o Operating system platform
o Project GUID of projects that uses SpecFlow
o MSBuild Version
o SpecFlow version in use
o Unit test provider
o Running as build server flag
o Hashed assembly name (SHA256)
· SpecFlow Visual Studio Extension. We track the following anonynmous data in Azure Application Insights when using the SpecFlow Visual Studio Extension:
o • Unique anonymous user identifier
o • Visual Studio version
o • Target framework(s) of projects
o • Extension version
o • Previously installed extension version
· SpecFlow+ LivingDoc Azure Devops Extension. The following data is automatically collected by Azure Application Insights:
o • Web server telemetry: HTTP requests, URI, time taken to process the request, response code, client IP address. session ID.
o • Web pages: Page, user and session counts, page load times, exceptions, Ajax calls.
o • Performance counters: Memory, CPU, IO, network occupancy.
o • Client and server context: OS, locale, device type, browser, screen resolution.
o • Exceptions and crashes: Stack dumps, build ID, CPU type.
o • Dependencies: Calls to external services such as REST, SQL, AJAX. URI or connection string, duration, success, command.
o • Availability tests: Duration of test and steps, responses.
· We track the following additional anonymous data in the SpecFlow+LivingDoc Azure Devops or Azure Devops Server extension:
o • Unique anonymous user identifier
o • Host GUID
o • Collection GUID
o • Project GUID
o • Extension version
o • Platform (Azure DevOps or Azure DevOps Server)
o • Platform version
o • License information
· Usage Tracking. To improve the quality of our extensions we are using Azure Application Insights, an analytics platform provided by Microsoft. Only anonymous usage data is transferred to Azure Application Insights, for further details, please see Microsoft’s documentation by clicking on this link.
· Usage Tracking. To improve the quality of our extensions we are use Azure Application Insights, an analytics platform provided by Microsoft. Only anonymous usage data is transferred to Azure Application Insights, for further details, please see Microsoft’s documentation by clicking on this link.