Privacy Policy for the Use of Confluence

Last Updated: May 2025

Controller according to GDPR

Qvest Digital AG
Am Dickobskreuz 10
53121 Bonn, Germany
Email: info@qvest-digital.com

Data Protection Officer

Email: datenschutzbeauftragter@qvest-digital.com

1. Purpose of Data Processing

Qvest Digital AG uses the knowledge management and collaboration software Confluence (self-hosted on-premises instance) for the creation, collection, organization, collaborative editing, and provision of internal company knowledge, documentation, and information. This includes, for example, project documentation, process descriptions, guidelines, meeting minutes, requirements documents, and team information. The data processing serves to establish and maintain a central knowledge base, to promote the exchange of information and knowledge transfer, to ensure transparent and traceable documentation of projects and processes, and to improve collaboration and efficiency throughout the company.

2. Categories of Data Subjects

The processing concerns the following groups of individuals:

• Employees of Qvest Digital AG
• External partners (e.g., service providers, freelancers)
• Customers (e.g., for support tickets or project involvement)

3. Categories of Data Processed

In particular, the following personal data are processed:

• Identification data: Name, username, email address
• Communication content: Task descriptions, comments, attachments
• Work and performance data:
  • Recorded working hours
  • Processing histories and status changes
  • Task distributions, assignments, activity data
• Technical access data (e.g., in logs): IP address, device, timestamp
• Cookies: Confluence uses necessary cookies such as JSESSIONID, atlassian.xsrf.token, as well as potentially app-related cookies.

4. Legal Basis for Processing

• Art. 6(1)(b) GDPR – for the fulfillment of (employment) contractual obligations
• Art. 6(1)(f) GDPR – legitimate interest in efficient project and teamwork, documentation, and quality assurance

5. Recipients of the Data

Recipients of the data are:

• Within Qvest Digital AG: Project teams, team leaders, support
• External project participants and customers (where necessary)

6. Storage Period

Confluence content is stored permanently as long as it is required for documentation, billing, or project work. There is currently no automated deletion concept. Logs may be overwritten by system updates.

7. Rights of Data Subjects

Data subjects have the following rights according to GDPR:

• Right to access
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to object to processing
• Right to data portability

Contact via: datenschutzbeauftragter@qvest-digital.com

8. Obligation to Provide Data

The provision of data is necessary to use Confluence within the scope of operational project work. Without this data, participation is not possible.

9. Information on Cookies

Confluence uses technically necessary cookies (e.g., JSESSIONID, atlassian.xsrf.token) for authentication and security. Cookies requiring consent are not used in this on-premises instance. This also applies to the imprint and this privacy policy page.