Privacy Policy

Below is an overview of what data we collect for what purpose and how we ensure the protection of the data in short and in a more detailed form. For details on data security please refer here.

We take the protection of our users’ (“User/you/your”) personal data very seriously and strictly comply with applicable data protection laws and regulations. In our privacy policy below (“Privacy Policy”) we provide you with an overview of what data we collect for what purpose and how we ensure the protection of the data.

The controller is Travis CI GmbH, Rigaer Straße 8, 10247 Berlin/Germany, registered at the local court (Amtsgericht) of Charlottenburg under HRB 40133 B, represented by the managing directors Fritz Thielemann and Konstantin Haase (“we/us/our”). We offer websites at travis-ci.org and travis-ci.com (each and jointly the “Website”) which provide customers (“Customer(s)”) with certain services related to our Travis CI Software as defined in our Terms and Conditions in their applicable form (the “TC”) (“Travis CI Software”). Customer will create an admin account via our Website and make the services of the Travis CI Software also available to other Users.

Please read the following information regarding the privacy policy carefully. In case you have further questions, please do not hesitate to contact us at any time at data@travis-ci.com.

In short

Controller

Travis CI GmbH Rigaer Straße 8, 10247 Berlin/Germany, registered at the local court (Amtsgericht) of Charlottenburg under HRB 40133 B, represented by the managing directors Fritz Thielemann and Konstantin Haase email: data@travis-ci.com

We have appointed a data protection officer who may be reached via data@travis-ci.com.

According to the Terms and Conditions between Customer and us, such Customers are responsible for the (personal) data included by them on the Website and our Travis CI Software, including but not limited to required consents by the affected individuals. Therefore, each affected Users may also contact Customer regarding the use of their personal data in the Travis CI Software or on the Website, as applicable. Customer may also use User’s data in connection with other third party services. For this purpose User may also contact Customer or ask us to contact Customer about this.

Purpose and Legal Basis of Processing Data; Legitimate Interests

Your data will be used for the purposes of the Website

  • to implement this privacy policy and carry out the contractual relationship (§§ 14, 15 TMG or Art. 6 (1) b. GDPR),
  • for providing our services on the Website, to contact you in matters regarding our services (also by means of emails and messaging) and to ensure the technical functionality of our services fulfillment of contractual or pre-contractual obligations ((§§ 14, 15 TMG or Art. 6 (1) b. GDPR),
  • for fraud prevention (§§ 14, 15 TMG, Art. 6 (1) b. and f. GDPR),
  • to analyze your use of our services and improve our services (§§ 14, 15 TMG, Art. 6 (1) b. and f. GDPR),
  • with your express consent or instruction to carry out our business activities or sent you newsletters (Art. 6 (1) a. GDPR),

Your data will be used for the purposes of using the Travis CI Software as follows:

  • in order to register per an existing user account on the GitHub website https://github.com operated by GitHub Inc., 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA (“GitHub”) and transfer data with your explicit consent and for providing the Travis CI Software and to ensure the technical functionality of our services fulfillment of contractual or pre-contractual obligations ((§§ 14, 15 TMG or Art. 6 (1) b. GDPR),
  • for analysis purposes and improving the Travis CI Software based on Art. 6 (1) f. GDPR.

Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data (“General Data Protection Regulation”, GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).

Regarding the data processing based on Art. 6 (1) f. GDPR we wish to achieve the legitimate interests of quality assurance, marketing and fraud prevention.

Provision of Data

You provide data if this is necessary for the aforementioned purposes. In the event you refrain from providing such data you may face legal disadvantages, for example, limited or no possibility of using our Website and Travis CI Software as well as additional services.

Recipient(s) of Data

We as well as our Customers and external service partners receive your data for processing those the purpose of providing our services.

Transfer of Data outside of the EU

In the course of data processing by us data will be transferred to third countries, i.e. countries outside the EU. This may happen via implementation of third party providers such as cloud services and external service partners which process data controlled by us. For details please refer to our privacy policy.

Your Rights

You have the right to withdraw your consent relating to the use of data according to this privacy policy at any time with effect for the future. In the event of withdrawal the stored data shall not be processed any more and shall be deleted without hesitation. However, such data may, for example, still be used if these are still necessary for ceasing the contractual relationship.

You are entitled to access the data stored by us and are also entitled to amend or rectify your data if such data are incorrect.

You are entitled to request the erasure of your data. However, this shall not apply, in particular, if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

You are entitled to receive information about the stored data (in a structured, current and machine-readable format) at any time and to request the correction or deletion of the data in case of incorrect data storage.

To enforce your rights you may reach us through the contact details set forth above.

Period for Storing Data; Deletion

The data are deleted if such data are no longer necessary for the purpose of processing. For more details please refer to VII below.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority at your choice. The supervisory authorities in Germany are the responsible (data protection) authorities as set forth in the law of the states (Bundesländer). An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Automated Decision making („profiling“)

In general we do not process any data via “profiling” or in form of automated decision making via the Websites or Travis CI Software. However, such profiling may happen by third party providers through the Website. If this is the case we will inform you in the privacy policy (if possible).

In more detailed form

I. What are Personal Data?

WEBSITE:

II. How are my Data used when visiting the Website?

III. What kind of Cookies, Web-tools or Third Party Providers does the Website use and how?

TRAVIS CI SOFTWARE:

IV. How are my data used when registering for the use of the Travis CI Software and using the Travis CI Software? How do we access your GitHub-Account?

V. What Third Party Providers are processing data when using the Travis CI Software? Are my data processed outside the EU when using the Travis CI Software?

GENERAL:

VI. Could my Data be transferred to or shared with Third Parties? Are my data processed outside the EU when using the Service?

VII. Your Rights: Right to access, rectification and erasure; right to restriction of processing, right to withdraw, right to data portability, right to lodge a complaint

VIII. Data Security, Scope of application

IX. Contact

I. What are Personal Data

  1. Personal Data and Consent

    Personal data are any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal data includes e.g. name, email address or telephone number. Personal data also includes information about hobbies, memberships or websites viewed by someone else.

    We will only collect, use and/or pass on personal data if this is permitted by law or if the User consents to processing their data.

    Consent of the data subject means any freely given, specific, informed and unambiguous indication of the person’s (data subject) wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.

Website

II. How are my Data used when visiting the Website?

  1. Visiting the Website

    We (or the webspace provider) collect data about each visit of the Website (so-called server logfiles) (“Access Data”). Access Data includes the following:

    Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, User’s operating system, referrer URL (the previously visited page), IP address and the requesting provider

    When using a mobile device Access Data also contains:

    Country code, language, device name, operating system and version name

    We use these Access Data only for statistical analysis for the purpose of operation, security and optimization of our Website. However, we reserve the right to check these Access Data retrospectively if there is a justified suspicion of illegal use based on concrete indications. These data are then stored because this is the only way to prevent the misuse of our Website and Travis CI Software and, if necessary, allow us to investigate any crimes committed. The storage of these data is necessary in order to protect us as the person responsible for processing the data. As a matter of principle, these data will not be passed on to third parties unless there is a legal obligation to pass it on or the transfer of data serves criminal prosecution purposes.

    This data processing is based on Art. 6 (1) f. GDPR or TMG and we wish to achieve the legitimate interests of stabilizing and improving our Website, quality assurance and fraud prevention.

  2. Contacting us

    When contacting us (e.g. by email), the User’s details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on your consent (legal basis Art. 6 (1) a. GDPR).

  3. Newsletter

    With the newsletter we inform the user about the Websites, our Travis CI Software and us.

    When registering for the newsletter, a User has to provide an email address. This email address will be transmitted to and stored by us (or a provider as specified below).

    After registration, the user will receive an email to confirm the registration (“double opt-in”). Via clicking the registration link you have given your consent to the processing of your personal data for receiving our newsletter according to Art. 6 (1) a. GDPR and we may process such data accordingly.

    In case of registration for the newsletter we (or our provider as specified below) also store the IP address, the device name, the mail provider as well as the user’s first and last name and the date of registration.

    Use of Mailchimp; Transfer of Data outside the EU

    The mail provider “Mailchimp” by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA receives and processes on our behalf the data necessary for the order, in particular email address, IP address, device name. These data are processed on servers in the USA. MailChimp is certified according to “Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

    Mailchimp is a service with which the dispatch of newsletters can be organized and analyzed. With the help of Mailchimp we can analyze our newsletter campaigns. When you open an e-mail sent with Mailchimp, a file contained in the e-mail (so-called web beacon) connects to the Mailchimp servers in the USA. This allows you to determine whether a newsletter message has been opened and which links have been clicked on. In addition, technical information is recorded (e.g. time of registration, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

    If you do not want Mailchimp to analyze your data, you must unsubscribe from the newsletter. For this purpose, we provide a respective link in every newsletter.

    Details on Mailchimp and its privacy policy can be found here: https://mailchimp.com/legal/privacy/

    The data are stored for the purpose of newsletter subscription will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email address for the use of the Travis CI Software) remain unaffected.

    Each User can withdraw their consent to the storage of data, the email address and their respective use for sending the newsletter at any time. This can be done free of charge (except for the transmission costs) and via a link in the newsletter itself or notification to us or, if applicable, to Mailchimp.

  4. Profiling and automated decision-making when visiting the Website

    We do not use profiling or automated decision-making when processing data concerning our Website except as set forth herein. However, our third party providers (such as set forth in III below) may carry out such profiling in individual cases. If this is the case, we will inform you if possible. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on them or substantially impairs them in a similar manner. This shall not apply where the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the person responsible, (ii) is admissible under the laws of the European Union or of the member state to which the person responsible is subject and where such laws contain appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or (iii) is taken with the explicit consent of the data subject. In these exceptional cases, the person responsible shall take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right to obtain an action by the person responsible, to state his own position and to challenge the decision.

III. What kind of Cookies, Web-tools or Third Party Providers does the Website use and how?

  1. Cookies

    In order to offer you a convenient online service featuring numerous functions, our Website uses text files (“Cookies”) containing information to identify returning visitors for the time of their visit to the Website. Cookies facilitate the transfer of specific content, such as entering data, which has already been supplied, and help us identify popular sections of our Website.

    OPT-OUT: You can deactivate the use of Cookies in the settings of your internet browser at any time. To find out how to change the settings, please consult the help function of your internet browser. You may also deactivate and manage Cookies via http://www.aboutads.info/choices/ (US-website-provider) or http://www.youronlinechoices.com/uk/your-ad-choices/ (EU-website-provider).

  2. Google Analytics

    The service offered here uses Google Analytics a web analytics tool offered by Google LLC, Mountain View, CA, USA (“Google”). This analysis service uses so-called “cookies”. For analysis, text files will be stored on your device. The information stored in the corresponding files about the use of this website are generally transmitted and stored in Google server in the USA. As the IP anonymization is active on this Website, your IP address will be shortened by Google within the member states of the European Union (EU). This information will be used to evaluate your use of the services offered here and enable us to analyze your website activity and provide other services associated with the Website. The IP address transmitted from your browser, as part of Google Analytics will not be merged with other data from Google.

    OPT-OUT: Adjusting the settings of your browser Travis CI Software can prevent the use of Cookies. In this case, it may be possible that the functions of the service offered here cannot be used in its entirety. Furthermore, it is possible to prevent the acquisition and processing of data generated by the “Cookies” in relation to the use of this website, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

    Google LLC, USA is certified according to the EU-US agreement “Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

Travis Software

IV. How are my data used when registering for the use of the Travis CI Software and using the Travis CI Software? How do we access your GitHub-Account?

  1. Registration; How do we access your GitHub-Account?

    In order to fully use the services of Travis CI Software, you will need to register. You may only register if you have an existing user account on the GitHub website https://github.com operated by GitHub Inc., 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA (“GitHub”).

    When you sign up for using the Travis CI Software via your existing account at GitHub, data at GitHub with be accessible by us with your explicit consent only. Such data include: user profile (name, username, and email address), list of repositories you have access to, the configuration state of “service hooks” on each of those repositories

    The User can manage these data at any time via using his GitHub account linked to the Travis CI Software.

    The data entered or transferred via GitHub as part of the registration process and any further data entered, will only be used via the Website and with our support to the extent that this processing is necessary for the fulfillment of a contract with us or for the implementation of pre-contractual measures, i.e. use of the Travis CI Software, as well as for the execution and processing of inquiries by the User.

    The processing of data when using our Travis CI Software is generally based on your explicit consent when signing up (based on Art. 6 (1) a. GDPR) as well as the legal basis of Art. 6 (1) b. GDPR or TMG, i.e. the data will be processed, when this is necessary for the fulfillment of the contract between Customer and us or for executing any measures that take place on Customer’s/your request prior to the contract.

  2. Use of the Travis CI Software

    For the further use of the Travis CI Software on the Website the Customer submits more data depending on the way of use of our services, such as details for tests etc.

    We use the information and data collected in the Travis CI Software, including your Personal Data, in order to fulfill our contractual obligations on the Customer’s behalf based on the legal basis of Art. 6 (1) b. GDPR or TMG and as further set forth in this privacy policy.

    The respective Customer and us enter into a respective separate data processing agreement if we process personal data controlled by the Customer.

    We do not store or receive any kind of payment or credit card data but use an external payment provider.

  3. No Profiling and automated decision-making when using the Travis CI Software

    The data provided by our business customers in the Travis CI Software will not be affected by an automated decision making via “profiling”.

    Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on them or substantially impairs them in a similar manner. This shall not apply where the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the person responsible, (ii) is admissible under the laws of the European Union or of the member state to which the person responsible is subject and where such laws contain appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or (iii) is taken with the explicit consent of the data subject. In these exceptional cases, the person responsible shall take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right to obtain an action by the person responsible, to state his own position and to challenge the decision.

V. What Third Party Providers are processing data when using the Travis CI Software? Are my data processed outside the EU when using the Travis CI Software?

The use of our Travis CI Software may also include services and products by third party providers, whereas data may also be processed outside the EU.

We process personal data of Users or other individuals provided by a Customer (as a business that uses the Travis CI Software) on behalf of Customer, i.e. Customer remains the controller of such data and we act as data processor subject to a separate data processing agreement.

A list of such data processing and third party providers that process personal data outside the EU is set forth here.

General

VI. Could my Data be transferred to or shared with Third Parties? Are my data processed outside the EU when using the Service?

We will transfer your Personal Data to a third party only within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or if applicable legal provisions authorize the transfer. If we us third party providers who process data outside the EU such third party providers guarantee to comply with EU data protection standards as set forth in this privacy policy.

For details of data processing by third party providers in/outside the EU when using the Website please also refer to III above.

For details of data processing by third party providers in/outside the EU when using the Travis CI Software please also refer to IV above. We process personal data of Users or other individuals provided by a Customer (as a business that uses the Travis CI Software) on behalf of Customer, i.e. Customer remains the controller of such data and we act as data processor subject to a separate data processing agreement.

VII. Your Rights

  1. You have the right to access, rectification and erasure as well as right to restriction of processing, right to withdraw and right to data portability:

    You have the right to withdraw your consent relating to the use of personal data any time with effect for the future when such data processing is based in your consent.

    You are entitled to access the data stored by us and are also entitled to amend or rectify your data if such data are incorrect.

    You are entitled to request the erasure of your data.

    You are entitled to receive information about the stored data (in a structured, current and machine-readable format) at any time and to request the correction or deletion of the data in case of incorrect data storage.

    For such withdrawal of your consent, access, erasure or information on your data please send us an email to data@travis-ci.com.

  2. You have the right to lodge a complaint:

    You have a right to lodge a complaint vis-á-vis a supervisory authority of your choice. The supervisory authorities in Germany are the competent (data protection) authorities in accordance with the respective laws of the federal states (Bundesländer).

    An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

  3. Duration of the storage of personal data; deletion periods

    As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum.

    In the case of long-term contractual relationships, such as the use of our Website or Travis CI Software, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, to the maximum legal retention periods (e.g. in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) and the Tax Code (Abgabenordnung, AO)).

    Criteria for the storage period include whether the data are still up-to-date, whether the contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not.

VIII. Data Security

In order to ensure the best possible protection of the data, the Website and Travis CI Software are designed according to applicable data security standards and technical and organizational measures.

  1. SSL connection of the Website

    In order to ensure the best possible protection of the user’s data, the Website is offered via a secure SSL/TLS connection between the User’s server and the browser, i.e. the data is transmitted in encrypted form.

  2. Servers and System Security

    The data we process in connection with our Website and Travis CI Software will be stored on servers within the European Union (EU), if not provided otherwise in this privacy policy.

    When using the Travis CI Software your code, depending on which platform or language runtime you are using, is run on virtualized servers running in the USA. For more details please refer to the privacy policy and contact us at data@travis-ci.com.

    Your tests run in an isolated environment. The virtualized servers on which they are running on are disposed of after each run and are always restored from a snapshotted image that has no knowledge of any source code other than the code required to create our build environment.

  3. How does Travis access my source code?

    Other than reading your .travis.yml to determine the best build strategy, the only time we access your repository directly is when checking out the source code on one of our build machines.

    Please be advised, that data protection and data security for data transmission in open networks such as the internet cannot be fully guaranteed according to the current state of the art. From a technical point of view, the user is aware that the provider is able to view the web pages stored on the web server and, under certain circumstances, other data of the user stored there at any time. The user is solely responsible for the security and securing of any data transferred by them to the internet and stored on web servers. We cannot accept any liability for the disclosure of data due to errors or unauthorized access by third parties.

IX. Access, Scope of Application, Contact

We are entitled to amend this privacy policy in accordance with the applicable regulations.

We have appointed a data protection officer who may be reached via data@travis-ci.com. For acting out your rights and additional questions about the issue of personal data you can contact us at any time: https://docs.travis-ci.com/imprint.html

Third Party Provider Data Processing Purpose CData Processing outside the EU / Compliance with EU Data Protection Standard Further Information
Stripe For any processes regarding payments we use the services of Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. Regarding any processes of payments we do not receive, collect and/or store any payment data. Stripe will use such data for the purpose of managing the payments relating to our services. Stripe, Inc. is certified according to the EU-US agreement “Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA. For further information please refer to https://stripe.com/de/privacy
GitHub For the purpose of providing and further developing our Travis CI Software and services on the Travis CI Software we use the Travis CI Software development platform by Github Inc., 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA. Github, Inc. is certified according to the EU-US agreement “Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA. For further information please refer to Github’s privacy statement: https://help.github.com/articles/github-privacy-statement/ or use the contact form under https://github.com/contact/privacy
Amazon Web Services (AWS) We use the service by Amazon Web Services by Amazon Web Services, Inc., 410 Terry Avenue North Seattle WA 98109, USA for the purpose of hosting your data provided in the Travis CI Software. Amazon Web Services, Inc. is certified according to the EU-US agreement “Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA. https://aws.amazon.com/compliance/eu-data-protection/ and https://aws.amazon.com/compliance/germany-data-protection/
Google Cloud We use the service by Google LLC, Mountain View, CA, USA for the purpose of hosting your data provided in the Travis CI Software. Google LLC is certified according to the EU-US agreement “Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA. For further information please refer to https://policies.google.com/privacy?hl=de
Heroku We use the service by Heroku Inc. by salesforce.com Inc., the Landmark @ One Market, Suite 300, San Francisco, California 94105 USA for the purpose of hosting your data provided in the Travis CI Software. Heroku Inc. is certified according to the EU-US agreement “Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA. For further information please refer to https://www.salesforce.com/company/privacy/
Zendesk We use the service by Zendesk Inc., 1019 Market Street, San Francisco, CA 94103, USA for customer support services. Zendesk Inc. is certified according to EU-US-Privacy-Shield and and complies with data protection standards applicable in the EU. https://www.zendesk.co.uk/company/customers-partners/privacy-policy
Mailchimp We use the mail provider “Mailchimp” by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA that receives and processes the data necessary for email communication. These data are processed on servers in the USA. Mailchimp also analyzes the user behavior when reading their emails. MailChimp is certified according to “Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA. https://mailchimp.com/legal/privacy/