Legal & Privacy Policy

Introduction

This policy explains what personal information we collect as a business, describes how we use and store this information, and with whom this information is shared.

It also explains what your rights are regarding your personal information, how you can manage the information we collect, how to find out what information we hold about you, and how to request that your personal information be deleted.

Payara Services Ltd and its affiliated companies and subsidiaries (collectively, ‘Payara’) respect your privacy.

This Legal & Privacy Statement applies to personal information collected by Payara through the https://www.payara.fish/ website, and other websites which we operate and on which we post a direct link to this Legal & Privacy Statement.

Who are we?

Payara Services Ltd is a professional services limited company registered in England and Wales. We are a dedicated team of professionals devoted to Open Source, Java, our customers, and the community.

We are major contributors to the development and engineering effort of the Payara Server Open Source Project and the Payara Foundation. Our global team of specialist Payara Server Support Engineers delivers 24/7 production, development & migration support directly to our customers worldwide.

Learn more: https://www.payara.fish/about/

How can you contact us?

For any enquiries relating to any of the information you find on this page, or enquiries relating to privacy or data protection, you can write or email us.

Head Office
Payara Services Ltd
Malvern Hills Science Park
Geraldine Road
Malvern
WR14 3SZ
United Kingdom

Portugal Office
Rua Nova de Sao Pedro no. 54,
2nd floor, room D,
9000 048 Funchal,
Ilha da Madeira,
Portugal

E-mail: dataprotection@payara.fish

Data Storage and Retention

We take great care to ensure that any personal data we collect electronically is stored on third-party systems and platforms that comply with UK and EU data protection regulation, and which are managed by us under company data security and data protection policies and procedures. Where required by law, we also store data in paper format under secure storage conditions, which complies with company data security and data protection policies.

Under our company data security and data protection policies, we define how the data we collect can be stored and used, and specify how long we retain data for. As a rule, we only retain data for as long as it is required to conduct business processes, or comply with legal requirements.

All users of data within the company have been trained both in company data protection policies and procedures, and data protection regulation. Our policies and procedures have been designed specifically for each business function or department to reflect the data collection, storage and use requirements of those functions, and we also take great care to ensure that suppliers and partners have stringent data protection policies in place.

Payara will not share, sell, rent or lease your personal information to others without your consent or if we are required by law to do so.

Unless stated elsewhere in this document or in our terms of service or other contract, we only store the minimal amount of personal data we need for the specific processing purpose (see the next section), for as long as it is lawful for us to do so – this may be for as long as we engage with you (e.g. if you are a customer or employee), because of a legal obligation to retain the information (e.g. for tax or employment law purposes), or because we have a legitimate interest to do so (e.g. to protect our business from a legal challenge).

Who do we collect personal information from?

  • Visitors to our website
  • People who enquire about our services
  • People who enquire about events we organise or sponsor
  • People who subscribe to our blog or newsletter mailing lists
  • People who request our publications
  • People who register and attend our online events
  • Payara Enterprise customers
  • Payara Cloud Customers
  • Suppliers and service providers
  • Job applicants
  • Current and former employees

Detail on what personal information we collect, how we collect it, and what we do with it is described in more detail in the sections below.

Visitors to our website

What data do we collect?

When you visit our website we collect and store the following information:

  • IP address
  • geolocation
  • Web browser type and version
  • Browsing device
  • Operating system
  • Pages you browse on our website
  • Cookies

What is our lawful basis for collecting this data?

In most situations this information will be anonymous, however, if we have other information which enables us to connect this website visitor information with an individual, we will be processing this data according to the law basis Article 6(1)(f) – Legitimate Interest

How do we collect this data?

Apart from your IP address, none of this information alone can be used to identify you or your browsing behaviour and is collected and processed in order to help us improve our marketing efforts. To help give you a better understanding of what to expect, these are the third-party systems that may be collecting data from website visitors:

Google Analytics

Collects information such as device, IP, browser and browsing data, but does not collect personal information so we cannot use the data collected via our website alone to identify you.

Learn more: https://privacy.google.com/intl/en-GB/your-data.html

You can also opt out of the use of Google Analytics across all websites.

Learn more: http://tools.google.com/dlpage/gaoptout

HubSpot

This is our Customer Relationship Management (CRM) system. We use it to collect browsing device, IP address, browser type and version. Whilst this data alone cannot be used to identify you, you should be aware, that if you visit our website, and subsequently enquire about our services via a website form without clearing your cookies then your previous browsing history on our website will be known to us.

EU citizens should also be aware that HubSpot is a cloud platform hosted from Amazon Web Services (AWS) data centers in the US, and data collected by HubSpot is stored entirely in the US.

Learn more: https://legal.hubspot.com/hubfs/Downloadable_Legal_Docs/HubSpot_Your_Data_and_You.pdf

YouTube

Used to host some of the video content you can find on our website. It may collect information such as IP address, geolocation, and browsing devices.

Learn more: https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/

Cookies

Cookies are text files that we download onto your device when you browse our website, and can be used to collect data about how you use the site, identify you when you revisit the site, collect data about your location and browsing device, and enable us to advertise to you on other sites.

You should also be aware, that if you visit our website, and subsequently enquire about our services via a website form without clearing your cookies then your previous browsing history on our website will be known to us.

Learn more: https://www.payara.fish/cookies/

People who enquire about our services

What data do we collect?

When you enquire about our services we collect and store the following information:

  • First name
  • Fast name
  • Email address
  • Phone number(s)
  • Company name
  • If you are using (or planning to use) the Payara Platform in a mission critical system
  • Which Enterprise runtime you are interested in

What is our lawful basis for collecting this data?

Our lawful basis for collecting this information is Article 6(1)(b) – Contract

How do we collect this data?

When making enquiries about our services you will be sent communications as part of (and to progress) our sales process, but you will also be asked for your consent to be sent marketing communications. You will be able to withdraw your consent at any time, and any marketing communication sent to you will offer you the opportunity to change your marketing communication preferences via a link in the email footer.

There are a number of ways the people can enquire about out services. To help give you a better understanding of what to expect, these are the routes that may be collecting data from People who enquire about our services:

Via a website form

When making and enquiry or downloading a resource on our website, you will be doing so via a form generated by our Customer Relationship Management (CRM) system HubSpot. Doing so will automatically create an record in this system that will contain any personal information you have submitted and any associated information such as company or organisation.

The system will also store browsing histories, correspondence, email response (whether you receive, open or click through from emails), but no other personal information is collected.

Learn more: https://legal.hubspot.com/hubfs/Downloadable_Legal_Docs/HubSpot_Your_Data_and_You.pdf

Via email

When making an enquiry via email, we will manually create a customer record on our Customer Relationship Management (CRM) system HubSpot containing any personal information you have shared during the call.

Learn more: https://legal.hubspot.com/hubfs/Downloadable_Legal_Docs/HubSpot_Your_Data_and_You.pdf

People who subscribe to our blog or newsletter

What data do we collect?

When you subscribe to our blog or newsletter we collect and store the following information:

  • Email address

What is our lawful basis for collecting this data?

Our lawful basis for collecting this information is Article 6(1)(a) – Consent

How do we collect this data?

We use third-party systems for collecting and managing the information when you subscribe to our blog or newsletter. To help give you a better understanding of what to expect these are the third-party systems that are collecting your information.

HubSpot

When subscribing to our blog or newsletter on our website, you will be doing so via a form generated by our Customer Relationship Management (CRM) system HubSpot. This will automatically create an record in this system that will contain any personal information you have submitted and any associated information such as company or organisation.

The system will also store browsing histories, correspondence, email response (whether you receive, open or click through from emails), but no other personal information is collected.

If you subscribe to our blog or newsletter, you will be giving your consent to join our mailing list and receive our marketing communications. These will typically include blog updates, technical resources, industry and technology community news, and company products and services updates. All of our marketing emails contain a link to https://info.payara.fish/hs/manage-preferences/unsubscribe-simple in the footer, which gives recipients access to their marketing preferences page.

Learn more: https://legal.hubspot.com/hubfs/Downloadable_Legal_Docs/HubSpot_Your_Data_and_You.pdf

People who request our publications

What data do we collect?

When you request our publications we collect and store the following information:

  • First name
  • Fast name
  • Email address
  • Phone number(s)
  • Company name
  • If you are using (or planning to use) the Payara Platform in a mission critical system
  • How you are using the Payara Platform
  • If you are experienced in WebLogic, WebSphere, JBoss, or Glassfish

What is our lawful basis for collecting this data?

Our lawful basis for collecting this information is Article 6(1)(f) – Legitimate Interest

How do we collect this data?

We use third-party systems for for collecting and managing the information when you request our publications. To help give you a better understanding of what to expect these are the third-party systems that are collecting your information.

HubSpot

When requesting a publication on our website, you will be doing so via a form generated by our Customer Relationship Management (CRM) system HubSpot. This will automatically create an record in this system that will contain any personal information you have submitted and any associated information such as company or organisation.

The system will also store browsing histories, correspondence, email response (whether you receive, open or click through from emails), but no other personal information is collected.

Learn more: https://legal.hubspot.com/hubfs/Downloadable_Legal_Docs/HubSpot_Your_Data_and_You.pdf

People who register and attend our online events

What data do we collect?

When you register or attend our online events we collect and store the following information:

  • First name
  • Last name
  • Email address
  • Phone number
  • Company name
  • Job title

What is our lawful basis for collecting this data?

Our lawful basis for collecting this information is Article 6(1)(b) – Contract

How do we collect this data?

We use third-party systems for collecting and managing the information when you register and attend our online events. To help give you a better understanding of what to expect these are the third-party systems that are collecting your information.

Zoom

We use Zoom software to host our online events, such as webinars. Registration forms within Zoom software collect some personal information from those who register for our event, e.g. full name, company name, email address and phone number.

Learn more: https://zoom.us/privacy

HubSpot

When registering for an online event, we will manually create a customer record on our Customer Relationship Management (CRM) system HubSpot containing any personal information you have shared during the call.

Learn more: https://legal.hubspot.com/hubfs/Downloadable_Legal_Docs/HubSpot_Your_Data_and_You.pdf

Community members who contribute to our code

What data do we collect?

When you subscribe to Payara Enterprise we will collect and store the following information:

  • First name
  • Last name
  • Email address
  • Address
  • Signature
  • GitHub Username

What is our lawful basis for collecting this data?

Our lawful basis for collecting this information is Article 6(1)(f) – Legitimate Interest

How do we collect this data?

When you submit a new code contribution to the Payara Platform Community repository in GitHub we check if there is a signed Individual Contributor License Agreement associated with your GitHub Username. If not, we issue a PDF form for you to complete, capturing the data above. To help give you a better understanding of what to expect these are the third-party systems that are collecting your information.

Microsoft 365

We use our Microsoft 365 tenant for sending, receiving, and storing the Individual Contributor License Agreement form in a private document library.

Learn more: https://privacy.microsoft.com/en-gb/privacystatement

Payara Enterprise customers

What data do we collect?

When you subscribe to Payara Enterprise we will collect and store the following information:

  • First name
  • Last name
  • Email address
  • Company name
  • Company address
  • Tax ID
  • Bank details
  • IP address
  • Geolocation
  • Web browser type and version
  • Browsing device
  • Operating system
  • Pages you browse on our website
  • Cookies

What is our lawful basis for collecting this data?

Our lawful basis for collecting this information is Article 6(1)(b) – Contract

How do we collect this data?

When you subscribe to Payara Enterprise, we use third-party systems for managing your Payara Enterprise account and for your payment subscription. To help give you a better understanding of what to expect these are the third-party systems that are collecting your information.

DocuSign

We use DocuSign to electronically exchange and sign contract documents with our Payara Enterprise customers.

Learn more: https://www.docusign.co.uk/privacy

Xero

We use Xero as our UK accounting software and capture information from Payara Enterprise customers for key personnel (finance & procurement teams, primary contacts).

Learn more: https://www.xero.com/uk/legal/privacy/

TOConline

We use TOConline as our EU accounting software and capture information from Payara Enterprise customers for key personnel (finance & procurement teams, primary contacts).

Learn more: https://www.occ.pt/fotos/editor2/toconline_privacidade.pdf

HubSpot

Some of the personal information you submit when subscribing to Payara Cloud (such as email, name, phone number, and any associated information such as company or organisation, but never payment info) will also be processed in our Customer Relationship Management (CRM) system HubSpot.

Learn more: https://legal.hubspot.com/hubfs/Downloadable_Legal_Docs/HubSpot_Your_Data_and_You.p

Zendesk

We use Zendesk customer service and ticketing software to manage the delivery of Payara Support Services to our Enterprise customers.

When Customers log on to Zendesk and interact with Payara Support Services, the application will collect device, IP, browser and browsing data. Zendesk also captures analytical information using cookies.

Learn more: https://www.zendesk.co.uk/company/customers-partners/privacy-policy/

Payara Cloud customers

What data do we collect?

When you subscribe to Payara Cloud we will collect and store the following information:

  • First name
  • Last name
  • User name
  • User photo
  • Email address
  • Company name
  • Company address
  • Tax ID
  • Credit card details

What is our lawful basis for collecting this data?

Our lawful basis for collecting this information is Article 6(1)(b) – Contract

How do we collect this data?

When you subscribe to Payara Cloud, we use third-party systems for managing your Payara Cloud account and for your payment subscription. To help give you a better understanding of what to expect these are the third-party systems that are collecting your information.

Stripe

We use Stripe for managing your Payara Cloud account and subscription payment management.

Learn more: https://stripe.com/en-gb/privacy#personal-data-we-collect

Auth0

We use Auth0 for managing your Payara Cloud account and identity management.

Learn more: https://auth0.com/privacy

Xero

We use Xero as our UK accounting software and capture information from Payara Cloud customers for key personnel (finance & procurement teams, primary contacts).

Learn more: https://www.xero.com/uk/legal/privacy/

TOConline

We use TOConline as our EU accounting software and capture information from Payara Cloud customers for key personnel (finance & procurement teams, primary contacts).

Learn more: https://www.occ.pt/fotos/editor2/toconline_privacidade.pdf

HubSpot

Additionally, some of the personal information you submit when subscribing to Payara Cloud (such as email, name, phone number, and any associated information such as company or organisation, but never payment info) will also be processed in our Customer Relationship Management (CRM) system HubSpot.

Learn more: https://legal.hubspot.com/hubfs/Downloadable_Legal_Docs/HubSpot_Your_Data_and_You.p

Suppliers and service providers

What data do we collect?

  • Company name
  • Company address
  • Email address
  • Phone number(s)
  • Contact first name
  • Contact last name
  • Contact email address
  • Bank details
  • Tax ID

What is our lawful basis for collecting this data?

Our lawful basis for collecting this information is Article 6(1)(b) – Contract

How do we collect this data?

When you become a supplier or service provider for Payara, we use third-party service providers for managing you. If you are one of our suppliers we will collect the minimal information about you and your services as required to make use of your services and deal with invoices and payments for your services. Such information will be stored within our accounting package for the purposes of our accounts and will be retained accordingly. To help give you a better understanding of what to expect these are the third-party systems that are collecting your information.

Xero

We use Xero as our UK accounting software and capture information from suppliers and service providers for key personnel (finance & procurement teams, primary contacts).

Learn more: https://www.xero.com/uk/legal/privacy/

TOConline

We use TOConline as our EU accounting software and capture information from suppliers and service providers for key personnel (finance & procurement teams, primary contacts).

Learn more: https://www.occ.pt/fotos/editor2/toconline_privacidade.pdf

Job applicants

What data do we collect?

When you apply to work at Payara we will collect and store the following information:

  • First name
  • Last Name
  • Address
  • Email address
  • Telephone number(s)
  • CV/ Resume which may include:
    • Work history
    • photo/ imagery of you
    • Education
    • Qualifications
    • Referee details (can be inclusive of full name, email address and contact number)
    • Social Media accounts
    • Languages spoken
    • Nationality(s)
    • Right to work status
    • Hobbies
    • Skills

What is our lawful basis for collecting this data?

Our lawful basis for collecting this information is Article 6(1)(f) – Legitimate Interest

How do we collect this data?

When you apply to work at Payara, we use third-party service providers for managing your application. We will use the data you provide for the purposes of considering you for the position. If your application is successful we will keep this information as part of your employee record; if you’re unsuccessful we will keep your information up to six months (as a legitimate interest) and then delete it unless you have consented to use keeping it longer for future opportunities. Some of this data will be collected at different stages of the application process. To help give you a better understanding of what to expect these are the third-party systems that are collecting your information.

Networx

This is our Applicant Tracking System (ATS). We use it to collect and manage applicant information.

Learn more: https://www.networxrecruitment.com/PrivacyPolicy

Tazio

Should you be successful from the application stage, you may be required to carry out a video interview. We use a third party provider, Tazio, to carry this out.

Learn more: https://www.tazio.io/privacy-policy

Recruitment agents

Occasionally, we use Recruitment agents to advertise roles. We will have signed contractual agreements (which cover GDPR compliance) with these agencies and they will process your data in a form that gives us sufficient information to consider your application.

Automated processing

We use some automated screening tools as part of this application process. See your rights regarding automated decision making and profiling for more information.

Final recruitment decisions are made by managers and members of our recruitment team. All of the information gathered during the application process is taken into account.

Current and former employees

What data do we collect?

If you are employed by Payara we will collect and store the following information:

  • First name
  • Middle name(s)
  • Last Name
  • Date of birth
  • National insurance number
  • Allergies
  • Shirt size
  • Hobbies
  • Time zone
  • Location
  • Address
    • Street
    • City
    • County
    • Postal code
    • Country
  • Telephone numbers
    • Work phone / ext
    • Mobile phone
    • Home phone
  • Email addresses
    • Work email address
    • Home email address
  • Social links
    • LinkedIn
    • Twitter username
    • Facebook
  • Absence
    • Annual leave
    • Sickness
    • Health appointment
    • Bereavement
  • Education
    • College / institution
    • Qualification
    • Major / specialisation
    • GPA
    • Date started
    • Date ended
  • GP information
    • Clinic name
    • Clinic address
    • GP name
    • GP phone number
  • Passport information
    • first name
    • last name
    • number
    • Issue date
    • Expiry date
    • Issuing country
  • Emergency contact
    • Name
    • Relationship
    • Telephone numbers
      • Work phone / ext
      • Mobile phone
      • Home phone
    • Email address
    • Address
      • Street
      • City
      • County
      • Postal code
      • Country
  • Documents
    • Driving licence (copy)
    • Passport (copy)
    • P45
    • References
    • CV/ Resume

What is our lawful basis for collecting this data?

Our lawful basis for collecting this information is Article 6(1)(b) – Contract

How do we collect this data?

We use third-party service providers and systems for managing your employment. To help give you a better understanding of what to expect these are the third-party systems that are collecting your information.

BambooHR

This is our human resources (HR) software platform used to streamline and automate various HR processes.

Learn more: https://www.bamboohr.com/privacy-policy/

Crowe U.K. LLP

Relevant details about you will be provided to Crowe U.K. LLP who provide payroll services to the company.

Learn more: https://www.crowe.com/uk/privacy-policy

The Peoples Pension (TPP)

You will be auto-enrolled into the pension scheme and details provided to The Peoples Pension (TPP) who are the administrators of the company Pension Scheme.

Learn more: https://thepeoplespension.co.uk/privacy/

HM Revenue & Customs (HMRC)

Relevant details about you will be provided to HM Revenue & Customs (HMRC) who provide Tax services to the company.

Learn more: https://www.gov.uk/help/privacy-notice

Your Rights

You have the following rights in relation to the way in which we deal with your personal data:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights of automated decision-making and profiling

If you would like to exercise your rights, or if you have any questions, please contact us.

Rectification

It is important that any of your data that we process is kept up to date. We will from time to time ask you to verify your contact details but if you wish to update any information we hold about you, please contact us with your updated details.

Erasure

Under some circumstances you may contact us to delete your data from our systems. Where this is possible (e.g. we don’t have any legal purpose for continuing to process your data) we will erase it from our systems. If it’s not possible for us to delete your data, we will explain the reasons why.

Withdrawing Content

Where we are processing your data and needed to ask your permission to do so, you are able to withdraw your consent at any time. If you wish to stop receiving our marketing emails you can do so, by clicking on the “unsubscribe” link at the bottom of the email or by contacting us.

You should also contact us, if you wish to raise concerns about the way we are processing your data or would like to raise an objection to the processing.

Automated decision making and profiling

We use some automated screening tools as part of our recruitment process. The answers you provide to one or more of the questions may result in your application being automatically declined. This technology is used to help us manage the high volume of applications we receive and we can assure applicants the same outcome would occur if we manually reviewed your application.

You should contact us if you wish to contest the decision and express your point of view.

Subject access request

We want to make sure that you have as much access to your personal information as possible. To find out what personal information we have collected and stored, you can make a subject access request. If we do hold information about you, we will provide you with the following information:

  • A description of all personal information we hold
  • A summary of why we collect it and how we use it
  • Details of any third parties we may have disclosed it to

To make a subject access request, contact us stating why you believe we have your personal information, and what you would like to know.

Please be aware that in order to provide you with any information, we will need to verify your identity.

Complaints

As a company that relies on high levels of customer service and satisfaction, we are committed to upholding the best practice in collecting and using your data. For this reason, we take any complaints we receive about this seriously and encourage anyone who feels that our collection or use of information does not meet the standards set out under the General Data Protection Regulation (GDPR). We are also happy to provide any additional clarification or information if there is something that you don’t understand or feel that we haven’t explained.

Please feel free to contact us and ask for further information at dataprotection@payara.fish

If you remain dissatisfied, you have the right to refer the matter to the UK Information Commissioner’s Office (http://www.ico.org.uk/ ) or seek recourse through the courts.

Changes to our Legal & Privacy Policy

We may change or update elements of this privacy notice from time to time or as required by law.

Last update: June 2023
Back to top