Business-ready architecture. Work with an open source leader.
Try Payara Enterprise
Luxury German Vehicle Manufacturer Migrates from GlassFish to Payara Server
Download BMW Case Study PDF
This policy explains what personal information we collect from users of this website, our customers, suppliers and employees. It describes how we use and store this information, and with whom this information is shared.
It also explains what your rights are regarding your personal data, how you can manage the data we collect, how to find out what data we hold about you, and how to request that your personal data be deleted.
Payara Services Ltd and its affiliated companies and subsidiaries (collectively, ‘Payara’) respect your privacy. This Legal & Privacy Statement applies to personal information collected by Payara through the payara.fish website, and other websites which we operate and on which we post a direct link to this Legal & Privacy Statement.
Payara will not sell, rent or lease your personal information to others without your consent.
Payara Services Ltd is a professional services limited company registered in England and Wales. We are a dedicated team of professionals devoted to Open Source, Java, our customers, and the community. We are major contributors to the development and engineering effort of the Payara Server Open Source Project and the Payara Foundation. Our global team of specialist Payara Server Support Engineers delivers 24/7 production, development & migration support directly to our customers worldwide.
Our registered business address is:
Payara Services Limited
Malvern Hills Science Park
For any enquiries relating to privacy or data protection, you can email us at firstname.lastname@example.org, call our reception service on UK: +44 800 538 5490 / International: +1 888 239 8941, or write to us at our head office address:
We normally respond to any enquiries by the next UK working day.
As a B2B professional support services and consultancy providers, we collect and store very little personal information from people interested in our services, publications or events, but if you use our website, download publications or enquire about our service offerings, then we will be likely to collect information such as:
If you’re applying for employment, or are a current or former employee, then clearly, far more personal data will be collected, stored and processed. For more information on this, please scroll down to the section on recruitment and employment.
For more information about Payara’s lawful basis for data processing, feel free to contact us at email@example.com.
To make you aware of what to expect from us as collectors and users of your personal information, we’ve created the following at-a-glance summaries. If there is something on this page that you don’t understand, or that you’d like clarification on, please feel free to contact us and ask for further information at firstname.lastname@example.org.
When you visit our website, third-party service providers that we use for marketing and customer relationship management (CRM) puposes (such as Google Analytics and HubSpot) will collect and store information about:
Aside from your IP address, none of this information alone can be used to identify you or your browsing behaviour and is collected and processed in order to help us improve our marketing efforts. To help give you a better understanding of what to expect, these are the third-party systems that may be collecting data from website visitors:
When making and enquiry or downloading a resource on our website, you will be doing so via a form generated by our CRM platform. Doing so will automatically create an account in the CRM that will contain any personal information you have submitted (typically email, name, phone) and any associated information such as company or organisation.
The software will also store browsing histories, correspondence, email response (whether you receive, open or click through from emails), but no other personal information is collected. You should be aware, that if you enquire about our services via a website form without clearing your cookies (find our more about cookies here), then your previous browsing history on our website will be known.
When making an enquiry such as this, you’ll naturally be sent communications as part of (and to progress) our sales process, but you will also be asked for your consent to be sent marketing communications. You’ll be able to withdraw your consent at any time, and any marketing communication sent to you will offer you the opportunity to change your marketing communication preferences via a link in the email footer.
You should be aware that when calling our office phone number (UK: +44 800 538 5490, International: +1 888 239 8941), the phone number you are calling from will be collected , and your call may be recorded. Their agents will request information from you which will include personal information such as name, email address and any other information relevant to the enquiry. This will be stored on their systems for audit and training purposes and are passed to us via phone and email.
As soon as a service enquiry is made, we will manually create a customer record on our CRM system, which contains personal information such as name, email address, and phone number, as well as other information relevant to the enquiry such as job title, company name and service requirements. We will also store any relevant correspondence such as emails and call summaries.
For account management purposes, we will record all correspondence we have with you if you are involved at any stage in the sales of delivery process, regardless of whether or not you are a commercial representative of a customer. This means that you could be a technical team member brought into a sales or discovery call, and someone who might not expect to have their personal data collected or stored.
You should also be aware that your personal information may appear on technical reports, orders, proposals, statement of works, and contracts that form the legal and technical documentation of the sales and delivery process. These documents may be stored in our CRM, on other company systems, and be shared internally with the commercial and delivery teams. We’ll do what we can to make you aware of this when sending meeting and call invites.
Unless you are a key commercial contact on the account, however, you will not be contacted for sales and marketing purposes, and you will not have a personal record created on our CRM.
We use Xero as our UK accounting software and capture information from suppliers and customers, eg. company name, company address, company phone numbers and email addresses for key personnel (finance & procurement teams, primary contacts). We hold supplier banking information. We capture employees’ full names within salary and business expense accounts.
We use Toconline as our EU accounting software and capture information from suppliers and customers, eg. company name, company address, company phone numbers and email addresses for key personnel (finance & procurement teams, primary contacts). We hold supplier banking information. We capture employees’ full names within salary and business expense accounts.
Our sales and marketing communications are delivered via our CRM platform. Anyone who has subscribed to our marketing communications, completed a form on our website, made a service enquiry, or is a key commercial contact in a sales or delivery process, has the ability to manage their own consent for marketing communications. All of our marketing emails contain a link in the footer, which gives recipients access to their marketing preferences page. Here they can opt-out of receiving communications.
If you subscribe to our newsletter or blog, you will be giving your consent to join our mailing list and receive our marketing communications. These will typically include blog updates, technical resources, industry and technology community news, and company products and services updates. All of our marketing emails contain a link in the footer, which gives recipients access to their marketing preferences page. Here they can opt-out of receiving communications.
When you subscribe to Payara Cloud, third-party service providers that we use for managing your Payara Cloud account (Auth0) and for your payment subscription (Stripe) will collect and store the following information:
Some of the information above will also be processed by Payara outside of Stripe by the Payara Finance Department in accordance with the ‘Legal Obligation’ & ‘Contractual Obligation’ Lawful Basis to produce invoices and for payments purposes. However, your payment information such as payment card details is not being stored nor processed anywhere outside of Stipe, and Payara does not have access to your payment card details.
To see how Stripe is managing your personal data, including your payment details, visit https://stripe.com/en-gb/privacy#personal-data-we-collect
To see how Auth0 is managing your personal data visit https://auth0.com/privacy
Some of the personal information you submit when subscribing to Payara Cloud (such as email, name, phone number, and any associated information such as company or organisation, but never payment info) will also be processed in Payara CRM outside of Auth0 and Stripe by the Payara Marketing & Sales in accordance with the ‘Legitimate Interest’ Lawful Basis to keep you informed about the product and services you signed up for.
We take great care to ensure that any personal data we collect electronically is stored on third-party systems and platforms that comply with EU data protection regulation, and which are managed by us under company data security and data protection policies and procedures. Where required by law, we also store data in paper format under secure storage conditions, which complies with company data security and data protection policies.
Under our company data security and data protection policies, we define how the data we collect can be stored and used, and specify how long we retain data for. As a rule, we only retain data for as long as it is required to conduct business processes, or comply with legal requirements.
All users of data within the company have been trained both in company data protection policies and procedures, and EU data protection regulation. Our policies and procedures have been designed specifically for each business function or department to reflect the data collection, storage and use requirements of those functions, and we also take great care to ensure that suppliers and partners have stringent data protection policies in place.
The following explains how we Payara (Controllers) intend to use the information you provide in your application, along with your rights, our reasons for requesting and processing it, and who will have access to it.
As defined by the UK General Data Protection Regulation (UK GDPR) Payara is the Data Controller and Data Processor and is ultimately responsible for ensuring the data you provide is kept secure and processed correctly and that you understand your legal rights in relation to the data you provide. As part of our Data Controller responsibilities we have an assigned Data Protection Officer (DPO), who can be contacted at email@example.com
The recruitment software we use via this website is supplied by Net-Worx (2001) Ltd (trading as networx) and they are defined as a Data Processor under the UK GDPR. They will only process your data in accordance with our instructions.
Networx can be contacted at The Engine House, Wharfebank Business Centre, Ilkley Rd, Otley LS21 3JP.
The Data Protection Officer for Networx can be contacted at firstname.lastname@example.org
What Personal Information do we collect from you?
We collect information that is specifically provided by you as part of an application process. We will collect the following data (but not limited to):
What is our Legal Basis for collecting your data?
By agreeing to this Privacy Statement, you are allowing us to form a contract (ICO definition) Contract that means we can use your details, and information presented, so we can assess your suitability for employment with us.
How do we process, store and share your information?
Details you provide in this application:
We use some automated screening tools as part of this application process. The answers you provide to one or more of the questions may result in your application being automatically declined. This technology is used to help us manage the high volume of applications we receive and we can assure applicants the same outcome would occur if we manually reviewed your application. Should you wish to contest the decision and express your point of view under article 22 of UK GDPR law you have the right to human intervention and can email email@example.com
How you can access the information we hold about you. Your rights
We are dedicated to providing reasonable access to visitors who wish to review, update or amend the personal information retained by us when they apply via our website. If you choose to register, you may access your profile, correct and update your details, or withdraw your details at any time. To do this, you can access your personal profile by using a secure login. In all cases, we will treat requests to access information or change information in accordance with UK GDPR requirements. Within your candidate account, you can also use the ‘Download Data’ feature to generate a file of the current data we hold on you, that you have provided, and/or have access to within the account.
You have the following rights in relation to the way in which we deal with your personal data:
If at any point you believe the personal information we store and process is incorrect , you can use the rights above to ask us to amend the data or delete the data. If you are not satisfied by our actions, you can seek recourse through our internal complaints procedure by emailing firstname.lastname@example.org
If you remain dissatisfied, you have the right to refer the matter to the UK Information Commissioner’s Office (Information Commissioner’s Office (ICO) )or seek recourse through the courts.
Payara reserves the right to update, amend or change this policy at any point and as required by UK law.
Should you be successful from the application stage, you may be required to carry out a video interview. We use a third party provider, Tazio, to carry this out. We only send them the minimum amount of data required to perform this action.
We use some third parties to help us in processing data –we aim to ensure that all third-party processors are compliant with GDPR
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment. On termination of employment with the company, all information give will be kept for 3 months and then after 1 year all non- relevant information will be deleted. Some financial data will be kept for 6 years following the end of your employment. We aim to retain data no longer than statutory requirements allow for.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for up to 6 months. Information generated throughout the assessment process, for example interview notes, are retained by us for up to 6 months
Final recruitment decisions are made by managers and members of our recruitment team. All of the information gathered during the application process is taken into account.
You are able to ask about decisions made about your application by speaking to your contact within our recruitment team.
As a company that relies on high levels of customer service and satisfaction, we are committed to upholding the best practice in collecting and using your data. For this reason, we take any complaints we receive about this seriously and encourage anyone who feels that our collection or use of information does not meet the standards set out under the General Data Protection Regulation (GDPR). We are also happy to provide any additional clarification or information if there is something that you don’t understand or feel that we haven’t explained. Please feel free to contact us and ask for further information at email@example.com
If you want to understand more about GDPR, you can contact the statutory body in the UK which oversees data protection law – www.ico.org.uk
We want to make sure that you have as much access to your personal information as possible. To find out what personal information we have collected and stored, you can make a ‘subject access request’. If we do hold information about you, we will provide you with the following information as a PDF document:
To make a ‘subject access request’ you’ll need to send the request by email to firstname.lastname@example.org stating why you believe we have your personal information, and what you would like to know. Please be aware that in order to provide you with any information, we will need to verify your identity.
Last updated – September 2022