Atlassian

Comprehensive scope statement, clear contact information, table of contents, multiple language availability, and version control with effective dates. Strong transparency measures with specific contact details for different regions.

Clear primary purposes stated with secondary use disclosure and AI/ML applications detailed. Marketing opt-out available and consent required for additional uses, though purpose limitation commitment could be more explicit.

Strong policy maintenance with multiple notification methods for changes, version history archive, designated privacy contacts including regional representatives, and legal update subscription service. Clear governance framework with specific contact details.

Detailed enumeration of data types collected through direct, automatic, and third-party methods with legal basis disclosure for EEA/UK. Good specificity on collection methods and sensitive data handling, though some categories remain broad.

Comprehensive disclosure of sharing categories with specific purposes, contractual protections for service providers, detailed partner network sharing, and clear consent mechanisms. Strong coverage of government disclosure practices and business transfer scenarios.

Generic 'industry standard' measures with acknowledgment of limitations and some specific authentication measures. Includes security monitoring and payment processing security, but lacks specific encryption details or certifications.

Comprehensive coverage with specific adequacy mechanisms (Data Privacy Framework, standard contractual clauses), named certified entities, onward transfer liability provisions, and reference to country list. Exceeds minimum requirements with detailed safeguards.

Clear access, correction, and deletion rights with multiple mechanisms for exercising rights including online settings and formal requests. Marketing opt-out and consent withdrawal available, though response timeframes not specified.

Good disclosure of AI/ML usage in various contexts including customer support and security monitoring. Profiling for personalization disclosed, but lacks specific opt-out mechanisms for automated decisions and human review rights.

Clear age threshold of 16 with commitment to delete data if child discovered and restriction on sales/sharing for under-16s. Proactive child protection measures though no parental consent mechanism described.