Introduction
This Privacy Policy describes how JCS collects, uses and discloses information that may be collected and received by JCS any time you interact with JCS, such as when you visit our website, when you purchase JCS, or when you call our Sales, Support or Accounts departments. Please take a moment to read the following to learn more about our information practices, including what type of information is gathered, how the information is used and for what purposes, the legal basis used for collection of any personal data, to whom we disclose the information, and how we safeguard your business information. Your privacy is a priority at JCS, and we take care to protect it.
This version of our Privacy Policy reflects changes to data protection law in 2018 with regards to EU residents covered by GDPR.
When we refer to “JCS,” “we,” “our,” or “us” in this policy, we are referring to JCS, and any affiliates, which provide Services to you. The “Services” refers to the applications, services, and websites provided by JCS.
For the purposes of clarification, when we refer to "Client Data", we are referring to the information that you have entered in your JCS databases about your organisation, clients, policies, transactions and any other data stored in the JCS application, or issued to you for the purposes of processing in the JCS application, such as electronic messages from providers and other third parties, including but not limited to valuation messages, and electronic commission/fee statements. JCS does not act as a data controller with respect to this data, but as a data processor where you are the data controller. We have included extra information in this policy about how we handle Client Data to give you confidence and clarity of how we process this data when required.
Information we collect and receive
There are a number of situations in which your business information may help us give you better products. For example:
We may ask for your business information when you’re discussing a service issue on the phone, downloading a software update, registering for a seminar, participating in an online survey, registering your products, or ordering a product.
- When you interact with JCS, we may collect information relevant to the situation, such as your name, mailing address, phone number, email address, contact preferences information about the JCS products you use, such as license number and information relating to a support or service issue.
- We collect information regarding customer activities on our website. This helps us to determine how best to provide useful information to customers and to understand which parts of our website, products and Internet services are of most interest to them.
- We may use your business information to provide products that you have requested as well as for auditing, research and analysis to improve JCS’ products.
- When you call us, we may record the conversation to provide evidence of any business transactions over the phone or to ensure that our own quality standards are being met. This is in accordance with the Regulation of Investigatory Powers Act 2000.
JCS Support and Remote Access.
- Name
- Company name
- Telephone number
- Email address
- IP address of the computer being accessed/viewed
- Contact Name
- Status of the session
- Time/date and length of session
- Remote Access tools used within the session (eg viewing session, remote control session, file upload, file download)
- Platform Type (eg Windows 10)
JCS Update Service
- The JCS software installed on your computer, to help determine which updates are appropriate
- Your JCS configuration settings
- Your JCS license ID to validate which software updates you are entitled to
JCS Error Reporting Service
- JCS username and license number
- JCS software version
- Error number and description
- Module and procedure Name
- Line number that the error occurred on
- Line code that generated the error
- A dump of data values being used as the error occurred. (This can optionally be blocked by the user and, if collected, is always stored encrypted with a data retention policy of 6 weeks)
JCS Contract Enquiry Services
- Your JCS license ID to validate whether you are entitled to receive updated configuration data
- Count of successful and unsuccessful connections with each supported product provider
- Count of successful policy valuations with each supported product provider
JCS Electronic Remuneration Services
- Number of messages delivered to each assigned client holding area by each product provider
- Provider Payment Agency references used in messages
How we use the information we collect and receive
Legal grounds for processing data under GDPR Article 6 / Article 9
- 6(1)A Consent. Used only as a legal basis for business contacts to receive the JCS newsletter.
- 6(1)C Legal Obligation. Used only for storage of transactional business data for regulatory reasons.
- 6(1)B Performance of a Contract. Used for all other processing of personal data as a Data Controller
Purpose of processing data under Article 13(1)C
- Accounting, Bookkeeping and Related Services
- Advertising, Marketing and Public Relations
- Consultancy and Advisory Services
- Customer and Client Administration
- Client Support and Diagnostics
Our role in processing data
- Upload and processing of Client Data for support and diagnostic purposes
- Processing of Client Data via the JCS Error Reporting Service
- Remote Access Support Sessions, where support technicians may have visibility of Client Data
- Processing of Client Data via Electronic Remuneration Statements via secure holding area
Cookies and other technology
- Cookies. Cookies are text files stored on your computer, and accessible only to the websites which create them. Our website may from time to time use cookies and log files for statistical analysis, to understand user behaviour, to administer the site, to tailor the information presented to a user based on their preferences, and to improve user experience. Any information gathered by our use of cookies is compiled on an aggregate, anonymous basis. Most web browsers automatically accept cookies, however you may delete, or disable cookies by following the instructions at http://www.allaboutcookies.org/manage-cookies/. Please note that you may not be able to take full advantage of a website if you disable cookies. Our website uses cookies to keep you logged in, so disabling cookies may impair your experience of the service. Further information about cookies can be found on the Interactive Advertising Bureau’s website www.allaboutcookies.org.
- Log Files. Our systems automatically gather some anonymous information about visitors, including IP addresses, browser type, language, and the times and dates of webpage visits. The data collected does not include other personally identifiable information and is used, as described above, for statistical analysis, to understand usage behaviour, and to administer the site.
- Google Analytics. Our website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. Further information about Google’s privacy policy may be obtained from http://www.google.com/privacy.html.
- DoubleClick. Our website and software uses Google AdWords remarketing codes. This allows us to provide targeted advertising in the future. If you do not wish to receive this type of advertising from us in the future you can opt out of Ads Personalisation in your Google Account, in the Ads Settings page of your Account Settings, here; https://myaccount.google.com/ for while you are logged into Google, or the Network Advertising Initiative opt-out page at http://optout.networkadvertising.org for all other times.
- Third Party Websites. The JCS website has links to the sites of other companies. JCS is not responsible for the privacy practices or contents of any third-party websites. We recommend and encourage that you always review the privacy policies of third parties before you provide any personal information or complete any transaction with such parties.
Sharing of information
- With our service providers, vendors, and strategic partners. There are times when it may be advantageous for JCS to make certain business information about you available to companies with which JCS has a strategic relationship or who perform work for JCS to provide products and services to you on our behalf. These companies may help us process information, fulfill customer orders, deliver products to you, manage and enhance customer data, provide customer service, assess your interest in our products and services, or conduct customer research or satisfaction surveys. These companies are also obligated to protect your personal data and information in accordance with JCS’ policies, except if we inform you otherwise at the time of collection. For additional information about the subprocessors we use to support delivery of our services, see the section on JCS subprocessors.
- Aggregated or de-identified data. We may disclose or use aggregated or de-identified information about you for any purpose. For example, we may share aggregated or de-identified information with partners for business or research purposes, such as informing a supplier the average amount of electronic policy valuations performed by users per month to allow for service scaling.
- To comply with laws. If we receive a request for information, we may disclose information about you if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- With consent. JCS may share information about you when we have consent to do so.
Communications
- Responding to your questions and requests. If you contact us with a problem or question, we will use your information to respond.
- Sending you administrative emails and messages about your service. We may contact you to inform you about changes to our services and important service related notices, such as billing, security and fraud notices. These emails and messages are considered a necessary part of the services offered by JCS and you may not opt-out of them.
- Sending emails about new products or other news about JCS that we think you’d like to hear about either from us or from our business partners. You can always opt out of these types of messages at any time by clicking the unsubscribe link at the bottom of each communication.
- Conducting surveys. We may use the information gathered in the surveys to enhance and personalise our products, services, and websites.
Data retention
Children's privacy
Security
International data transfers
- Data is transferred to a country that has an "Adequacy Decision" from the European Commission.
- Data is transferred to a supplier that has EU-US Privacy Shield certification.
- Data is transferred to a supplier, where we have agreed European Union Model Clauses.
Identifying the data controller and processor
JCS subprocessors
Entity Name | Subprocessing Activities | Entity Country | Safeguards |
---|---|---|---|
BluJay Solutions | Secure B2B Messaging Services for Electronic Remuneration | United Kingdom (Global HQ) | EU-US Privacy Shield for any data transferred to United States and EU Model Clause |
Entity Name | Subprocessing Activities | Entity Country | Safeguards |
---|---|---|---|
Amazon Web Services Europe | Cloud-based Email Notification Services | United Kingdom | Within EEA |
Amazon Web Services Europe | Cloud-based Backup Services | United Kingdom | Within EEA |
Google Inc. | Cloud-based Email and Collaboration Services | United States | EU Model Clause |
Acpana Business Systems Inc. | Cloud-based Backup Services | Canada | Adequate Status |
Gradwell Communications Ltd | Cloud-based Telephone Services | United Kingdom | Within EEA |
LogMeIn Inc. | Cloud-based Remote Access Services | United States |
EU-US Privacy Shield |
Electronic Team Inc. | HelpWire Cloud-based Remote Access Services | United States |
EU Model Clause |
Civic UK | Cloud-based Cookie Services | United Kingdom | Within EEA |
Your rights
Updates and changes
Data protection authority
Client data security practices
- Customer datasets. As part of our services provided to you, JCS may have a need to collect a copy of your JCS Client Data, which will contain Personal Data about your clients, and in many cases will also contain Special Category Data. We take the utmost care with Client Data, and our handling of such data is covered by a separate and specific agreement with you in each case before obtaining the data which restricts the purpose and use of the data. When collecting this Client Data, all data is encrypted in transit and encrypted at rest. The data is stored encrypted on our servers in Guernsey, Channel Islands. Access to this data is restricted to only those employees that have a need to use that data, and all access to the data is logged. On completion of the work, the data is destroyed and we employ a strict data retention policy to ensure that all data will be destroyed within 6 weeks of collection unless we seek a specific data retention extension from you. We do not copy, distribute, or transfer this data to any third party, except for the specific purpose that the data was collected. This data is specifically excluded from our company backup policy to ensure that no extra copies are created.
- User submitted errors. To monitor any errors that occur in JCS, we allow users to submit details of the error to us for both detailed and aggregated analysis. Whilst most information sent is details about the software, some of it may include Personal Data about the client being worked on at the time. When receiving this Client Data, all data is encrypted in transit, and any information that may contain Personal Data is encrypted at rest within a secure database located in Guernsey, Channel Islands. Access to this data is restricted to only those employees that have a need to use that data. When we have no further use for the data, it will be destroyed and we employ a strict data retention policy on all data that could possibly contain Personal Data, which ensures that this data is destroyed within 6 weeks of being sent to us. We do not copy, distribute, or transfer this data to any third party. This data is specifically excluded from our company backup policy to ensure that no extra copies are created.
Our company wide commitment to your privacy
Privacy questions