Introduction

This Privacy Policy describes how JCS collects, uses and discloses information that may be collected and received by JCS any time you interact with JCS, such as when you visit our website, when you purchase JCS, or when you call our Sales, Support or Accounts departments. Please take a moment to read the following to learn more about our information practices, including what type of information is gathered, how the information is used and for what purposes, the legal basis used for collection of any personal data, to whom we disclose the information, and how we safeguard your business information. Your privacy is a priority at JCS, and we take care to protect it.

This version of our Privacy Policy reflects changes to data protection law in 2018 with regards to EU residents covered by GDPR.

When we refer to “JCS,” “we,” “our,” or “us” in this policy, we are referring to JCS, and any affiliates, which provide Services to you. The “Services” refers to the applications, services, and websites provided by JCS.

For the purposes of clarification, when we refer to "Client Data", we are referring to the information that you have entered in your JCS databases about your organisation, clients, policies, transactions and any other data stored in the JCS application, or issued to you for the purposes of processing in the JCS application, such as electronic messages from providers and other third parties, including but not limited to valuation messages, and electronic commission/fee statements. JCS does not act as a data controller with respect to this data, but as a data processor where you are the data controller. We have included extra information in this policy about how we handle Client Data to give you confidence and clarity of how we process this data when required.

Information we collect and receive

There are a number of situations in which your business information may help us give you better products. For example:

We may ask for your business information when you’re discussing a service issue on the phone, downloading a software update, registering for a seminar, participating in an online survey, registering your products, or ordering a product.

When you interact with JCS, we may collect information relevant to the situation, such as your name, mailing address, phone number, email address, contact preferences information about the JCS products you use, such as license number and information relating to a support or service issue.
We collect information regarding customer activities on our website. This helps us to determine how best to provide useful information to customers and to understand which parts of our website, products and Internet services are of most interest to them.
We may use your business information to provide products that you have requested as well as for auditing, research and analysis to improve JCS’ products.
When you call us, we may record the conversation to provide evidence of any business transactions over the phone or to ensure that our own quality standards are being met. This is in accordance with the Regulation of Investigatory Powers Act 2000.

We may collect information, possibly including personal information, in the following situations:

JCS Support and Remote Access.

JCS provides you with access to support via email, telephone, or our website. As part of the support process, we may collect any of the following information:

Name
Company name
Telephone number
Email address

Some support calls may require our technicians to connect to your computer using a third party Remote Access Service to assist in training or diagnosis/analysis of the issue. As part of the remote access session, we may collect the following information via our third party remote access service:

IP address of the computer being accessed/viewed
Contact Name
Status of the session
Time/date and length of session
Remote Access tools used within the session (eg viewing session, remote control session, file upload, file download)
Platform Type (eg Windows 10)

All remote viewing and remote control sessions require explicit permission from the end user to access their computer. JCS does not have the ability to initiate a session without a user being present at the computer to authorise the session.

Whilst the end user must always accept an agreement that they understand the implications of providing full remote access to a support technician, we also have staff privacy standards in place to state that no data can be removed/copied from a user's system unless it is covered by our data collection process which ensures that the user's company is informed of any data collected, the data is obtained and stored securely, access to the data is restricted and logged and a data retention policy is in place.

JCS Update Service

JCS Update provides you with updates for your JCS software. The following data is collected by the update service to allow us to operate and improve the service:

The JCS software installed on your computer, to help determine which updates are appropriate
Your JCS configuration settings
Your JCS license ID to validate which software updates you are entitled to

JCS Error Reporting Service

The Error Reporting tool built into JCS collects data about any unhandled error that has been encountered in JCS, and optionally sends it to our Error Collection and Analysis Service over the Internet in order to assist our development and support staff. Users always have direct control over whether to send this data and whether or not to send just the error details, or include the data that triggered the error.

The following data may be collected by the error reporting service:

JCS username and license number
JCS software version
Error number and description
Module and procedure Name
Line number that the error occurred on
Line code that generated the error
A dump of data values being used as the error occurred. (This can optionally be blocked by the user and, if collected, is always stored encrypted with a data retention policy of 6 weeks)

JCS Contract Enquiry Services

Although JCS does not directly provide any services for contract enquiry and valuation, we do distribute known, tested configurations to allow you to connect with and process messages from product providers. To allow us to distribute updated configuration templates, to further understand the extent of use of these services and whether they are working successfully, the following data may be collected:

Your JCS license ID to validate whether you are entitled to receive updated configuration data
Count of successful and unsuccessful connections with each supported product provider
Count of successful policy valuations with each supported product provider

JCS does not collect or process any data other than summarised connection data as detailed above, with respect to contract enquiry services

JCS Electronic Remuneration Services

When making use of JCS Electronic Remuneration Service, JCS provide you with a secure holding area, through a third party, for providers to send electronic statements to you, ready for collection by you. To allow us to provide an effective service, and to prevent possible breach of data through incorrect addressing/delivery/routing of messages from the provider or other third parties, the following log data may be collected from the service:

Number of messages delivered to each assigned client holding area by each product provider
Provider Payment Agency references used in messages

Occasionally, we may be required to remedy malformed messages from providers, or withhold messages from providers to allow testing. This is only ever done with your permission, and is treated as Client Data.

JCS does not collect or process data from this service other than as detailed above.

How we use the information we collect and receive

The information we collect and receive from you will be used by us in accordance with your instructions, including any applicable terms in our Standard Terms and Conditions, and as required by applicable law.

Legal grounds for processing data under GDPR Article 6 / Article 9

Where JCS is acting as a controller, we use the following legal grounds for processing the data:

6(1)A Consent. Used only as a legal basis for business contacts to receive the JCS newsletter.
6(1)C Legal Obligation. Used only for storage of transactional business data for regulatory reasons.
6(1)B Performance of a Contract. Used for all other processing of personal data as a Data Controller

Purpose of processing data under Article 13(1)C

Accounting, Bookkeeping and Related Services
Advertising, Marketing and Public Relations
Consultancy and Advisory Services
Customer and Client Administration
Client Support and Diagnostics

Our role in processing data

JCS acts as both a Data Controller and Data Processor with regards to data collected for performance of a contract.

JCS acts as a Data Processor on behalf of our clients in the following scenarios:

Upload and processing of Client Data for support and diagnostic purposes
Processing of Client Data via the JCS Error Reporting Service
Remote Access Support Sessions, where support technicians may have visibility of Client Data
Processing of Client Data via Electronic Remuneration Statements via secure holding area

Cookies and other technology

As is standard practice on many corporate websites, the JCS website collects certain information from and about its users, we may use this information (which does not identify individual users) to analyse trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole.

Cookies. Cookies are text files stored on your computer, and accessible only to the websites which create them. Our website may from time to time use cookies and log files for statistical analysis, to understand user behaviour, to administer the site, to tailor the information presented to a user based on their preferences, and to improve user experience. Any information gathered by our use of cookies is compiled on an aggregate, anonymous basis. Most web browsers automatically accept cookies, however you may delete, or disable cookies by following the instructions at http://www.allaboutcookies.org/manage-cookies/. Please note that you may not be able to take full advantage of a website if you disable cookies. Our website uses cookies to keep you logged in, so disabling cookies may impair your experience of the service. Further information about cookies can be found on the Interactive Advertising Bureau’s website www.allaboutcookies.org.
Log Files. Our systems automatically gather some anonymous information about visitors, including IP addresses, browser type, language, and the times and dates of webpage visits. The data collected does not include other personally identifiable information and is used, as described above, for statistical analysis, to understand usage behaviour, and to administer the site.
Google Analytics. Our website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. Further information about Google’s privacy policy may be obtained from http://www.google.com/privacy.html.
DoubleClick. Our website and software uses Google AdWords remarketing codes. This allows us to provide targeted advertising in the future. If you do not wish to receive this type of advertising from us in the future you can opt out of Ads Personalisation in your Google Account, in the Ads Settings page of your Account Settings, here; https://myaccount.google.com/ for while you are logged into Google, or the Network Advertising Initiative opt-out page at http://optout.networkadvertising.org for all other times.
Third Party Websites. The JCS website has links to the sites of other companies. JCS is not responsible for the privacy practices or contents of any third-party websites. We recommend and encourage that you always review the privacy policies of third parties before you provide any personal information or complete any transaction with such parties.

Sharing of information

JCS takes your privacy very seriously. JCS does not sell or rent your personal data or contact information to anyone, whether for marketing purposes or otherwise, except as stated below.

With our service providers, vendors, and strategic partners. There are times when it may be advantageous for JCS to make certain business information about you available to companies with which JCS has a strategic relationship or who perform work for JCS to provide products and services to you on our behalf. These companies may help us process information, fulfill customer orders, deliver products to you, manage and enhance customer data, provide customer service, assess your interest in our products and services, or conduct customer research or satisfaction surveys. These companies are also obligated to protect your personal data and information in accordance with JCS’ policies, except if we inform you otherwise at the time of collection. For additional information about the subprocessors we use to support delivery of our services, see the section on JCS subprocessors.
Aggregated or de-identified data. We may disclose or use aggregated or de-identified information about you for any purpose. For example, we may share aggregated or de-identified information with partners for business or research purposes, such as informing a supplier the average amount of electronic policy valuations performed by users per month to allow for service scaling.
To comply with laws. If we receive a request for information, we may disclose information about you if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
With consent. JCS may share information about you when we have consent to do so.

Communications

JCS may need to communicate with you for a variety of different reasons, including:

Responding to your questions and requests. If you contact us with a problem or question, we will use your information to respond.
Sending you administrative emails and messages about your service. We may contact you to inform you about changes to our services and important service related notices, such as billing, security and fraud notices. These emails and messages are considered a necessary part of the services offered by JCS and you may not opt-out of them.
Sending emails about new products or other news about JCS that we think you’d like to hear about either from us or from our business partners. You can always opt out of these types of messages at any time by clicking the unsubscribe link at the bottom of each communication.
Conducting surveys. We may use the information gathered in the surveys to enhance and personalise our products, services, and websites.

Data retention

To the extent permitted by applicable law, we may retain information for as long as you are an active client of JCS, for at least 24 months thereafter, or as needed for other lawful purposes.

We may retain cached or archived copies of information. We may retain anonymised or pseudonymised, aggregated data indefinitely, to the extent permitted under applicable law. We may be required to retain some data for a longer period of time because of various laws and regulations or because of contractual obligations. We also will retain information as long as reasonably necessary to comply with (and demonstrate compliance with) our legal obligations, conduct audits, resolve disputes and enforce our agreements.

We have strict data retention policies in place for Client Data. See the section on Security Practices for more information on how we handle this data.

Children's privacy

The services offered by JCS are not intended for children under 16 years of age. We do not knowingly collect information from children under the age of 16. If we learn we have collected or received personal information from a child without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child, please contact us as defined below.

We understand that Client Data will contain data about children under 16. See the section on Security Practices for more information on how we handle this data.

Security

The security of personal information that we collect and receive is important to us. To prevent unauthorised access or disclosure, to maintain data accuracy, and to ensure the appropriate use of the information, JCS utilises appropriate administrative, technical and physical measures to safeguard the information we collect and receive against loss, theft and misuse, as well as unauthorised access, disclosure, alteration, and destruction.

Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. Therefore, despite our efforts, we cannot guarantee its absolute security. We do not warrant or represent that personal information about you will be protected against, loss, misuse, or alteration by third parties.

Where required under applicable law or by contract, we will notify the appropriate parties of any loss, misuse or alteration of personal information that may affect the affected individuals so that such parties or individuals can take the appropriate actions for the due protection of your rights. If such personal information is information of a JCS customer, we will notify such customer and coordinate with them regarding any notices to particular individuals.

For more information about the security applied to Client Data, see the section on Security Practices.

International data transfers

The services offered by JCS may be provided using resources, servers and third party suppliers located in various countries around the world, including the United States and other countries. Therefore, personal information about individuals or customers may be transferred, processed and stored outside the country where the user is based, including to countries outside the European Economic Area. In such circumstances, to ensure that enforceable data subject rights and effective legal remedies for data subjects are available, we make certain that one of the following appropriate safeguards are in place, whether or not the personal data originated from the European Union:

Data is transferred to a country that has an "Adequacy Decision" from the European Commission.
Data is transferred to a supplier that has EU-US Privacy Shield certification.
Data is transferred to a supplier, where we have agreed European Union Model Clauses.

JCS does not rely on any other safeguards for transferring personal data outside of the EEA, other than the ones stated above.

Identifying the data controller and processor

JCS is the controller and processor of all information collected and received from you, with the exception of Client Data, in which case, JCS is the processor on behalf of you as the controller.

When you make use of our Electronic Remuneration Services, JCS is the processor on behalf of you as the controller for the purposes of transmission/delivery of remuneration data.

JCS subprocessors

To support delivery of our services, JCS may engage and use third party data processors with access to certain Client Data and Other Data (each, a subprocessor). Information about the identity, location and role of each subprocessor is given below.

Before engaging any third party subprocessor, JCS always performs diligence to evaluate their privacy, security and confidentiality practices, and to ensure that suitable data protection safegaurds are in place to handle any potential international data transfer outside of the EEA.

JCS may use the following subprocessors to process Client Data or provide other infrastructure that helps with delivery of our services:

Entity Name	Subprocessing Activities	Entity Country	Safeguards
BluJay Solutions	Secure B2B Messaging Services for Electronic Remuneration	United Kingdom (Global HQ)	EU-US Privacy Shield for any data transferred to United States and EU Model Clause

JCS may use the following subprocessors to perform other service functions that process Other Data:

Entity Name	Subprocessing Activities	Entity Country	Safeguards
Amazon Web Services Europe	Cloud-based Email Notification Services	United Kingdom	Within EEA
Amazon Web Services Europe	Cloud-based Backup Services	United Kingdom	Within EEA
Google Inc.	Cloud-based Email and Collaboration Services	United States	EU Model Clause
Acpana Business Systems Inc.	Cloud-based Backup Services	Canada	Adequate Status
Gradwell Communications Ltd	Cloud-based Telephone Services	United Kingdom	Within EEA
LogMeIn Inc.	Cloud-based Remote Access Services	United States	EU-US Privacy Shield
Civic UK	Cloud-based Cookie Services	United Kingdom	Within EEA

Your rights

Residents of the EU or a country following substantially similar legislation regarding the protection of personal data, may have one or more of the following additional rights:

Access. To request a copy of the personal data we have collected about you.

Rectification & Erasure. To request that we rectify or delete any of the personal data about you that is incomplete, incorrect, unnecessary or outdated.

Objection. To object, at any time, to personal data about you being processed for direct marketing purposes.

Restriction of Processing. To request restriction of processing of personal data about you for certain reasons.

Data Portability. To request and receive the personal data we have collected about you in a commonly used form.

Right to Withdraw Consent. If personal data about you is processed solely based on your consent and not for any other legitimate interest, to withdraw your consent at any time.

Right to Lodge a Complaint with a DPA. If you believe our processing of personal data about you is inconsistent with the applicable data protection laws; to lodge a complaint with your local data protection authority

To exercise any of the above listed rights, please contact us and provide sufficient details so that we can respond appropriately. We will process any requests in accordance with applicable law and within a reasonable period of time. We may need to verify the identity of the individual submitting a request before we can address any request.

To the extent that our processing of your personal data is subject to the General Data Protection Regulation, JCS relies on the legal basis, described in this policy, to process your data. JCS may also process your personal data for marketing purposes and you have a right to object to JCS’ use of your personal data for this purpose at any time.

Updates and changes

JCS may update its privacy policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to periodically review this statement to stay informed about how we are helping to protect the personal information we collect. If we make changes that materially alter your privacy rights, we will provide additional notice, such as via email or through the services we offer.

Data protection authority

JCS is registered as a Data Controller under the Data Protection (Bailiwick of Guernsey) Law, 2017, which is compatible with the UK Data Protection Act, and has attained a GDPR "adequate status" decision from the European Commission, with registration number 011298.

Subject to applicable law, you also have the right to (i) restrict JCS' use of your Personal Data and (ii) lodge a complaint with your local data protection authority or the Guernsey Data Protection Commissioner, which is our local data protection authority. If you are a resident of the European Economic Area and believe we maintain your personal data within the scope of the GDPR, you may direct questions or complaints to:

Office of the Data Protection Authority

St Martin’s House

Le Bordage

St. Peter Port

Guernsey, GY1 1BR

Phone +44 (0) 1481 742074

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Client data security practices

Customer datasets. As part of our services provided to you, JCS may have a need to collect a copy of your JCS Client Data, which will contain Personal Data about your clients, and in many cases will also contain Special Category Data. We take the utmost care with Client Data, and our handling of such data is covered by a separate and specific agreement with you in each case before obtaining the data which restricts the purpose and use of the data. When collecting this Client Data, all data is encrypted in transit and encrypted at rest. The data is stored encrypted on our servers in Guernsey, Channel Islands. Access to this data is restricted to only those employees that have a need to use that data, and all access to the data is logged. On completion of the work, the data is destroyed and we employ a strict data retention policy to ensure that all data will be destroyed within 6 weeks of collection unless we seek a specific data retention extension from you. We do not copy, distribute, or transfer this data to any third party, except for the specific purpose that the data was collected. This data is specifically excluded from our company backup policy to ensure that no extra copies are created.
User submitted errors. To monitor any errors that occur in JCS, we allow users to submit details of the error to us for both detailed and aggregated analysis. Whilst most information sent is details about the software, some of it may include Personal Data about the client being worked on at the time. When receiving this Client Data, all data is encrypted in transit, and any information that may contain Personal Data is encrypted at rest within a secure database located in Guernsey, Channel Islands. Access to this data is restricted to only those employees that have a need to use that data. When we have no further use for the data, it will be destroyed and we employ a strict data retention policy on all data that could possibly contain Personal Data, which ensures that this data is destroyed within 6 weeks of being sent to us. We do not copy, distribute, or transfer this data to any third party. This data is specifically excluded from our company backup policy to ensure that no extra copies are created.

Our company wide commitment to your privacy

JCS takes protecting your privacy very seriously. To make sure your information is secure we communicate these guidelines to JCS employees and strictly enforce privacy safeguards within the company.

Privacy questions

If you have questions or concerns about our Privacy Policy or data processing, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it..