Who Are We?
JAASART – (“JAASART”, “we” or “us”) are committed to protecting and respecting your privacy. The current data protection regime is governed under UK law by the Data Protection Act 1998 but with effect from 25th May 2018, this shall be replaced by the EU General Data Protection Regulation.
For the purposes of the General Data Protection Regulation (GDPR), when we refer to “JAASART”, “we” or “us”, we mean the legal entity that acts as the controller of your information, JAASART, 98 Staplehurst Close, Weston, Southampton, SO19 9QT
Information We May Collect From You
We may collect and process certain information whenever you interact with us. For example, information may be collected when you send us feedback, complete an enquiry form, request a service or engage in certain other activities on our site. The information we collect will depend on the device that you use and your privacy settings, but may include the following data about you:
1.1 If you contact us via telephone, email, social media or any other means we may keep a record of your information.
1.2 When visiting our Website or otherwise contacting us we may automatically collect and store information including:
1.1.1 Information about your visit, including the URL clickstream to, through and from our website, pages you viewed and products you searched for, downloads, response times and length of visits to certain pages.
1.1.2 Technical information, including the Internet Protocol (IP) address used to connect your device to the Internet, your browser type and version, and your time zone setting.
1.1.3 Telephone log information, recording of call, your phone number, calling-party number, time and date of calls, forwarding numbers, and duration of calls.
JAASART Clients/Prospective Clients and Partners
1.4 If you complete online forms on Our Website, we may collect your name, title, company name, telephone number, mobile number, email address and any other information that you provide us through Our Website.
1.5 We obtain information from our third-party credit reference agencies.
3. Lawful Basis For Processing
3.1 The GDPR only permits us to process your personal data to the extent that one of the lawful bases set out therein applies to that processing. In processing your personal data, we rely principally on the following lawful basis, namely that processing is necessary for the purposes of our legitimate interests, and those are not overridden by your interests or your fundamental rights or freedoms.
3.2 In certain circumstances, we may rely on one of the following lawful bases for our processing, namely:-
3.2.1 processing is necessary for the performance of a contract entered into between us, or to be entered into between us; or
3.2.2 processing is required for compliance with a legal obligation of ours; or
3.2.3 the data subject has given consent to the processing of his or her personal data.
3.3 We may process your personal data relying on more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us using the contact details set out below (see section 12 below) if you need details about the specific lawful basis on which we are relying on to process your personal data.
4. How We May Use Your Information
4.1 We may collect, store and use your personal information:
4.1.1 To open an account with us and to manage, operate and maintain that account;
4.1.2 In case we need to check we have carried out your instructions correctly, to resolve issues and queries;
4.1.3 To provide you with information about our products and services that you request from us;
4.1.5 To ensure we comply with all applicable laws and regulations;
4.1.6 To develop and improve our services, products and business;
4.1.7 To carry out statistical analysis, market research and testing;
4.1.8 For staff training purposes where we may monitor and record conversations;
4.1.9 To notify clients and partners about changes to our services and products and provide information about new developments that may interest you;
4.1.10 To verify your identity and the other information you have provided to us, and (if relevant) the identity of your business associates;
4.1.11 To update the records we hold about you;
4.1.12 In connection with the processing, activities set out in this Policy.
5. Who We Share Your Information With
5.1 We may share your information with various third parties, including:
5.2 With the credit reference agencies;
5.3 With suppliers and third-party data processors;
5.4 If we are under a duty to share your personal information in order to comply with any legal obligation;
5.5 With a third party who acquires all or part of our business, or to a successor in interest in the unlikely event of our insolvency, winding up or liquidation;
5.6 With third parties who process your personal information on our behalf who are only permitted to process your personal data in accordance with our instructions.
6. Credit Reference Agencies and Fraud Prevention
6.1 We use credit reference agencies to make fair and informed decisions on whether to offer our products and services to you. This is standard procedure for most businesses.
6.2 We use them as part of our application process, Know Your Client ‘KYC’ checks and ongoing monitoring on the account.
6.3 We do not perform a credit check on the individual, therefore a credit check footprint will not be left on your personal credit file. The credit reference agencies may, however, leave a footprint to show an agency has looked at your personal record.
6.4 If you give us false or inaccurate information or if we suspect fraud we may record this and may also pass this information to fraud prevention agencies and other organisations involved in crime and fraud prevention including law enforcement agencies.
6.5 We and other organisations may access and use this information in order to prevent fraud, money laundering or other criminal activity.
7. Where We Store Your Information
7.1 We process data and store it on servers managed by our hosting provider. Those servers are located in the European Economic Area (EEA) in the UK. Our server environment is highly secure and there is very limited personnel access.
7.2 We try to ensure that we do not send data outside the EEA, however, this is not possible in all cases. In relation to a very small number of our suppliers or data processors, the data that we collect from you may be transferred to, and stored at, a destination outside the EEA as well as processed by staff operating outside the EEA who work for them. However, by submitting your personal data, you consent to this transfer, storing or processing. We will ensure that suitable safeguards are in place before personal information is transferred outside the EEA and we will ensure that your data is treated securely.
7.3 We will do our best to protect your personal data, however, the transmission of information via the internet can never be 100% secure. We cannot guarantee the security of your data transmitted to us and so any transmission is at your own risk.
8. Data Retention
8.1 JAASART will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, tax or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us at email@example.com
9. Your Rights
9.1 Individuals from the European Economic Area and individuals located in the EEA have statutory rights in relation to personal data. Subject to any exemptions provided by law, you have the right to be informed, request access to information, as well as to seek to update, delete or correct this Information, alongside the right to restrict processing, to object and request the portability of the data (i.e. requesting that we move, copy or transfer your personal information to another organisation). If you wish to exercise any of these rights, please contact us at firstname.lastname@example.org
9.2 The Act gives you the right to access personal information held about you through a subject access request.
9.3 There is no charge relating to this request, however, if the request is deemed as excessive and manifestly unfounded we may charge you a reasonable fee. We may also charge a reasonable fee if you request more than one copy of the information requested.
9.4 All requests to access your personal information we hold made in writing is a subject access request. Should you wish to access your personal information, please email email@example.com or send your request to our registered office addressed to ‘The Data Protection Officer’.
9.5 We will respond to your request within 30 days providing either;
9.6 All your personal information we hold or;
9.7 A request for a 2-month extension period allowing us to collate all of your personal information where requests are complex or numerous. We then have 2 months from the extension request date to provide all of your personal information we hold.
10. Accuracy of Personal Data
10.1 If at any time you believe that any personal data we are holding about you is inaccurate, out-of-date or incomplete, please notify us at firstname.lastname@example.org as soon as possible. We will promptly correct or delete any data found to be incorrect or provide you with reasonable means to correct such data which we hold about you.
12. Contacting Us
13.1 If you are not satisfied with our response to any queries or complaints you raise with us or believe we are not processing your personal data in accordance with the Data Protection Laws you have the right to lodge a complaint at the Information Commissioner’s Office (www.ico.org.uk).