Effective Date: 6th October 2019
1 Our Commitment to Your Privacy
1.3.1 Juksta GDPR Representative Ltd;
1.3.2 Juksta Pty Ltd.
1.4 The business activities and functions of Juksta GDPR Representative Ltd are limited to:
1.4.1 providing a GDPR Representative Services under Article 27 of GDPR; and
1.4.2 marketing and facilitating the sale of privacy related goods and services from third parties.
Under the GDPR Representative Service Our Customers (who are business that are subject to GDPR but who do not have a presence in the EU) use the GDPR Representative Service to make it easy for their customer, employees and others about whom Our Customer hold personal data, Supervisory Authorities and others (Users) to make lawful requests to Our Customers relating to their Users' rights under GDPR, (including for example to request data portability rights, to exercise a right to be forgotten or to seek a correction to inaccurate personal data), to issue legal proceedings or to exercise any other legal rights under GDPR (for example a Supervisory Authority may wish to communicate with one of Our Customers). Our Customers offer the Users the ability to use the GDPR Representative Service as the sole means of communication, or in combination with, or as an alternate to other means of communication between Our Customer and their Users.
1.5 Other companies in the Juksta Group have business activities and functions that:
1.5.1 provide privacy compliance related software and services;
1.5.2 refer Customers to other organisations who provide privacy or business compliance related services;
1.5.3 engage with channel partners and affiliates to promote Our goods and services in connection with their goods and services; and
1.5.4 any business activities related or ancillary to any of these activities.
1.6.1 the Juksta group collect, hold, use, manage and disclose personal data that the Juksta group collects for the purpose of performing the Juksta group's role as a GDPR Representative under Article 27;
1.6.2 the Juksta group collects, holds, uses, manages and discloses in Our own name and for Our business activities and purposes.
1.7.2 "GDPR" means the General Data Protection Regulation (EU) 2016/679.
1.7.4 "Privacy Collection Notice" means a notice that is used to inform You of the purpose for which We will use personal data, the legal basis for processing that personal data, the categories of recipients, any overseas transfers of the personal data and other details relating to the processing of personal data that complies with the requirements of GDPR. A Privacy Collection Notice is most often used at the point where We collect personal data from You.
1.7.5 Other words and phrases that are defined in the GDPR as used with the same meaning given to them under GDPR, including "personal data", "process", "controller", "processor", "special category data", "Supervisory Authority".
1.7.6 "Request" means a request made by a User in the GDPR Representative Service, and includes all the information that is included in the Request by the User (including details of the Users' identity and, where the User is a minor, the User's parents'/guardians' identity).
1.7.7 "User" means a Data Subject, Supervisory Authority or other person who uses the GDPR Representative Service, including to make a Request to an Intended Recipient.
2 Use as part of Our GDPR Representative Services
2.1 Where Juksta GDPR Representative Ltd is providing GDPR Representative Services, Juksta is acting on behalf of it Customer in respect of that personal data and so the Customer is the data controller and Juksta is the data processor of that personal data under GDPR and in respect of that personal data the Customer instructs Juksta to act on Customer's behalf in accordance with Juksta's obligations as the Customer's representative under Article 27 of GDPR.
Types of Personal Data We Collect
2.3 Where the Juksta GDPR Representative Ltd is providing GDPR Representative Services then Juksta GDPR Representative Ltd may collect and hold the following types of personal data:
2.3.1 name, honorific or title, date of birth, address of Users and/or Users' parent or legal guardian;
2.3.2 documents that identify the User, including passport, driver's licence, identity card, birth certificates, marriage certificates, citizenship or naturalisation documents, banks statements, utility bills, and the personal details that are contained in them, including Users' picture, date of birth, previous names, country of birth, gender, marital status, religion, and similar details of family members, guardians or responsible adults;
2.3.3 any other personal data that Users load into the GDPR Representative Service;
2.3.4 any other personal data that Users voluntarily provide Us with, including when Users send Us information via email, SMS or other channels; when Users sign up for or request Us to send Users information through newsletters, alerts or other materials;
2.3.5 any personal data that is loaded into to the GDPR Representative Service by Our Customer for transfer to the User;
2.3.6 any personal data that is collected from third parties, including regulatory authorities, Users' employers, other organisations with whom Users have had dealings, government agencies, businesses that We deal with, information or service providers and social media platforms;
2.3.7 credit card details, including name, card type, card number and CCV;
2.3.8 information a User provides when the User raises a support or administrative enquiry or when We are working with the User to resolve a technical or administrative query.
How We use the Personal Data that We Collect
2.4 Where We collect and process personal data for the purpose of acting as the GDPR Representative under Article 27 of a Customer, the legal basis for processing that data is compliance with a legal obligation.
2.5 In order to perform the GDPR Representative Service We will transfer any personal data that a User or a Customer loads into the GDPR Representative Service to and from the country in which the User (or any relevant Supervisory Authority) is located and the Customer is located in order to fulfil Our legal obligations.
2.6 We do not use any personal data or other information that is loaded into the GDPR Representative Service for any purpose of than the operation and risk management of the GDPR Representative Service. We do not view or access any personal data that is loaded into the GDPR Representative Service other than where it is necessary to ensure the efficient and low risk operation of the GDPR Representative Service, including support and maintenance, understanding Our Customer's compliance with GDPR, ensuring back ups are made properly, to verify the effective operation of disaster recovery/business continuity plans or for administrative, risk management, billing and contract management purposes.
How and When We may Disclose Personal Data that We collect
2.8 We may send a Users' personal data, included in the Request, to a Supervisory Authority.
2.9 We may also disclose personal data to Our own personnel, contractors or suppliers in order to administer a User's account, provide support, conduct risk assessments, including
2.9.1 allowing technical support personnel to provide assistance to Users (or Users' employer), if needed;
2.9.2 facilitating authorised transactions between Users (or other people who Users are acting for) and Us or between Users (or other people who Users are acting for) and other people and organisations who are accessible via Our website or other electronic means;
2.9.3 facilitating payment for the purchase of products or services through Our website or otherwise. In this case Users may be directed to (or We may use to facilitate the transaction) a third party website (a secure internet payment gateway) approved by the relevant financial institution within Users' country of access with who the User banks to enter credit/debit/charge card or other payment mechanism details. This third party may in turn integrate the payment software with a third party payment application provider who assists in managing the payment transaction. Where Users are redirected in this way, Users will be subject to the privacy policies of the third party providers;
2.9.4 reviewing a Customer's data privacy compliance and/or insurance coverage to assess the risk of non-compliance with privacy laws.
2.10.1 any EU Member State where Our Juksta group companies offices are located;
2.10.2 Australia, where Juksta group companies have offices;
2.10.3 any EU Member State in which Our hosting provider is located.
provided that We comply with the GDPR requirements for transferring personal data outside of the EU. Our Privacy Collection Notices will provide more information on these transfers.
How We Protect Personal Data and Keep It Secure
2.11 We take all appropriate technological and organisational security measures relating to the personal data. Some of these security measures are set out on Our website at www.juksta.eu/security.
2.12 We hold all information in Our GDPR Representative Service electronically in the GDPR Representative Service , which is stored in secure servers hosted in the EU, and backed up on secure servers hosted in the EU. All data is encrypted when it is in transit to us, and is encrypted when it is received by Us, and is encrypted when it is sent to and from an Intended Recipient through the GDPR Representative Service.
2.13 If a User sends Us a hard copy Request, such as documents that are sent to Us by fax or through the post, We will promptly scan that Request and load the documents comprising that Request into the GDPR Representative Service, and We will then promptly and securely destroy the original hard copy fax or other documents.
2.14 We delete all identity documents that are provided with a Request within 90 days of the date that the User loaded the identity document into our platform.
2.15 We delete all other information in a Request (including all responses to and from the original Request) 7 years from the date the User submitted the original Request.
3 Use as part of Our other business activities and for Our internal business processes, (outside of fulfilling Our Obligations under Article 27 as a GDPR Representative).
Types of Personal Data We Collect
3.1 We may collect and hold the following types of personal data:
3.1.1 name, honorific or title, date of birth, gender and relationship to other individuals (e.g. record of next of kin or emergency contact);
3.1.2 personal and business address, phone number, fax number, email address, Skype address and other business or personal addresses/contact details/identifiers and social media identifiers;
3.1.3 individual's business or vocation status, including job role, job description, job title, employment status, education status, educational institute, courses, status and identifiers;
3.1.4 voicemail recordings left in Our phone system and images that individuals have made publicly available or provided to Us;
3.1.5 biometric information, video and sound recordings from Our security or access control systems;
3.1.6 demographic information such as location at any point in time, preferences or interests;
3.1.7 information, including data, images, video and sound recordings, that You, or people authorised by You enter into Our software programs and services or use the features in Our software programs or services to import from other software applications;
3.1.8 information about the products or services that You purchase or consider purchasing from Us, Our suppliers or business associates;
3.1.9 information about enquiries made to Us, Our suppliers or business associates;
3.1.10 information You provide when You raise a support enquiry or when We are working with You to resolve a technical or administrative query;
3.1.1 information that You provide in response to market research, surveys or competitions that are conducted by or for Us;
3.1.2 information that You provide in response to marketing or training events that We attend e.g. information You give Us when We have a stand at a trade show or industry event or at presentations We give;
3.1.3 information that is provided in respect of employment, contract work, work experience or similar, whether solicited or unsolicited;
3.1.4 credit card or details of other payment methods used on Our website, software programs or services, to purchase Our products and services or in connection with Our support of community or charitable causes;
3.1.5 other personal data that is independently provided by You without Us requesting it;
3.1.6 other personal data that We collect from third parties, including regulatory authorities, Users' employers, other organisations with whom Users have had dealings, government agencies, businesses that We deal with, information or service providers and social media platforms; and/or
3.1.7 cookies, metadata, pixels and other information set out in section 7 below, which may identify You when used by itself or in conjunction with any of the information set out above.
3.2 Generally We do not collect or hold special category data for Our own business use. The only exceptions to this rule are:
3.2.1 where the special category data is collected by our security or access control systems when You visit Our offices or You seek to access Our systems;
3.2.2 where the special category data is directly linked to the individual's employment records and Our collection, holding and use is permitted by applicable law for the purpose managing the individual's employment record;
3.2.3 where special category data is provided to Us in connection with the individual seeking employment, internship, work experience, contract work or similar, whether solicited or unsolicited;
3.2.4 where You provide this special category data in connection with Us operating Our business or providing Our services.
3.3 We collect personal data in a number of ways, including:
3.3.1 through Our website;
3.3.2 through communications with You, including letters, emails, telephone calls, voicemail messages, facsimiles, surveys, competitions, events and via social media applications;
3.3.3 through communications with others;
3.3.4 in the course of You using Our software programs and services, when You or people authorised by You load those details into the software programs or services;
3.3.5 in the course of providing Our products and services to You, including providing support through Our support service;
3.3.6 in the course of You visiting Our offices or seeking to access Our systems;
3.3.7 when Our suppliers provide Us with that personal data;
3.3.8 in the course of Our business functions and activities.
3.4 When We collect personal data We will, wherever practical and in compliance with any legal requirements, use a "Privacy Collection Notice" which will provide You with more detailed information as to the exact nature of the personal data We collect, the purpose for which We will use the personal data, the legal basis for processing that personal data, the categories of recipients, any overseas transfers of the personal data and various other details that may be necessary for Us to meet Our obligations under GDPR.
3.5 We hold personal data:
3.5.1 in Our hard copy files;
3.5.2 in the databases associated with the software programs or services that You have licensed from Us;
3.5.3 in other systems that We use in connection with Our business, some of which may be owned and operated by Our suppliers (please also see section 5); and
3.5.4 in the database associated with Our website.
3.6 Providing it is lawful and practical, We will give You the option of not identifying Yourself, using a pseudonym, or not providing personal data when You enter into a transaction or deal with Us.
3.7 If You elect not to provide Us with personal data then We may not be able to provide You with the information, products, services or support that You may want.
3.8 You will not be able to access Our offices or systems without providing Us with the biometric or other Personal Information that is required by Our access control systems.
3.9 Where it is practical, We use encryption or We process personal data in a manner that does not attribute the individual directly to that individual's personal data to enhance its security.
3.10 We may receive other unsolicited personal data in the course of Our business, for example You send Us an unsolicited job application that includes Your CV and personal details.
3.11 We will notify You when We receive any personal data about You, confirm to You the purposes for which We intend to use that personal data, and deal with this personal data in accordance with Our legal obligations.
3.12 We collect, hold, use, process and disclose personal data for the following purposes:
3.12.1 pursuing Our business activities and functions;
3.12.2 ensuing the security of the Our offices;
3.12.3 allowing the technical support personnel to provide assistance to You (or Your employer), if needed;
3.12.4 facilitating dealings between You (or other people who You are acting for) and Us or between You (or other people who You are acting for) and other people and organisations who are accessible via Our website or other electronic means;
3.12.5 facilitating payment for the purchase of products or services through Our website or otherwise. In this case You may be directed to (or We may use to facilitate the transaction) a third party website (a secure internet payment gateway) approved by the relevant financial institution within Your country of access with whom You bank to enter Your credit/debit/charge card or other payment mechanism details. This third party may in turn integrate the payment software with a third party payment application provider who assists in managing the payment transaction. Where You are redirected in this way, You will be subject to the privacy policies of the third party providers;
3.12.6 performing certain functions via Our website, e.g. completing the Contact Us form or providing information into other forms on the website, conducting surveys, market research, mail outs, competitions or using social media;
3.12.7 conducting surveys, market research, mail outs and competitions off line;
3.12.8 improving the quality of Our website and Our products and services;
3.12.9 allowing You to participate in interactive features of Our service, when You choose to do so;
3.12.10 developing or adding additional products and services from Us or existing or new people and organisations that are accessible via Our website;
3.12.11 Our training and quality assurance purposes;
3.12.12 Our website safety and security purposes;
3.12.13 Our administrative purposes;
3.12.14 allowing technical support personnel to manage Our infrastructure, systems, databases, other applications or tools;
3.12.15 statistical analysis of the usage of Our website or applications or tools that are accessed via the website;
3.12.16 if We sell finance or sell some or all of Our business or its assets then We will transfer any personal data to the potential, and then to the actual, funder or acquirer (and their professional advisers) as part of that transaction and/or
3.12.17 complying with applicable laws, including relevant privacy legislation.
3.13 We advise You that We have a legitimate interest for collecting, holding, using and disclosing Your personal data for the purposes set out in section 3.12 is that it its necessary to enable Us to conduct Our business activities and functions efficiently. In this case We will provide more details of the purposes for which We use Your personal data on the relevant Privacy Collection Notice provided at the time We collect the personal data from You.
How and When We may Disclose Personal Data that We Collect
3.15 We may collect, hold, use, process and disclose personal data for the purpose of direct marketing of any of Our other services or products which We consider may be of interest to you or people you are acting for only where You have given Us consent in a form that complies with the law.
3.16 If You have given Us Your consent to provide You with direct marketing communications We may collect, hold, use, process and disclose personal data in accordance with that consent to enable Us to provide You (or other people who You are acting for) information about, and offer You (or other people who You are acting for), other products and services that We offer and which We consider may be of interest to You or people You are acting for.
3.17 If You give Us consent to provide You with direct marketing communications We will provide a simple means where You can request not to receive direct marketing communications. Where You have consented to Us providing Your personal data to any of Our suppliers or business associates identified to You so they can provide You with direct marketing communications, You may request that We stop sharing any such personal data with that supplier or business associate.
3.18 We shall only obtain personal data about You from a third party source for the purpose of direct marketing where such personal data has been processed lawfully by the third party who has provided. You may request that We disclose the source of that personal data. We will respond to any request made under this section within a reasonable period in accordance with applicable law and at no cost to You.
3.19 We will seek specific consent by way of opt-in for any direct marketing that We intend to carry out.
3.20 We take appropriate technological and organisational measures to secure personal data and protect it from loss or unauthorised disclosure or damage.
3.21 All personal data provided to Us will be held for so long as We reasonably require to deliver services to You or to the person You are acting for or as otherwise required for regulatory or other legal purposes.
3.24 Transfers of personal data to overseas jurisdictions will take place in the following circumstances:
3.24.1 where We have a group company assisting Us with Our business activities and functions;
3.24.2 where We have a supplier assisting Us with providing assistance with Our business activities and functions;
3.24.3 where Our website, or any hosting service We use to support Our internal or customer facing software or software as a service, is hosted by Us or a third party, and the hosting facilities and/or the back-up/disaster recovery sites are located overseas;
3.24.4 where a third party application is being used in connection with Our interactions with You, e.g. when We use email or Skype, the third party providers of the relevant application have their applications hosted overseas and/or use the internet through which personal data is transported automatically across any country around the world;
3.24.5 where analytics and search engine providers assist Us in the improvement and optimisation of Our website.
3.25 The countries in which We know that personal data may be processed and/or transferred to include Australia, countries within the European Union, the United Kingdom and the United States of America.
3.26 Wherever an overseas transfer of personal data occurs, it will be made in accordance with applicable law. More details of overseas transfers will be provided on Our Privacy Collection Notices.
3.27 Where We have given You (or where You have chosen) a password which enables You to access certain parts of Our website or any part of Our services, You are responsible for keeping this password confidential. You must not share a password with anyone.
3.28 Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect Your personal data, We cannot guarantee the security of Your personal data transmitted to Our site and any transmission is at Your own risk. Once We have received Your personal data, We will use appropriate procedures and security features to prevent unauthorised access.
4 Use of Social Media
4.3 We accept no responsibility or liability for any personal data that You publish on any third party application or social media applications.
5.1 A cookie is a small piece of computer code which remains on Your device and contains information which helps Us identify Your browser. A cookie can be used to identify You, either by itself or with other data that is generated by Our website or that We or others may have access to.
5.4 If You do not allow some of the cookies to be used some or all of the website or other applications or tools on it might not be accessible to You. Our Cookie Notices will explain which cookies are important to the use of the website.
5.5 Sometimes information that You upload is provided with associated metadata. If You do not want Us ( or third parties) to use the metadata You must remove it by erasure from the underlying document/materials properties before uploading it onto the website and other applications and tools.
6 Links to other Websites and Applications
Our website includes links to other websites, applications and tools that are not owned or operated by Us. We are not responsible for the content of those websites, applications or tools, nor for any products, services or information contained in them or offered through them. You should review the privacy policies and terms and conditions of use of those websites, applications and tools when You visit them. We do not endorse, recommend, condone or represent the companies or any content on any third party linked website and may terminate the link or linking program at any time.
7 Your Legal Choices and Rights
7.1 Under applicable privacy legislation We must ensure that Your personal data is accurate and up to date. Therefore, please advise Us of any changes to Your personal data promptly.
7.2 If You want to find out what personal data We hold on You, or You believe any of Your personal data that is held by Us:
7.2.1 is not being processed lawfully;
7.2.2 is inaccurate, out of date, incomplete, irrelevant or misleading;
7.2.3 is not necessary for Us to continue to hold it;
7.2.4 that We are not processing it lawfully and You require Us to suspend or stop processing it;
7.2.5 You wish for Us to delete or port Your personal data to a third party provider,
You can contact Us, and We will either provide You with access to the personal data (in so far as We are legally able and required to do so by applicable law,) or We will delete it, correct it or deal with it as applicable, within a reasonable period in accordance with applicable law.
7.3 You can contact Us by:
7.3.1 email at the following email address Privacy@juksta.eu; or
7.3.2 using the contact Us web form on Our website at www.juksta.eu.
7.4.1 email at the following email address Privacy@juksta.eu; or
7.4.2 using the contact Us web form on Our website at www.juksta.eu.
7.5 We will aim to respond to any complaint within 10 business days of the date of receipt. We will attempt to resolve Your complaint to Your satisfaction. If You are not satisfied with how We deal with Your complaint You may contact the relevant regulatory authority in Your country.
7.6 If You make any such complaint, We may be obliged to report that complaint to the relevant regulator within the time frames set out in the relevant legislation. We may also be obliged to self-report breach of privacy to the relevant regulator within the time frames set out in the relevant legislation.
8 The Status of this Policy and any Changes that are made to it