Jonas - Global Website Privacy Policy version 1
Date: 30 April 18
Tucasi LTD - Privacy Policy
Tucasi Ltd as part of the Jonas Family of Companies ("Jonas," "we," "us," "our") are committed to
protecting your privacy. There are various ways that you might interact with Jonas, and the information
you provide when doing so allows us to improve our services.
This website, our related websites and any mobile site or mobile application that link to this Privacy
Policy) (collectively, the "Site", "Sites") are owned and operated by Tucasi Ltd with its principal place of
business at Wessex House, Upper Market Street, Eastleigh, SO509FD.
Our privacy policy explains:
- What information we collect, and why we collect it;
- How we use that information;
- How we protect that information;
- How you can control your information, including accessing, updating and deleting what we store; and
- How we share information collected.
This Privacy Policy applies to Tucasi Ltd and its subsidiaries and affiliates and covers our processing
activities as a data controller.
We do not sell our services to children and the Site is not intended for or directed at children under the
age of 13 years. As such, our Sites are designed for adult user interaction. We do not intentionally
collect personally identifiable information from children under the age of 13.
Tucasi are not required to appoint a formal data protection officer under data protection laws,
however, we have appointed a Data Protection Contact who you can reach out to about any queries
you may have in relation to this Privacy Policy. If you are located in the EEA, you can contact our
representative(s) in the EEA about any data protection queries, using the contact details below.
Jonas adheres to Canadian and international statutes and regulations which govern the protection of
personal information. In Canada Jonas adheres to the Personal Information and Protection of Electronic
Documents Act ("PIPEDA"). In the United States, Jonas adheres to statutes of general application and
statutes of specific application such as the Health Insurance Portability and Accountability Act ("HIPPA")
where applicable In Australia, Jonas complies with the Privacy Act, 1988, a federal statute as well as
with State and Territory laws pertaining to protection of personal information, including the Health
Records Act 2001(VIC) where applicable. In New Zealand, Jonas follows the Privacy Act, 1993. In
Europe, Jonas adheres to i) until 25 May 2018, EU Directive 95/46/EC, as transposed into domestic
legislation of each Member State; ii) on and from 25 May 2018 the General Data Protection Regulation
(EU) 2016/679 ("GDPR"); iii) as and when enacted in the United Kingdom, the Data Protection Act
[2018], supplementing and amending the GDPR; iv) EU Directive 2002/58/EC on privacy and electronic
communications, as transposed into domestic legislation of each Member State; and v) any applicable
decisions, guidelines, guidance notes and codes of practice issued from time to time by courts,
supervisory authorities and other applicable government authorities; in each case together with all laws
implementing, replacing or supplementing the same.
Contacting Us
If you have any questions about our Privacy Policy or your information, or to exercise any of your rights
as described in this Privacy Policy or under data protection laws, you can contact us as follows:
In the EEA
By post:
Data Protection Team, Tucasi Ltd Wessex House, Upper Market Street, Eastleigh, SO50 9FD
By telephone:
02380 016 564
By email:
dpo@tucasi.com
Information we collect
Information we collect
We may collect or record basic personal information which you voluntarily provide through completing
forms on our Site, through electronic mail you send to us, or through other means of communication
between you and us. The categories of personal information you provide may include:
- first and last name;
- job title and company name;
- email address;
- phone number
- mailing address;
- password to register with us;
- any other identifier that permits us to make contact with you.
We do not generally seek to collect sensitive personal information (e.g. social security or other
governmental ID numbers, credit card details and account numbers, racial or ethnic origin, political
opinions, religious or philosophical beliefs, trade-union membership; health or sex life, sexual
orientation; genetic or biometric information) through our Site and if we do we will ask for your explicit
consent to our proposed use of that information at the time of collection. This information will be
collected, stored, accessed and processed in a secure manner.
Information we collect from you
We collect, store and use information about your visits to the Sites and about your computer, tablet,
mobile or other device through which you access the Sites. This includes the following information:
- general non-personal information pertaining to users of our sites technical information, including
the Internet protocol (IP) address, source domain names, specific web pages, length of time spent,
and pages accessed, browser type, internet service provider, device identifier, your login
information, time zone setting, browser plug-in types and versions, operating system and platform,
and geographical location;
- information about your visits and use of the Site, including the full Uniform Resource Locators
(URL), clickstream to, through and from our Site, pages you viewed and searched for, page
response times, length of visits to certain pages, referral source/exit pages, page interaction
information (such as scrolling, clicks and mouse-overs), and website navigation and search terms
used.]
- information about individual contacts for our customers ("Business Contact Information") in the
ordinary course of our business for managing and maintaining customer relationships. In particular,
we may obtain the following types of Business Contact Information: name, address, invoice
information including bank account information, and order information.
Collection and Use of Employee Personal Information
We also collect personal information from our employees and from job applicants (human resource
data) in connection with administration of our human resources programs and functions. These
programs and functions include, but are not limited to: job applications and hiring programs,
compensation and benefit programs, performance appraisals, training, access to our facilities and
computer networks, employee profiles, employee directories, human resource recordkeeping, and other
employment related purposes. It is our policy to keep all past and present employee information private
from disclosure to third parties. There are certain business related exceptions and they are:
- To comply with municipal, regional, provincial or federal agency requests;
- Inquiries from third parties with a signed authorization from the employee to release the
information, except in situations where limited verbal verifications are acceptable (see below);
- Third parties with which we have contractual agreements to assist in administration of company
sponsored benefits.
Prospective employers, government agencies, financial institutions, and residential property managers
routinely contact us requesting information on a former or current employee's work history and salary.
All such requests of this type shall be referred to and completed on a confidential basis by the human
resources department or payroll department. For written verification of employment requests,
information will be provided on the form only when it is accompanied by an employee's signed
authorization to release information. The form will be returned directly to the requesting party and filed
as part of the human resources or payroll department's confidential records.
How We Use Information
As a data controller, we will only use your personal information if we have a legal basis for doing so.
The purpose for which we use and process your information and the legal basis on which we carry out
each type of processing is explained in the table below.
Note that we may process your personal data for more than one lawful ground if the data is used for
several purposes. Please Contact us if you need details about the specific legal ground we are relying
on to process your personal data where more than one ground has been set out in the table below.
| Purposes for which we will process the information |
Type of data |
Legal Basis for the processing |
| To provide you with information and materials that you request from us. |
(a) Identity
(b) Contact |
It is in our legitimate interests to
respond to your queries and
provide any information and
materials requested in order to
generate and develop business.
To ensure we offer an efficient
service, we consider this use to
be proportionate and will not be
prejudicial or detrimental to you. |
| To personalise our services and products and the Sites to you. |
(a) Identity
(b) Contact
(c) Technical |
It is in our legitimate interests to
improve the Site in order to
enhance your experience on our
Site,
to
facilitate
system
administration and better our
services. We consider this use to
be proportionate and will not be
prejudicial or detrimental to you.
If you do not wish to receive
tailored
or
personalised
information from us based on
personal information you have
provided us, please contact us as
provided in
"Contacting Us"
above. |
| To update you on services and products and benefits we offer. |
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical |
It is in our legitimate interests to
market our services and products.
We consider this use to be
proportionate and will not be
prejudicial or detrimental to you.
If you would prefer not to receive
any
direct
marketing
communications from us, you can
opt-out at any time by contacting
us as providing in "Contacting Us"
above.
For direct marketing sent by email
to new contacts (i.e. individuals
who we have not previously
engaged with), we need your
consent to send you unsolicited
direct marketing. |
| To send you information regarding changes to our policies, other terms and conditions and other administrative information. |
(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile |
It is in our legitimate interests to
ensure that any changes to our
policies and other terms are
communicated to you. We
consider this use to be necessary
for our legitimate interests and will
not be prejudicial or detrimental to
you. |
To administer our Sites including troubleshooting, data analysis, testing, research, statistical and survey purposes;
To improve our Sites to ensure
that consent is presented in the
most effective manner for you
and your computer, mobile
device or other item of hardware
through which you access the
Sites; and
To keep our Sites safe and
secure. |
(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile |
For all these categories, it is in our
legitimate interests to continually
monitor and improve our services
and your experience of the Sites
and to ensure network security.
We consider this use to be
necessary for our legitimate
interests and will not be
prejudicial or detrimental to you. |
| To measure or understand the effectiveness of any marketing we provide to you and others, and to deliver relevant marketing to you. |
(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile |
It is in our legitimate interests to
continually improve our offering
and to develop our business. We
consider this use to be necessary
in order to effectively generate
business and will not be
prejudicial or detrimental to you. |
| To enforce the terms and conditions and any contracts entered into with you. |
|
It is in our legitimate interests to
enforce our terms and conditions
of service. We consider this use
to be necessary for our legitimate
interests and proportionate. |
If you do not wish to provide us with your personal data and processing such data is necessary for the
performance of a contract with you and to fulfil our contractual obligations to you, we may not be able
to perform our obligations under the contract between us.
Where you provide consent, you can withdraw your consent at any time and free of charge, but without
affecting the lawfulness of processing based on consent before its withdrawal. You can update your
details or change your privacy preferences by contacting us as provided in "Contacting us" above.
Where we rely on legitimate interests as a lawful basis, we will carry out a balancing test to ensure that
your interests, rights and freedoms do not override our legitimate interests. If you want further
information on the balancing test we have carried out, you can request this from us by Contacting us.
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around
marketing and advertising.
Third-party marketing
We do not share personal data with any company outside the Jonas group for marketing purposes,
however we do engage data processors to assist in the delivery of emails.
Opting out
You can ask us to stop sending you marketing messages at any time by clicking the unsubscribe link
at the bottom of emails, or email your request to
marketing@tucasi.com.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we
reasonably consider that we need to use it for another reason and that reason is compatible with the
original purpose. If we need to use your personal information for an unrelated purpose, we will notify
you in a timely manner and we will explain the legal basis which allows us to do so.
Tucasi Ltd as data processor
In certain cases, we also operate as an data processor and we collect and process personal information
on behalf of our business customers in the provision of our services and products. In these
circumstances, Tucasi Ltd is acting as a data processor and our business customers remain the data
controller in respect of personal information they provide to us.
Our business customers remain the data [information] controllers with respect to any customer
information that they provide to us for our provision of services. To the extent that we are acting as data
processor, we therefore act in accordance with the instructions of such customers regarding the
collection, processing, storage, deletion and transfer of customer information, as well as other matters
such as the provision of access to and rectification of customer. We will only use such personal
information for the purposes of providing the services and products for which our business customers
have engaged us.
Our business customers are responsible for ensuring that these individuals' privacy is respected,
including communicating to the individuals in their own privacy policies who their personal information
is being shared with and processed by.
As a data processor, we may share personal information where instructed by our business customer.
Where authorized by the business customer, we may also share personal information with third party
service providers who work for us and who are subject to security and confidentiality obligations.
Where Tucasi Ltd is acting as a data processor, we will refer any request from an individual for access
to personal information which we hold about them to our customer. We will not respond directly to the
request.
We will retain personal information which we process on behalf of our customers for as long as needed
to provide services and products to our customers and in accordance with any agreement in place with
our customers.
Disclosure Of Your Personal Data To Third Parties
We will not sell, rent, lease or otherwise share your personal information other than as outlined in this
Privacy Policy or without obtaining your consent beforehand.
Internal third parties
We may share your personal information with our group companies, affiliates, subsidiaries or
contractors as necessary to carry out the purposes for which the information was supplied or collected
(i.e. to provide the services and products you have requested from us).
External third parties
Personal information will also be shared with our third party service providers and business partners
who assist with the running of the Sites and our services and products including hosting providers, SMS
service providers, Payment Processors, Salesforce (CRM for the purposes of logging requests/defects),
and Act-On (marketing automation). Our third party service providers and business partners are subject
to security and confidentiality obligations and are only permitted to process your personal information
for specified purposes and in accordance with our instructions.
We may also post links to third party websites as a service to you. These third party websites are
operated by companies that are outside of our control, and your activities at those third party websites
will be governed by the policies and practices of those third parties. We encourage you to review the
privacy policies of these third parties before disclosing any information, as we are not responsible for
the privacy policies of those websites.
In addition, we may disclose information about you when we believe, in good faith, that such use or
disclosure is reasonably necessary to:
- comply with law
- enforce or apply the terms of any of our user agreements
- protect our rights, property or safety,, or the rights, property or safety of our users, or others
- in the event that we become involved in a business divestiture, change of control, sale, merger, or
acquisition of all or a part of our business, in which case we may disclose your personal information
to the prospective seller or buyer of such business or assets;
- if all or substantially all of our assets are acquired by a third party, in which case personal
information held by it about its customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal information in order to comply with any
legal or regulatory obligation;
- if necessary to protect the vital interests of a person; and
- to enforce or apply our terms and conditions or to establish, exercise or defend the rights of Tucasi
Ltd, our staff, customers or others.
International Transfers
Tucasi do not share your data outside of the EEA
Security of Your Personal Data
The security of your personal information is important to us. We follow generally accepted industry
standards to protect the personal information submitted to us, both during transmission and once we
receive it.
We use appropriate measures to safeguard personally identifiable information, which measures are
appropriate to the type of information maintained, and follows applicable laws regarding the
safeguarding of any such information under our control. In addition, in some areas of our Sites, we may
use encryption technology to enhance information privacy and help prevent loss, misuse, or alteration
of the information under our control. We also employ industry-standard measures and processes for
detecting
and responding to inappropriate attempts to breach our systems.
No method of transmission over the Internet, or method of electronic storage, can be 100% secure.
Therefore, we cannot guarantee the absolute security of your information. The Internet by its nature is
a public forum, and we encourage you to use caution when disclosing information online. Often, you
are in the best situation to protect yourself online. You are responsible for protecting your username
and password from third party access, and for selecting passwords that are secure.
If you have any questions about security on our Site, you can contact us as provided in "Contacting us"
above.
Data Retention: How Long We Keep Your Personal Data
When you contact us, we may keep a record of your communication to help solve any issues that you
might be facing. Your information may be retained for as long as necessary to fulfil the purposes we
collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirement.
To determine the appropriate retention period for personal data, we consider the amount, nature, and
sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your
personal data, the purposes for which we process your personal data and whether we can achieve
those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention
policy which is available upon request.
Your rights
Subject to certain limitations, you have rights under data protection laws in relation to your personal
data. These rights include the rights to:
- Request access to your personal data - (commonly known as a "data subject access request")
This enables you to receive a copy of the personal data we hold about you and to check that we
are lawfully processing it. Note that we may refuse to comply with a request for access if the request
is manifestly unfounded or excessive, or repetitive in nature.
- Request correction of your personal data - this enables you to have any incomplete or inaccurate
data we hold about you corrected, though we may need to verify the accuracy of the new data you
provide to us. Note that we may refuse to comply with a request for correction if the request is
manifestly unfounded or excessive, or repetitive in nature.
- Request erasure of your personal data - this enables you to ask us to delete or remove personal
data where there is no good reason for us continuing to process it. You also have the right to ask
us to delete or remove your personal data where you have successfully exercised your right to
object to processing (see below), where we may have processed your information unlawfully or
where we are required to erase your personal data to comply with local law. Note that we may
refuse a request for erasure, for example, where the processing is necessary to comply with a legal
obligation or necessary for the establishment, exercise or defence of legal claims.
- Request restriction of processing your personal data - this enables you to ask us to suspend
the processing of your personal data in the following scenarios: (a) if you want us to establish the
data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c)
where you need us to hold the data even if we no longer require it as you need it to establish,
exercise or defend legal claims; or (d) you have objected to our use of your data but we need to
verify whether we have overriding legitimate grounds to use it. Note that we may refuse to comply
with a request for restriction if the request is manifestly unfounded or excessive, or repetitive in
nature.
- Request transfer of your personal data - we will provide to you, or a third party you have chosen,
your personal data in a structured, commonly used, machine-readable format. Note that this right
only applies where your personal data is processed by us with your consent or for the performance
of a contract and when processing is carried out by automated means.
- Right to withdraw consent - you can withdraw your consent at any time where we are relying on
consent to process your personal data. However, this will not affect the lawfulness of any processing
carried out before you withdraw your consent.
Your Right To Object
Direct marketing
You have the right to object where we are processing your personal data for direct marketing purposes.
In some cases, we may demonstrate that we have compelling legitimate grounds to process your
information which override your rights and freedoms.
Where we process your information based on our legitimate interests.
You also have the right to object, on grounds relating to your particular situation, at any time to
processing of your personal information which is based on our legitimate interests. Where you object
on this ground, we shall no longer process your personal information unless we can demonstrate
compelling legitimate grounds for the processing which override your interests, rights and freedoms or
for the establishment, exercise or defence of legal claims.
Exercising Your Rights
If you wish to exercise any of the rights set out above, including withdrawing consent, please contact
us giving us specific details regarding which right you choose to exercise.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your
right to access your personal data (or to exercise any of your other rights). This is a security measure
to ensure that personal data is not disclosed to any person who has no right to receive it. We may also
contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than
a month if your request is particularly complex or you have made a number of requests. In this case,
we will notify you and keep you updated.
Please direct any questions about your information to the Data Protection Contact identified above.
Use of Cookies, IP Addresses and Aggregate Information
Cookies
In order to improve the Sites, we may use small files commonly known as "cookies". Cookies are a
technology that can be used to help personalize your use of a website. A cookie is a small amount of
data which often includes a unique identifier that is sent to your computer or mobile phone (your
"device") from the Sites and is stored on your device's browser or hard drive. The cookies we use on
the Sites won't collect personally identifiable information about you and we won't disclose information
stored in cookies that we place on your device to third parties.
To enable us to assess the effectiveness and usefulness of this Site, and to give you the best user
experience, we collect and store information such as pages viewed by you, your domain names and
similar information. Our Site makes use of anonymous cookies for the purposes of:
- Completion and support of Site activity;
- Site and system administration;
- Research and development; and
- Anonymous user analysis, user profiling, and decision-making.
By continuing to browse the Sites, you are agreeing to our use of cookies.
If you don't want us to use cookies when you use the Sites, you can set your browser to notify you when
you receive a cookie, giving you the chance to decide whether to accept it or decline at any time.
However, if you block cookies some of the features on the Sites may not function as a result.
You can find more information about how to do manage cookies for all the commonly used internet
browsers by visiting
www.allaboutcookies.org.
This website will also explain how you can delete cookies
which are already stored on your device.
We currently set the following cookies:
| Cookie |
Purpose |
| Hazelcast.sessionId |
[ Required for browsing our website. This is a transient (session)
cookie, is not retained after you have closed your browser, and
cannot be used to identify you ] |
| JSESSIONID |
[ Required for browsing our website. This is a transient (session)
cookie, is not retained after you have closed your browser, and
cannot be used to identify you ] |
|
|
Cookies from third parties
We currently use the following third party cookies:
| Third Party Cookies |
Cookie Name(s) |
Purpose |
Link |
| [Google Analytics] |
|
[These cookies provide us with a visitor count
and an understanding of how visitors move
around and use the Sites. We can then use
this information to improve navigability and
the Sites generally
- please see further
details below] |
[Google Privacy Policy] |
| [Act-On] |
|
[These cookies enable us to recognise your
browser and help us to track visits to the
Sites and also to recognise a return visitor as
a unique user. For example, if you provide us
with your name and email address on the
Sites, we will know your identity when you
visit the Sites at a later date.] |
[Act-On Privacy Policy] |
For use where Google Analytics used only] [We only use "Google Analytics" on the Sites. This cookie
provides us with a visitor count and an understanding of how visitors move around and use the Sites.
We can then use this information to improve navigability and the Sites generally. The cookies we use
on the Sites won't collect personally identifiable information about you and we won't disclose information
stored in cookies that we place on your device to third parties.
We are obliged by Google Analytics to state the following:
The Sites use Google Analytics, a web analytics service provided by Google Inc. (
"Google"). Google
Analytics uses "cookies", which are text files placed on your computer, to help the Sites analyse how
users use the Sites. The information generated by the cookie about your use of the Sites (including
your IP address) will be transmitted to and stored by Google on servers in the United States. Google
will use this information for the purpose of evaluating your use of the Sites, compiling reports on website
activity for website operators and providing other services relating to website activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where such
third parties process the information on Google's behalf. Google will not associate your IP address with
any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings
on your browser, however please note that if you do this you may not be able to use the full functionality
of the Sites. By using the Sites, you consent to the processing of data about you by Google in the
manner and for the purposes set out above.
IP Addresses and Aggregate Information
An Internet Protocol ("IP") address is associated with your computer's connection to the internet. We
may use your IP address to help diagnose problems with our server, to administer the Site and to
maintain contact with you as you navigate through the Site. Your computer's IP address also may be
used to provide you with information based upon your navigation through the Site.
Aggregate information is used to measure the visitors' interest in, and use of, various areas of the Site
and the various programs that we administer. We will rely upon aggregate information, which is
information that does not identify you, such as statistical and navigational information. With this
aggregate information, we may undertake statistical and other summary analyses of the visitors'
behaviours and characteristics. Although we may share this aggregate information with third parties,
none of this information will allow anyone to identify you, or to determine anything else personal about
you.
Links
The Sites may, from time to time, contain links to and from the websites of our business partners,
advertisers and affiliates. If you follow a link to any of these websites, please note that these websites
have their own privacy policies and do not accept any responsibility or liability for these policies. Please
check these policies before you submit any personal information to these websites.
Social Media and Online Engagement
We occasionally use a variety of new technologies and social media options to communicate and
interact with customers, potential customers, employees and potential employees. These sites and
applications include popular social networking and media sites, open source software communities and
more. To better engage the public in ongoing dialog, certain of our businesses use certain third-party
platforms including, but not limited to, Facebook, Twitter and LinkedIn. Third-Party Websites and
Applications (TPWA) are Web-based technologies that are not exclusively operated or controlled by us.
When interacting on those websites, you may reveal certain personal information to us or to third
parties. Other than when used by our employees for the purpose of responding to a specific message
or request, we will not use, share, or retain your personal information.
Complaints
For the UK: You have the right to make a complaint at any time with a supervisory authority, in particular
in the EU (or EEA) state where you work, normally live or where any alleged infringement of data
protection laws occurred. The supervisory authority in the UK is the Information Commissioner who
may be contacted at
https://ico.org.uk/concerns/
or telephone: [0303 123 1113].
If we receive formal written complaints, we will follow up with the person making the complaint. We work
with the appropriate regulatory authorities to resolve any complaints that cannot be resolved directly.
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so
please contact us in the first instance.
Changes to this Policy
We regularly review our compliance with our privacy policy. We also adhere to several self-regulatory
frameworks in addition to complying with applicable law.
We may change this privacy policy from time to time. If this privacy policy changes, the revised privacy
policy will be posted at the "Privacy Policy" link on the Site's home page. In the event that the change
is significant or material, we will notify you of such a change by revising the link on the home page to
read "Newly Revised Privacy Policy." Please check the privacy policy frequently. Your continued use of
the Site constitutes acceptance of such changes in the privacy policy, except where further steps are
required by applicable law. This privacy policy was last updated on the date set out at the end of the
policy.
LAST UPDATED: 27 April 2018