Jujama Applications Privacy Policy

Effective on: 2024-11-25, v3.4

 

Introduction and Scope

Jujama, Inc., a Pennsylvania corporation, and our subsidiary Jujama Solutions Pvt Ltd (India) (collectively, “Jujama,” “we,” “us,” “our”), take the protection of personally identifiable information (“personal data”) very seriously. This Privacy Policy (this “Policy”) addresses data subjects whose personal data we process in the web, desktop, and mobile versions of our Jujama Event Application, the Event Registration System, and BioProScheduler (collectively, the “Services”).

Controllership

Jujama acts as an agent, also known as a data processor, for the personal data we process for our clients when providing our Services. This means that our clients determine the type of personal data they provide for us to process on their behalf. Jujama’s clients, who organize events, such as conferences, festivals, meetings, etc., act as the data controllers.

Categories of Personal Data

We may process the following types of personal data:

    • biographical information, such as your first and last name;
    • employment information, such as company names and job titles;
    • photographs, documents, and their contents;
    • contact information, such as addresses, phone and fax numbers, zip codes, and e-mail addresses;
    • blog and website addresses;
    • social media profile links and social feed contents;
    • information provided through custom fields; and
    • any other type of personal data provided by you, including by way of social network features, or by a third party.

How We Receive Personal Data

We may receive your personal data when:

    • you provide it to us directly; or
    • we receive it from our clients.

Basis of Processing

Within the scope of this Policy, we process your personal data based on the instructions of our clients.

Purposes of Processing

We process personal data for the purposes of:

    • facilitating events and company-to-company meetings; and
    • registering and tracking attendance of events.

Use of Cookies

We use cookies to store information on your computer. Cookies improve your navigation on this site and enhance your user experience. You may delete or otherwise control cookies. For more information please visit https://www.aboutcookies.org/. Our Services do not have the capability to respond to “Do Not Track” signals received from web browsers. We do not allow third parties to collect PII about your online activities while using our services.

Data Retention Periods

When the purposes of processing are satisfied, we will delete the related personal data within six (6) months.

Sharing Personal Data with Third Parties

We may share your personal data with other organizations. These organizations may include those providing us with services, including those related to:

    • office productivity;
    • backup storage;
    • CRM;
    • electronic signing;
    • e-mail marketing;
    • cloud computing;
    • web hosting;
    • appointment scheduling;
    • customer support and ticketing;
    • payment processing services;
    • website performance measurement; and
    • digital performance monitoring and management.

If you are attending an event, your basic profile will also be visible to other attendees of the same event.

Some of these third parties may be located outside of the United States. However, before transferring your personal data to these third parties, we will either ask for your explicit consent or require the third party to maintain at least the same level of privacy and security for your personal data that we do. We remain liable for the protection of your personal data within the scope of our EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) certifications that we transfer to third parties, except to the extent that we are not responsible for the event that leads to any unauthorized or improper processing.

Also, some of these third parties may be located outside of the European Union or the European Economic Area. In some cases, the European Commission may not have determined that the countries’ data protection laws provide a level of protection equivalent to European Union law. We will only transfer your personal data to third parties in these countries when there are appropriate safeguards in place. These may include the European-Commission-approved standard contractual data protection clauses (also known as the “SCCs”) approved by the European Commission under Article 46.2 of the GDPR, with necessary adjustments for transfers from the UK or Switzerland, or use specific transfer instruments like the UK International Data Transfer Agreement.

Other Disclosure of Your Personal Data

We may disclose your personal data:

    • to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by government or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders;
    • if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; or
    • to our subsidiaries or affiliates only if necessary for business and operational purposes.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any personal data, about the users of our Services as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.

If we must disclose your personal data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your personal data will maintain the privacy or security of your personal data.

Data Integrity & Security

Jujama has implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect personal data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.

Accessing, Deleting & Updating Your Personal Data

If you are a data subject whose personal data we store, you may have the right to request access to, and the opportunity to update, correct, or delete, such personal data. You may also have the right to opt out of having your personal data shared with third parties and to revoke your consent that you have previously provided for your personal data to be shared with third parties, except as required by law. You also have the right to opt out if your personal data is used for any purpose that is materially different from, but nevertheless compatible with, the purpose(s) for which it was originally collected or subsequently authorized by you. To exercise these or any other data subject rights, please contact the data controller who has provided your personal data to us.

Privacy of Children

Our Services are not designed to collect data from children under the age of 13. We do not knowingly collect personal data from anyone under 18. If you believe your child’s personal data may be processed in our Services, you can contact us using the information in the Contact Us section of this Policy to request that we delete that personal data.

Changes to this Policy

If we make any material change to this Policy, we will post the revised Policy to this web page and update the “Effective on” date above to reflect the date on which the new Policy became effective.

EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. Data Privacy
Frameworks

With respect to personal data in the scope of this Policy, Jujama complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), as adopted and set forth by the U.S. Department of Commerce regarding the processing of personal data.

Jujama commits to adhere to and has certified to the Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF

Jujama commits to adhere to and has certified to the Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension of the EU-U.S. DPF, and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the EU-U.S. Principles (including the UK Extension) and/or the Swiss-U.S. Data Privacy Principles, and to view Jujama’s certification, please visit https://www.dataprivacyframework.gov/ and https://www.dataprivacyframework.gov/s/participant-search , respectively. 

Dispute Resolution

If a privacy complaint or dispute relating to Personal Data received by Jujama in reliance on the Data Privacy Frameworks (or any of its predecessors) cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/ .

Binding Arbitration

If we receive a Personal Data-related dispute or complaint in reliance on the Data Privacy Framework that cannot be resolved by us, nor through the dispute resolution mechanism mentioned above, you may have the right to require that we enter into binding arbitration with you under the Data Privacy Framework “Recourse, Enforcement and Liability” Principle and Annex I of the Data Privacy Framework.

European Union Supervisory Authority Oversight

If you are a data subject whose personal data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states.

Regulatory Oversight

Jujama is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (“FTC”).

United Kingdom Representative

VeraSafe has been appointed as Jujama’s representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to or instead of Jujama only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at +44 (20) 4532 2003.

Alternatively, VeraSafe can be contacted at:

VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom

European Union Representative

VeraSafe has been appointed as Jujama’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to Jujama only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form:
https://verasafe.com/public-resources/contact/data-protection-representative or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted as follows:

VeraSafe Czech Republic s.r.o
Klimentská 46
Prague 1, 11002
Czech Republic
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

Contact Us

If you have any questions about this Policy or our processing of your personal data, please contact our Chief Technology Officer at the following e-mail address:

privacy@jujama.com

Please allow up to four (4) weeks for us to reply.