Privacy Policy

Two Jay (Two Jay Ltd, Suite A The Quadrant, Parkway Avenue, Sheffield S9 4WG; Company registration 07536157; ICO Registration 10036564) is committed to safeguarding your privacy. This Privacy Policy explains how we treat your personal information when we process it as a Data Controller and it forms part of our General Terms of Use.

Please do not submit anyone else’s personal information to us unless you have their express consent
to do this.

If you have any questions, comments or requests regarding your personal information, please email
DPO@twojay.co.


WHAT DATA DO WE COLLECT?

We collect the following personal information that you provide directly to us:

- When we communicate with each other (including your name, email address, telephone number and the content of our communications)

- When you sign up to Two Jay (including your name, email address, postal address, telephone number, work position)

- When you subscribe to email notifications and/or newsletters (including your name and email address)

- Other information that you choose to send to us

 

DATA WE DERIVE THROUGH YOUR USE OF TWO JAY

General user information about your computer and your visits (including your IP address, location, browser, operating system, referral source, length of visit and the pages you visit). This information

can be facilitated by cookies (see our Cookies policy below).

 

HOW WE USE YOUR DATA AND LEGAL GROUNDS

We will only use your personal information for the purposes set out in this Privacy Policy. The legal basis for using your personal information is that either we have a legitimate interest in doing so or we
have your express consent. We use your data in these ways:


Legitimate interest:

- To administer Two Jay, our website and our business

- To enable your use of TwoJay.co and other requested services

- To respond to technical support requests

- To provide requested information to you

- To ensure the continuity of our services e.g. back ups

- To send invoices, reports, statements, payment reminders and collect payments from you

- To send you email notifications or newsletters that you have specifically requested

- To deal with any enquiries or complaints by you or about your experience with Two Jay

- To understand how you (and others) are using Two Jay, to help us improve and develop our services

- To monitor compliance with our Terms and Conditions

- To keep our systems secure and prevent fraud

- To send you other necessary information about our services and our relationship

- To otherwise manage our relationship with you or comply with our contractual obligations

Consent:
If you have expressly agreed for us to contact you about new services, offers, events or news if you have subscribed to relevant mailing lists (you can unsubscribe at any time either by managing your
account settings or by emailing DPO@twojay.co.)


We do not:

- Share your data with third parties for their own purposes

- Send you unsolicited communications unless you have specifically agreed


DISCLOSING YOUR PERSONAL INFORMATION

We may disclose your personal information to third parties (provided that they are bound by appropriate obligations to safeguard your information) as follows:

- To our employees, officers, insurers, professional advisors and agents to the extent that it is reasonably necessary to do so for the above permitted purposes

- To any Two Jay group companies

- To our third party suppliers and subcontractors to help us provide Two Jay services to you and for other legitimate business reasons. These include:

o our hosting service provider

o our third party subcontractors and service providers involved in the development, maintenance, backup, storage, financial administration and other integrated services as required in order to provide Two Jay to you

o anonymous usage data to 3rd party services to assist us in providing continuity.
- If we are required to do so by law or in any legal proceedings
- If we need to for fraud prevention or to protect the rights, property or safety of us, our
customers or others.
- To third parties wishing to purchase our business or assets.


WHERE YOUR INFORMATION IS STORED

Two Jay uses Google Cloud Platform, UK Fast and various SaaS providers to manage your data. Data centres for these services are held in global locations. All of our sub-processors are fully compliant
with GDPR and where necessary, hold Privacy Shield certification.


TRANSFERS TO THIRD COUNTRIES AND SAFEGUARDS

We are an international business with a global customer base. We may need to transfer personal information between any of the countries we operate in and to our suppliers and subcontractors in
other countries. We do not transfer any data to third countries or international organisations unless they are deemed by applicable law to have adequate privacy protection or recognised legal
mechanisms are in place to ensure adequate protection of your information (e.g. EU Model Contract Clauses or EU-US Privacy Shield or Swiss-US Privacy Shield frameworks).

Our development team in India have the same access to workflows from the Nagpur office as our UK team and is fully compliant with our internal policies and compliance protocol and complies with
GDPR and appropriate data protection legislation. Any international transfers of your personal information will also be subject to binding privacy and confidentiality terms enabling us to ensure
compliance with this Privacy Policy.

 

HOW YOUR DATA IS KEPT SECURE

We work hard to protect Two Jay and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information we hold. In particular:

- We do not store copies of your data on any form of removable media or in any of our office locations.
- We regularly review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
- We restrict access to personal information to Two Jay employees, contractors and agents on a need-to-know basis and ensure they are subject to contractual confidentiality obligations and
may be disciplined or terminated if they fail to meet these obligations.


HOW LONG YOUR INFORMATION WILL BE HELD

We will endeavour not keep your personal information for longer than necessary to facilitate your use of Two Jay services. Your information is retained and deleted as follows:

- Your contact and business specific details will be held for the duration of your engagement.

However, subject to your right to erasure some content may be retained as follows:

- Some prior content may remain in backup or cached copies for a reasonable time (but we will not make it available again to third parties).
- We may need to retain certain information for reasonable business purposes (e.g. accounts information, unsubscribe records, information needed to prevent identity theft, legal disputes
and misconduct) even if deletion has been requested.
- If we are required to retain information by law or in relation to pending or prospective legal proceedings.


COOKIES

We use cookies when you browse our website. Cookies are small files which transfer to your hard disk. They can inform us of the pages you visit, and your preferences, which enable us to provide you
with a better online experience.

You can set your browser to refuse cookies, or to warn you before accepting them.

Some parts of our website can be accessed even if your cookies are turned off, but you may find there are parts of the website which you cannot access if your cookies are turned off.


YOUR RIGHTS

You have several rights as a data subject as summarised below:

- Access: You have the right to obtain confirmation as to whether your personal information is being processed by us and, if it is, to access your information and details of how we process it,
as long as this does not adversely affect the rights and freedoms of others.
- Rectification: We will rectify any errors in the personal information we hold on request.
- Erasure: You may ask us to erase your personal information from our systems in the following situations:
o The information is no longer necessary in relation to the purpose for which it was collected

o You withdraw your consent on which the processing is based and where there is no other legal ground for the processing
o You object to the processing and there are no overriding legitimate grounds for the processing
o The information has been unlawfully processed
o The information has to be erased for compliance with a legal obligation to which we are subject.

- Right to restrict processing: You have the right to restrict our processing on specified grounds.
- Notification: Where you have asked us to rectify, erase or restrict processing of your information, we shall communicate the same to each recipient to whom your information has
been disclosed, unless this proves impossible or involves disproportionate effort, in which case we shall let you know.
- Data portability: You have the right in specific circumstances where processing is based on consent to receive your information in a structured, commonly used and machine-readable
format and have the right to transmit the information to another controller without hindrance, provided that our processing is carried out by automated means.
- Right to object: In certain circumstances you have the right to object to our processing of your information, including in relation to profiling, direct marketing or scientific or historical
research purposes.
- Automated individual decision making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects
concerning you unless this is necessary for our contract, is authorised under applicable law or is based on your explicit consent.


HOW TO EXERCISE YOUR RIGHTS

To exercise any of your data subject rights, please email DPO@Two Jay.co or get in touch via our contact us page.

- You may request a copy of information undergoing processing, subject to evidence of your identity (normally a certified copy of your passport plus an original copy of a utility bill
showing your current address). The first copy shall be provided without charge, but reasonable administration fees shall be charged for additional or subsequent copies.
- We shall respond to your requests without undue delay and in any event within one month unless we need to extend such period by up to two further months in specific circumstances.
- Please note that if you delete or restrict your account or required information, this may prevent you from making full use of our services.


WHAT HAPPENS IF A DATA BREACH OCCURS

Whilst we endeavour to keep your personal information safe, we have an internal investigation procedure in case of data protection security breaches.

In the event of data theft, we may suspend access to our servers, emails and online systems and take other urgent steps to prevent further unauthorised access to information.

If we believe that our data has been compromised, we will report the issue to the Information Commissioner's Office (ICO).

We will notify you without delay if we believe a data breach is likely to result in a significant risk to your rights and freedoms. Any notification will describe in clear and plain language the nature of the
personal data breach and contain all required information.


TWO JAY AS DATA PROCESSOR

This Privacy Policy applies where Two Jay is deemed the ‘data controller’ of personal information i.e. where we exercise control over the data processing, decide what personal information to collect, how
to process it and for what purposes. In some situations, we may be deemed under applicable law to be your ‘data processor’ e.g. during development activities i.e. where we access or process personal
information controlled by you, on your behalf. In those situations, our [Client Agreement] Terms shall apply to our processing activities.


CHANGES OR UPDATES

Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any changes on this page and, if the changes are
significant, we will provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes).

 

Version Control: last updated 15th May 2018


Position Statement

Company Information

Who are we?

What services do we provide?

Company information

 

Data Protection Officer (DPO) contact

 

 

 

 

Data Processing Related Information

Data centre location

Main data storage service providers

Pertinent registrations

Sub-Processer information

Is our data processed/accessed from outside of the EU?

 

 

 

 

Policies & Procedures

Two Jay, its employees and contractors operate within a number of policies. These are regularly updated and supported with relevant training.

 

 

Data Controls

Data security

 

 

Data subject controls

 

 

Data anonymisation/pseudonymisation

Data Access Permissions 

 

 

Two Jay Ltd

Digital development agency

UK registered business - 07536157

Suite A, The Quadrant, Parkway Business Centre, 99 Parkway Avenue, Sheffield S04WG

Name: Michelle Ellis

Address: 99 Parkway Avenue, Sheffield S04WG

Tel: 01143830807

Email: DPO@twojay.co

 

 

EU and USA

Google Cloud Platform, UKFast and various SaaS platforms

Information Commissioner's Office - A83000249

We use Google Cloud Platform and UKFast to support our business processes.

Data centres for these services are held in global locations. All of our sub-processors are fully compliant with GDPR and where necessary, hold Privacy Shield certification.

Our development team in India have the same access to workflows from the Nagpur office as our UK team. The Two Jay India team is carefully managed through our internal policies and compliance protocol and complies with GDPR and appropriate data protection legislation.

 

 

IT security and usage

Data Management

Data Breach policy

 

 

Data is secured, and the integrity and confidentiality are maintained using technical and organisational means including:

Through our selected SaaS partners there is regular penetration testing and a full range of security protocol.

Best practice processes outlined in our internal policies

We request written permission in advance:

- To access client’s data and servers

 - To maintain a development instance locally with appropriate controls

A process to anonymise personal data during development is actively underway

Carefully managed through an independent encrypted secure platform server with access based on role and responsibility