UJET Website Data Privacy Framework Notice
Last Updated: 21 August 2023 | Privacy Notice Archive
UJET participates in and has certified its compliance with the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Data Privacy Framework, to the Framework’s applicable Principles.
To learn more about the Data Privacy Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Data Privacy Framework website https://www.dataprivacyframework.gov/.
A list of Data Privacy Framework participants is maintained by the Department of Commerce and is available at: https://www.dataprivacyframework.gov/s/participant-search.
Scope. Our certification of adherence to the Data Privacy Framework Principles applies to the personal data from the EU and Switzerland that (a) we collect from our customers and other visitors to our website for marketing purposes (“User Data”) and (b) account management, billing, or other personal data that we process on behalf of our customers in providing our services to them under a service agreement (“Service Data”). UJET’s participation in the Data Privacy Framework does not apply at this time to UJET’s human resources data or to any other personal data not described in this Data Privacy Framework Notice.
Data Processed. The User Data we collect, use and share is described in our Website Privacy Notice. The Service Data we collect, use and share is described in our UJET Privacy Notice. Our customers decide what Service Data to submit, which typically includes information about their end users and how they use the customer’s integrated applications, services and other applications. We process Service Data as instructed by our customers and do not own or control Service Data.
Purpose of Data Processing. We collect, use and share User Data for the purposes described in our Website Privacy Notice. We process Service Data for the purpose of providing our services to our customers, which may include accessing and processing the data to provide the services, to correct and address technical or service problems, to follow instructions of the customer who submitted the data, or in response to contractual requirements.
Third Parties Who May Receive Personal Data. We may share User Data and Service Data with third parties under the following circumstances and only in accordance with the applicable customer agreements, our Website Privacy Notice and our UJET Privacy Notice.
- Service Providers. We may use third party companies and individuals to administer and provide the Service on our behalf (such as customer support, hosting, website analytics, email delivery, database management services). UJET maintains contracts with these service providers restricting their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions. UJET remains responsible and liable under the Data Privacy Framework Principles if our Service Providers process personal data in a manner inconsistent with the Principles, unless we demonstrate that we are not responsible for the event giving rise to damage.
- Legal Requirements. We may disclose personal data if required to do so by law or in the good-faith belief such action is necessary to comply with national, state and federal laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies or public authorities. We also reserve the right to disclose Service Data we believe, in good faith, is appropriate or necessary to (i) take precautions against liability; (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity; (iii) investigate and defend ourselves against any third-party claims or allegations; (iv) protect the security or integrity of the service and any facilities or equipment used to make the service available; or (v) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others, including our customers and our employees.
- Business Transfers. User Data and Service Data may be disclosed and otherwise transferred to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which data is transferred to one or more third parties as one of our business assets.
Your Rights to Access, to Limit Use, and to Limit Disclosure. Individuals in the EEA and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Data Privacy Framework self-certification, we have committed to respect those rights. We process Service Data only on behalf of our customers in accordance with their instructions. This means that if you wish to access Service Data and request that we correct, amend or delete it if it is inaccurate or processed in violation of Data Privacy Framework, you should contact that customer with your request. We will then help them to fulfill that request in accordance with their instructions.
If your personal data includes User Data, you can request access to that data and request that we correct, amend or delete it if it is inaccurate or processed in violation of Data Privacy Framework by emailing your request to firstname.lastname@example.org. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
Inquiries and Complaints. You can direct any questions or complaints about the use or disclosure of your personal data to us at email@example.com. We will investigate and resolve any complaints or disputes regarding the use of personal data within forty-five (45) days of receiving your complaint.
We encourage you to contact us as provided above should you have a Data Privacy Framework-related (or general privacy-related) complaint. If you are located in the EEA or Switzerland and you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge to you) at https://feedback-form.truste.com/watchdog/request.
Arbitration. Under certain conditions, more fully described on the Data Privacy Framework website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted as per Annex I of Data Privacy Framework, https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-sw-dpf?tabset-35584=2.
U.S. Federal Trade Commission Enforcement. With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.