Privacy Policy
Introduction
This Privacy Policy (“Policy”) explains how your personal information is collected, used and disclosed by Jumbula (“we”/ “us” / “our”). This Policy applies where we are acting as a Data Controller and determine the purposes and means of the processing of the personal information.
Personal information means information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, and online identifier, etc. The use of information we collect shall be limited to the purpose of providing our services.
This Policy details our commitment to protecting the privacy of individuals who register with us as a class provider (“Subscriber”), who registers to attend classes provided by Subscribers (“Attendees”), or who visit our websites (“Website Visitors”).
We collect information under the direction of our Subscribers and have no direct relationship with individuals whose personal information we process in connection with our Subscriber’s use of our Services.
Subscribers to our Services are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as all privacy policies, agreements or other obligations, relating to the collection of personal information from Attendees in connection with the use of our Services. If you are an Attendee who interacts with a Subscriber using our Services, then you will be directed to contact our Subscriber for assistance with any requests or questions relating to your personal information.
Information We Collect
| Purpose/Activity | Type of data | Lawful basis for processing |
| To register you as a new Subscriber | Company | Necessary for our legitimate interests for running our business
Consent |
| To register you as a new Attendee | Profile
Financial |
Necessary for our legitimate interests for running our business
Consent |
| To administer and protect our business and our site including troubleshooting. | IP Address
URLs Browser Type Data/Time Etc. |
Necessary for our legitimate interests for running our business
Necessary to comply with a legal obligation
Consent |
| To use data analytics to improve our website, services, marketing, customer relationships and experiences | IP Address
Referral URL Landing Page |
Necessary for our legitimate interests to develop our services
Consent |
| Customer Support or Free Trial Request Forms | Identity
Contact Referral URL |
Consent |
We collect the following information for each type of data:
| Type of Data | Information |
|---|---|
| Company Info (Subscriber) | First Name Last Name Company Name and URL Phone + Subscriber can add Staff information (Name, Email, Background check status, Role, etc.) |
| Profile (Attendee) | First Name Last Name Grade DOB Relationship Gender Photo Acceptance School Information Medical Information (Doctor information, Allergy information, etc.) + Data defined by Subscriber |
| Insurance Information | Emergency Contact Authorized Pick-up Person Information Occupation Information |
| Financial | Credit Card Information (Subscriber) Credit Card Information (Attendee) Subscriber Payment Gateway Information |
How We Use Your Information
We use the personal data we collect for the following purposes:
To Provide and Improve Services: We use your user data to deliver and enhance the functionalities of our application.
Personalization: We use the data to personalize your experience within the app.
Communication: To send you updates, security alerts, and support messages.
To comply with legal obligations: To respond to legal and regulatory requirements and ensure compliance with applicable laws.
Data Storage and Security
Storage: Your data is stored securely using industry-standard encryption methods.
Security: We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction
Data Sharing and Disclosure
Third-Party Services: We do not share your user data with third parties except as necessary to provide our services (e.g., cloud storage providers) and comply with legal obligations. We will never sell, share, or otherwise distribute your data to any other third party other than as described here. Access to your data is carefully controlled. We require all third parties with whom we share your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
Legal Compliance: We may disclose your data to comply with legal requirements, protect our rights, or respond to lawful requests.
User Control and Data Retention
- Access and Control: You can request us to revoke your access and remove your data by contacting us at [email protected]
- Retention: We retain your data only for as long as necessary for the purposes set out above or as required by law. When no longer needed, we will destroy, erase, or de-personalize the personal information. Legal requirements may necessitate our retaining some or all the personal information for a period longer than we might otherwise hold it. However, Jumbula will restrict access to such information to prevent it from being used except for the fulfillment of these legal requirements.
Accuracy
Ensuring data accuracy is crucial for maintaining the quality and integrity of our services. To ensure that the personal information you provide is accurate, complete, and up to date, we urge you to provide us with updates regarding such information and to inform us of any errors affecting the personal information we hold. You may obtain, review, update, or correct your account information at any time online or by contacting us using the information provided in Section 17.
Cookies
Minors Data
Security of Data
Ensuring the privacy and security of your data is paramount at Jumbula. We have implemented a wide range of security policies and mechanisms to safeguard all the data we receive from our clients. We will continue to maintain these security measures to protect your data held by us from unauthorized use, access, disclosure, distribution, loss, or alteration. We employ administrative, contractual, and technological safeguards to protect personal information, and we require our Service Providers to do the same. Please be aware, however, that despite our efforts, no security measures are perfect, and no system is impenetrable. Your privacy can be enhanced by using strong passwords that are not easily guessed, securely stored, and not reused on other sites. Avoiding dictionary words or proper names and adding extra characters and punctuation marks can also help protect you. If you believe your password has been compromised, you should change it immediately.
Access to personal information will be restricted to authorized personnel who require the information to perform their duties properly. Additionally, access will be limited to only the information that is strictly necessary for the performance of those duties.
We periodically update our policies regarding information security measures to protect the personal information held by us in the most effective manner possible.
Technology Safeguards
Jumbula employs the latest security standards to protect your data, such as the Hypertext Transfer Protocol Secure sockets, real-time data backups and PCI-DSS standard.
Security of Data in Transit
We use the Hypertext Transfer Protocol Secure (HTTPS) sockets to encrypt the communications between end users’ browsers and our servers.
Data Backups with Real Time Mirrors
We take data backups seriously. All your data is securely stored in the Microsoft Azure database and storage servers, and we have access to on-the-minute backups of all the data.
Microsoft Azure Cloud Platform
Microsoft Azure is a collection of integrated cloud services to build, deploy, and manage applications through a global network of data centers. Jumbula database, storage, and processing servers are all operated within the Azure platform. Azure security center prevents, detects, and responds to threats with exceptional performance and manages the physical security of all our Azure resources.
Payment Card Industry Data Security Standard (PCI-DSS)
We are compliant with security standards for the Payment Card Industry Data Security Standard (PCI-DSS), an internationally recognized standard for credit card data security.
Secure Account Passwords
All passwords are stored as one-way hashed ciphertext and cannot be hacked to retrieve the original plaintext passwords.
In the event of a data breach, if it poses a high risk to the rights and freedoms of data subjects, we will notify the Supervisory Authority within 72 hours. In certain cases, where deemed necessary, we will also inform the affected data subjects. We are not required to notify the Supervisory Authority or the data subjects about every breach, but only those that we consider notifiable. However, we will maintain a record of all data breaches and provide an explanation if we decide not to notify the Supervisory Authority or the data subjects in a specific case.
Data Privacy
We treat all the information we collect from our clients with the highest privacy standards. The financial information that is collected is used only to bill participants for products and services. We never sell your private data to any outside vendor or ever share your data with any affiliates or partners.
Monitoring and Enforcement
Monitoring Compliance: Our organization prioritizes adherence to our Privacy Policy and regulatory requirements through regular audits and assessments of data processing activities. We have designated a Data Protection Lead (DPL) responsible for overseeing compliance efforts. The DPL monitors data processing activities, conducts periodic audits, and ensures that all policies and procedures align with privacy regulations.
Reporting Mechanisms: Employees, customers, and other stakeholders can report suspected violations or concerns regarding data privacy through various channels. We maintain internal reporting channels where employees can report incidents or concerns anonymously if preferred. Customers and other stakeholders can report concerns, as outlined in Section 17. All reports are taken seriously and thoroughly investigated.
Enforcement Actions: Non-compliance with our privacy policy or regulations is addressed promptly and firmly. We have clear disciplinary measures outlined for employees who violate data protection policies, which may include warnings, training, suspension, or termination, depending on the severity of the violation. Repeat or serious breaches may result in legal action.
Incident Response: In the event of a data breach or other security incident, we have established procedures for immediate response. Our incident response team, including the DPL, IT security personnel, and legal advisors, assesses the situation, contains the breach, and mitigates damages. We promptly notify affected parties and relevant authorities as required by law.
Training and Awareness: Our organization ensures employees receive regular training on regulatory compliance, data privacy, and security. Through concise programs and ongoing awareness initiatives, we equip our team with the knowledge and tools needed to uphold privacy standards and mitigate risks effectively.
Review and Updates: Our Privacy Policy is regularly reviewed and updated to ensure alignment with regulatory compliance. We conduct reviews at least annually, or more frequently, if necessary, due to regulatory changes or significant internal developments. Updates to the policy are communicated to all employees and stakeholders through internal channels, ensuring everyone remains informed about our commitment to data privacy and their rights. Any significant changes to this notice will be clearly communicated to you through appropriate channels, such as email or a prominent notice on our website. We encourage you to review our Privacy Notice periodically to stay informed about how we are protecting your personal information.
Choice and Consent
Consent to Data Collection: By using our application, you consent to the collection and use of your user data and usage data as described in this policy. You may revoke this consent at any time by contacting us at [email protected].
Communication Preferences: You can manage your communication preferences and opt out of receiving updates, security alerts, and support messages at any time by adjusting your settings within the app or through the provided unsubscribe options in the communications.
Data Retention Choices: We retain your data for as long as necessary to provide our services or as required by law. You have the right to request the deletion of your data at any time unless retention is required by legal obligations.
Our Obligations
As the Data Controller, we are legally responsible for the handling of the information you provide to us. We are committed to complying with the GDPR in all aspects of how we use and share your personal data.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
- Request access to your personal data.
- Request correction of your personal data.
- Request the erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We aim to respond to all legitimate requests within one month (30 days). Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
Contacting us, exercising your information rights and Complaints
If you have any questions or comments about this Privacy Policy, wish to exercise your information rights in connection with the personal data you have shared with us or wish to complain, please contact: Jalil Feghhi, email: [email protected], Company name: Jumbula. We aim to process data protection requests within 30 days, SAR responses are usually free, but we reserve the right to charge for excessive or unfounded requests. We fully comply with Data Protection legislation and will assist in any investigation or request made by the appropriate authorities.
If you remain dissatisfied, then you have the right to apply directly to your local data protection authority.
You can find the list at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
OUR ARTICLE 27 REPRESENTATIVE
Our EU Representative:
Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is: Instant EU GDPR Representative Ltd.
Adam Brogden [email protected]
Tel +35315549700
INSTANT EU GDPR REPRESENTATIVE LTD
Office 2,
12A Lower Main Street, Lucan Co. Dublin
K78 X5P8
Ireland
Last Updated
Effective as of 18 March 2025, Jumbula Inc. (“Jumbula”) has updated this Privacy Policy (“Policy”).
Changes To This Policy
If there are any material changes to this Policy, you will be notified by our posting of a notice on the Websites.
