Privacy Policy


1. Introduction

DATA JAR LTD (“dataJAR”) is committed to protecting the privacy of your personal information. As such, this Privacy Policy covers how we collect, use, disclose, transfer, and store your information.  

Depending on how you interact with dataJAR or our services, we may be the data controller or the data processor of your personal data under this policy. 

Where dataJAR is the data processor, our Terms and Conditions serve as your data processing agreement, setting out the instructions that you are giving to dataJAR with regard to processing the personal data you control and establishing the rights and responsibilities of both parties. dataJAR will only process your personal data based on your written instructions as the data controller unless required by law to act without such instructions.


2. The kind of information we hold about you and how we collect it

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

The type of information we collect about you depends on how you interact with dataJAR or our services.


2.1. Users

We are the data processor and will only process your data in accordance with the instructions of our Clients. 

We will collect, store and use the following categories of personal information about you:

  • Identity Data including first name, middle name, last name, roster name, managed Apple ID and username or similar identifier. 
  • Contact Data including email address and telephone numbers. 
  • For non-pupil users, Technical Data including IP address, login data, browser type and version, operating system and platform and other technology on your devices.

We do not collect any Special Categories of Personal Data about you. We collect data from and about you through direct interactions with you and our client. You and/or our client may give us your data as part of the login process for use of our software. 

This includes personal data you or our client provides when they or you:

  • create an account; or
  • subscribe to our services.

2.2. Clients

We are the data controller and are responsible for your personal data.

We will collect, store, and use the following categories of personal information about you:

  • Identity Data including first name, last name and username or similar identifier. 
  • Contact Data including address, email address and telephone numbers. 
  • Technical Data including IP address, login data, browser type and version, operating system and platform and other technology on your devices.
  • Profile Data including your username and password, purchases or orders made by you, your preferences and any feedback you have given. 
  • Usage Data including information about how you use our products and services.
  • Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences.  

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, pollical opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. 

We collect data from and about you through direct interactions. You may give us your data by filling in forms or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you:

  • apply for our products or services;
  • create an account;
  • subscribe to our service or publications; 
  • request marketing to be sent to you; or
  • give us feedback or contact us.

2.3. Potential Clients, Suppliers and other contacts

We are the data controller and are responsible for your personal data. 

We will collect, store, and use the following categories of personal information about you:

  • Identity Data including first name and last name. 
  • Contact Data including address, email address and telephone numbers. 
  • Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences.  

We use different methods to collect data from and about you including through:

    • Direct interactions. You may give us your data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
      • apply for our products or services;
      • provide products or services to us;
      • create an account with us;
      • subscribe to our service or publications; 
      • request marketing to be sent to you; or
      • give us feedback or contact us. 
    • Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below: 
      • analytics providers such as Google based outside the UK; 
      • advertising networks inside OR outside the UK; 
      • search information providers such as Google based inside OR outside the UK; and
      • publicly available sources such as Companies House and the Electoral Register based inside the UK.

2.4. Employees and other staff

We are the data controller and are responsible for your personal data. 

There are certain types of more sensitive personal data which require a higher level of protection, such as information about a person's health or sexual orientation. Information about criminal convictions also warrants this higher level of protection.

We will collect, store, and use the following categories of personal information about you:

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
  • Date of birth.
  • Gender.
  • Marital status and dependents.
  • Next of kin and emergency contact information.
  • National Insurance number.
  • Bank account details, payroll records and tax status information.
  • Salary, annual leave, pension and benefits information.
  • Start date and, if different, the date of your continuous employment.
  • Leaving date and your reason for leaving.
  • Location of employment or workplace.
  • Copy of driving licence.
  • Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process).
  • Employment records (including job titles, work history, working hours, holidays, training records and professional memberships).
  • Compensation history.
  • Performance information.
  • Disciplinary and grievance information.
  • CCTV footage and other information obtained through electronic means such as swipe card records.
  • Information about your use of our information and communications systems.
  • Photographs.
  • Results of HMRC employment status check, details of your interest in and connection with the intermediary through which your services are supplied.

We may also collect, store and use the following more sensitive types of personal information:

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
  • Information about your health, including any medical condition, health and sickness records, including:
    • where you leave employment and under any share plan operated by a group company the reason for leaving is determined to be ill-health, injury or disability, the records relating to that decision;
    • details of any absences (other than holidays) from work including time on statutory parental leave and sick leave; 
    • any health information in relation to a claim made under the permanent health insurance scheme; and
    • where you leave employment and the reason for leaving is related to your health, information about that condition needed for pensions and permanent health insurance purposes.
    • Information about criminal convictions and offences.

We collect personal information about employees, workers and contractors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies. 

We will collect additional personal information in the course of job-related activities throughout the period of you working for us.


3. How we will use information about you and will we share it

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we have entered into with you.
  • Where we need to comply with a legal obligation.
  • Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests. 

For employees and other staff only, we may also use your personal information in the following situations, which are likely to be rare:

  • Where we need to protect your interests (or someone else's interests).
  • Where it is needed in the public interest or for official purposes.

3.1. Users

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below. 

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new user

(a) Identity 

(b) Contact

Performance of a contract with you or our client

To manage our relationship with you which may include notifying you about changes to our terms or privacy policy

(a) Identity 

(b) Contact 

(a) Performance of a contract with you or our client

(b) Necessary to comply with a legal obligation

(c) 

To administer and protect our business (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)  

(a) Identity

(b) Contact

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

We will not share your data with anyone.


3.2. Clients

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new customer

(a) Identity 

(b) Contact

Performance of a contract with you

To process and deliver your order 

(a) Identity 

(b) Contact 

(c) Marketing and Communications

(a) Performance of a contract with you 

(b) Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey

(a) Identity 

(b) Contact 

(c) Profile 

(d) Marketing and Communications

(a) Performance of a contract with you 

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To administer and protect our business (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)  

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity 

(b) Contact 

(c) Technical 

(d) Usage 

(e) Profile 

(f) Marketing and Communications

Necessary for our legitimate interests (to develop our products/services and grow our business)

We will not share your data with anyone.


3.3. Potential Clients, Suppliers and other contacts

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below. 

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To deal with any enquiry we receive from you

(a) Identity

(b) Contact 

Consent.

Taking steps at your request to enter into a contract. 

To register you as a potential new customer

(a) Identity 

(b) Contact

Performance of a contract with you

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity 

(b) Contact 

(c) Marketing and Communications

Necessary for our legitimate interests (to develop our products/services and grow our business)

We will not share your data with anyone.


3.4. Employees and other staff

We need all the categories of information we collect about you to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information include, but are not limited too:

  • Making a decision about your recruitment or appointment. 
  • Determining the terms on which you work for us.
  • Checking you are legally entitled to work in the UK.
  • Paying you and, if you are an employee or deemed employee for tax purposes, deducting tax and National Insurance contributions (NICs).
  • Providing the following benefits to you such as your pension.
  • Administering the contract we have entered into with you.
  • Conducting performance reviews, managing performance and determining performance requirements.
  • Making decisions about salary reviews and compensation.
  • Assessing qualifications for a particular job or task, including decisions about promotions.
  • Gathering evidence for possible grievance or disciplinary hearings.
  • Making decisions about your continued employment or engagement.
  • Making arrangements for the termination of our working relationship.
  • Education, training and development requirements.
  • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
  • Ascertaining your fitness to work.
  • Managing sickness absence.
  • Complying with health and safety obligations.
  • To prevent fraud.
  • To monitor your use of our information and communication systems to ensure compliance with our IT policies.
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
  • To conduct data analytics studies to review and better understand employee retention and attrition rates.
  • Equal opportunities monitoring.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.


3.5. Situations in which we will use employees and other staff sensitive personal information

In general, we will not process particularly sensitive personal information about you unless it is necessary for performing or exercising obligations or rights in connection with employment. On rare occasions, there may be other reasons for processing, such as it is in the public interest to do so. The situations in which we will process your particularly sensitive personal information include, but are not limited too:

  • We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits including statutory maternity pay, statutory sick pay and pensions and permanent health insurance. We need to process this information to exercise rights and perform obligations in connection with your employment.
  • If you apply for an ill-health pension under a pension arrangement operated by a group company, we will use information about your physical or mental health in reaching a decision about your entitlement.
  • If we reasonably believe that you or another person are at risk of harm and the processing is necessary to protect you or them from physical, mental or emotional harm or to protect physical, mental or emotional well-being.

We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.

Your data may be shared with our professional advisors, such as our accountants, to facilitate your employment.


4. How long will you use my information for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of an issue, a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. 


5. How will dataJAR use the personal data it collects about me?

dataJAR will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. dataJAR is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.


6. Will dataJAR share my personal data with anyone else?

dataJAR may pass your personal data on to third-party service providers contracted to dataJAR in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to provide you with the services which we are obliged to give to you. When they no longer need your data to fulfil this service, they will dispose of the details in line with dataJAR’s procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent unless we are legally required to do otherwise.


7. What rights do I have?

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review: in the event that dataJAR refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in “How can I make a complaint?” above.

All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.


8. Can I find out the personal data that dataJAR holds about me?

dataJAR at your request, can confirm what information we hold about you and how it is processed. If dataJAR does hold personal data about you, you can request the following information:

  • Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU.
  • Contact details of the data protection officer, where applicable.
  • The purpose of the processing as well as the legal basis for processing.
  • If the processing is based on the legitimate interests of dataJAR or a third party, information about those interests.
  • The categories of personal data collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
  • How long the data will be stored.
  • Details of your rights to correct, erase, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • How to lodge a complaint with the supervisory authority.
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
  • The source of personal data if it wasn’t collected directly from you.
  • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

9. What forms of ID will I need to provide in order to access this?

dataJAR accepts the following forms of ID when information on your personal data is requested:

  • Passport
  • Driving Licence
  • Birth Certificate
  • Utility Bill (from last 3 months)

10. How do I contact dataJAR?

If you wish to contact dataJAR about anything within this Privacy Policy, please contact us via the below:

  • Name – dataJAR
  • Address – 5 Orange Row, Brighton, BN1 1UQ
  • Email – dataprotection@datajar.co.uk
  • Phone – 0800 368 9330

11. How can I make a complaint?

In the event that you wish to make a complaint about how your personal data is being processed by dataJAR (or third parties as described in “What rights do I have?” above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and dataJAR’s data protection representatives, see “How do I contact dataJAR”.

The details for each of these contacts are: 

ISO/IEC 27001 : 2013
G Cloud Supplier
Apple Consultants Network
Jamf MSP
Jamf Services Partner
Okta associate
Code42
Malwarebytes