Policy

User is a private individual who has reached the age of majority and is able to acquire civil rights for themselves and exercise them independently, as well as to create civil duties for themselves by their actions, to perform them independently and to bear responsibility in case of their failure to fulfill the conditions of this Privacy Policy.

Visitor is an individual who has reached the age of majority and by their actions can acquire civil rights for themselves and exercise them independently, as well as to create civic duties for themselves, to perform them independently and to bear responsibility if they are not fulfilled, who visited the Site for informational purposes without Acceptance of the public offer.

JediDesk (hereinafter referred to as “JediDesk”,“we”,“us”) is represented by LIMITED LIABILITY COMPANY “Jedi Desk”, registered in 08131, Ukraine, Buchansky district, Kyiv region, village of Sofiivska Borshchahivka, Lesi Ukrainky street, building 28, apartment 139, (EDRPOU code: 45687281).

Parties – JediDesk and Users (Visitors).

JediDesk Services – a complex of JediDesk assets, including:

  1. Websites with domain names: app.jedidesk.com as well as any other inheritable URLs, mobile or localized versions of websites, other domains and subdomains of JediDesk websites;
  2. All products, applications or services provided to Users at the moment or in the future;
  3. All mobile applications and services provided by JediDesk at the moment or in the future.

Privacy Policy is a set of rules and regulations of JediDesk for processing Users' data and interactions between the Parties in this process, in the course of User's usage of JediDesk Services. The Privacy Policy is created in accordance with a relevant current legislation and to the requirements of the General Data Protection Regulation (“GDPR”).

Acceptance is an activity articulated in form of Party’s consent with conditions of this Privacy Policy. Party’s consent with conditions of the Privacy Policy may be expressed in the form:

  • On behalf of JediDesk – by publishing the Privacy Policy on the JediDesk website;
  • On behalf of a User – in a way set by the provisions of this Privacy Policy.

General Data Protection Regulation (hereinafter referred to as – “GDPR”) is the Regulation (EU) 2016/679 of the European Parliament and of the Council from 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Personal data is any factual information that allows identifying a person. Such information includes, but is not limited to, a name, location, online identifier, IP addresses, cookies and/or localStorage/sessionStorage, date and time of the query, time zone, access status/HTTP status code, volume of data transferred, website from which a request comes, browser (or other software/application allowing access to JediDesk Services), operating system and its interface, language and version of the browser software, name, email, API tokens, billing information.

1. GENERAL CONDITIONS

1.1. Privacy Policy defines the procedure for processing and protecting personal data of Users that can be obtained by JediDesk when User interacts with JediDesk Services.

1.2. In drawing up this Privacy Policy, as well as in our algorithm of interacting with Users, we took into consideration the requirements of the GDPR.

1.3. JediDesk provides services to Users that have reached the age of majority, are able to acquire civil rights for themselves and exercise them independently.

1.4. JediDesk encompasses two legal statuses stipulated by the GDPR:

  • Data controller;
  • Data processor.

1.5. In regard to Users of the JediDesk Services, we have the legal status of both Data Controller and Data Processor. Information about individuals connected to Users is collected and processed by JediDesk strictly in a storage form. JediDesk Users serve as Data Controllers in regard to such individuals.

1.6. In relations between Users and third parties, where JediDesk Services are used, we have the legal status of Data Processor. 1.7. The purpose of this Privacy Policy is to ensure a proper protection of information about Users, including their personal data, from unauthorized access and disclosure.

1.8. Relations connected to the collection, storage, dissemination and protection of information provided by Users are regulated by this Privacy Policy. We pay particular attention to data protection.

1.9. Visitors that are going to use JediDesk Services for the first time, including a test (trial) format, should first get familiar with the provisions of this Privacy Policy.

1.10. Users that are using JediDesk Services at the time the Privacy Policy comes into effect, are required to get familiar with its current provisions. At the same time, we are obliged to send out the most recent version of the Privacy Policy to Users mentioned in this clause of the Privacy Policy. For this purpose, we should use email addresses specified by Users when filling in the corresponding registration form of JediDesk Services.

1.11. Users and Visitors, including those mentioned in clauses 1.9., 1.10. of the Privacy Policy, who have read and agreed with the provisions of the Privacy Policy, are obliged to perform Acceptance by checking the corresponding checkbox ("V") in the relevant field of JediDesk Services.

1.12. In case of not fulfilling the obligation provided in the clause 1.11. of the Privacy Policies, a User (Visitor) is considered to not have accepted the terms of the Privacy Policy. In this case, a User (Visitor) is not allowed to use JediDesk Services, and a User (Visitor) is deprived of the opportunity to use JediDesk Services. In case of occurrence of the conditions specified in this clause of the Privacy Policy, we are obliged to delete personal data about such individual.

1.13. In case of disagreeing with the provisions of this document (partiallyorcompletely),an individual who has expressed such a will is not entitled to use JediDesk Services. In this case, the consequences specified in the clause 1.12 of the Privacy Policy ensue for this Party.

2. JEDIDESK DATA PROCESSING PRINCIPLES

2.1. Personal data is legitimately, fairly and transparently processed by JediDesk in respect of any User.

2.2. The processing of User's personal data is carried out only in the case and only for the purposes which this data is collected for. 2.3. User’s personal data must be consistent with, be relevant to and limited by the purpose of JediDesk Services use, for which such data is processed.

2.4. Personal data of a User, used by JediDesk is accurate and up-to-date. Obsolete and inaccurate data is corrected or deleted by JediDesk.

2.5. We conduct regular audits in order to clean our User database. We store User information for a certain period of time, as it is justified by commercial or legal purposes.

2.6. We process personal data in such a way as to ensure a proper protection of personal data, including protection from unauthorized or illegal processing, as well as from accidental loss, destruction or damage, using suitable technical or organizational measures.

3. PURPOSES OF DATA COLLECTION AND PROCESSING

3.1. Processing of User’s personal data is carried out by JediDesk only if a User has agreed to process their personal data for one or several specific purposes.

3.2. Processing of User’s personal data is performed by JediDesk in order to:

  • Identify a User in the relationships between JediDesk and the User;
  • Provide a number of services offered within JediDesk Services to a User;
  • Conduct statistical and other studies based on de-identified User data.

3.3. In cases when JediDesk acts as a Data Processor, data about third parties that interact with a User, shall be collected solely for the purpose of storage and processing by JediDesk (including, but not limited to validation, sorting, summarization, aggregation, analysis, reporting, classification).

4. USER RIGHTS

4.1. User has the right to obtain a confirmation from JediDesk as to whether or not their personal data is being processed (“right to be informed”), and if so, where to access their personal data and the following information:

  • The purposes of processing;
  • The categories of personal data;
  • Recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular, recipients from non-EU countries or international organizations;
  • Where possible, a supposed period of time for which the personal data will be stored, or, if not possible, the criteria used to determine such period;
  • The existence of the right to rectification or erasure of the personal data or restriction of processing of the personal data;
  • The right to lodge a complaint with a supervisory authority;
  • The existence of an automated decision-making process, including profiling, mentioned in Articles 22(1) and (4) of GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for a User.

4.2. Where personal data is transferred to a non-EU country or to an international organization, a User shall have the right to be informed of the appropriate safeguards related to the transfer in correspondence to the Article 46 of GDPR.

4.3. User has the “right to rectification” that means that the User has the right to obtain from JediDesk, without undue delay, the rectification of inaccurate personal data of the User. Taking into account the purposes of the processing, a data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4.4. User has the right to erasure (“right to be forgotten”). We are obliged to erase User’s personal data without undue delay, and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • Personal data is no longer necessary in regards to the purposes for which it was collected or otherwise processed;
  • User withdraws a consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of GDPR, and where there is no other legal ground for the processing;
  • User objects to the processing pursuant to Article 21(1) of GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of GDPR;
  • Personal data have been unlawfully processed;
  • Personal data have to be erased for compliance with a legal obligation in Union or - Member State law to which JediDesk applies;
  • Personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of GDPR.

4.5. Where the controller has made personal data public and is obliged pursuant to paragraph 1 of GDPR to erase the personal data, JediDesk, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers, that are processing the personal data, that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

4.6. User has the right to restrict their personal data processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling JediDesk to verify the accuracy of the personal data;
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • JediDesk no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • User has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of JediDesk override those of the data subject.

4.7. Where processing has been restricted under paragraph 1 of the GDPR pending the verification whether the legitimate grounds of JediDesk override those, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

4.8. User who has obtained restriction of processing pursuant to paragraph 1 of the GDPR shall be informed by JediDesk before the restriction of processing is lifted.

5. TERMS OF PERSONAL DATA PROCESSING AND TRANSFERRING IT TO THIRD PARTIES

5.1. We take all necessary measures to protect the personal data of a User from unauthorized access, modification, disclosure or destruction.

5.2. We grant access to personal data about Users only to third parties to whom this information is necessary to ensure the functioning of JediDesk Services and for the purpose of providing services to a User.

5.3. We have the right to use the information provided by Users, including personal data, in order to ensure compliance with the requirements of the relevant current legislation of Ukraine (and also to prevent and / or suppress illegal and / or unlawful actions by Users). Disclosure of the information provided by Users can be fulfilled only in accordance with the current legislation of Ukraine at the request of the court, the request of law enforcement bodies, as well as in other cases as required by the law of Ukraine.

5.4. In the event of a leak/breach/discredit of personal data, we are obliged to bring this fact to the attention of the relevant authorities, no later than 72 hours after we became aware of such a leak/breach/discredit.

5.5. The transfer of personal data to a third country or international organization is possible and allowed if the European Commission (“the Commission”) has decided that a third country, territory or one or more of these sectors within this third country or international organization, provide an adequate level of protection of personal data (hereinafter - “Decision on sufficiency”).

5.6. In the absence of a Decision on sufficiency, we should take measures to compensate for the lack of data protection in a third country by providing appropriate guarantees to Users given that effective methods of legal protection of User’s rights are available, including:

  • A legally binding and enforceable document between the state authorities of the respective countries;
  • Mandatory corporate rules approved by the competent supervisory authority;
  • Provisions on standard data protection adopted by the Commission;
  • Provisions on standard data protection adopted by the supervisory authority and approved by the Commission;
  • The approved code of conduct, together with the compulsory and enforceable obligations of the controller in the third country, will apply appropriate safeguards, including with respect to the rights of Users;
  • The approved certification mechanism, compiled with the compulsory and enforceable obligations of the controller in a third country, to apply appropriate safeguards, including with respect to the rights of Users.

5.7. In the absence of a decision on sufficiency or due guarantee, the cross-border transfer of personal data may be carried out only under one of the following conditions:

  • User directly agreed with the proposed transfer after being informed of the possible risks of such transmissions to the data subject due to a lack of a Decision on sufficiency and related guarantees;
  • Transfer is necessary for a contract between a User and the Controller or the implementation of pre- contractual measures taken at the request of the data subject;
  • Transfer is necessary to conclude or execute a contract concluded in the interests of a User between the Controller and another natural or legal person;
  • Transfer is necessary for important reasons in the public interest;
  • Transfer is necessary for the establishment, implementation or protection of claims under the lawsuit;
  • Transfer is necessary to protect the vital interests of User or other persons if a User is physically or legally incapable of giving consent.

6. TERMS OF SERVICE

6.1. Users by using JediDesk Services, confirm that:

  • They have all the necessary rights that allow them to acquire civil rights for themselves and to implement them independently, as well as the ability to create civic duties for themselves, to fulfill them independently and to bear responsibility if they are not fulfilled;
  • They indicate accurate information about themselves in the relevant form to use JediDesk Services; Required fields for further offering JediDesk Services are marked in a special way - by the symbol "*", all other information is provided by Users at their own discretion;
  • They are acquainted with the terms of this Privacy Policy, express their consent with it and assume the rights and duties defined in it. Acquaintance with the terms of this Privacy Policy and ticking the corresponding box under a link to this Policy is a User's written consent to collect, store, process and transfer to third parties the personal data provided by a User;
  • JediDesk is not obliged to and does not verify the accuracy of the received (collected) information about Users, except for cases when such verification is necessary for the purpose of fulfilling obligations to Users, as well as other cases not specified by the provisions of the Privacy Policy, but established by the laws of the current legislation of Ukraine;
  • By using JediDesk Services, they agree to receive periodic e-mail messages about JediDesk updates.

6.2. JediDesk is a SaaS (Software as a Service). Based on this, Users agree with the recurring monthly / annual payments and with using JediDesk Services until the account deletion / cancellation.

6.3. Users have the right to receive personal data about themselves, that they provided JediDesk with, and also have the right to transfer this data to other individuals, without interference from JediDesk.

6.4. Users have the right to object to certain types of processing of their personal data - direct marketing, processing for the purpose of protecting legitimate interests, as well as data processing for research or statistical purposes.

6.5. Please review our General Terms of Service applicable to Use of JediDesk Services.

7. PERSONAL DATA CHANGE AND DELETION

7.1. Users are allowed to change (update, supplement) their personal information or a part of it at any time, as well as privacy settings, by sending a request to JediDesk via chat or email support@jedidesk.com.

7.2. Users are allowed to delete their personal information or a part of it at any time, in order to avoid its distribution or transfer to third parties.

7.3. We have the right to delete personal information of any User if it’s no longer needed for the purposes for which it was collected, and, in the absence of other grounds for their storage, after a certain period of time from the occurrence of such circumstances.

7.4. We use cookies and/or localStorage/sessionStorage. A cookie is a small amount of data which often includes an anonymous unique identifier that is sent to User’s browser from a web site’s computers and is stored on User computer’s hard drive. localStorage and sessionStorage allow to save key/value pairs in a web browser. The localStorage object stores data with no expiration date. Cookies and/or localStorage/sessionStorage are required to use JediDesk Services in order to uniquely identify User’s browser and user preferences while logged in. Users can control and/or delete cookies and localStorage/sessionStorage, as they wish, using their browser preferences. Users can clean (delete) cookies and localStorage/sessionStorage that are already on their computers and they can set most browsers to prevent them from being used. If Users do this, however, they may have to manually adjust some preferences every time they visit JediDesk and some services and functionalities may not work.

8. CHANGES TO THE PRIVACY POLICY

8.1. We reserve the right to update the Privacy Policy at any time and for any reason. We shall inform all Users about that change by sending an email to them.

9. CONTACTS

9.1. Any suggestions or questions about this Privacy Policy should be reported to JediDesk using the corresponding email address: support@jedidesk.com.

 
Top