How Jammed protects your privacy
How Jammed protects your privacy
At Jammed Bookings Limited we pride ourselves on our commitment to protecting your privacy. We want you to know how we will collect, use and disclose the personal data you provide to us. We respect the privacy of everyone who visits this website (https://jammed.app) ("this website" or "our site") and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
This website is owned and operated by Jammed Bookings Limited, a company registered in England & Wales with Company Registration Number 11570079 and having its registered address at 1 Park Lane, York, YO24 4JQ (the "Company").
Our Data Protection Officer is Andy Callaghan.
If you have any questions about our cookies or this cookies policy, please contact us by
Personal data is defined by the General Data Protection Regulations (EU Regulation 2016/679) (the "GDPR") as "any information relating to an identifiable person who can be directly or indirectly identified in particular reference to an identifier"
Personal data is, in simpler terms, any information that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
Under the GDPR, you have the following rights, which we will always work to uphold:
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in the 'About us' section above.
Further information about your rights can also be obtained from the Information Commissioner's Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office.
As noted above, personal data is any data that can be used to identify you as an individual. Depending upon your use of our site, the Company may collect some or all of the following personal and non-personal data.
This information may be gathered by us in connection with the following
If you require further information on your rights under the Data Protection Act please contact the Information Commissioner. Further details can be found by visiting https://ico.org.uk.
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you or because you have consented to our use of your personal data.
It is the Company's policy that you should know exactly what personal data we collect from you and how we will use it. We operate in accordance with the Jammed Bookings Limited Data Protection Policy. We collect personal data from you for the purpose of processing your order or enquiry. We may use your personal data to supply products and services to you that you have requested, carry out any agreement with you or take any steps that you have requested. In particular, we may:
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, phone call and text message with information, news, and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out and you will not be discriminated against if you choose to do so.
Where you have given us appropriate permission or where we are permitted by law, we may use your personal data for the following purposes and direct marketing ('Additional purposes'):
In the event that you wish to be removed from this process you can opt out from the footer of all marketing emails or please contact our team on [email protected].
Aggregate data is general data about groups of customers and does not identify individual customers. The Company may combine your data with that of other individuals to create aggregate data that we will use to improve our products & services and develop new ones. For example, we may tell a third party how many people purchased a certain product, but not that you personally purchased a specific item.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
The Company may also transfer personal data to the Company-affiliated companies in other countries. These may be outside the European Economic Area ("EEA"). By supplying personal data to the Company, you consent to any such transfer.
Many of our external third parties are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is adhered to by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Where we use certain service providers. We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Please contact us at [email protected] if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
It is the Company's policy that you are kept in control of the ways in which we use your personal data for the Additional Purposes. All the Company communications, in whatever medium, that involve the recording of personal data for these Additional Purposes include a short section that allows you to indicate your preferences with respect to the use of that personal data. You can choose whether or not you wish to receive additional information or promotional offers from the Company.
We have agreements with third parties (data processors) who process personal data for us in accordance with our instructions. Below is a list of the data processors who may be processing your data on our behalf, and a brief summary of the type of processing they perform.
We use Digital Ocean to host the application servers and databases. This company host the physical infrastructure and cloud servers that we pay for. Digital Ocean don't directly deal with personal data, but it resides encrypted on their servers. Read Digital Ocean's Data Processing Agreement here.
Google will process your personal data on our behalf as provider of our email services, as hosting provider for our websites and internal systems and as operator of Google Analytics and AdWords. Read Google's Data Processing Agreement here.
The Customer you are booking through can link their Jammed account totheir Google account. We will then process your booking data on behalf of them, by adding booking events to their calendars. No other personal data is sent to Google by Jammed on behalf of our Customers.
Postmark will process your personal data on our behalf as provider of our email services, as provider for our transactional and broadcast email. Read Postmark's Data Processing Agreement here.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a "subject access request"
All subject access requests should be made in writing and sent to [email protected].
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months (90 days) from the date we receive your request. You will be kept fully informed of our progress.
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
Email address: [email protected]
Address: Jammed, 1 Park Lane, York, YO24 4JQ
Any information that you choose to provide us with will be used to personalise and improve our customer service operations. All information is collected and stored in a secure manner and is used strictly in relation to this policy and your stated preference. The Company shall not be responsible or liable for loss of privacy, disclosure of information, harm, damage or loss that may result from your transmission of any information to us. In addition, under the law, we must cooperate fully with any law enforcement agency should a situation arise where our information about customers could be of assistance.
From time to time, the Company may introduce new products and services to our customers that may require modifications to this policy. We reserve the right to modify this policy at any time by notifying our customers, via the Company website, of a new or revised policy. These modifications will only apply to personal data that you then provide to us after the date of the modification.
In the event that you decide to terminate your Jammed account or otherwise wish to obtain the personal data we hold about you, we provide the facility to export all information in the form of a CSV file. Further information regarding your right to Data Portability is contained in our Data Protection Policy. If you require assistance in exporting data please contact our customer service team at [email protected].
In the event that our clients request their information be deleted, we endeavour to do so within 6 months. All cancelled accounts will have personal information deleted no more than 6 months, as routine, after the last date of billing. Account information is then stored for a further 3 months as a backup. This information is encrypted with access granted to a limitednumber of authorised personnel.
As a Company customer, we may also use your contact information to inform you of other products or services we think might interest you. However, if you do not wish to be contacted for promotional purposes, you can "opt out" when the Company collects your information. Alternatively, you can update or correct your personal or business information relating to your Company account by contacting us by post or e-mail using the details provided in the 'About us' section above.
Please note that your contact preferences only apply to the Company contacting you for marketing purposes. We may still need to communicate with you regarding the usability of your product or critical messages relating to your service or software. These communications may include service messages, subscription renewal notices, critical notices or legally mandated notices.
Please be sure to include your mailing address if you would like us to send you any written materials. The Company reserves the right to take reasonable steps to verify any requests for personal information it receives. We endeavour to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Last updated: 2 November 2023