The General Data Protection Regulation (GDPR) is a regulation from the European Union (EU) that aims to harmonize data-protection legislation across EU member states by enhancing privacy rights for individuals within the EU. It applies to organizations processing personal data that offer goods or services to individuals in the EU. It also grants EU-based data subjects certain rights to control the data that organizations collect on them, and how organizations use that information.

At JAHAJEE.com, we are committed to your privacy, whether you live in the EU, or outside of it. This means we believe in data accountability, data consistency and data transparency. As such, we describe how we collect and use your data, and how we use technologies like cookies to understand how we can better serve you.

Additionally, if you are purchasing JAHAJEE.com products or services, we want you to know that we take our responsibilities to protect the personal data of our community very seriously.

We provide this portal so you can access certain features that help you understand what we do with your data, how we protect your data, and options you may have to better access and understand our use of your data.

JAHAJEE.com users meet the GDPR definition of "data subjects." Data subjects are provided two key rights under the GDPR, including "the right to data portability" and "the right to be forgotten." You have the ability to exercise these rights via our data subject access rights page where you may submit a Request. And because we care about your privacy rights we make these access requests available to you whether you are in the EU or not.

JAHAJEE.com now makes it easy for you to request any information we store on you, to understand how that information has been collected, and to know who we have shared your information with. We've revised our Privacy Policy and Cookies Policy to provide more details about how we collect, use, transfer, and safeguard your information.

Customers who wish to provide personal information to JAHAJEE.com by purchasing our products and services can access JAHAJEE.com's Data Processing Agreement (JAHAJEE.com as Data Processor) to understand what information we collect, how we treat that data when you use our products and services, and what obligations JAHAJEE.com assumes under Article 28 of the GDPR.

Should you have any questions concerning the Data Processing Agreement or JAHAJEE.com's obligations, please read our Privacy Policy or contact us for further information at: privacy(at)jahajee(dot)com.

JAHAJEE.com's vendors meet the GDPR definition of "data processors." JAHAJEE.com engages certain vendors to process information on our behalf. In order to do so, we need to know that they (you) will help ensure the safety of our community.

Additionally, vendors who process data on behalf of JAHAJEE.com have an obligation to report data breaches to us. You may do so by contacting our Privacy Officer at: privacy(at)jahajee(dot)com.

The Data Protection Addendum (hereafter "Addendum" or "DPA") is incorporated by reference to the relevant services agreement or principal agreement for the provision of products and/or services (hereafter referred to generically as "Principal Agreement") between: (i) JAHAJEE.com acting on its own behalf and as agent for each JAHAJEE.com Affiliate and/or Subsidiary; and (ii) Customer as described in the relevant ordering document acting on its own behalf and as agent for each Customer Affiliate.

The terms used in this Addendum shall have the meanings set forth in this Addendum. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Principal Agreement. Except as modified below, the terms of the Principal Agreement shall remain in full force and effect.

In consideration of the mutual obligations set forth herein, the parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Principal Agreement. Except where the context requires otherwise, references in this Addendum to the Principal Agreement are to the Principal Agreement as amended by, and including, this Addendum. In the event of any conflict or inconsistency between any of the terms of the Principal Agreement and this addendum (including Standard Contractual Clauses where applicable) the provisions of the following documents in order of preference shall prevail: (1) the Standard Contractual Clauses also referred to as model clauses, (2) this DPA, (3) the Principal Agreement. Except as amended by this DPA or the relevant Standard Contractual Clauses (where applicable) the Principal Agreement and applicable ordering document remain unchanged and in full force and effect.

Definitions

"Applicable Laws" means (a) European Union or member State laws with respect to any Customer Personal Data in respect of which any Customer is subject to EU Data Protection Laws; and (b) any other applicable law with respect to any Customer Personal Data in respect of which any Customer is subject to any other Data Protection Laws;
"Customer Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Customer, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise;
"Customer Data" means all data, including text, graphics, logos, tools, software or source code that are provided to JAHAJEE.com or as described in the Principal Agreement, that are provided to JAHAJEE.com through Customer's use of JAHAJEE.com products and services;
"Data Processor" means JAHAJEE.com or a Sub-processor;
"Data Protection Laws and Regulations" means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under the Agreement.
"GDPR" means the EU General Data Protection regulation 2016/679;
"Privacy Shield" means the U.S. Department of Commerce EU - US and Swiss - US Privacy Shield Framework requirements as set out at the following URL: https://www.privacyshield.gov/welcome or any replacement framework or URL from time to time.
"Services" means the services and other activities to be supplied to or carried out by or on behalf of JAHAJEE.com for Customer pursuant to the Principal Agreement;
"JAHAJEE.com Affiliate" means an entity that owns or controls, is owned or controlled by or is under common control or ownership with JAHAJEE.com, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.
"Standard Contractual Clauses" also referred to as "model clauses" means all Controller to Processor contractual transfer mechanisms, but does not include Privacy Shield certification as transfer mechanism;
"Sub-processor" means any person (including any third party, but excluding an employee of JAHAJEE.com or any of its subcontractors) appointed by or on behalf of JAHAJEE.com or any JAHAJEE.com Affiliate to Process Personal Data on behalf of Customer in connection with the Principal Agreement.
The terms, "Commission", "Controller", "Data Subject", "Member State", "Personal Data", "Personal Data Breach", "Processing", "Processor" and "Supervisory Authority" shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.

Processing of Customer Personal Data
The parties agree with regard to the Processing of Customer Data (other than for account registration purposes) that Customer is the Controller, JAHAJEE.com is the Processor and JAHAJEE.com shall comply with all applicable Data Protection Laws in the Processing of Customer Personal Data. JAHAJEE.com will not disclose Customer Data to a third-party except as Customer directs or unless required by law. Should a third-party contact JAHAJEE.com with a demand for Customer Data, JAHAJEE.com shall initially redirect such request for Customer Data directly to Customer (including subject access requests pursuant to GDPR so Customer may fulfill its Controller obligations under the GDPR). JAHAJEE.com will not independently respond to requests from Customer's end users without Customer's prior written instructions (except to confirm receipt of such request). If authorized to disclose by Customer in the performance of its Controller obligations, JAHAJEE.com will work with Customer to fulfill its obligations. If compelled to disclose Customer Data by lawful order JAHAJEE.com shall use commercially reasonable efforts to notify Customer in advance of such disclosure, unless prohibited from doing so by law.

Additional Processing Details
Annex 1 to this Addendum sets out certain information regarding JAHAJEE.com's Processing of the Customer Personal Data as required by Article 28(3) of the GDPR. The subject-matter of Processing of Personal Data by JAHAJEE.com is the performance of the Services pursuant to the Agreement. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects covered under this DPA are further specified in Annex 1 to this DPA or by the Principal Agreement.

Protection of Customer Data
Limitation of Access
JAHAJEE.com personnel will not process Personal Data without authorization and ensure access to such Personal Data restricted to those individuals who need to know / access the relevant Personal Data, as necessary for the purpose of the Principal Agreement, and to comply with applicable laws and the GDPR privacy principles.
Confidentiality
JAHAJEE.com shall ensure that its personnel and any Sub-processors engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and are bound by a duty of confidentiality no less stringent than that contained within the Principal Agreement.
Controls
JAHAJEE.com shall maintain appropriate technical and organizational measures for protection of the security, confidentiality, and integrity of Customer Data as set forth in Article 32(1) of the GDPR.
Deletion or Return of Customer Personal Data
JAHAJEE.com shall, pursuant to Controller's written instructions, return Customer Data to Customer and / or, to the extent allowed by Applicable Law, delete Customer Data in a reasonable time after cessation of any services involving the processing of Customer Personal Data, at the choice of the Customer.
Each Contracted Processor may retain Customer Personal Data to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws.
Privacy Officer
JAHAJEE.com has appointed a privacy officer and the appointed person may be reached at legal(at)jahajee(dot)com .
Sub-processing
Appointment of Sub-processors
JAHAJEE.com may engage other companies and third parties as Sub-processors to provide limited services on its behalf, such as providing customer support and Customer authorizes JAHAJEE.com to appoint and retain such Sub-processors. Any Sub-processors to whom JAHAJEE.com transfers Customer Data will have entered into written agreements with JAHAJEE.com requiring that the Sub-processor will have entered into written agreements with JAHAJEE.com requiring at least the same level of data security protections to be in place as is required by the GDPR.

Current Sub-processors
JAHAJEE.com may continue to use those Sub-processors already engaged by JAHAJEE.com or any Affiliate as at the date of this Addendum and available for review on request.

Notification of New Sub-processors and Objection Right
Customer acknowledges and expressly agrees that JAHAJEE.com may engage third party Sub-processors in connection with the provision of the Services. JAHAJEE.com shall be liable for the acts and omissions of its Sub-processor to the same extent it would be liable if performing the services of each Sub-processor directly under the terms of this DPA, except as otherwise set forth herein. JAHAJEE.com has entered into a written agreement with each Sub-processor containing data protection obligations not less protective than those in this DPA with respect to the protection of Customer Data to the extent applicable to the nature of the Services provided by each Sub-processor. JAHAJEE.com shall make available to Customer its current list of Sub-processors including their name and country of location and will provide notification of a new Sub-processor before authorizing any new Sub-processor to Process Personal Data in connection with the provision of applicable Services.
Customer may object in writing within ten (10) business days after receipt of JAHAJEE.com's use of a new Sub-processor. In the event Customer objects to a new Sub-processor, JAHAJEE.com will make reasonable efforts to make an alternative Sub-processor available to the Customer or recommend a commercially reasonable change to Customer's configuration or use of Services to avoid the processing of Personal Data by the objected to Sub-processor without unreasonably burdening Customer. If JAHAJEE.com is unable to make available such change within a reasonable amount of time, which shall not exceed thirty (30) days, Customer may terminate any applicable order form with respect only to those Services which cannot be provided by JAHAJEE.com without the use of the objected-to new Sub-processor and will be refunded any prepaid fees covering the remainder of Term of such order forms.

Limitation of Liability
JAHAJEE.com shall be liable for the acts and omissions of its Sub-processors to the same extent JAHAJEE.com would be liable if performing the services of each Sub-processor directly under the terms of this DPA, except as otherwise set forth in the Principal Agreement.

Data Subject Rights
Taking into account the nature of the Processing, JAHAJEE.com shall assist Customer by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Customer's obligation, as reasonably understood by JAHAJEE.com, to respond to a Data Subject Request under Data Protection Laws.
JAHAJEE.com shall, to the extent legally permitted, promptly notify Customer if JAHAJEE.com receives a request from a Data Subject under any Data Protection Law (including, but not limited to right of access, right to rectification, restriction of Processing, right to be forgotten, data portability, object to processing, or right not to be subject to an automated individual decision making) in respect of Customer Personal Data.

Personal Data Breach
JAHAJEE.com shall notify Customer without undue delay upon JAHAJEE.com or any Sub-processor becoming aware of a Personal Data Breach affecting Customer Personal Data. JAHAJEE.com will provide Customer with sufficient information to allow Customer to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws and any other Applicable Laws. Such notification shall as a minimum describe the nature of the Personal Data Breach, the categories and numbers of Data Subjects concerned, and the categories and numbers of Personal Data records concerned; communicate the name and contact details of JAHAJEE.com's Data Protection Officer or other relevant contact from whom more information may be obtained; described the likely consequences of the Personal Data Breach; and describe the measures taken or proposed to be taken to address the Personal Data Breach.
JAHAJEE.com shall make reasonable efforts to identify the cause of a Personal Data Breach and take necessary and reasonable steps in order to remediate the cause of the Personal Data Breach to the extent the remediation is within JAHAJEE.com's reasonable control. The obligations herein shall not apply to incidents that are caused by Customer or Customer's Users.

Audit rights
JAHAJEE.com shall make available to Customer on request all information necessary to demonstrate compliance with this Addendum, and shall allow for audits including inspections, by Customer, or an auditor mandated by Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. Information and audit rights of the Customer only arise to the extent that the Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.
Customer may contact JAHAJEE.com to request an on-site audit of the architecture, systems and procedures relevant to the protection of Personal Data at locations where Personal Data is stored. Before the commencement of any such on-site audit, Customer and JAHAJEE.com shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be borne by Customer and reasonable, taking into account the resources expended by JAHAJEE.com. Customer shall promptly notify JAHAJEE.com with information regarding any non-compliance discovered during the course of an audit.
Customer must give JAHAJEE.com a reasonable notice and shall make reasonable endeavours to avoid causing any damage, injury or disruption to the Contracted Processor's premises, equipment, personnel and business while its personnel are on those premises in the course of such an audit or inspection. A Contracted Processor need not give access to its premises for the purpose of such audit or inspection:

1. To any individual unless he or she produce evidence of identity and authority;
2. Outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and the Customer or the relevant Customer Affiliate undertaking an audit has given notice to JAHAJEE.com or the relevant JAHAJEE.com Affiliate that this is the case before attendance outside those hours begins.

1. Full Name
2. Email
3. Phone
4. Employment Opportunity Data
5. Username IP Address
6. Password Hash
7. Browser Id
8. IP Address
9. User Agent
10. Client Name

SHARE Whatsapp Facebook Twitter To TOP