Privacy Shield

Privacy Shield Privacy Policy
Effective April 13, 2020


Jitterbit, Inc. complies with the EU‑U.S. Privacy Shield Framework.  This Privacy Shield Policy outlines our commitment to the Privacy Shield Principles (the “Principles”) and our practices for implementing the Principles.  If there is any conflict between the terms in this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Jitterbit’s Privacy Shield certification can be found https://www.jitterbit.com/privacy-shield.  To learn more about the Privacy Shield Framework, please visit the Department of Commerce’s dedicated Privacy Shield website, located https://www.privacyshield.gov/welcome.

Scope

Jitterbit, Inc. complies with the Principles with respect to the Personal Data the company receives from its Customers or their Users in the European Union and the United Kingdom in connection with the use of (i) Jitterbit hosted application (the “Subscription Service”) and related support services (“Support Services”), as well as expert services (including professional services, training and certification) that we provide to Customers.  In this Privacy Shield Policy, the Subscription Service, Support Services and the Expert Services are collectively referred to as the “Service.”

Definitions

For the purposes of this Privacy Policy:

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

“Customer” means any entity that purchases the Service.

“Customer Data” means the electronic data uploaded into the Subscription Service by or for a Customer or its Users.

“Personal Data” means any information, including Sensitive Data, that is (i) about an identified or identifiable individual and (ii) received by Jitterbit, Inc. from the European Union or the United Kingdom in connection with the Service.

“Processor” means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.

“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.

“User” means an individual authorized by Customer to access and use the Subscription Service.

Personal Data

Jitterbit hosts and processes Customer Data, including any Personal Data contained therein, at the direction of and pursuant to the instructions of Jitterbit Customers.  Jitterbit also collects several types of information from our Customers, including:

Jitterbit requires certain personal data in order to provide you with information on our products and services. For example, if you:

  • request information via the contact page on our website: www.jitterbit.com;
  • submit comments or questions via the contact page on our website; or
  • sign up for use of our products or

In these instances, we often collect information such as name, physical address, telephone number, and e-mail address.

If you do not provide your personal data, Jitterbit will not be able to provide you with the information you requested, cannot react to your comments or questions, and cannot serve you as a client.

Jitterbit Harmony Cloud

Information which may not be personal data that is processed by your use of Jitterbit Harmony Cloud includes information about:

  • Project and usage metadata
  • Operations log data
  • Jitterbit user information
  • Transient Client data that is passed through

Marketing

Information that is used on our website requires your opt-in consent or registration.  This information may include:

  • Device, browser, and type
  • Location
  • Cookies

Information and correspondence our Customers and Users submit to us in connection with Expert Services or other requests related to our Service.

Information we receive from our business partners in connection with our Customers’ and Users’ use of the Service or in connection with services provided by our business partners on their behalf, including configuration of the Subscription Service.

In addition, Jitterbit collects general information about its Customers, including a Customer’s company name and address and the Customer representative’s contact information (“General Information”) for billing and contracting purposes.

Purposes of Collection and Use

Jitterbit needs access to certain information in order to provide you with Jitterbit products and services as described below. Jitterbit uses the information to provide, update, maintain, and protect our services, tools, websites and business; to comply as required by law, legal process, or regulation; to communicate with you in responding to your requests, comments, and questions; to develop and provide search, learning, and productivity tools and additional features; to send emails and other communications; for billing, account management, and other administrative matters; and to investigate and help prevent security issues and abuses.

Third Party Disclosures

Jitterbit has relationships with third parties to assist us in providing products and services to our customers.  These service providers are authorized to use your information only as necessary to provide services to Jitterbit, and are contractually required to maintain the confidentiality of the information that Jitterbit provides.

Jitterbit Harmony Cloud

Jitterbit uses service providers who have signed agreements with Jitterbit in order to assist Jitterbit in providing the Jitterbit products and services.  Jitterbit requires these service providers to have strong access controls, encryption key management, and other safeguards so that third parties only have appropriate access to achieve the intended business function.

Marketing

Jitterbit uses service providers who have signed agreements with Jitterbit for the primary purpose of providing targeted marketing communications and improving the user experience for our customers and prospects.

To our subsidiaries and affiliates;

To contractors, business partners and service providers we use to support our Service;

In the event Jitterbit sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation), in which case Personal Data held by us about our Customers will be among the assets transferred to the buyer or acquirer;

  • If required to do so by law or legal process;
  • In response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements.

Access

Jitterbit Harmony Cloud

As a trial or paid customer, you have access to the Jitterbit Harmony self-service web console to manage, deploy, and delete projects and operations.  As an organizational administrator, you have additional privileges to manage user access in your organization.  If you want an electronic copy of your data, send an email to the Jitterbit DPO at dpo@jitterbit.com with your request. We will respond promptly with the options available to you.

Marketing

Jitterbit does not restrict customers or prospects from accessing their personal data submitted through our website. Customers or prospects can edit their personal information or change their privacy settings at any time either through the Jitterbit Preference Center or by emailing a request to the Jitterbit DPO at dpo@jitterbit.com.

To access or correct any General Information Customer has provided, the Customer should contact their Jitterbit account representative directly or by using the contact information indicated below.

Choice

In accordance with the Principles, Jitterbit will only process Personal Data in accord with Customer instructions and offer Customers choice to the extent it (i) discloses their Personal Data to third party Controllers, or (ii) uses their Personal Data for a purpose that is materially different from the purposes for which the Personal Data was originally collected or subsequently authorized by the Customer.  Jitterbit also shall only process Sensitive Data pursuant to Customer instructions.  Unless Jitterbit offers Customers an appropriate choice, Jitterbit uses Personal Data only for purposes that are materially the same as those indicated in this Policy.

Jitterbit may disclose Personal Data of Customers and Users without offering an opportunity to opt out, and may be required to disclose the Personal Data, (i) to third‑party Processors that Jitterbit has retained to perform services on its behalf and pursuant to its instructions, (ii) if it is required to do so by law or legal process, or (iii) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements, and (iv) to comply with our legal obligations, resolve disputes, and enforce our agreements.

Jitterbit also reserves the right to transfer Personal Data in the event of an audit or if the company sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).

Where the Data Is Not From a Jitterbit Customer.  You have a number of rights under relevant data privacy laws, which may include the General Data Protection Regulation (EU) 2016/679 and the California Consumer Privacy Act. Depending on where you are based, for data about you that Jitterbit directly controls, those rights may include the right to (i) request access or copies of your personal data Jitterbit processes, (ii) rectify incorrect personal data, (iii) delete your personal data, (iv) restrict the processing of your personal data, (v) determine the portability of your personal data, (vi) lodge complaints with competent authorities in your country, and/or (vii) request a list with the names and addresses of any potential recipients of your personal data.

For Users in EEA, and California: Your Privacy Rights for Client Data:   Please bear in mind If personal information about you has been submitted to the Jitterbit hosted Jitterbit Applications by or on behalf of a Jitterbit customer and you wish to exercise any data protection rights you may have in respect of that data under applicable law, including (as applicable) the right to access, port, correct, amend or delete such data, please inquire with the relevant Jitterbit customer directly.   Jitterbit has a limited right and ability to access Client Data.  However, for direct requests, we will need the name of the Jitterbit customer who submitted your data to our service.  In such instances Jitterbit will refer your request to that Jitterbit customer and will support them as needed in responding to your request within a reasonable timeframe.

Under certain circumstances Jitterbit will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, Jitterbit cannot verify your identity, or it involves disproportionate cost or effort, but in any event, we will respond to your request within a reasonable timeframe, and provide you an explanation.

Liability for Onward Transfers

Jitterbit complies with the Privacy Shield’s Principle regarding accountability for onward transfers.  Jitterbit remains liable under the Principles if its onward transfer recipients process Personal Data in a manner inconsistent with the Principles, unless Jitterbit proves that it was not responsible for the event giving rise to the damage.

Dispute Resolution

If Jitterbit maintains your Personal Data in one of the Services within the scope of our Privacy Shield certification, you may direct any inquiries or complaints concerning our Privacy Shield compliance to dpo@jitterbit.com, or in the U.S., European Union or the United Kingdom by regular mail as indicated below.

Jitterbit shall respond within 45 days.  If your complaint cannot be resolved through Jitterbit’s internal processes, Jitterbit will cooperate with International Centre for Dispute Resolution-American Arbitration Association (ICDR-AAA) pursuant to the ICDR-AAA International Arbitration Rules, available on the ICDR-AAA website at https://www.adr.org/sites/default/files/ICDR_Rules.pdf.

ICDR-AAA mediation may be commenced as provided for in the  ICDR-AAA rules (the “Rules” outlined at https://www.icdr.org/rules_forms_fees).  The mediator may propose any appropriate remedy available under the Rules, such as deletion of the relevant Personal Data, publicity for findings of non‑compliance, payment of compensation for losses incurred as a result of non‑compliance, or cessation of processing of Personal Data of the Customer or User who brought the complaint.  The mediator, or the Customer or User, also may refer the matter to the U.S. Federal Trade Commission, which has Privacy Shield investigatory and enforcement powers over Jitterbit.  Under certain circumstances, Customers and Users may be able to invoke binding arbitration to address complaints about Jitterbit’s compliance with the Principles.

How to Contact Jitterbit

In compliance with the Privacy Shield Principles, Jitterbit, Inc. commits to resolve complaints about our collection or use of your personal information.  EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: dpo@jitterbit.com or by regular mail addressed to:

Jitterbit, Inc.
Attn: Privacy
1301 Marina Village Parkway, Suite 201
Alameda, CA 94501
Tel 1-877-852-3500

Alternatively, regular mail may also be directed to our European Union‑ based offices, by addressing it to:

Jitterbit, Inc.
Attn: Privacy
Leidseveer 2
3511 SB Utrecht
The Netherlands
Tel +31 30 307 2900

Jitterbit has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.