This is the privacy policy of freetobook, whose registered office is at 100 Berkeley Street, 2nd Floor, Glasgow, G3 7HU, telephone 0141 270 2173, e-mail [email protected] and website https://en.freetobook.com/.
We set out below important information about our processing of data relating to individuals by reference to the purposes for which we do so in the context of our business.
When you visit our website, we may collect information including but not limited to:
Contact details, including address, telephone numbers, e-mail, and social media contact information, including on LinkedIn
Marketing preferences (whether you opt in or out)
A nugatory amount of data which is automatically collected by our web server access log records. Access log records collect and store information based on IP addresses and access request date/time.
We host our website on Namesco servers. Namesco is fully compliant with Data Protection laws, although the basic information they store is not user-specific and cannot be used to identify an individual. We have never had reason to access these logs as we use Google Analytics performance cookies to display more advanced access and usage data in a user-friendly dashboard which we (and our web agency) can more easily interpret.
We use Google Analytics cookies to gather and display information relating to
device type (e.g. mobile, computer, tablet)
operating system
browser type
browser information (e.g., type, language, version)
domain names
access times and dates
location (country + city/town)
referring website addresses
All data gathered, processed and displayed by Google Analytics cookies is randomised and can never be traced to an individual.
Our use of your personal data will always have a lawful basis, either because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is in our legitimate interests. We don’t disclose to anyone any of the information we obtain except subsequently in the course of making available our services.
We use this data in order to:
Communicate with people via telephone, email, SMS text and other forms of electronic communication
Send people materials about our business, events, products and services
Marketing our business
Entering into contracts without customers, partners and suppliers
Keeping records and accounts
Operating our business
Operating our website and use of cookies
To enhance user experience on our website
Process orders
Send you service emails (order confirmation/receipts)
Improve our products and services
Data subjects may require that their information be deleted or removed if there is not a legitimate reason for us to hold it.
We will not sell, distribute, or lease your personal information to third parties. Any personal information we request from you will be safeguarded under current legislation.
We will only share your information with companies if necessary to deliver services on our behalf. These service providers are limited to Names.co.uk to host our website and Ninja Forms to collect, process and store form data. We do not host any further third party website content such as imagery hosted on CDNs or embedded social or video content which could use their own cookies to gather data about you.
You may choose to restrict the collection or use of your personal information at any point.
Our website agency has access to our Google Analytics Dashboard, but no other data.
We only keep your personal data for as long as we need to in order to use it as described in this Privacy Policy, and/or for as long as we have your permission to keep it.
Emails
When you send an email to the email address displayed on our website, we collect your email address and any other information you provide in that email (such as your name, telephone number and the information contained in any signature block in your email).
Namesco
A nugatory amount of data is automatically collected by our web server access log records. Access log records collect and store information based on IP addresses and access request date/time. We host our website with Namesco who are fully compliant with Data Protection laws, although the basic information they store is not user-specific and cannot be used to identify an individual. We have never had reason to access these logs as we use Google Analytics performance cookies to display more advanced access and usage data in a user-friendly dashboard which we can more easily interpret. Namesco is fully compliant with GDPR regulation – please access their Privacy Policy to learn more.
Ninja Forms
As discussed in this Privacy Policy we use third-party software, Ninja Forms, to process form data submitted via our website. Ninja Forms is fully compliant with GDPR regulation – please access their Privacy Policy to learn more.
Your choices
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not pass your details to any third parties for marketing purposes unless you have expressly permitted us to. Furthermore, you can change your marketing preferences at any time by contacting us by email at [email protected].
You have a right to request a copy of the personal information that freetobook holds about you and have any inaccuracies corrected. Any such requests should be made to this email address: [email protected].
You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.
We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected.
Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our Site. If you provide us with your credit/debit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement generally accepted industry standards.
Like many other websites, we use cookies. We use them to help you personalise your online experience.
A cookie is a text file that is placed on your hard disk by a web page server which allows the website to recognise you when you visit. Cookies only collect data about browsing actions and patterns, and do not identify you as an individual.
We use cookies for the following purposes:
Performance and analytics: We use Google Analytics (Tag Manager) cookies to help us analyse how our web pages are being accessed and used. We also use cookies to provide insights such as page views, conversion rates, device information, visitor IP addresses, and referral sites.
Third Parties: Third Party services may use cookies to help you sign into their services from our services. Any third party cookie usage is governed by the Privacy Policy of the third party placing the cookie.
You can set your browser to not accept cookies, but this may limit your ability to use the third party services on our website.
While this anonymous statistical data may be aggregated and used in broader statistical analysis by us and our web monitoring service provider to improve our services, we cannot personally identify you as the source of that data until such point as you provide your personal information to us.
A person has the right to receive information on what personal information we have, why and who we share it with.
From time to time it may be necessary for us to review and revise this privacy policy. We reserve the right to change our privacy policy at any time.
If you have any questions about this Privacy Policy, please don’t hesitate to contact us at [email protected].
We are committed to protecting your privacy
We collect the minimum amount of information about you that is commensurate with providing you with a satisfactory service. This policy indicates the type of processes that may result in data being collected about you. Your use of this website gives us the right to collect that information.
Information Collected
We may collect any or all of the information that you give us depending on the type of transaction you enter into, including your name, address, telephone number, and email address, together with data about your use of the website. Other information that may be needed from time to time to process a request may also be collected as indicated on the website.
Information Use
We use the information collected primarily to process the task for which you visited the website. Data collected in the UK is held in accordance with the Data Protection Act. All reasonable precautions are taken to prevent unauthorized access to this information. This safeguard may require you to provide additional forms of identity should you wish to obtain information about your account details.
Cookies
Your Internet browser has the in-built facility for storing small files - "cookies" - that hold information which allows a website to recognize your account. Our website takes advantage of this facility to enhance your experience. You have the ability to prevent your computer from accepting cookies but, if you do, certain functionality on the website may be impaired.
Disclosing Information
We do not disclose any personal information obtained about you from this website to third parties unless you permit us to do so by ticking the relevant boxes in registration or competition forms. We may also use the information to keep in contact with you and inform you of developments associated with us. You will be given the opportunity to remove yourself from any mailing list or similar device. If at any time in the future we should wish to disclose information collected on this website to any third party, it would only be with your knowledge and consent.
We may from time to time provide information of a general nature to third parties - for example, the number of individuals visiting our website or completing a registration form, but we will not use any information that could identify those individuals.
In addition Dummy may work with third parties for the purpose of delivering targeted behavioral advertising to the Dummy website. Through the use of cookies, anonymous information about your use of our websites and other websites will be used to provide more relevant adverts about goods and services of interest to you. For more information on online behavioral advertising and about how to turn this feature off, please visit your online choices.com/opt-out.
Changes to this Policy
Any changes to our Privacy Policy will be placed here and will supersede this version of our policy. We will take reasonable steps to draw your attention to any changes in our policy. However, to be on the safe side, we suggest that you read this document each time you use the website to ensure that it still meets with your approval.
Contacting Us
If you have any questions about our Privacy Policy, or if you want to know what information we have collected about you, please email us at [email protected]. You can also correct any factual errors in that information or require us to remove your details form any list under our control.
This privacy policy explains how Jotform handles your personal information and data, and applies to all of the products, services and websites offered by Jotform Inc., Jotform Ltd, Jotform Pty Ltd, Jotform Canada Inc., and their affiliates (collectively, “Jotform”), except where otherwise noted. Jotform products, services and websites are collectively referred to as the “services” in this policy. Unless otherwise noted, all services are provided by Jotform Inc., which is based in the United States.
This privacy policy incorporates and should be read in conjunction with our AI Policy. You should read both policies before using our platform or submitting your personal info in any of our users’/customers’ forms. Please also read our Terms of Use, since you agree to those terms by visiting our websites or using our Platform.
In this policy, “you” refers to those who use and/or interact with any or all of our products, services, and websites, and “we”, “us”, and “our” refer to Jotform. “Customer”(s) refers specifically to those who use Jotform services. “Form Responders” refers to those who fill in and/or submit forms used by our Customers. “AI Functionality Users” refers to those who interact with AI Functionality on our Platform and/or websites. Our Platform and websites include www.noupe.com and the Noupe AI chatbot builder.
Registration information. When you register for an account with us so you can create and/or use forms, we collect your username, password and email address.
Billing information. If you make a payment to Jotform Inc., we require that you provide your billing details, including name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number). If you provide a billing address, we will regard that as the location of the account holder. Our integrations with third party payment gateways are for processing only. We don’t store or log any sensitive cardholder data provided by you or your form users. We follow industry-standard best practices to protect the security of cardholder data during processing and transmission. Jotform Inc. is certified as a PCI DSS Level 1 Compliant Service Provider, and we perform annual audits to ensure that our handling of your credit card information aligns with industry guidelines. Read more here.
Account settings. Our customers can set various preferences and personal details on pages, such as your account settings page. For example, your default language, timezone and communication preferences (e.g. opting in or out of receiving marketing emails from us).
Form data. We store our customers’ form data (form fields and input and data inputted in those fields), in some cases using third party server providers such as Amazon Web Services and Google Cloud.
Data you use to create forms is owned by you. We treat your forms as private, unless you make them available to members of the public. We don’t sell or make forms you’ve created available to anyone, nor do we use the form responses you collect, for purposes unrelated to you or our services, except in a limited set of circumstances (e.g. if we are compelled by a subpoena or court order, or if you’ve given us permission to do so).
Jotform safeguards responders’ email addresses. To make it easier for you to invite people to complete your forms via email, you may upload lists of email addresses, in which case we act as a mere custodian of that data. We don’t sell these email addresses or make them available to others except as directed by you and in accordance with this policy. The same is true for any email addresses collected through your forms.
Jotform holds your data securely. Read our Security Statement for more information. This includes any personal information you provide to us, including but not limited to where a customer voluntarily shares their phone number or other sms information with us so we may contact them.
Form data is stored on servers located in the United States. Our customers have the option to store their data in the EU. See https://www.jotform.com/security/ for more information.
Usage data. We collect usage data when you interact with our services. This may include which web pages you visit, what you click on, when you performed those actions, and so on. Additionally, like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, and timestamps.
Device data. We collect data from the device and application you use to access our services, such as your IP address, operating system version, device type, system and performance information, and browser type. We may also infer your geographic location based on your IP address.
Referral data. If you arrive at a Jotform website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
Information from third parties. We may collect your personal information or data from third parties, if you have given permission to those third parties to share your information.
Information from page tags. We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymized data about visitors to our websites. This data includes usage and user statistics. Emails sent by Jotform or by users through our services may include page tags that allow the sender to collect information about who opened those emails and clicked on links in them. We do this to allow the email sender to measure the performance of their email messaging and to learn how to improve email deliverability and open rates.
See our Cookie Policy for more info
When you fill in or complete a form used by one of our Customers, we collect information relating to you and your use of our services:
Form responses. We collect and store the form responses that you submit, in some cases using third party server providers like Amazon Web Services or Google Cloud, on behalf of our Customers. The form creator (Customer) is responsible for this data, and they manage it. A form may ask you to provide personal information or data. If you have any questions about a form which a Customer has sent to you or given you access to fill in, or about the data to be provided in the form, please contact the form creator directly, since Jotform is not responsible for the content of that form. The form creator may have their own privacy policy.
Are your form responses anonymous?
You will need to ask the form creator as it depends on how the individual, company or organization has chosen to configure the form(s). We provide information to form creators on how they can collect responses anonymously. However, even if a form creator has followed those steps, specific questions in the form may still ask you for your personal information or data that could be used to identify you.
We treat unique form questions and responses as information that is private, unless a party other than Jotform has made that information public. We don’t use form data other than as described in this privacy policy without our Customers’ consent. We don’t sell Customers’ form data, nor do we make it available to third parties without the Customer’s permission.
We use information gathered from and provided by our Customers to do the following for our Customers:
Provide services and technical support, assist them with form design and creation, provide technical troubleshooting, manage our relationship with them, and to gather information on how they use our services.
Certain features of our services use the content of form questions and responses and Customer account information in additional ways. Feature descriptions will identify where this is the case. Customers can avoid the use of form data in this way by simply choosing not to use such features. For example, by using our form templates feature, to add questions to forms, you also permit us to aggregate the responses you receive to those questions with responses received by other form templates users who have used the same questions. We may then report statistics about the aggregated (and de-identified) data sent to you and other form creators.
We do not share our customers’ or users’ phone numbers or other personally-identifying mobile information or consents or opt-ins with third parties, affiliates, or partners, whether for marketing/promotional, or other purposes.
AI (Artificial Intelligence). We use AI (artificial intelligence) capabilities to help our users create and manage forms, to create AI “agents” that can assist the user in communicating with the user’s customers, form responders, or end users, such as through chat or simulated phone calls. Such agents are by definition not human. Our users can choose whether to create and use agents. See our AI policy for more information.
Third-Party Services and Apps. If you choose to link your Jotform account with a third party account, such as your Google or Facebook account, Jotform may use the information you allow us to collect from those third parties to provide you with additional features, services, and personalized content.
For your convenience, the services may provide links to third-party websites or services that we do not own or operate. We are not responsible for the practices employed by the owners or operators of any such websites or services. You use them at your own risk. Your use of and interactions with such websites and services are subject to the applicable third party’s rules and policies, not ours. We suggest you review the privacy policies of such parties before providing any personal information.
In order to provide you with useful options to use the services together with social media and other applications, we may give you the option to export information to, and collect information from, third party applications and websites, including platforms such as Google and Twitter and social networking sites such as Facebook. When exporting and collecting such information, you may be disclosing your information to the individuals or organizations responsible for operating and maintaining such third party applications and sites, and your information may be accessible by others visiting or using those applications or sites. We do not own or operate third party applications or websites that you connect with – you should review the privacy policies and statements of such websites to ensure you are comfortable with the ways in which they use the information you share with them.
We use your information, including certain form data, for the following limited purposes:
To monitor, maintain, and improve our services and features. We internally perform statistical and other analysis on information we collect, including usage data, device data, referral data, question and response data and information from page tags, to analyze and measure user behavior and trends, to understand how people use our services, and to monitor, troubleshoot and improve our services, including to help us evaluate and design new features. We may use your information internally in order to keep our services secure and operational, such as for troubleshooting and testing purposes, and for service improvement, marketing, research and development purposes.
To enforce our Terms of Use.
To prevent potentially illegal activities.
To screen for and prevent undesirable or abusive activity. For example, we have automated systems that screen content for activities such as, phishing, spam, and fraud.
To create new services, features or content. We may use your form data and form metadata (that is, data about the characteristics of a form) for our internal purposes to create and provide new services, features or content. Regarding form metadata, we may look at statistics like response rates, question and answer word counts, and the average number of questions in a form, and publish interesting observations about these for informational or marketing purposes. When we do this, neither individual form creators nor form responders will be identified or identifiable unless we have obtained their permission.
To facilitate account creation and the logon process. If you choose to link your Jotform account to a third party account, such as your Google or Facebook account, we use the information you allowed us to collect from those third parties to facilitate the account creation and login process.
To contact you about your service or account. We will occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, a welcome email when you first register). You are prevented from opting out of this type of communication since it is required to provide our services to you.
To contact you for marketing purposes. We will send you promotional emails only if you have consented to us contacting you for this purpose. You may opt out of these communications at any time by clicking on the “unsubscribe” link in them, or changing the relevant setting on your My Account page.
As a service provider, Jotform is legally required to turn over user data in our possession when we receive valid legal process from government authorities with proper jurisdiction. We strive to balance the needs of law enforcement and other legal process with the privacy of our customers and third parties who submit their information to our customers on their forms. Accordingly, we carefully review each legal and law enforcement request for information, and where we do produce personal information, we endeavor to produce only that information which is actually required.
For parties in North America, disclosures are governed by U.S. law and the Federal Stored Communications Act (“SCA”), 18 U.S.C. §§ 2701-2712 . For parties outside the US, our disclosures are governed by the laws of the applicable jurisdiction. In general, we will turn over general information such as name, subscription inception date, information on form creation, email address, registration IP address, and, where we believe required, billing information. We require a valid subpoena, or a law enforcement request issued in connection with an official criminal investigation.
Personal information a form responder includes in a form belongs to the responder, unless the responder has given rights in that information to the Customer who provided them with the form. Check with the Customer if you have questions about that. Form submission data is managed by the form creator (the Customer). Jotform treats that information as private unless the responder and/or Customer has made it publicly available. Please contact the form creator directly to understand how they use your form responses. Some form creators may provide you with a privacy policy or notice at the time you complete its form, and we encourage you to review that to understand how the form creator will handle your responses.
In some cases, artificial intelligence (AI) capabilities assist you in filling in and/or submitting forms to our users, and in communicating with our users via chat or simulated phone calls.. When you provide information, including personal information with AI assistance, as part of such interactions with forms or our users, our AI providers may have access to the information you provide during such interactions. See our AI policy for more information.
We do not sell personal information gathered from form responses. We won’t use any contact details collected in our customers’ forms to contact form responders.
See the section above for information on how we use data provided by our Customers or to which our Customers have given us access.
See the section above regarding information related to visitors to our websites. We use that information, including but not limited to cookies, customer data, usage data, device data, referral data and information from page tags, to manage and improve our services, to serve and support our Customers, for research purposes, and for the other various purposes described in this privacy policy.
We will not sell or lease your personal information to any third party. We may disclose aggregate demographic and statistical information with our business partners, but this information is not specific to the identification of you as an individual.
Use of our websites is intended for adults at least eighteen (18) years of age. We do not knowingly collect personally-identifying information from children under the age of thirteen (13).
We may disclose information with third parties, for limited purposes, as follows:
Your information to our service providers. We use service providers who help us to provide you with our services. We give some personnel of these providers access to your information, but only to the extent necessary for them to perform their services for us. Our contracts with our service providers require them to maintain technical protections to ensure the confidentiality of your personal information and data, to use it only for the provision of their services to us, and to handle it in accordance with this privacy policy. Examples of service providers include payment processors, hosting services, AI providers, email service providers, and web traffic analytics tools. See our AI policy for information relating to AI, AI providers, privacy considerations, and the like.
Your account details to your billing contact. If your account holder details are different from the billing contact listed for your account, we may disclose your identity and account details to the billing contact upon their request. We typically will attempt to notify you of such requests. By using our services and agreeing to this privacy policy, you consent to this disclosure.
Your email address to your organization. If the email address under which you’ve registered your account belongs to or is controlled by an organization, we may disclose that email address to that organization in order to help it understand who associated with that organization uses our services, and to assist the organization with its enterprise accounts.
Aggregated or de-identified (anonymized) information to third parties to improve or promote our services. We do this so that no individuals can reasonably be identified or linked to any part of the information we share with third parties to improve or promote our services.
The presence of a cookie to advertise our services. We may ask advertising networks and exchanges to display ads promoting our services on other websites. We may ask such parties to deliver those ads based on the presence of a cookie or similar technology that was placed when you visited one of our websites, but in doing so we will not share any other personal information with the advertiser. Our advertising network partners may also use cookies and page tags or web beacons to collect certain non-personal information about your activities on this and other websites to provide you with targeted advertising based upon your interests.
Your information if required or permitted by law. We may disclose your information as required or permitted by law, or when we believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us.
Your information if there’s a change in business ownership or structure. If ownership of all or substantially all of our business changes, or we undertake a corporate reorganization, including a merger, acquisition or consolidation or any other action or transfer between Jotform entities, you expressly consent to Jotform Inc. transferring your information to the new owner or successor entity so that we can continue providing our services.
Information you expressly consent to be shared. For example, Jotform Inc. may expressly request your permission to provide your contact details to third parties for various purposes, including to allow those third parties to contact you for marketing purposes. If you give your permission, you may later revoke your permission, but if you wish to stop receiving communications from a third party to which we provided your information with your permission, you will need to contact that third party directly.
If you’re a Customer, you are able to control who can take your form by changing your collector settings. For example, forms can be made completely public, and indexable by search engines. You can also choose to share your form responses instantly or at a public location.
Please note that, if you’re a form responder or Customer who has entrusted us with safeguarding the privacy of your personal information, we will not disclose or share it with third parties unless we have (a) given you notice, such as in this privacy policy, (b) obtained your express consent, such as through an opt-in checkbox, or (c) de-identified or aggregated the information so that individuals or other entities cannot reasonably be identified by it.
By using our services or visiting our websites, you consent to the above-described disclosures.
In some cases, the applications or user interfaces you encounter while on our sites are managed by third parties, who may require that you provide your personal information. We are not responsible for the privacy practices of these third party services or applications. We recommend carefully reviewing the user terms and privacy statement of each third party service, website, and/or application prior to use.
We generally retain your information for as long as you have an account with us, as necessary to otherwise to provide services to you, to comply with our legal obligations, to enforce our agreements and terms of use, and for as long as one or more of your forms remain publicly accessible on our website. If you close your account and make your forms publicly unavailable through your account dashboard, your personal info will be deleted after one month. If your account has not been closed but is inactive for one year, we will hold your personal data in encrypted form for one additional year, at which time we will delete it. We will delete personal info in response to valid data subject requests made under applicable privacy law such as under the GDPR. This paragraph constitutes our data retention policy as to your personal information.
You may be entitled to request that we delete or amend your personal information. You may also be entitled to withdraw your consent, when consent is the basis for processing your personal information. We apply the same procedures, limitations and exceptions established for European Economic Area (EEA), UK, Swiss and Australian residents in this privacy policy to all who make such requests to delete or amend personal information, or withdraw consent for processing personal information, regardless of geographic location. Please read the “Your Rights” paragraph under the “ADDITIONAL TERMS FOR EUROPEAN ECONOMIC AREA, UK, SWISS AND AUSTRALIA RESIDENTS” below for details. If you are a resident of the EEA, UK, Switzerland or Australia, see below for more specific details on how that applies to you.
Personal information that we collect is processed under the following legal basis:
Our legitimate interests. This includes:
to enable us to provide our products and services and website use and access to you
for analytics, to gather metrics to better understand how users use the our websites, and to evaluate and improve our websites
to prevent fraud and other illegal activity
the legitimate interests of others (for example, to ensure the security of our website)
to comply with legal obligations, as part of our general business operations, and for other internal business administration purposes
if we collect demographic information from you (such as gender and ethnic origin) in order to carry out diversity monitoring and such information is not collected in an anonymous format, then we rely on our legitimate interest to do so.
Contractual obligations. For the performance of contractual obligations between you and Jotform, including the Jotform Terms of Use and/or in our separate written contract with you.
Consent. Where required by law, we may process your personal information in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time after giving it, as described in this privacy policy).
See our GDPR page at https://www.jotform.com/gdpr-compliance/.
Scope
This policy relates to the requirements of the Australian Privacy Principles (APP) contained in the Australian Privacy Act 1988 (the Act). This policy applies to the collection of Australian residents’ personal information by customers of Jotform utilising our service provision in the Australian region. In circumstances where it is construed as an APP Entity, Jotform complies with the APP and has implemented suitable controls and measures to ensure that personal information is collected, held and disclosed in a manner that is secure
Collection of Personal Information
Jotform does not actively collect personal information from Australian residents directly (solicited information). We may collect personal unsolicited information in the course of our service provision to our Australian customers. Our Australian customers use the Jotform platform and software as a service provision within their business operations to improve business practices. This may include the use of our forms and tables, and other services we offer, in the process of collecting personal information of end users. The types of personal information collected by our customers varies, and they should provide a detailed list in their own privacy policy.
Disclosure (Data Sharing)
Information that is collected by our customers may be disclosed to and stored on our servers (and backups) which are provided by Google Cloud Platform (GCP) and by Amazon Web Services (AWS). This may include overseas disclosures and Australian resident personal information may be transferred to cloud providers based in the United States of America. We work closely with our service providers to ensure a high standard of security is maintained to ensure that personal information is protected from unauthorized access. Our cloud service providers also have certifications including ISO27001 and SOC 2 which evidence high standards of information security management.
Individual Rights
As an Australian resident you have rights under the Australian Privacy Act 1988. You have the right to access your personal information, and to have your personal information corrected if it is not accurate. We will respond to your request as soon as is practicable. Ordinarily a charge will not be required for this service, unless the request is excessive or requires significant resources. To exercise these rights, contact [email protected].
Making a Complaint
As an Australian resident whose personal information we may have collected, you can make a complaint to us using the email address below, and we will deal with the issues you are reporting as swiftly as we can. If you are not satisfied with our response, you can make a complaint to the Office of the Australian Information Commissioner (OAIC) by emailing this address https://www.oaic.gov.au/privacy/privacy-complaints
Contact UsFor further information, or to make a request for access or correction of personal information, please contact us by email at [email protected].
Please see our transfer impact assessment page for information that may assist you in assessing potential transfers of data to the United States from within the EU or UK.
Deletion of Personal Information
You may be entitled to request that we delete your personal information in certain specific circumstances. If you wish to exercise this right, please submit your request using this form. We will consider all such requests and provide our response within a reasonable period (but no longer than one calendar month from our receipt of your request unless we tell you that we are entitled to a longer period under applicable law). We may require you to verify your identity before we respond to your request. Certain personal information may be exempt from such requests in certain circumstances, including as provided for in this privacy policy.
Access, Update, Data Portability and Other Rights
You may also be entitled to access your information, update your personal information which is out of date or incorrect, restrict use of your personal information in certain specific circumstances, place a data portability request (applicable only when we use your personal information on the basis of your consent or performance of a contract, and where our use of your information is carried out by automated means), and ask us to consider any valid objections which you have to our use of your personal information where we process it on the basis of our or another person’s legitimate interest. Requests should be directed via this form.
We will consider all such requests and provide our response within a reasonable period (but no longer than one calendar month from our receipt of your request unless we tell you we are entitled to a longer period under applicable law). We may require you to verify your identity before we respond to any of your requests. Certain personal information may be exempt from such requests in certain circumstances, including as provided for in this privacy policy.
Complaints
You also have the right to lodge a complaint before a supervisory data protection authority regarding our data processing. If you are in Europe, an up to date list of data protection authorities is available at https://edpb.europa.eu/about-edpb/board/members_en. If you are in the UK, the data protection authority is the UK Information Commissioner’s Office available at https://ico.org.uk/.
Jotform complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Jotform has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Jotform has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Jotform commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS (www.jamsadr.com/DPF-Dispute-Resolution), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
See the “Information We Collect” section above for information on what personal data we collect, and the “How We Use and Disclose Your Information” section for information on how we use such data and to whom we may disclose it. Whatever personal data our user or customer (the data “controller”) collects via submissions to their forms on our platform is determined by the user or customer on the one hand and by the persons who fill in and submit their forms on the other hand.
See above for information on the choices you have concerning limiting the use and disclosure of your data, and your right to access your personal data. We are subject to the investigatory and enforcement powers of the FTC. We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. See above. We may be liable for onward transfers to third parties if and to the extent determined by law. Complaints regarding our compliance with the DPF may be subject to binding arbitration before the American Arbitration Association in the US – see our terms of use. You may address any complaints directly to us using this form, free of charge, worldwide.
We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/11830216921
In most cases where Jotform may receive personal data of and/or for our Brazilian customers, the customer is the Controller under the LGPD, rather than Jotform. For purposes where Jotform does in fact function as a Controller with respect to our customer, our Privacy Team is the designated Data Protection Officer, and may be contacted at [email protected].
If you have any questions about this privacy policy, you may contact us using this form.