What Information We Collect
Customer Provided Information. We collect personal information from users including first and last names, a valid credit card to process payment for the Services, business postal addresses, an email address and a password.
Personal Information in Content. We provide replication, backup and data storage Services. Certain content that is backed up, stored or hosted using our Services may contain Personal Information.
Session Records. To provide security and maintain the quality of service, we gather data on connection information, including session date and times, Device Internet Protocol ("IP") address, browser type, Device name and/or identification number, and other interactions with the Service.
Use of Personal Information
We may disclose personal information as required by law and to comply with a judicial proceeding, court order, or legal process.
Disclosure of Personal Information
We share certain personal information with third parties whose services we use to help sell, support our products and operate our business such as Customer Relationship Management (CRM), Enterprise Resource Management (ERP) and Accounting software providers. We make sure any third parties with whom we share Personal Data will use the data only for the purpose of providing their services to us, and in a manner consistent with our privacy practices. We assume responsibility for the processing of Personal Data that we transfer to a 3rd party. We remain liable under the Privacy Shield principles if our agent processes such Personal Data in a manner inconsistent with the principles, unless we prove we are not responsible for the event giving rise to the damage. We may also share personal information as required by law and to comply with a judicial proceeding, court order, or legal process.
EU Court of Justice Privacy Shield Decision
On July 16, 2020, the EU Court of Justice invalidated the EU-US Privacy Shield Framework, while confirming the validity of the European Commission’s standard contractual clauses as a legal mechanism for international transfers of EU personal data.
The U.S. Department of Commerce will continue to administer the Privacy Shield program and CeeJay will continue to follow its principles. Whenever required, we will also sign the Data Processing Addendum with the standard contractual clauses in order comply with the EU Court of Justice ruling.
In compliance with the Privacy Shield Principles, CeeJay commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact CeeJay at https://help.ceejay.com
Right to access, change and delete personal information
You have the right to access personal information about them, and to limit use and disclosure of it. If you would like to request access to the personal information we have processed on behalf of one of you or to limit use and disclosure of your personal information, please contact: https://help.ceejay.com and provide your name, contact information and observe the required formalities under applicable law.
U.S. Federal Trade Commission Enforcement
CeeJay is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) to ensure compliance with the EU-US Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles.
In instances where other redress possibilities have been exhausted, or where the complaint has not been resolved by any other means, CeeJay will provide you a binding arbitration option before the Privacy Shield Panel. CeeJay acknowledges that any final decision by the Privacy Shield Panel is a legally binding decision, enforceable in U.S. courts.
CeeJay works with leading cloud infrastructure providers to ensure the security of your data, in addition to following a Secure Software Development Life Cycle (SSDLC), conducting regular vulnerability assessments and encrypting customer data in transit and at rest.
Secure Software Development Life Cycle. CeeJay source code is reviewed internally using guidelines from OpenSAMM and Microsoft SDL frameworks. Our software code is stored in BitBucket source code management system located in the United States. The system tracks source code access and modification activity. The source code management system can be accessed only from devices that are compliant with CeeJay security policies. Only authorized R&D engineers access the source code and only for the tasks assigned to them.
Infrastructure. CeeJay relies on GCP, and/or AWS and Azure for cloud hosting and storage services. Customer data is stored in an encrypted archive (see paragraph 4) on redundant object storage, and is accessed via CeeJay application services that manage user access rights and permissions.
Encryption. We use Transport Layer Security (TLS 1.2) cipher for data in transit. All data to and from our cloud service is encrypted using TLS 1.2. Data at rest is stored in cloud storage protected by Advanced Encryption Standard 256bit (AES256) cipher.
We are primarily a data processor but we also considered a data controller in certain situations described in this Section. We are a business-to-business cloud service provider and our main role is a data processor for our business Customers. We also receive personal information from individual employees inquiring on behalf of their employer.
CeeJay is the "Processor" of Personal Information in the meaning set forth in Article 4 of the GDPR and any other data protection laws with respect to personal data contained in Customer Content. We collect information under the direction of our business Customers, who remain the data controllers. We have no direct relationship with the individuals (Users) whose personal data we process.
We act as a data-controller when We collect singular data subject personal information such as name, cookies, tags, scripts, your email, and comments on our blog and website. This information is submitted, voluntarily, by individuals representing data-controlling Customers.
CeeJay engages the following third party subprocessors to provide the Services:
- PayPal, GoGardless, are payment processing companies,
- Google Cloud Platform and Amazon Web Services, infrastructure hosting providers,
- Webflow provide our webhosting services for our websites,
- Hubspot, a cloud customer relationship management system,
- Intercom, a cloud-based helpdesk ticketing system.
Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.
Our appointed data processors include:
If CeeJay is requested to access, correct or remove data, by the data controller, we will respond within a reasonable timeframe. Individuals who have provided data to CeeJay directly, via our blog or website and who wish to access, correct, or delete data, may request access by contacting us via email at https://help.ceejay.com. We retain personal data we process on behalf of our Customers for as long as needed to provide the Services. When Customer Subscription expires or is terminated, We will delete Customer Contents, Customer data in Our systems or otherwise in Our possession.
We are compliant with the Regulation (EU) 2016/679 (General Data Protection Regulation). Major GDPR requirements and CeeJay features that help to address them include:
Storing and processing data within EU. CeeJay enables customers to select where their data is stored by specifically setting the predefined destinations.
Right to erasure. CeeJay will remove data from the system in a timely manner upon request.
Security. All the customer data in transit and at rest is encrypted as described in paragraph 4. CeeJay follows Secure Software Development Cycle as outlined in paragraph 1.
Records of processing activities. CeeJay audit log provides visibility on all actions performed in the system and enables customers to retrieve these logs when required.
We have a Data Protection Officer who can be reached at firstname.lastname@example.org.
Customer Data may include personally identifiable information from education records that are subject to FERPA. To the extent that Customer Data includes such information, CeeJay will be considered a "School Official" (as defined in FERPA and its implementing regulations) and will comply with FERPA.
CeeJay services can be used in compliance with COPPA if an organization has parental consent.
In providing your personal information to us, you are consenting to us dealing with that information in the manner described in this statement. For example, if you give us your fax number or email address, you are consenting to us contacting you by fax or email.
You may opt out of receiving marketing communications if you want, at any time. Specific communications (such as the newsletter) usually contain instructions on them for how to opt out of receiving them, or you can email us at https://help.ceejay.com.
If we make any material changes they are posted to this page.
Last updated 17th September 2021