- This policy covers how Jera Concepts LLC (“Jera”) treats personal data that Jera collects and receives, including information related to your use of Jera products and services.
- “Personal data” is defined as information about you that is personally identifiable, such as your name, mailing address, email address, or other contact information, and that is not otherwise publicly available.
- This policy does not apply to non-personal data, which means any data or information other than “personal data” as described above. If you are a store or business, data or information about your store or business that does not include data or information about you personally (such as store sales, orders or waste records) is "non-personal data."
Information Collection and Use
- Jera collects personal data when you register with Jera, when you use Jera products or services, when you visit Jera’s website, and when you enter Jera promotions or special offer codes.
- When you register, we ask for information such as your name, alternate email address, zip code, company name, and contact information. Once you register with Jera and use our services, you are not anonymous to us.
- Jera collects information about your transactions with us and with some of our business partners and affiliates, including information about your use of the products and services that we offer.
- Jera may automatically receive and record information on our server logs from your browser, including your IP address, Jera cookie information, and the page you request.
- Jera uses information for the following general purposes: to customize our website, advertising and content, to fulfill your requests for products and services, to improve our services and customer relations, to contact you, and to conduct research.
- Jera and/or our selected third-party partners may also collect data about visitors’ activities on this Website and across the Internet over time for non-advertising purposes, including to conduct analytics, measure trends, and streamline website usability. The technologies used for this purpose may include log files, cookies, web beacons, and social media plug-ins. One of the service providers we may use is Google Analytics. To learn more about how Google Analytics collects and processes data and the choices you may have to control these activities, you may visit https://policies.google.com/privacy.
- Jera does not knowingly collect or obtain from you or third parties, any “Sensitive Personal Data,” as defined under the GDPR. “Sensitive Personal Data” are personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data.
- Jera complies with the U.S. Children’s Online Privacy Protection Act (COPPA) and does not knowingly collect personal data from children under the age of thirteen (13) or from websites or online services directed to children under the age of thirteen (13).
- If you are a visitor from the European Union (EU) or Switzerland, Jera does not process the personal data of a child younger than 16 years old. Jera makes reasonable efforts to verify in such cases that consent is given or authorized by the holder of parental responsibility over the child, taking into consideration available technology.
- Consumers should not create Jera accounts on our Website or license our services, unless they are legally old enough to form a binding contract and in any case are 18 years of age or older. In the unlikely event that you are the parent or legal guardian of a child under 18, who has registered with the Jera website or has licensed services from us, please contact [email protected] to have your child’s personal data deleted.
Information Sharing and Disclosure
Jera does not sell, rent, or share personal data about you with other people or non-affiliated companies except to provide products or services that you have requested, when we have your permission, and under the following circumstances:
- We provide the information to trusted partners and affiliates who work on behalf of or with Jera under confidentiality agreements. These companies may use your personal data to help Jera communicate with you about offers from Jera and our marketing partners and affiliates. However, these companies do not have any independent right to share this information;
- We respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or to defend against legal claims;
- We believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Jera’s terms of service, or as otherwise required by law;
- Jera may display targeted advertisements based on personal data. Advertisers (including ad serving companies) may assume that people who interact with, view, or click on targeted ads meet the targeting criteria.
- Jera will not provide any personal data to the advertiser when you interact with or view a targeted ad. However, by interacting with or viewing an ad you are consenting to the possibility that the advertiser will make the assumption that you meet the targeting criteria used to display the ad.
- Jera advertisers may include financial service providers (such as banks, insurance agents, stock brokers and mortgage lenders) and non-financial companies (such stores, airlines, and software companies).
- To gather metrics about your experience.
- To make our services easier to use.
- To provide you with personalized content. We store user preferences, your default language, device and browser information, your profile information which includes the level of usage of service and the web-pages on our site which you visit, so we can identify you across devices and personalize the content you see.
- To advertise to you. Jera, or our service providers and other third parties we work with, place cookies when you visit our website and other websites or when you open emails that we send you, in order to provide you with more tailored marketing content (about our services or other services), and to evaluate whether this content is useful or effective. For instance, we evaluate which ads are clicked on most often, and whether those clicks lead users to make better use of our tools, features and services. If you don’t want to receive ads that are tailored to you based on your online activity, you may contact our customer service department and ask to “opt out”. Opting out in this way does not mean you will not receive any ads; it just means that you will not receive ads from such companies that have been tailored to you based on your activities and inferred preferences.
- You have the right to access the information that Jera maintains about you, request deletion of your data, update your data, object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data and you correct or amend that information if it is inaccurate or has been processed in violation of privacy laws, to the extent allowed by law, including the General Data Protection Regulation (GDPR).
- If we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- You have the right to opt-out from our marketing communications at any time. You can exercise this right by clicking on the “unsubscribe” or “opt out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided under the “Questions and Suggestions” heading below.
- You can choose to have Jera delete your record after account cancellation. Some information may remain archived in our system records after your account has been deleted.
- You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
To exercise these rights, please email [email protected].
Confidentiality and Security
- We limit access to personal data about you to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs.
- We have physical, electronic and procedural safeguards to protect personal data about you.
- Your Jera account information is password-protected.
- In certain areas Jera used industry-standard SSL-encryption to protect sensitive data transmissions.
- Jera encourages our customers to use SSH and SCP (secure Telnet and FTP) programs in order to better safeguard customer data.
How Long Do We Keep This Information For?
- Jera retains personal data we collect from you as long as we have an ongoing legitimate business need to do so (for example, to provide you with a product or Personal data is defined as information about you that is personally identifiable, such as your name, mailing address, email address, or other contact information, and that is not otherwise publicly available)
- Jera will delete or otherwise discard customer data or data we collect about you while using our services at our discretion or when you contact us to do so. You can initiate such a request by contacting our customer service department at [email protected].
Legal Basis For Processing (European Union and Switzerland Visitors Only)
- If you are a visitor from the European Union (EU) and Switzerland, our legal basis for collecting and processing the information described above will depend on the information concerned and the specific context in which we collect and process it. We collect and process information from you only where we have your consent (Art. 6 para 1 lit. a) GDPR), where we need the information to provide our contractual obligation to you (Art. 6 para 1 lit. b) GDPR), or where we have a legitimate interest to do so.
- If you wish to learn more about specific legal ground(s) we rely on to process your information for any particular purpose (including any legitimate interests we have to process information), then please contact us using the details provided below under “Questions and Suggestions”. However, by way of example, we rely on our legitimate interests to process information for fraud prevention and detection, provided these interests are not overridden by your data protection interests or fundamental rights and freedoms (Art. 6 para 1 lit. f) GDPR).
Impact of Data Privacy Framework (DPF)
In July 2023 the former E.U.-U.S. Privacy Shield was replaced by the E.U.-U.S. Data Privacy Framework, the full text of which is available at www.dataprivacyframework.gov/s/framework-text.
The EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) were developed to facilitate transatlantic commerce by providing U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union / European Economic Area, the United Kingdom (and Gibraltar), and Switzerland that are consistent with EU, UK, and Swiss law.
Organizations participating in the EU-U.S. DPF may receive personal data from the European Union / European Economic Area in reliance on the EU-U.S. DPF effective July 10, 2023. July 10, 2023 is the date of entry into force of the European Commission’s adequacy decision for the EU-U.S. DPF and the effective date of the EU-U.S. DPF Principles, including the Supplemental Principles and Annex I of the Principles. The adequacy decision enables the transfer of EU personal data to participating organizations consistent with EU law.
Organizations participating in the UK Extension to the EU-U.S. DPF may receive personal data from the United Kingdom and Gibraltar in reliance on the UK Extension to the EU-U.S. DPF effective October 12, 2023, which is the date of entry into force of the adequacy regulations implementing the data bridge for the UK Extension to the EU-U.S. DPF. The data bridge for the UK Extension to the EU-U.S. DPF enables the transfer of UK and Gibraltar personal data to participating organizations consistent with UK law.
The effective date of the Swiss-U.S. DPF Principles, including the Supplemental Principles and Annex I of the Principles is July 17, 2023; however, personal data cannot be received from Switzerland in reliance on the Swiss-U.S. DPF until the date of entry into force of Switzerland’s recognition of adequacy for the Swiss-U.S. DPF. The recognition of adequacy will enable the transfer of Swiss personal data to participating organizations consistent with Swiss law.
The Data Privacy Framework (DPF) program, which is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce and is more particularly described at www.dataprivacyframework.gov, enables eligible U.S.-based organizations to self-certify their compliance pursuant to the EU-U.S. DPF and, as applicable, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF. To participate in the DPF program, a U.S.-based organization is required to self-certify to the ITA via the Department’s DPF program website at www.dataprivacyframework.gov and publicly commit to comply with the DPF Principles. While the decision by an eligible U.S.-based organization to self-certify its compliance pursuant to and participate in the relevant part(s) of the DPF program is voluntary, effective compliance upon self-certification is compulsory. Once such an organization self-certifies to the ITA and publicly declares its commitment to adhere to the DPF Principles, that commitment is enforceable under U.S. law.
PRIVACY NOTICE FOR CERTAIN U.S. STATE RESIDENTS
This Supplemental Notice should not be construed as an admission that Jera is subject to Certain State Privacy Laws, does business in any state where Certain State Privacy Laws apply, or meets the jurisdictional threshold of any Certain State Privacy Law.
Information We Collect
We do not collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("personal information"). If you are a store or business, data or information about your store or business that does not include data or information about you personally (such as store sales, orders or waste records) is "non-personal information."
We do not collect any "sensitive personal information" as defined under Certain Privacy laws.
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from users of our website when the user or their agent provides personal information to us.
- Indirectly from you. For example, by observing your interactions on our website and by using cookies.
Sharing Personal Information and Non-Personal Information
We may disclose non-personal information about your store or business to a third party for a business purpose. When we disclose non-personal information for a business purpose to franchisors or service providers, we enter a contract that describes the purpose and requires the recipient to both keep that non-personal information confidential and not use it for any purpose except performing the contract or (in the case of franchisors) in accordance with such franchisor’s Operations Manual and agreements with its franchisees.
In the preceding twelve (12) months, we have disclosed the following categories of non-personal information about your store or business for a business purpose:
Category D: Commercial Information
We disclose your non-personal information for a business purpose to the following categories of third parties:
- If you are a franchised business, your franchisor and its Affiliates.
- Third parties to whom you or your agents authorize us to disclose your non-personal information in connection with products or services we provide to you.
In the preceding twelve (12) months, we have not sold any personal information of consumers collected from the Website as defined by Certain Privacy Laws.
We have not shared personal information or non-personal information with our Affiliates and service providers as disclosed above.
Your Rights and Choices
Certain Privacy Laws provide their residents with specific rights regarding their personal information. This section describes your rights if you are a resident subject to the Certain Privacy Laws and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you.
- The categories of personal information sold, the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold; and
- The categories of personal information disclosed for a business purpose.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
Opt-Out Request Rights
You have the right to opt-out of the sharing of your personal information that we collected from you. Once we receive and confirm your verifiable consumer request to delete your personal information, we will delete (and direct our service providers to delete) your personal information from our records and stop sharing it, unless an exception applies.
Right to Request Correction of Inaccurate InformationYou have the right to request correction of inaccurate information. Once we receive and confirm your verifiable consumer request, we will correct any inaccurate information identified in the request our records, unless an exception applies.
Right to Appeal
If you are a Virginia, Colorado or Connecticut resident and we were unable to fulfill your request, we will notify you. You may appeal our decision by emailing us at [email protected] within fourteen calendar days, including "Appeal Request" in the subject line, with a detailed reason for your appeal, as well as your state of residence. If you are dissatisfied with our decision on your appeal, you may contact your applicable state Attorney General:
Richmond, Virginia 23219
Denver, CO 80203
Exercising Your Rights
To exercise the rights described above, please submit a verifiable consumer request to us by either:
- Calling 508-686-8090 or by submitting a request to [email protected].
- Only you or a person that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request, to process and fulfill the request, and for necessary record keeping.
Process Used to Verify an Access and/or Deletion Request
You will be required to submit 4 pieces of information including your name, address, email, and phone number. We will use this information to search our systems and determine if we have information about you. If we are able to locate information about you, we will fulfill your access and/or deletion request. If we are not able to match all 4 pieces of information you submit, we may provide you with a report that includes the categories of personal information we collect, use, disclose, and sell.
Response Timing and Format
We try to respond to a verifiable consumer request within 45 days of its receipt, unless a shorter time period applies under Certain Privacy Laws. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your rights under Certain Privacy Laws.
Questions and Suggestions
If you have questions or suggestions, please contact us at: [email protected]