Introduction & Scope

Jibble is part of Jibble Ltd., which includes Jibble website and applications. This privacy policy will explain how our organization uses the personal data we collect from you when you use our website, applications and services.

In most cases where you use Jibble as part of your employment or membership in an organisation, your employer determines the purposes and means of processing your personal data. In such cases, your employer acts as the data controller and Jibble acts as a data processor, processing personal data only on their documented instructions. Jibble acts as data controller only for website, marketing, support, billing, and legal compliance processing.

Policy Overview

1. Data We Collect

Jibble collects the following information from you:

Information provided by you

Personal identification information: Name, telephone number, email address, country, member codes(or employee IDs) and timezone. Optionally, you may upload your photo as your account avatar.
Communications with us e.g. comments, suggestions, a request for information about our products and services, or any other correspondence via emails, livechat messages or phone calls
The way in which you use our services e.g. service subscriptions and upgrades, price quotations, or email subscriptions.
Location data: We collect GPS coordinates through our geolocation feature, if the employer has requested users to log in with their GPS location or track live routes when clocked in. Our application uses Google Maps API(s) to provide location-based services. By using our Services, you acknowledge that your data may be processed in accordance with Google’s Privacy Policy.
Biometric data: Where facial verification features are enabled, Jibble processes encrypted biometric templates solely for identity validation and does not store raw facial images for matching. Templates cannot be reverse-engineered to reconstruct your face and are retained only as required to provide the service or as instructed by your employer, unless a longer period is required by law. Where required, explicit consent will be obtained for biometric processing.
Time entry and attendance data when you use the App.
Billing information: We require users that subscribe to our paid plans to supply us the full name of the person or entity that will pay for the Service, their billing address, and if relevant, their VAT number. In the case of a paid subscription, you will supply a third-party payment service provider (independent from Jibble) with such information they request from you to facilitate payment to us. Payment card details are provided directly to our payment processor and are not stored or processed by Jibble.
Screenshots: If required by the employer, screenshots of your desktop screens will be captured at random within the selected time interval when you are clocked in.
Language of preference: We note the language of your browser and note your language preference if you were to manually select one while using our services.
Device ID: We create and store an alphanumeric identifier for your mobile device if certain setting is required by your employer.
Attachments added by you or your employer that could store personal information

Information collected automatically

We collect your Internet Protocol (IP) address (if using a browser), operating system, the browser type, the address of a referring site and any device identifier (if using a mobile device, desktop or tablet).
Cookie information: Certain pieces of data known as cookies are sent to the device you are using and will be stored there, as you visit our website or use our applications.
Your device settings that are relevant to Jibble
Your browser settings that are relevant to Jibble
For marketing purposes, we take note of the marketing channels and campaigns that drew you to Jibble.
Analytics information: Data analytics is used to improve and ensure the functionality of our Services. An analytics software may record information about your usage of our Service, the frequency of usage, performance data, app errors and debugging information and where you downloaded our applications. Information stored within the analytics tools are not linked to the Personal Data you submit to us.
Interactions with third-party service providers, marketing partners and affiliate interactions including Google Analytics, Google Ads, Google Tag Manager, Facebook Ads, HubSpot, Intercom, Capterra, PartnerStack, Braintree, Stripe, Chargebee and Paypal.

2. How Information is Collected

You directly provide Jibble with most data we collect. We collect data and process data when you:

Create an account as a user of Jibble
Create an organization in Jibble
Voluntarily provide feedback to us via livechat, feature request boards and emails
Use or view our website and applications via your browser’s cookies
Request for information about our services through online forms
Create time entries with validation methods that your employer set; eg. requirements of face recognition, selfies, location GPS, screenshots, device type, device ID, IP address, and attachment
Subscribe to a paid plan
Login to our Services and use our application

Jibble may also receive your data indirectly through:

Third-party applications: When you enable integrations between Jibble and third parties. For example, if you choose to use a third-party service to validate your access to Jibble, then the provider of such service may send us your name, email address and/or telephone number for validation processes. Third-party applications may also send the names, emails or phone numbers of employees of a company to be created as users in Jibble – with the employer’s consent. You may check the privacy settings of these third-party services and our integration help articles to understand what data may be disclosed to us.

3. How We Use Your Information

We use the information we collect to provide, maintain and improve the quality of the products and services we offer. Personal information is data entered by the Customer or the Customer’s end-users in the process of using the service. A Customer or Team Owner is the person or entity that created an organization within Jibble and invited other end-users to join their organization, thus bearing full responsibility for determining the purpose and means for processing personal information within the service. Therefore, the Customer shall be regarded as the “Controller” of personal data. Jibble shall be regarded as the Customer’s “Processor”.

Jibble acts as a data processor for Customer’s personal data to:

Provide you the Services as agreed in our terms & conditions
Send you notices, alerts, and support throughout your use of our service
Respond to your feedback and questions, and provide customer support
Share informative emails about our Services – where you can withdraw consent at any time by unsubscribing
Personalize and improve your experience within our Services
Monitor and analyze usage, trends, and activities within our Services
Debug to identify and repair errors in our application
Detect, investigate, and prevent security incidents or other malicious and/or fraudulent activities to protect applications and the rights of our users
Comply with legal and financial obligations
Process and facilitate transactions to send you; eg. invoices, surveys
Cross-referencing your information with that received from our partners in order to provide a more enhanced and personalized App experience.

Jibble processes Customer’s end-users personal information on behalf of the Customer to provide our Services by the terms of Service. All the above may be processed for Customer’s end users.

Based on the selective settings of the Customer, the processing may include these additions to Customers’ end users:

Providing our Services to you on behalf of the Customer
Processing your geolocation information when you access our Services from a mobile device; when you clock in, when live location tracking is required, or to act as reminders or alerts when a geofence parameter is set by the Customer
Processing and storing an embedding of your face data when time entries require face validations
Storing selfies or pictures captured by you when required by your employer
Process your device identifier to check if an entry is done by the same device, if required by your employer
Process your time entries and attendance data to analyze usage and trends of our Services

These purposes are subject to change, depending on the instructions we receive from your company, the Customer.

Legal basis for processing and collecting your information

When we process your personal information from your use of our Services, we rely on a number of legal bases:

You have given consent to process at the point of registration by accepting our Terms & Conditions
To provide Jibble’s services and responsibilities under our contract with you and/or your employer
To comply with our legal obligations
To protect your vital interests, or those of others
Necessary in the public interest
Some of that data is processed for the purposes of our legitimate interests and business purposes

4. How We Protect Your Information

The security of your personal data is important to us. Only authorized Jibble employees are allowed access to user data. All data is encrypted using accepted, consistent, and appropriate industry-standard methods when stored on disk or transmitted over the network. Our user data is archived on a regular basis (every 12 hours) via backup mechanism. Jibble 1 archives are stored for 3 months, Jibble 2 archives are stored for 30 days.

At Jibble Ltd, we make reasonable efforts to implement administrative, technical, and organizational measures to ensure appropriate level of security for your data, taking into account the nature of the personal data, the processing operations we perform, and other relevant factors in the circumstances. Despite our best efforts, the Internet is not without inherent security risks. As no data security system is completely impenetrable, we cannot guarantee the security of our systems or databases. Accordingly, any information you send to or through the Services is at your own risk.

Please do your part to help us keep your information safe. Account information is protected by a password. It is important that you protect against unauthorized access to your account by choosing and securing a strong password and signing out after using the Services. We specifically reserve the right to terminate or cancel your access to the Services and any contract you have with us pertaining to the Services in the event we find or suspect that you have disclosed your Services account information to an unauthorized third party.

As a data controller, you are responsible for protecting the Personal Data you process and complying with all relevant legal requirements when you use our Services. As a data processor we can provide a data processing agreement to team owners. Customer is responsible to collect any necessary consent, provide any notice where necessary to their respective end-users, and be compliant to applicable data protection laws. You can request a data processing agreement from us by emailing support@jibble.io.

5. Sharing Your Information

We will not share personal information about you with any third party unless we have your permission or under the following circumstances:

To facilitate the operation of the App and Service and to perform related services. For example and without limitation; maintenance services, database management, web analytics, payment processing, and improvement of the Service’s features or to assist us in analyzing how our App and Service is used. A third party may have access to the personal information needed to perform their functions but it may not use it for other purposes.
We share information at your direction with other third parties whom you have given your consent, mainly with integrated parties to your Jibble organization.
We may share aggregated information that does not include personal information and we may otherwise disclose such information with third parties for industry analysis, demographic and analytical profiling and other purposes. Any aggregated information shared in these contexts will not contain your personal information.
We may be required to disclose information to which we are legally obligated to; such as subpoenas or court orders, or in compliance with applicable laws.
Personal information is shared between and among Jibble Ltd., and our current and future parents, affiliates and subsidiaries, and other companies under common control and ownership.
We may share personal information if we believe that your action goes against our terms of service, if we believe that you have violated the law, or for the necessity of protecting the rights, property and safety of our applications and our users.
We may sell, transfer or otherwise share some or all of our assets, which could include your personal information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of company liquidation.

6. Storing Your Information

We store Jibble data in AWS Ireland region. The legacy version of Jibble 1 has data stored in North Virginia AWS region. We store user data for as long as your account is active or as needed to provide you with the Services under your company’s contract. We will retain and use your information to the extent necessary to meet our legal, regulatory or other compliance obligations. Your account is considered active until the account is deleted by you or your employer, or once your entire organization is deleted.

We also store log files and data for internal analysis to optimise our service’s functionality and maintenance. Except in situations where they are required for site safety and security, or we are legally compelled to keep them for extended lengths of time, user data is generally retained for as long as necessary to carry out the purposes set out in this policy or as needed to provide the Services to you.

You can always reach out to us at the contact listed at the end of this policy for your personal information to be deleted permanently.

International transfer of your data

We may transfer your personal data to a third party processor outside the European Economic Area (EEA) or the country you reside in. By using our Services and Website, and by providing us with your information, you consent to the transfer and processing of your personal data by our third party data processors outside of the EEA. For international data transfers, we only transfer your personal information to the following :

To the countries which ensure an adequate level of protection;
To the countries that apply appropriate safeguard measures.

Please be aware that countries outside of the EEA may not provide the same level of data protection as the United Kingdom; nevertheless, please be noted that we adhere to strict internal rules for the protection and processing of personal data, and that our usage is governed by this Privacy Policy.

Where personal data is transferred outside the UK or EEA, we rely on legally- recognised safeguards such as adequacy decisions, Standard Contractual Clauses, and the UK International Data Transfer Addendum, or other appropriate measures permitted by data protection law.

7. Marketing

Jibble may send you information about our products and services that we think you might like and be of benefit to you. This includes; informative emails about using the application, updates about our products, and offers from our partners.

If you have agreed to receive marketing materials, you may always opt-out at a later date. If you no longer wish to be contacted for marketing purposes, you may unsubscribe from any one of the emails we have sent you, a button will be present at the bottom of the emails.

Jibble offers its users a number of email services such as a ‘Daily Log’, ‘Weekly Timesheet’ updates, a ‘Jibble In Reminder’, ‘Time off Notifications’, and alerts to some behaviors of other users within your organization. You can subscribe or unsubscribe to any of these by visiting your account page.

8. Your Data Protection Rights

At Jibble Ltd., we’d like to make sure you are fully aware of all of your data protection rights.

Every user based within the European Union or the United Kingdom is entitled to the following under the GDPR:

The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request to correct or rectify any information we store that you believe is inaccurate. You also have the right to request to complete the information you believe is incomplete.

The right to erasure – You have the right to request to erase your personal data, under certain conditions:

When the personal data we’ve collected is no longer needed for the purpose for which it was collected
When you withdraw consent and there is no other legal ground for processing
When the personal data we’ve collected have been unlawfully processed
When there are no overriding legitimate justifications for us to process your personal data
To comply with a legal obligation or for the establishment of legal claims

Personal data will be removed when an account is deleted and all data will be permanently removed from our servers when an organization is deleted. You have the right to request the deletion of personal data we process unless we are legally required to retain it.

The right to restrict processing – You have the right to request to restrict the processing of your personal data, under conditions stated in the GDPR, Article 18.

The right to object to processing – You have the right to object to the processing of your personal data, under conditions stated in the GDPR, Article 21.

The right to data portability – You have the right to request to transfer the data we’ve collected to another organization, or directly to you, provided the data processing is based on your consent or the fulfillment of a contract with you.

The right to withdraw consent – You have the right to withdraw your consent after agreeing to the collection, processing, and transfer of your personal data. To withdraw your consent, please contact us at support@jibble.io. Once we are notified, we will no longer process your information for the purpose(s) to which you originally consented unless there is a legal justification for the processing.

For more information on your data rights, please refer to this article if you are based in the EEA, or this if you are based in the UK.

Where your request relates to personal data processed on behalf of your employer (such as attendance, location, screenshots, or biometric data), Jibble will direct your request to your employer as data controller and assist them in responding in accordance with applicable law.

If you’d like to exercise any of these rights, you can do so by contacting us at support@jibble.io. We have one month to respond to you.

Cookies

1. What Are Cookies?

When you visit a website, your browser saves small text files called “Cookies” to your computer or mobile device. Cookies are then reverted back to the originating website on each future visit, or to other websites that recognize the cookie. These cookies are useful as they allow a website to “remember” your user’s device over time, and hence remember your preferences or actions. The aim of collecting information in this way is not to “identify” the Site user, but to improve and enhance the content and user experience of the Site. Additional purposes include running content or providing other features and functionalities such as analytics. Jibble uses cookies as well as similar technologies (e.g., URL tracking, local storage).

If you would like to know more about cookies you can visit www.allaboutcookies.org

2. Types of Cookies Used

There are two main types of cookies that can be set:

First-party cookies: these cookies are placed and read by Jibble directly when you use our Website and Services
Third-party cookies: these cookies are set by other companies, like Google or Facebook, for site analytics purposes. See further details below on how to manage these cookies

3. How Jibble Uses Cookies

The categories of cookies used on our Website and Services include:

Essential Cookies: These cookies are necessary for the Services to function and cannot be switched off
Performance Cookies: These cookies enable the Service to provide enhanced functionality and personalization. They help us understand how visitors interact with our Services. They may be set by us or by third party providers whose services we have added to our pages
Advertising Cookies: These cookies are set by our advertising partners to collect information about your use of the Services, our communications, and other online services over time and with different browsers and devices. They use this information to measure your engagement with those ads

The specific cookies we use are as follows:

Cookie Vendor	Cookie Type	Cookie Purpose
Jibble	First party	Essential: These cookies that are strictly necessary for basic website or app functionality, they are used for authentication, security, storing preferences and other operational purposes
Chargebee	Third party	Performance: Chargebee uses cookies to understand and save user’s preferences for future visits
Intercom	Third party	Performance: Provides users with chat widget that users can use to get information and support
HubSpot	Third party	Performance: Stores the traffic source that explains how the user reached the site, tracks user interaction with the site for the analytics purposes
Google	Third party	Performance and advertising: Stores the traffic source that explains how the user reached the site, tracks user interaction with the site for the analytics purposes, measure and improve the relevancy of ads
Facebook	Third party	Advertising: Used by Facebook to deliver, measure and improve the relevancy of ads

4. Managing Cookies

You can control what information cookies and similar technologies collect about you via cookie consent widget.

Your web browser may also allow you to manage your cookie preferences, including to delete and disable Jibble cookies. You can take a look at the help section of your web browser or follow the links below to understand your options. If you choose to disable cookies, some features of our Website or Services may not operate as intended.

Privacy Policies of Other Websites

Our App and Website may contain links to other websites. Any information you provide on those sites is provided directly to the owner of that site, and you should read their own privacy policies.

This privacy policy is only applicable to our Applications, Services, and Website.

Holding Information On Minors

The Service is not directed to minors and we do not knowingly collect personal information from them. Our Terms & Conditions state the Service can only be used by those who have reached the age of majority in the State and Province they reside.

If we learn that we have collected personal information of a minor or a minor has provided us with Personal Data without the consent of a guardian, then we will take steps to delete such information from our databases.

Changes to our Privacy Policy

We keep our privacy policy under regular review and will place any updates on this web page. You may note the revised date at the top of this policy for any changes. In some cases, we may provide you with additional notice (by sending you a notification or providing a statement on our website).
‍
Any information we collect is subject to the privacy policy in effect at the time it is collected.

By continuing to access or use our Service after any changes come into effect, you are agreeing to the revised policy.

How to Contact Us

If you have any questions about our privacy policy, or the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Email us at: support@jibble.io.

Contacting the Appropriate Authorities

If you feel that Jibble has not addressed your concern in a satisfactory manner, you have the right to lodge a complaint with the Information Commissioner’s Office where you reside.

Their contact details are as follows: