Privacy Policy
Our Privacy Policy
Last Updated: October 2024
Jellyfish takes its responsibilities under data protection and privacy laws seriously. This Policy aims to clearly tell you how we collect, use and disclose your personal information in connection with the use of all websites, applications, and other online products and services provided by us that link to this Policy, including www.jellyfish.com and all related subdomains and online and offline services related thereto.
1. Who we are
Jellyfish Digital Group Limited, a company registered in England and Wales under company number 12280757 and our registered office address is Floor 22, The Shard, 32 London Bridge Street, London, United Kingdom, SE1 9SG, is the parent company of Jellyfish group and subsidiary companies.
2. Purpose of this privacy policy
This privacy policy aims to give you information on how we, as data controller, collect and process your personal information through your use of this website, including any information you may provide through forms on this website or that we may collect via the use of cookies or similar tracking mechanisms.
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal information. This privacy policy supplements other notices and privacy policies and is not intended to override them.
Please note that we process certain information on behalf of our customers, where our customer is the data controller and we are the data processor. Our processing of personal information as a data processor is subject to our applicable agreements and data protection terms with that customer, and not covered in this Policy. If you have any questions about a customer’s privacy practices, please contact the applicable customer.
3. How we collect your personal information
We collect your personal information when you browse our website, when you use or interact with our products and services or when you provide information by engaging with us, for example by completing our Contact form.
We also collect information automatically when you browse our website, including technical information (such as your IP address) and information about your activities on our website (such as which pages you visit, the duration of your visit, etc.).
4. Types of personal information collected and what we use the information for
This table sets out the types of personal information we collect, our purposes for using the information and how we use it. The table also includes the legal basis we rely on, for jurisdictions where this is required:
Types of information collected
Purpose(s) and legal bases for use
Data you provide, including:
- Name
- Email address
- Phone number
- Company name
- Job Title
- Product required
- Any other information you may provide us through a form on this website
We use this information where we have a legitimate business interest to do, for example:
- to get in touch with you following a request you made using a form on this website;
- to provide our products and services;
- providing or improving user-facing features;
- to send you marketing emails about our services, events, or other information which we think you may find interesting.
Information we collect about your use of the website:
Technical information (including your IP address and information related to your browser and/or device)
Information related to your interactions with our website (including the URL of the pages you have visited, the duration of your sessions, and information related to the websites you came through and the methods used to exit our site)
Information from cookies and similar technologies as described further in Section 6
We use this information to meet our legitimate business interests in understanding how you use our website and enhancing your experience on it.
Please see section 6 (Cookies, similar technologies, and online advertising) below for further information.
In specific circumstances we also rely on the lawful basis of consent (i.e. where you actively agree to a specific use of your personal data). We may also have a legitimate interest in disclosing your data in the context of the merger or acquisition of the company, or to process your data for use in legal proceedings, where such proceedings are ongoing or anticipated.
We collect both personal and anonymous information when you send us information or use one of our Services. Personal information is that which can personally identify you, such as name, email address, and unique device information. Anonymous data is that which cannot identify you and which is typically used in aggregate to better understand our customers
We may combine the information we collect through the Services with information we collect automatically or receive from other sources and use such combined information in accordance with this Policy. Your browsing activity may be tracked across different websites and different devices or apps. To do this our technology partners may disclose data, such as your browsing patterns, geo-location and device identifiers, and will match the information of the browser and devices that appear to be used by the same person.
5. International transfers
Your personal information may be copied or transferred by us or our trusted third party service providers outside of the regions it was initially collected. In particular, your personal information may be transferred to other entities within our Group, to the extent such transfer is necessary for us to achieve the purpose for which you have initially provided your personal information to us.
In the event your personal information is subject to international transfers, we take steps to ensure that controls are in place to protect it, in accordance with the highest applicable data protection and privacy standards and legislation. This includes use of the EU/UK Standard Contractual Clauses, where applicable.
7. Security and storage of your information
We have put in place appropriate security measures, including encryption, to reduce the risk of loss, misuse, unauthorised access, disclosure, or modification of your personal information. However, no method of transmission over the internet and no means of electronic or physical storage is absolutely secure. In addition, we take steps to limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. How we disclose information we collect
We and our service providers disclose the information we collect from and about you for the following business and operational purposes. We do not disclose or transfer your information to third parties for purposes other than the ones provided. We do not sell your information to any third parties.
Service Providers. We provide access to or disclose your information to third parties that perform services on our behalf, such as billing, payment processing, advertising, web and other analytics, data storage and processing, customer support, security, fraud prevention, and other services.
Affiliates. We provide access to or disclose your information to our affiliates for the purposes described in this Policy.
For Legal Reasons or the Protection of Us and Others. We will disclose the information we collect about you if required by law or legal process or if we believe in good faith that disclosure is reasonably necessary to: (i) enforce any applicable terms of use, this Policy, or other contracts with you, including investigation of potential violations thereof; (ii) respond to claims that any content violates the rights of third parties; and/or (iii) protect the rights, property or personal safety of Jellyfish, our customers, and/or others. This includes exchanging information with other companies and organisations for fraud protection, spam/malware prevention, and similar purposes.
Business Transfers. In the event of sale (of some or all of our assets), transfer, merger, reorganisation, dissolution, or similar event involving our business (including in contemplation of such transactions), your information may be among the transferred business assets. If such transfer is subject to any mandatory restrictions under applicable laws, we will comply with those restrictions.
Other Unaffiliated Third Parties. We may also disclose your information to other unaffiliated third parties such as the following:
Third party parties we collaborate with in connection with integration,
Co-marketing and certain other coordinated efforts.
Your Consent. If you consent to our disclosure of your information, we will disclose your information consistent with your consent.
Google user data. We limit our use of this data to providing or improving user-facing features. We will not use Google user data for the following reasons:
- Targeted advertising
- Selling to data brokers
- Providing to information resellers
- Determining credit-worthiness
- Lending purposes
- User advertisements
- Personalized advertisements
- Retargeted advertisements
- Interest-based advertisements
- Creating databases
- Training AI models
9. How long we keep your information
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements, and for other necessary purposes, like resolving disputes, enforcing our agreements, and for fraud prevention and related security purposes. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. When the retention period expires for a given type of personal information, we will delete or destroy it.
If you opt out of email marketing, we maintain your email on our suppression list to comply with your request. We may delete or de-identify your information sooner if we receive a verifiable deletion request, subject to exemptions under applicable law. We may retain cached or archived copies of your information.
10. Your rights and choices
Depending on where you live, you may have the following rights and choices under data protection and privacy laws:
Rights regarding your information. Depending on your jurisdiction, you may have the right to make certain requests regarding your “personal information” or “personal data” (as such terms are defined under applicable law). Specifically, you may have the following rights:
The right to be informed (right to know)
You have the right to be informed of how Jellyfish processes your personal data. This includes what categories of personal information we collect about you, the categories of sources of such information, for what purposes we collect it, how we are using and protecting it, and the categories of third parties to whom we disclose such information. Jellyfish ensures that you are provided with such information through this privacy policy as well as through specific information notices on our website. If you have any additional questions about how Jellyfish processes your personal information, please contact our DPO (see “Who we are”)
The right of access
This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
The right to rectification
This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
The right to erasure (right to delete)
This enables you to request that we delete or remove personal information where there is no good reason for us to keep processing it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, following the receipt of your request.
The right to opt out of “sales” and “sharing/use of your information for targeted advertising” (Please see below for a description of this right.)
The right to restrict processing
This enables you to ask us to suspend the processing of your personal data in the following scenarios:
If you want us to establish the data’s accuracy,
Where our use of the data is unlawful but you do not want us to erase it,
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims,
You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
The right to data portability
We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
The right to withdraw your consent at any time
Where we are relying on consent to process your personal information, you may withdraw your consent at any time and we will stop processing your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Rights in relation to automated decision-making and profiling
You have the right not to be a subject of a decision based on automated processing.
Rights to non-discrimination
We are committed to ensuring that you will not be denied services, charged a different price, or provided a different level or quality of services just because you exercised your rights under applicable law. Please note, however, that we may need some personal information in order to provide you our services, which means that we may not be able to provide some of our services if you refuse to provide your personal information.
We also need to take reasonable steps to verify your identity before responding to a request, which may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name and email address.
Depending on your jurisdiction, you may be permitted to designate an authorised agent to submit certain requests on your behalf. In order for an authorised agent to be verified, you must provide the authorised agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorised agent’s request. If you would like further information regarding your legal rights or would like to exercise any of them, please use this form for residents of the UK or EU GDPR, or use this form for residents of the US. Depending on applicable law, you may have the right to appeal our decision to deny your request, if applicable. If we deny your request, we will provide you with information on how to appeal the decision, if applicable, in our communications with you.
Marketing Communications. You can unsubscribe from our marketing emails via the unsubscribe link provided in the emails or by emailing us at dataprotection@jellyfish.com. Please note that it may take us some time, consistent with our legal obligations, to process your request. Even if you opt out from receiving marketing messages from us, you will continue to receive administrative messages from us, such as order confirmations, updates to our policies and practices, or other communications regarding our relationship or transactions with you.
Notice of Right to Opt Out of Sales of Personal Information and Processing/Sharing of Personal Information for Targeted Advertising Purposes. Depending on your jurisdiction, you may also have the right to opt out of “sales” of your personal information and “sharing/use of your personal information for targeted advertising.”
As discussed above, we provide personal information to third-party advertising providers for targeted advertising purposes, so that we can provide you with more relevant and tailored ads regarding our services, or use related advertising analytics partners to understand the effectiveness of our online ads. The disclosure of your personal information to these third parties to assist us in providing these services may be considered a “sale” of personal information or the processing/sharing of personal information for targeted advertising purposes under applicable law.
If you would like to opt out of our online disclosure such as through cookie and pixel technology of your personal information for purposes that could be considered “sales” for those third parties' own commercial purposes, or “sharing” for purposes of targeted advertising, please use the "Do Not Sell or Share My Personal Information" link in our website footer, and follow the directions provided therein. You can also submit a request to opt out of our offline disclosures of information that are subject to applicable opt out rights by emailing us at dataprotection@jellyfish.com. Depending on your jurisdiction, you may be permitted to designate an authorised agent to submit such requests on your behalf. Please note that we do not knowingly sell the personal information of minors under 16 years of age without legally-required affirmative authorisation.
Please note that if you have a legally-recognised browser-based opt out preference signal turned on via your device browser, we recognise such preference in accordance with applicable law.
11. Other websites
Our privacy policy does not apply if you follow a link from our site to another third-party website. We are not responsible for the handling of your personal information on any third-party websites, which will have their own privacy policies.
12. California Privacy Notice at Collection
This section supplements our Policy with additional information for California residents about our information collection and use practices as required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”). In this section, the terms “personal information” and “sensitive personal information” have the meaning set forth in the CCPA.
If you are a California resident and would like to request the exercise of your rights under the CCPA, use this form or email us at dataprotection@jellyfish.com.
The following chart provides information about our practices in the 12 months leading up to the effective date of this Policy in relation to the categories of personal information that we collected from California residents generally– including the categories of sensitive personal information (precise location information and health information) – the purposes for which we use the information, and the categories of third parties to whom we disclose the information for business purposes.
Categories of information collected (see “Types of personal information collected and what we use the information for” for more detail)
Purpose of use
Categories of third parties to whom we disclose the information for business and operational purposes (See “How we disclose information we collect” for more details)
Identifiers, such as name, address, phone number, and email address, and information about your browser such as your IP address and device IDs
Provide our products and services and customer service
Verify and authenticate your information, account, and interactions with us
Communicate with you
Personalise your experience and customise our services
Understand your interests and engage in research, analysis, and reports
Our marketing and advertising purposes
Bug detection and error reporting
Security, fraud, and legal compliance
Service providers
Advertising partners and related analytics providers
Affiliates
Entities for legal and security purposes
Entities for sales or transfer of business or assets
Unaffiliated third parties for their advertising purposes
Others with your consent
Customer service information, such as messages you send to us directly, and summaries of your interactions with customer service
Provide our products and services and customer service
Communicate with you
Improve our services
Bug detection and error reporting
Security, fraud, and legal compliance
Service providers
Affiliates
Entities for legal and security purposes
Entities for sales or transfer of business or assets
Others with your consent
Financial information, such as credit card information stored by our payment processors on our behalf
Provide our products and services and customer service
Verify and authenticate your information, account, and interactions with us
Bug detection and error reporting
Security, fraud, and legal compliance
Third-party payment processors
Entities for legal and security purposes
Entities for sales or transfer of business or assets
Transactional information, such as information about your transactions with us.
Provide our products and services and customer service
Communicate with you
Understand your interests and engage in research, analysis, and reports
Our marketing and advertising purposes
Bug detection and error reporting
Security, fraud, and legal compliance
Service providers
Affiliates
Entities for legal and security purposes
Entities for sales or transfer of business or assets
Others with your consent
Business information, such as the name of your company.
Verify and authenticate your information, account, and interactions with us
Communicate with you
Personalise your experience and customise our services
Bug detection and error reporting
Security, fraud, and legal compliance
Service providers
Advertising partners and advertisers
Affiliates
Entities for legal and security purposes
Entities for sales or transfer of business or assets
Unaffiliated third parties for their advertising purposes
Others with your consent
Internet network and device activity data, such as browsing information and usage information.
Provide our products and services and customer service
Personalise your experience and customise our services
Understand your interests and engage in research, analysis, and reports
Our marketing and advertising purposes
Bug detection and error reporting
Security, fraud, and legal compliance
Service providers
Advertising partners and related analytics providers
Affiliates
Entities for legal and security purposes
Entities for sales or transfer of business or assets
Others with your consent
Other information you provide.
Purposes of use will depend on the nature of the information provided.
Disclosure will depend on the nature of the information provided.
Sale and Sharing of Personal Information. As explained in the “How We Disclose Information We Collect” section above, we provide personal information to third-party advertising providers for targeted advertising purposes, so that we can provide you with more relevant and tailored ads regarding our services, and use related analytics partners to assist us in analysing the effectiveness of our online ads. The disclosure of your personal information to these third parties to assist us in providing these services may be considered a “sale” of personal information under the CCPA, or, the “sharing” of your personal information for purposes of “cross-context behavioural advertising.”
The following chart lists the categories of personal information we have sold or shared over the last 12 months and the categories of third parties to which we have sold or shared:
Category of Personal Information
Categories of Third Parties to Which We Have “Sold” this PI
Categories of Third Parties to Which We Have “Shared” this PI
Identifiers
Unaffiliated third parties for their advertising purposes
Advertising partners and related analytics providers
Internet network and device activity data
Advertising partners and related analytics providers
Advertising partners and related analytics providers
If you would like to opt out of our online disclosure such as through cookie and pixel technology of your personal information for purposes that could be considered “sales” for those third parties' own commercial purposes, or “sharing” for purposes of targeted advertising, please use the "Do Not Sell or Share My Personal Information" link in our website footer and follow the instructions provided. Please note that we do not knowingly sell the personal information of minors under 16 years of age without legally-required affirmative authorisation.
Please note that if you have a legally-recognised browser-based opt out preference signal turned on via your device browser, we recognise such preference in accordance with applicable law.
“Shine the Light” Disclosure. You can exercise your rights under the California “Shine the Light” law – which gives you the right to opt out of the sharing of certain categories of personal information (as defined in the Shine the Light law) with third parties for their own direct marketing purposes – by emailing us at dataprotection@jellyfish.com.
Retention. We will retain your information as described above in Section 9.
13. Questions or Complaints
If you have a query or complaint about how we use your personal information, please get in contact with us in the first instance, via email at dataprotection@jellyfish.com, so that we can try to resolve your issue. If you are not satisfied with our response and you are based in the UK or EU, you have the right to contact the local data protection authority, via their website, telephone number or email.
14. Updates
We may update this Policy from time to time at our sole discretion. You can know if the Policy has changed since the last time you reviewed it by checking the “Last Updated” date at the top of this webpage. We encourage you to look for updates and changes to this Policy periodically. If we make a material change to this Policy, we will endeavour to notify you through the services, by email, and/or by other legally permissible communication as required by applicable law. Your continued use of the services after any changes to this Policy are in effect constitutes your acceptance of revisions to the Policy.