On May 25, 2018, the General Data Protection Regulation (GDPR) was implemented and with it came a set of new directives and obligations for companies. This is a decisive step in framing and strengthening the protection of personal data and privacy.
For our team this policy is in keeping with Jenji’s goals since the beginning: to offer a quality of service, but also a high level of security for our users' data. Every day, our teams do their best to work towards an ever more precise security policy.
As a subcontractor dealing with our users' data, we are responsible for its processing although we do not own it. Furthermore, Jenji only collects data when it is necessary for the customer to use our platform for a specific and precise purpose.
As a SaaS platform for business expense management, we may come into contact with some of our users' personal data. For example, Jenji may collect identifying information about an individual (e.g., first and last name for identification purposes), as well as business information (e.g., travel or receipt data).
We limit ourselves to the data that is strictly necessary for the proper use of Jenji. Collection, storage, retrieval, modification, deletion, or retention; all data collecting happens for a specific and well-defined purpose.
Our customers' data is hosted and stored by Amazon Web Services (AWS) on platforms located in Paris (France) and Ireland (Dublin). As a result, no data is transferred outside the European Union.
In addition, our support is based entirely in Bordeaux (France). Data processing during support interventions therefore remains in France.
The data are kept by Jenji for the duration of the activation of the user's account, and until a period deemed necessary after the closing of the account, from the customer's request or from the end of the contractual relationship; this period ranges between 3 and 10 years, depending on the nature of the data concerned, the conditions of its collection and the contractual relationship established with the user.
Every member of the Jenji team is aware of the need to secure and protect our users' personal data. Each data is only accessible by the declared user and, depending on the company's configuration, by its manager, the payroll team, the accounting team, the management control, and/or the internal audit.
At Jenji, we also have set up a data processing register, and we train our employees specifically on the protection of personal data.
Jenji is committed to ensuring the respect of its users’ rights, as granted to them by the General Data Protection Regulations (GDPR), including the right to forget, as well as the right to data portability.
Our team is available to answer any further questions you may have about the implementation of our security policy and compliance with the GDPR by email at firstname.lastname@example.org .