Pocketmags, MagazineCloner branded apps and microsites Controller to Controller Data Usage and Sharing Statement

This statement outlines the responsibilities between Jellyfish Connect Ltd (Controller, ‘Jellyfish Connect’) and the Publisher/Client (Controller, ‘Publisher’) for the gathering, storage, transfer, use and management of customer User Data gathered through Pocketmags and its apps, and where applicable, MagazineCloner powered branded apps and microsites (the ‘Services’).

Jellyfish Connect needs to gather and use certain information about individuals when it acts as a retailer, to provide the Services, to provide Pocketmags account functionality, to process some customer payments, for service related communications, and in customer marketing communications. Information collected from users consists of customer names, email address, billing address, delivery address and payment details such as payment card and bank information.

Jellyfish Connect gives Publisher’s access to Pocketmags account holder User Data for specific marketing purposes, when the user has permitted this.

The app platforms such as Apple, Google Play, Amazon (the ‘Platforms’) are also a data controller when they act as the retailer, where users use their accounts with the Platforms to make in-app purchases.

The respective retailer is responsible for the processing of customer refunds and renewals.

Jellyfish Connect’s Responsibilities:
- Jellyfish Connect takes its responsibilities under data protection legislation very seriously. Jellyfish Connect Ltd is registered with the Information Commissioner’s Office (with the registration number Z1232767), and abides by the requirements of the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003, and following May 25th 2018, that of the General Data Protection Regulation (EU) 2016/ 679 (GDPR).
- Jellyfish Connect shall collect User Data via Pocketmags.com so the order and the order transaction can be processed. For customers selecting to pay by debit/credit card or PayPal, Jellyfish Connect shall securely process and collect payments via hosted services provided by MPP Global Solutions Ltd and Stripe Payments UK which meet the requirements of the Payment Card Industry Data Security Standard (PCI), or via PayPal.
- Jellyfish Connect shall collect certain User Data via its apps, such as account registration and analytics data, in accordance with its Privacy Policy.
- Where the customer has permitted, Jellyfish Connect securely makes User Data available to specific employees at the Publisher who are granted access to the back office User Data area by the Publisher data protection officer (or assigned representative).
- Jellyfish Connect is responsible for the fulfilment of the digital editions sold through the Services during the term of the Agreement. (The Publisher is responsible for delivering the digital edition content to Jellyfish Connect to facilitate this fulfilment.)
- Where the Publisher has acted as the retailer, for example the digital element of a print subscription, if agreed between parties Jellyfish Connect will fulfil digital subscriptions sold outside of the Services. In this case, the Publisher will advise the customer how to initiate their access to the Services.
- When collecting customer User Data Jellyfish Connect will provide a Fair Processing Notice on the Services to notify the customer about their intention to send marketing communications and also a separate Publisher Fair Processing Notice to invite them to receive marketing from the Publisher. If the customer allows Jellyfish Connect to send marketing we will do so. If the customer allows the Publisher to send marketing, we will provide this data in the back office.
- Jellyfish Connect shall ensure that their Fair Processing Notices are clear and transparent on the Services and provide sufficient information to customers in order for them to understand what personal User Data each Controller will be using, the circumstances in which it will be shared, the purposes for the data sharing and either the identity with whom the data is shared or a description of the type of organisation that will receive the Data.
- Jellyfish Connect may be required to securely supply records, some of which containing User Data, for audit and accreditation purposes to companies such as ABC or BPA.
- Jellyfish Connect shall not share User Data with any third party organisations for the purposes of their own marketing.
- For Publishers located in countries outside the European Economic Area (EEA) in respect of which an adequacy decision has not been issued by the European Commission, the transfer of User Data from Jellyfish Connect to the Publisher shall be governed by the Controller to Controller Standard Contractual Clauses (SCCs) in force at the date of the transfer.
- Jellyfish Connect shall not keep User Data or associated personal information for any longer than is necessary in accordance with our Retention Policy.

Publisher Responsibilities:
- As the Controller for certain User Data, the Publisher shall be responsible for its own compliance with the General Data Protection Regulation and all appropriate data protection legislation.
- The Publisher shall only use User Data for the purposes as defined in the Publisher Fair Processing Notice on the Sites.
- The Publisher will not share data with any third party organisation for the purposes of the third party’s own marketing.
- An unsubscribe, suppression or universal opt out via the Publisher’s own database should always take precedent over the permission held in the back office User Data. As users will opt out of email correspondence directly, this should always be the master source.

Last updated: 2nd May 2018