Privacy Policy - JFC Order App
Introduction
This application Is operated by JFC International (Europe) GmbH Theodorstrasse 293 40472 Dusseldorf Germany. ("we" "us" "JFC"). You can contact JFC via e-mail To: service@jfc.eu
Scope of this Privacy Policy
This document covers our processing of your personal data on our application "JFC App" or the website https://app.jfc.eu (both: "Application") and related to the goods offered there.
For further information about the processing activities of JFC, please also refer to the privacy policy posted here: https://www.jfc.eu/en/privacy-policy/
Legal Grounds of Our Processing
We will only process your personal data if there is a legal basis to do so. Under GDPR, there are 4 obligations that we use:
- Consent – If you agree to our processing. This will be clear when we ask for it. You are also able to withdraw your consent at any time. (Art. 6 (1) a) GDPR)
- Contractual obligation – If we have a contract with you, we will need to store and use some information about you. (Art. 6 (1) b) GDPR)
- Legal obligation – If there is a law forcing us to process your personal data, we have to comply. (Art. 6 (1) c) GDPR)
- Balance of interests (Legitimate interest) – Legitimate interest allows us to process personal data if it is necessary for our legitimate interests and your interests or fundamental rights and freedoms do not outweigh our interest. (Art. 6 (1) f) GDPR)
Deletion of Your Personal Data
We will generally delete your personal information as soon as we no longer require it for the purposes for which we collected it. If any legal obligation stops us from deleting your information for a certain time, we will stop access to this information, store it securely, and delete it after our legal obligation is over. In case of processing based on your consent, we will delete information as soon as you revoke your consent.
This Application
When using our Application certain personal information will be transferred to our servers automatically. This is necessary to provide you with the Application.
Content Data
- Any text you enter or files you upload
- Shopping cart contents
Usage Data
- Pages visited
- Date and time of your access
Metadata
- Your IP-Address
- Your computer's time zone
- Your computer's date and time
- The website you requested
- Which website you came from
- Information about your browser (version, language, fonts installed)
- Information about your operating system (version, language)
- Potentially other information your browser sends via the HTTP protocol
This information is necessary for us to present you our Application and present our products and allow you to order. We have a legitimate interest to enable our customers to order our products easily online. As we only collect necessary information, there is no technical way for us to limit the kinds of information we receive.
Further, if you do have an account on our Application the legal basis may be our contractual relationship with you. To enable you to order via the Application, this information is necessary for fulfilling the sales contract with you or your employer or take the necessary steps to enter into a sales contract with you or your employer.
We use an external hosting provider to serve the Application. The provider receives and stores the content data, usage data, and metadata on our behalf.
We automatically delete all server logs within 30 days. We store the logs for this time to see suspicious activities in our server and protect our infrastructure from outside attacks such as DDoS.
Account on the Application and Orders
The Application is only intended for JFC customers to order products from their respective sales contact or their representative. For this, JFC will provide you with an account. The customer account will allow you to access the entire product catalogue and put products into a shopping cart.
When creating the account we store the following information:
- E-Mail
- Name
- Affiliated company
- Customer number
- Phone number
- Company address
This information is required to allow you to log in to the Application and for us to contact you in cases of questions. When you first set up your account, you will also be asked to set a password. We store this password in hashed form, meaning that we never know your password.
When you order products via the Application, an order history will be created to make it easier for you to reorder products.
Your account will be deleted when our business relationship ends and no statutory obligations require us to store certain information for a longer period of time. For instance, we may be required to keep your order history for accounting purposes.
The processing of your personal data for the maintenance of the account and your order history is based on our contractual relationship with you or your employer. If you directly are our customer, the legal basis is this contractual obligation to provide you with our products. Else, if you are tasked with purchasing from JFC by your employer, the processing is based on our legitimate interest to allow the staff of our customers to order via the Application to fulfil the customer relationship.
Your Contact with JFC
If you request prices via the functions of the Application, we will receive your request together with your customer number and the item that you have requested prices for. This request will be forwarded to your assigned sales contact who will send you the requested information. Our basis for this processing is our contractual obligation to provide you with accurate information about our prices and to enter a sales contract with you if you are our customer directly. If you are tasked with purchasing from JFC by your employer, the processing is based on our legitimate interest to allow the staff of our customers to order via the Application to fulfil the customer relationship.
Cookies on this Application
We may store additional information on your end device either as cookies or via local and session storage (both: "cookies"). The information we store on your device only contains text and cannot contain malware. Cookies may be set by us (first-party cookies) or by third parties. If we set a cookie in your browser, other websites cannot read it. If other third parties set a cookie in your browser, any other website which uses the same third party can read the information stored in these cookies. This allows for tracking functionality across websites. If we use third-party cookies, we will always ask for your consent before placing these cookies.
We set the following local storage attributes:
| Name | Content | Purpose | Duration |
|---|
| auth._refresh_token.local | API key | Enable API calls | During login (expires after logout) |
| auth._token.local | API key | Enable API calls | During login (expires after logout) |
| lang | Language and region code | Store language settings | Without any duration |
| device_code | Unique identifier | Used for 2 Step verification | 400 days |
| uuid | Unique identifier | Used for 2 Step verification | Without any duration |
| dateFmt | Date format to be used when showing dates | Displaying information as expected by the user | During login (expires after logout) |
| currency | Currency code for orders | Displaying information as expected by the user | During login (expires after logout) |
| user | Information about the account such as company name, contact details, customer number and settings | Store relevant account information | During login (expires after logout) |
| i18n_redirected | Language and region code | Store multiple language settings | During login (expires after logout) |
Third Parties
Tools
On our Application, we may embed tools and contents loaded from the servers of third-party service providers. Examples of this may be graphics, videos, social-media buttons, or other functionalities. Whenever you access a website that embeds such contents, your IP address will be transmitted to these third parties. Occasionally, these tools might include so-called web beacons, invisible graphics that are used to gather further statistics. If you notice any such web beacon, please notify us and we will strive to remove it from our websites.
Some third-party contents will also set cookies in your browser to store certain information on your usage of the tools and contents. Occasionally, the third party might connect your information gathered on our websites to other information they have collected in order to build a profile on you.
Fonts
We use external fonts on our website to create a unified experience and deliver a modern-looking website. These fonts are loaded from third parties to speed up loading processes in your browser. Our legal ground is our legitimate interest to provide our website with fonts securely, efficiently, and maintenance-free.
We use Roboto fonts from Google Ireland Ltd. Gordon House Barrow Street Dublin 4 Ireland ("Google"). When you load our website, Google will learn which website you accessed and what your IP address is. The information collected will only be used to show the embedded fonts as well as keep statistics on the popularity of fonts. For more information please reference the following links: FAQ
Your Rights
At any time, you can exercise your rights by contacting us directly or our data protection officer whose contact details you can find below. Please be aware that we might ask for some sort of verification of identity in order to safeguard other data subjects. These verifications will be made as non-intrusive as possible.
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to revoke your consent
Statutory limits may apply that can restrict your rights. For example, if your request interferes with the rights and freedoms of a third person, your right to access may be limited. In any case, we will answer your request within 30 days and in case we deny your request fully or in part, we will explain the reasons for this.
Right to Lodge a Complaint with a Supervisory Authority
At any time, you may lodge a complaint about our data processing activities with a supervisory authority.
Right to Object
You have the right to object to any processing we do on grounds of our legitimate interest if your particular situation challenges our balance of interests. Unless we can demonstrate legitimate grounds for the processing which override your interests, rights, and freedoms, and if we do not need your personal data for the establishment, exercise, or defense of legal claims, we will no longer process your personal data.
Questions Regarding Our Processing or This Policy
You can contact us for any questions regarding the privacy policy or our use of your personal data via the contact information above.
You can also contact our data protection officer:
Robert Buschmann
Enobyte GmbH
Augustenstraße 49
80333 Munich
Germany
Email: dpo@enobyte.com
Website: www.enobyte.com