Privacy policy and data protection
Effective Date: 10th October 2025
JRNY Services Ltd (“we”, “our”, “us”) is committed to protecting the privacy of visitors (“you”, “your”) to our website www.jrnyservices.com (“Website”) and any related services. This Privacy Policy explains how we may collect, use, store, and protect personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.
By using our Website, you agree to the practices described in this Privacy Policy.
Identity and Contact of the Controller
Controller: JRNY Services Ltd
Contact Email: info@jrnyservices.com
Registered Office: Oswestry, Shropshire, United Kingdom
Users may contact this email to exercise their GDPR rights, submit inquiries, or report concerns about personal data.
Information We Collect
Lead Capture. We capture limited personal data voluntarily provided through forms for marketing, sales, or service inquiries. This may include your name, email address, company name, and job title.
Depending on how you interact with our Website and services, we may also collect your phone number, payment details (if applicable in the future), and technical data (such as IP address, browser type, device information, and usage data) collected through cookies and analytics tools.
Data will be collected only to respond to inquiries, provide information about our services, or contact users for marketing purposes, with explicit consent where required.
How We Use Personal Data
Collected data may be used for the following purposes:
Marketing Communications. We may use your data for sending updates, newsletters, and promotional material to users who opt in, and for tracking engagement to optimise communication effectiveness.
Service Information and Sales Process. We may use your data for responding to inquiries or requests about marketing, legal, or support services.
Internal Analytics. We may use your data for monitoring Website performance and improving user experience.
Compliance and Legal Obligations. We may use your data for maintaining records as required by law or contractual obligations.
Legal Bases for Processing
We process personal data on the following legal bases under the UK GDPR and the Data Protection Act 2018:
For marketing communications, our legal basis is consent. For responding to service enquiries and providing requested information, our legal basis is contract or legitimate interest. For internal analytics and website improvement, our legal basis is legitimate interest (where consent is not required for cookies). For compliance with legal or regulatory obligations, our legal basis is legal obligation.
User Consent and Opt-In
Marketing Opt-In. Users providing personal information through lead capture forms will be presented with a clear opt-in checkbox: “I consent to receive marketing communications, updates, and newsletters from JRNY Services Ltd. I understand I can withdraw my consent at any time.” Consent will be recorded securely with a timestamp and method, in line with GDPR.
Cookie Consent. Non-essential cookies (analytics, functional, marketing) will require active user consent via the Website's cookie manager. Users can opt in or withdraw consent at any time. For detailed information, please see our Cookie Policy.
Data Retention
Personal data collected through lead capture forms or marketing opt-ins will be retained only as long as necessary.
Marketing contacts' data is retained until consent is withdrawn or up to three years from collection. Service inquiry data is kept until the inquiry is resolved, plus five years for compliance purposes. Aggregated or anonymised analytics data may be retained indefinitely.
Data Security
We implement technical and organisational measures to protect personal data, including encrypted data storage, SSL-protected communications, role-based access controls, and secure handling of all submitted data. We also conduct periodic monitoring, audits, and have breach detection protocols in place.
Any personal data breach will be reported to supervisory authorities within 72 hours, and affected users will be notified where a high risk exists, per GDPR requirements.
Users' GDPR Rights
If personal data is collected, you have the right to access your personal data, rectify inaccuracies, request deletion (“right to be forgotten”), restrict processing, withdraw consent, object to marketing communications, and request data portability (receive your personal data in a machine-readable format and transfer it to another controller).
You also have the right to lodge a complaint with a supervisory authority. If you are based in the UK, you can contact the Information Commissioner's Office (ICO) at www.ico.org.uk.
Requests can be submitted to info@jrnyservices.com and will be handled within 30 days.
Cookies and Third-Party Tools
The Website uses a cookie consent manager to handle cookies and tracking. You can manage preferences and opt in or out of analytics, marketing, and functional cookies at any time.
We may share personal data with trusted third-party service providers who act as data processors on our behalf. These may include website hosting and infrastructure providers, analytics providers (e.g. Webflow analytics, future tools), and email marketing platforms (e.g. Mailchimp). These third parties are contractually bound to process personal data only as instructed by us and to maintain appropriate technical and organisational safeguards.
For detailed information on cookies, please see our Cookie Policy.
International Data Transfers
Personal data may be processed or stored in India, the European Economic Area (EEA), or both.
Where data is transferred outside the EEA, we will apply appropriate safeguards, such as Standard Contractual Clauses, to ensure GDPR compliance and protect your data consistently across jurisdictions.
Data We Process on Behalf of Clients
In addition to the personal data described above, JRNY Services Ltd may process personal data on behalf of its clients, as part of delivering software platforms and related services, for example, customer or dealer data processed through a client's platform. In this context, JRNY Services Ltd acts as a data processor, and the client remains the data controller responsible for determining the purposes and legal basis for that processing. Our processing on a client's behalf is governed by a data processing agreement with that client.
Engineering delivery for client platforms is carried out by our wholly-owned subsidiary, JRNY Global Services Pvt Ltd, based in India. Engineering staff work on non-production environments using synthetic or masked data only; live personal data is held in the jurisdiction agreed with the relevant client, and standing access to it is restricted to named roles. Any exceptional access required by engineering personnel to live production data takes place through a controlled, time-boxed, and logged procedure, used only to resolve genuine operational issues.
Where personal data is transferred between JRNY Services Ltd and JRNY Global Services Pvt Ltd, this transfer is intended to be governed by an intra-group data transfer agreement incorporating Standard Contractual Clauses or the UK International Data Transfer Addendum, as applicable, providing safeguards consistent with UK GDPR and EU GDPR requirements. This agreement is in the process of being finalised.
Personal data processed on behalf of a client is retained in accordance with that client's instructions and the terms of the applicable data processing agreement, rather than the retention periods stated above for marketing and website data.
Minors
The Website is not directed at individuals under 16, and JRNY Services does not knowingly collect personal data from minors.
Changes to this Privacy Policy
We may update this Privacy Policy to reflect changes in services, technology, or legal obligations. Updates will be communicated via a banner on the Website, an email notification to registered users, or a version history table on the Website.
As JRNY Services Ltd grows, this policy may be updated to reflect additional services, forms of data collection, and integrations. Users will be notified of significant changes and consent will be requested again where required.