Privacy and Data Protection Policy

 

Registered Business Name: The Jersey Card Limited

Registration Number: 103178

Data Controller: Jason Manning – jason@thejerseycard.je

1. Introduction

The Jersey Card (“we,” “us,” or “our”) is committed to protecting the privacy and security of our members’ and partners’ personal data. This policy outlines how we collect, use, and safeguard your information in accordance with the Data Protection (Jersey) Law 2018 (DPJL 2018).

2. Our Data Protection Principles

We adhere to the six “Golden Rules” of the DPJL 2018:

  1. Lawfulness, Fairness, and Transparency: We process data legally and are clear about why we use it.
  2. Purpose Limitation: We only collect data for specific, stated purposes.
  3. Data Minimisation: We only collect what is strictly necessary.
  4. Accuracy: We keep your information up to date.
  5. Storage Limitation: We delete your data when it is no longer needed.
  6. Integrity and Confidentiality: We use high-level security to prevent unauthorized access or loss.

3. Data We Collect and Why

We process personal data under the lawful basis of Contract (to provide your membership) and Legitimate Interests (to improve our service).

Category

Data Points

Purpose

Member Details

Name, Phone, Email, Address, Date of birth

To manage your account and send digital cards.

Payment Info

Transaction history (via Paypal)

To process your monthly/annual subscription.

Partner Data

Business name, contact person, phone number & email.

To manage the partnership and directory listing.

4. How We Share Your Data

We do not sell your data to third parties. We only share data with:

  • Service Processors: Essential tools like payment processors (Paypal) and email delivery services (Mailchimp), all of whom are contractually bound to Jersey-equivalent standards.
  • Local Partners: Partners only see that a “Valid” card has been presented; they do not receive your personal contact details unless you provide them directly to the business.

5. Your Rights

Under Jersey Law, you have the following rights:

  • Right to be Informed: Knowing how we use your data (this policy).
  • Right of Access: Requesting a copy of the data we hold about you (Subject Access Request).
  • Right to Rectification: Correcting any mistakes in your data.
  • Right to Erasure: Asking us to delete your data when you cancel your membership.
  • Right to Object: Opting out of marketing communications at any time.

6. Security & Data Breaches

We implement “Data Protection by Design and Default.” This includes secure logins and regular audits.

  • Breach Plan: In the unlikely event of a data breach that poses a risk to your rights, we will notify the JOIC within 72 hours and inform affected individuals without delay.

7. Retention

We keep your data for as long as your membership is active. If you cancel, we retain your record for one year to assist with account recovery, after which it is permanently deleted or anonymized for statistical purposes.

8. Contact Us

If you have questions regarding your data or wish to exercise your rights, please contact:

Data Protection Lead: Jason Manning

Email: jason@thejerseycard.je

You also have the right to complain to the Jersey Office of the Information Commissioner (JOIC) at www.jerseyoic.org.

Last Updated: January 2026