May 2021 | V1.2. (EN)
This Website and the jti:app are published by Reporters sans frontières (RSF), CS 90247, 75083 Paris Cedex 02, France, and feature a Questionnaire based on the CWA 17493:2019, published by the European Committee for Standardization.
1. Personal data
The amount and type of data, as well as the usage, depend on different user types.
1.1. Usage Data
All users provide data automatically, such as the IP address, time and location, when accessing the website and its applications.
1.2. Identity and contact details
User types such as Media Outlets and their Legal Entities, Certifiers and other stakeholders (“Groups”) may also use the JTI web application, the jti:app. Its conditional access requires the registration of an account and to provide respective contact details of the account holder, such as name, postal address, Email address, but also payment data.
For Media Outlets and their Legal Entities, the jti:app provides a questionnaire to complete by providing additional corporate information, including personal data of third parties and individuals, such as employees, Board members and owners, of whom consent is required (see pt. 3. below).
We do not collect personal data from any other sources.
2. Data usage
The nature of operations carried out on all data is to collect, record, publish, compile, archive and process it internally for the sole purpose of offering and optimizing this service.
Content provided by Media Outlets and their Legal Entities, Groups and Certifiers via the jti:app questionnaire according to 1.3. and relevant account data as per 1.2. may be republished and commercially exploited, subject to the Terms of Service.
With the exception of pt. 2.2., personal data will not be shared with third parties except by way of the hosting and payment processing services necessary to operate this website and the jti:app.
Those service providers are subject to controller-processor contracts according to the GDPR Art. 28.2. and provide sufficient guarantees to ensure the protection of the Data Subject (GDPR Art. 28.1).
The hosting services providers are Heroku and Digital Ocean.
The payment services provider is Stripe.
The web analytics tool is Matomo.
Any data subject whose data are provided on the Website may gain access freely to his/her data since it is published on an unrestricted basis.
3.2. Third-party data
Content provided according to pt. 1.3. may contain personal data that relates to third parties, i. e. data subjects that do not provide it themselves. In that case it is the responsibility of the account holder to obtain adequate consent from each and every individual concerned prior to publication, given that the legal justification to process it is consent (GDPR Art. 6.1 (a)).
Personal data of third parties may be withdrawn freely at any time (GDPR Art. 7.3) and such third parties must be advised of all their rights under the GDPR prior to publication.
4. Security and Safety
4.1. Data protection
We do our best to keep all personal data secure and accurate at any point in time. This also applies to processing of payments made for usage of the services offered by this Website.
Notwithstanding these efforts we cannot guarantee the security of such information. In particular we cannot prevent certain intrusion or other forms of data compilation techniques like data scraping allowing third parties to collect information on the website.
4.2. Protection of data subjects
The safety of news media staff, freelancers and other parties involved in journalism directly or indirectly is of paramount importance. Legitimate reasons exist to not disclose, for example, a physical address, a name or phone number and therefore, the submission of information by completing the JTI questionnaire shall always be subject to safety considerations.
The jti:app offers the option to withhold certain disclosures due to security concerns.
5. Data handling
5.1. Cookies and tracking
5.2. Retention and deletion
We retain personal data only for as long as is necessary for the purpose of online publication and you or any other Data Subject whose personal data are processed may at any point in time withdraw consent and instruct us to remove such information, rectify or delete the entire submission.
If you wish to lodge a complaint about our handling of personal data, please contact us (see Imprint for contact details or use the contact form) with the details of your complaint. We expect our response time not to exceed two weeks.
If you are dissatisfied with our handling of your complaint, you may file a complaint with your local Data Protection Agency.