Welcome to JETT trust center

JETT adheres to GDPR and implemented ISO 27701 by integrating a Privacy Information Management System (PIMS) with our ISMS. We identify and mitigate privacy risks through data mapping, impact assessments, and controls for personally identifiable information (PII). For instance, we do not store sensitive payment details like credit card numbers, and we limit data sharing with third parties to only what's necessary for fulfilling bookings, with contractual obligations for their privacy practices.

Yes, we perform Privacy Impact Assessments for new processes involving PII, as required by ISO 27701. This helps us evaluate risks related to data collection, such as IP addresses or travel preferences, and implement mitigations like anonymization or consent mechanisms. Our policy ensures that any changes to data usage are communicated via updated privacy notices, and we seek consent where needed for new purposes.

In compliance with ISO 27001, we deploy a multi-layered security framework including access controls (e.g., authorized employee access only for business needs), encryption for data in transit, and regular vulnerability scanning. We also have incident response plans to address potential breaches, and we limit liability for unauthorized access to cases of our gross negligence, up to the value of services purchased.

We support data subject rights under ISO 27701 by allowing access, correction, or deletion of personal information upon request, subject to a nominal fee where applicable. Customers can contact us at [email protected] to exercise rights like viewing their data or opting out of marketing. Our system logs and tracks such requests to ensure timely responses within legal timelines.

JETT evaluates and contracts with third-party vendors (e.g., payment processors or travel suppliers) under ISO 27001 and 27701 guidelines, requiring them to adhere to equivalent security and privacy standards. We share only minimal PII necessary for services, prohibit unauthorized use, and conduct periodic reviews. This includes clauses for data protection in agreements to safeguard information like email addresses shared for booking confirmations.

In line with ISO 27001 and 27701, we have a formal incident response and breach notification process. Upon detection, we investigate, contain, and remediate issues, notifying affected individuals and authorities if required by law (e.g., within 72 hours for high-risk cases). Our policy commits to protecting data integrity, and we use lessons learned to strengthen controls like encryption and access restrictions.

JETT aligns with GDPR by adhering to principles such as lawfulness, fairness, and transparency in processing personal data. We collect only necessary information (e.g., name, email, travel preferences) for specified purposes like booking fulfillment, as outlined in our privacy policy, and provide clear notices about data usage. Data minimization is ensured by excluding sensitive details like credit card numbers, and we retain data only as long as needed for legal or service purposes, with secure deletion thereafter.

JETT complies with PCI DSS SAQ D by implementing robust security controls for cardholder data environments, as it does not qualify for other SAQ types due to processing payments through third-party providers. We do not store sensitive card details like credit card numbers and conduct regular vulnerability scans and employee training to ensure compliance with all 12 PCI DSS requirements, with third-party payment processors handling transactions securely.