EU-U.S. Data Privacy Framework Notice

Effective Date: February 9, 2017

Updated: July 25, 2023

Jacobson Consulting Applications, Inc., and its controlled US subsidiaries JCA Arts Marketing and TQ CRM Systems LLC dba thankQ USA, (“JCA”) complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. JCA has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit


JCA collects information certain Personal Data, such as name, corporate affiliation, email address, postal address, and telephone number from current and potential clients.

In the course of providing its products and services, JCA may act as a Data Processor. As such, JCA employs industry standard protections to ensure all access is limited to assigned staff and that data is not retained once the purposes for which it was provided are complete.

Other than the Personal Data specifically noted above, JCA is not a Data Collector. Data Collectors providing data to JCA for Processing are required to comply with any and all applicable EU Data Protection regimes, thereby ensuring that individuals providing data have received proper notice about the use of collected Personal Information.

Purposes of Collection and Use of Personal Data

JCA uses its collected Personal Data (1) to respond to requests, (2) to communicate about our products and services, (3) for internal administrative and analytical purposes and (4) to comply with our legal obligations, policies, and procedures.


When a user visits the website, JCA may automatically collect non-personal information, such as the type of browser the visitor is using, and the way the visitor arrived at our website (either a direct visit or via a referring website). The collection of this information may involve the use of cookies.

A user cannot be identified from the information collected in this way on its own and it is only used to assist us in providing an effective service on our website and to collect broad demographic information for aggregate use and to improve the website.

Most browsers accept cookies automatically. You can erase or block cookies from your computer if you want to, but certain services may not work correctly or as fast or at all if you set your browser not to accept cookies.

When a user visits our site, third parties, such as AdRoll and SharpSpring, may place cookies on the user’s browser for targeted advertising purposes. If you would like to opt-out of receiving targeted advertising, you can use the NAI opt out tool here.

Data Collection

When a user interacts with or clicks on a link that directs the user to, the user’s browser automatically provides, and JCA automatically collects and stores, certain information about the user’s device and the user’s activities. This includes:

  • Preferences and settings: time zone and language
  • IP address
  • Technical information about the user’s operating system

JCA collects this data for the proper operation of our Marketing Automation system. Until the user becomes an identified prospect this data cannot be linked to a specific individual.

Data generated by the use of our website includes:

  • Information about use of the website: date stamp, URL of the visited page, URL of the webpage that referred the user to our website
  • History of interaction with our webpages: pages viewed and time spent on a page.


JCA may share Personal Data with its service providers and business partners. Sharing is limited to the purposes described above. Click here if you would like to opt-out.

JCA may disclose Personal Data (1) if we are required to do so by law or legal process or (2) to law enforcement or other government officials should disclosure be required by law or an enforceable government request including to meet national security and/or law enforcement requirements.

Onward Transfer of Personal Data

JCA may share Personal Data with select business partners. Select business partners include Baker Richards, a UK-based consulting agency, and The Access Group, a UK-based software development firm that develops the thankQ CRM software system and for which JCA serves as North American Distributor.

If a contracted third party does not comply with its privacy obligations, JCA will take commercially reasonable steps to prevent or stop the use or disclosure of Personal Data. In the context of an onward transfer, JCA has responsibility for the processing of Personal Data it receives under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf. Pursuant to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, JCA remains liable for the transfer of personal data to third parties acting as our agents unless JCA can prove JCA was not a party to the events giving rise to the damages.


JCA maintains reasonable administrative, technical, and physical safeguards to protect Personal Data from loss, misuse, unauthorized access, unauthorized disclosure, unauthorized alteration, or unauthorized destruction.

Data Integrity and Purpose Limitation

JCA takes reasonable steps to ensure that that Personal Data collected by JCA is relevant for the purposes for which it is collected and that it is relevant for its intended use.

JCA relies on individuals submitting Personal Data to update or correct Personal Data when necessary.


JCA acknowledges the individual’s right to access their personal data. Upon request, JCA will grant individuals reasonable access to personal information held about them. JCA will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete.

To access your data, contact JCA at and detail your request.

Recourse, Enforcement and Liability

In compliance with the EU-US Data Privacy Framework program’s Principles, JCA commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union and United Kingdom individuals with DPF inquiries or complaints should first contact JCA at or, in writing to:

Attn. Privacy Department
575 8th Avenue
Suite 1200
New York, NY 10018

JCA has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See

JCA’s commitments under the EU-U.S. DPF are subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).