EnterPrivacy Policy
Last updated: May 2026
1. Who we are
1.1 EnterJamaica is the data controller for personal data processed through enterjamaica.org and EnterJamaica account and checkout features described here, under the Data Protection Act 2020 ("DPA 2020").
1.2 Privacy contact: [email protected] only (subject: Privacy Request).
2. Scope
2.1 This Policy covers:
- guest browsing and checkout;
- registered accounts, C5 submissions, and confirmation records;
- optional eSIM purchase and activation;
- support, refund, and rights requests you send us.
2.2 Payment processors, eSIM network partners, hosting providers, and linked travel operators may process data under their own policies when you use their services.
3. What we collect
| Category | Examples | Typical context |
|---|---|---|
| Account & identity | Name, email, phone, account IDs | Registration, sign-in, support |
| C5 & travel | Passport-related fields, arrival details, customs answers, party members where declared | Form completion and submission |
| Payment | Billing details, transaction IDs (card data via payment processor) | Checkout and refunds |
| eSIM & device | Device type, activation status, QR delivery metadata | Digital connectivity |
| Usage & device | IP address, browser, pages viewed, language | Security and improvement |
| Communications | Support mail, refund and dispute records | Customer and compliance |
| Cookies & similar tech | Session, preferences, analytics (where used) | Site function and measurement |
We collect only what each feature reasonably needs.
4. Lawful bases (DPA 2020)
We process personal data on one or more of:
- Contract — to provide C5 processing, eSIM delivery, and features you request (section 23, performance of contract);
- Legitimate interests — security, fraud prevention, service improvement, and operating a travel facilitation platform, balanced against your rights;
- Consent — non-essential cookies, optional marketing, or other processing where consent is required;
- Legal obligation — compliance, court orders, and regulatory duties.
We maintain a processing record for accountability, including purposes, categories, recipients, transfers, and security measures as required by section 16(2) of the DPA 2020.
5. How we use personal data
- provide and secure the Platform;
- validate, process, and transmit C5 information you authorise;
- process payments and deliver eSIM products;
- send confirmations and respond to support, refund, and privacy requests;
- detect abuse and protect users and partners;
- comply with law and enforce our Terms.
We do not sell personal data.
6. Sharing and processors
We may share data with:
- payment, hosting, email, SMS, and security providers under contract;
- eSIM provisioning partners to activate service;
- authorities or official channels only where necessary to complete a declaration you have authorised, or where law or court order requires;
- professional advisers where required;
- successors in a merger or reorganisation, subject to this Policy.
Processors must implement appropriate technical and organisational measures and process only on our instructions.
7. International transfers
Data may be processed outside Jamaica (for example cloud hosting or partner fulfilment). Where Part VII of the DPA 2020 applies, we use appropriate safeguards (adequacy, standard contractual clauses, or other permitted mechanisms). Personal data shall not be transferred outside Jamaica unless the destination ensures an adequate level of protection for data subjects' rights and freedoms, subject to the exceptions in the Act (including consent, contract necessity, legal proceedings, and other permitted grounds).
Where you are in the EEA/UK or another jurisdiction with local privacy law, we honour equivalent rights and transfer safeguards required by applicable law.
8. Retention
We keep data only as long as needed for the purposes above, including legal, accounting, fraud-prevention, immigration-support, and complaint records. Account data is deleted or anonymised within a reasonable period after account closure, unless law requires longer retention.
9. Security and breaches
9.1 We use administrative, technical, and organisational measures appropriate to the risk, including encryption in transit, access controls, and secure payment processing. No system is completely secure.
9.2 If a personal data breach is likely to affect your rights, we will notify the Office of the Information Commissioner and affected individuals as required by section 27 of the DPA 2020, including where applicable within 72 hours of becoming aware of a notifiable breach.
10. Your rights (DPA 2020)
Subject to exceptions in the Act, you may request:
| Right | Section |
|---|---|
| Access | s.6 |
| Rectification | s.7 |
| Erasure | s.8 |
| Restriction | s.9 |
| Data portability | s.10 |
| Objection | s.11 |
Email [email protected] with Privacy Request and enough detail to verify your identity. We respond within 30 days, extendable to 60 days where complex.
You may complain to the Office of the Information Commissioner if unsatisfied.
11. Cookies
11.1 Essential cookies support login, checkout, security, and core functions.
11.2 Non-essential analytics or preference cookies, where used, rely on consent via the site banner or settings.
11.3 You may control cookies through browser settings; blocking some cookies may limit features.
12. Children
The Platform is not directed at persons under 18 without guardian involvement. We do not knowingly collect children's personal data without appropriate consent. Contact [email protected] to request deletion if you believe we have done so improperly.
13. Changes
We may update this Policy. Material changes will be notified as in the Terms (registered email and/or on-site notice, 30 days where practicable). The effective date appears at the top.
14. Contact
EnterJamaica — [email protected] only (Privacy Request, Data Subject Access, Erasure, Complaint). [email protected]