Privacy Policy

Provider

JRS is the service brand used for these software and related services by 上海景荣铄信息技术有限公司, rendered in English as Shanghai Jingrongshuo Information Technology Co., Ltd. for convenience.

Privacy questions and customer data protection requests can be sent to service@shjrs.com.

Scope

This privacy policy applies to software and services provided by JRS for electronic invoicing, tax reporting, SAP integration, and related enterprise application scenarios.

This policy should be read together with any signed service agreement, statement of work, or data processing agreement. If there is a conflict, the signed agreement will apply to that customer engagement.

Our role in processing

JRS may act as an independent controller for account, contact, website, sales, support, security, and service administration data that we decide how and why to process.

For customer-controlled business data, such as invoice records, taxpayer data, customer and supplier records, SAP integration payloads, and tax reporting submissions, JRS usually acts as a processor or service provider and processes the data according to the customer's authorised instructions.

Information we process

Depending on the service configuration, we may process organisation contact details, user account information, tax identifiers, VAT or invoice records, submission status data, support messages, and technical audit records.

When HMRC or another tax authority requires it, the software may also process OAuth authorisation data, access tokens, refresh tokens, IP addresses, fraud prevention header data, and security logs required for API access and auditability.

Lawful basis

Where applicable data protection law requires a lawful basis, we rely on contract performance, legal obligations, legitimate interests such as security and service operation, consent where required, and the customer's lawful instructions for processor activities.

Why we process information

• to provide e-invoicing, tax reporting, integration, and support services
• to submit, retrieve, validate, reconcile, and archive invoice or tax reporting data as authorised by the customer
• to protect systems, investigate incidents, maintain audit trails, and meet legal or regulatory obligations
• to communicate with customers about service operation, security, and support

Sharing information and sub-processors

We only share information where it is needed to operate the service, comply with law, or follow the customer's authorised instructions.

This may include sharing relevant data with HMRC, other tax authorities, approved service providers, hosting providers, security providers, and professional advisers. We do not sell customer personal data.

Service providers that process personal data on our behalf are expected to operate under contractual confidentiality, security, and data protection obligations. Where they process customer-controlled data, they may be treated as sub-processors under the relevant customer agreement or data processing agreement.

Security and retention

We use reasonable technical and organisational controls to protect customer data, including access control, encryption in transit, restricted administrative access, and operational logging.

If we become aware of a security incident affecting customer data, we will investigate it and notify affected customers as required by applicable law or the relevant customer agreement.

Data is retained only for as long as needed for service delivery, legal obligations, audit, dispute handling, or the applicable customer agreement.

International processing

JRS may provide services from China and may use infrastructure or service providers in other countries or regions. Where required, we apply appropriate contractual and organisational safeguards for cross-border processing.

Your rights and contact

Customers and authorised users can contact us at service@shjrs.com to ask about privacy, data access, correction, deletion, export, restriction, objection, or security concerns.

Where we process customer-controlled data as a processor, we may refer requests to the relevant customer administrator or assist the customer in responding to the request.