Privacy Statement

October 1, 2025

The ICT Authority of Jamaica (“we”, “our”, “us”, “ICTA”) provides this Privacy Statement to explain how we collect, use and protect your personal information when you engage with the Jamaica Data Exchange Platform (JDXP).

This Privacy Statement is intended to help you understand what information we collect, why we collect it and how it is used. Certain capitalized terms not otherwise defined in the Statement are explained in the Key Terms section below.

By applying for Membership, you are agreeing to the collection and use of your personal information in accordance with this statement.

Things we require of you

When you apply for membership to JDXP, we require that you provide us with personal information including contact details like email address and telephone numbers, information on your designated Representative including First Name, Last Name, Business Address and information on your Data Protection Officer (if a person). This information is collected as part of KYC (Know Your Customer) requirements. In addition, we require that you provide us with information on the capacity in which you want to operate on the platform, i.e. whether Custodian or Subscriber, with sufficient information on the nature of your business to justify this desire.

Information we collect as you use our platform

We use various technologies to collect and store information, including Cookies, databases, and Server Logs. This includes personal information necessary to establish your account and to track the transactions associated with your account.

Your activity

We collect information about your activity on the platform for auditing and statistics. This is primarily system information such as event timestamp, request details, response status and includes personal information such as user name. This allows for billing, troubleshooting, conflict resolution, trend analysis and performance enhancement.

To establish your account

For all transactions processed using the JDXP Services a user must first be established as authenticated and authorized. Additionally, for auditing purposes, a log of these transactions is kept, including the associated user account executing the transaction. This provides full transparency of JDXP’s operations.

Communicating with you

We use information such as your email address, to interact with you directly. For example, we may send you a notification if we detect suspicious activity, or to let you know about upcoming changes or improvements in the platform. In addition, if you contact us, we will keep a record of your request in order to help solve any issues you might be facing.

Protecting JDXP, our users, and the public

We use information to help improve the safety and reliability of our platform. This includes detecting, preventing and responding to fraud, abuse, security risks and technical issues that could harm JDXP, our users, or the public.

When JDXP shares your information

ICTA does not share your personal information with external entities except in the circumstances described below:

Legal Enforcement

We may disclose your personal information when required by law or in response to a valid request from public authorities, such as a court or government agency.

Other Legal Reasons

We may share information when it is necessary to:

  • Respond to applicable laws, regulations, or enforceable government requests.
  • Enforce the JDXP Terms of Service, including investigations into potential violations.
  • Detect, prevent, or address fraud, security, or technical issues.
  • Protect the rights, property, or safety of ICTA, JDXP users, or the public.
  • Prevent or mitigate legal liability.

If ICTA is involved in a merger, acquisition, or asset transfer, we will ensure that confidentiality is maintained and that affected users are notified before any change in privacy terms takes effect.

Keeping your information secure

JDXP is built with strong security features that continuously protect your information. The insights we gain from maintaining our platform help us detect and automatically block security threats. If we detect something risky, we will notify you and help guide you through steps to stay protected.

We work hard to protect you and JDXP from unauthorized access, alteration, disclosure or destruction of information, including:

  • We use encryption to keep your data private
  • We offer a range of security features, like IP whitelisting, tokens and multi-factor authentication to help you protect your user accounts
  • We review our information collection, storage and processing practices, including physical security measures, to prevent unauthorized access to our building and systems
  • We restrict access to personal information to our employees who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

Retaining your information

We retain your personal information only as long as necessary for the purposes for which it was collected, or as required by law. Personal information associated with the ongoing relationship between you and ICTA is stored for the duration of that relationship plus ten (10) years, unless otherwise required by regulation.

Compliance and cooperation with Regulators

ICTA regularly reviews this Privacy Statement to ensure compliance with Jamaica’s Data Protection Act and other applicable regulations. We process personal information in ways that uphold the principles of fairness, transparency and accountability.

About this Statement

This Privacy Statement applies to all services offered by JDXP. It does not apply to:

  • Services that have their own separate privacy statements.
  • The information practices of other organizations using the platform.
  • External services or products that may access JDXP data independently.

Changes to this Statement

We change this Privacy Statement from time to time. We always indicate the date the last changes were published.

Key Terms

Cookies
A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the site again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information. You can configure your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies.

IP address
Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the geolocation from which a device is connecting to the Internet.

Server logs
Like most websites, our servers automatically record bits of information when you use our platform. These “server logs” typically include event identifiers, error codes, server error messages, and application error messages.

Custodian
A Custodian is a member of the platform that can share data with other members.

Subscriber
A Subscriber is a member of the platform that has been granted approval to one or more data services offered by a Custodian.