You may contact our Data Protection Officer with any privacy-related questions by email at email@example.com.
Joompay means Joompay Europe S.A. and its subsidiaries or affiliates. In this Policy, Joompay is sometimes referred to as “we”, “us”, or “our” depending on the context.
Joompay acts as a data controller with respect to the data collected for purposes of processing corresponding to any Services available through the use of Joompay website or mobile application, i.e. we determine the purpose and means of your personal data processing.
Which personal data we use about you
Joompay collects and processes information about you when you use our Services. The specific personal data we collect and process depends on the context of your interactions with Joompay, i.e. Services you are using. Below you can find personal information we may collect and use in accordance with the General Data Protection Regulation and the applicable data protection law of Luxembourg:
Information you give us
- login credentials you use for authentication in Joompay mobile application;
- your identification data, such as paytag, name, surname, date of birth and nationality;
- contact details, e.g. address, email address, mobile number;
- identification documents (e.g. passport), photos, video and audio recordings and any other information you provide for identification purposes to prove you are eligible to use Services;
- details of bank account, debit or credit cards you use to add cash to Joompay account, including the card number, expiry date and CVC/CVV code, as well as an amount of the acquiring transaction;
- information about the other participants associated with the transactions executed using Joompay mobile application, website or paylink, such as bank account of the recipient of the fund transfer executed using Joompay mobile application or name and email of the sender involved in person-to-person transfer through paylink;
- data that you choose to provide us to obtain specific Services within Joompay mobile application, such as delivery address for your Joompay plastic card;
- information that you give by communicating with us, whether by phone, email, online, or otherwise;
- data and content shared by you when participating in online discussions, surveys or promotions including those you post on our social media pages and community pages;
- photo (only if one is uploaded).
Information we may collect from you or generate about you
- personal details retrieved from your identification documents;
- information about the products and services you hold, e.g. details of your Joompaycard including card number, expiry date and CVC/CVV code;
- information on your transactions (e.g. payments into and out of the account), including the date, time, amount, currencies, exchange rate, beneficiary details, details of the merchant or ATMs associated with the transaction, IP address of sender and receiver, sender's and receiver's name and registration information, messages sent or received with the payment, details of device used to arrange the payment and the payment method used;
- information about your visit, including the links that have been clicked on, through and from the site (including date and time), services viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page;
- technical information, including the internet protocol (IP) address used to connect to the internet, log-in information, the browser type and version, the time-zone setting, the operating system and platform, the type of device, a unique device identifier (for example, the device's IMEI number, the MAC address of the device's wireless network interface), mobile network information, etc.;
- information stored on the device that you provide us with access to, such as your contacts, photos, videos or other digital content;
- if you have a location services in the Joompay application switched on, we may track the location using GPS technology and IP address;
- cookies and similar technologies we use to recognise you, remember your preferences and tailor the content we provide to you;
- risk rating information, e.g. transactional behaviour and underwriting information;
- investigations data, e.g. due diligence checks, sanctions and anti-money laundering checks;
- information that we need to support our regulatory obligations, e.g. information about transaction details, detection of any suspicious and unusual activity.
Information we may receive from other providers
- your profile information, order and delivery history including address, data on your preferences and behavior, information about your transactions, data regarding your device and analytics gathered about you from parties with which we operate as co-branded businesses, such as Joom application;
- information from social media accounts;
- other information to help Joompay verify your identity and information relating to your transactions.
We do not process special categories of data such as racial or ethnic data, health data, religious or philosophical beliefs.
It is to be noted that you have choices about the personal data we collect, e.g. when you are asked to provide personal data, you may decline. Please refer to Your Rights section below for details
How and why we process your personal data
We use or may use your personal data for the following purposes and based on the corresponding legal basis:
- Processing is necessary to fulfil our contractual and pre-contractual obligations. These actions are only taken when requested by you, e.g. we will process your name and contact information if you ask us to deliver you a plastic Joompay card.
- Processing is necessary for the purpose of legitimate interests of the Joompay, including to:
- manage risk, fraud, and abuse of Joompay services;
- contact you when needed;
- manage our everyday business needs, such as monitoring, analysing;
- provide recommendations and personalisation;
- advertise and market our services and experiences;
- enforce claims;
- anonymise personal data in order to provide aggregated statistical data to third parties;
- ensure IT security.
- Processing is based on your consent, e.g. we will access the list of your contacts only if you allow us to do so.
- Processing is necessary for compliance with a legal obligation. In some cases, we have a legal responsibility to collect and store your personal information in accordance with money-laundering laws or other applicable legislation in Luxembourg or in the EU.
Who we disclose or share your personal data with
We may share with and disclose your personal data to third-parties for purposes including but not limited to the following:
- Companies of our group – to ensure availability and connectivity of our Services;
- Suppliers who provide us with IT, payment and delivery services – to help us provide you our services;
- Our banking and financial services partners and payments networks, including MasterCard and Visa – to jointly create and offer you services;
- Participants associated with the transactions - to facilitate transactions;
- Card manufacturing, personalization and delivery companies – to create and delivery your Joompay card;
- Advertisers – to promote our Services;
- Customer service providers and developers – to help us to develop our Services and deliver them to you;
- Communications services providers – to help us send you SMS (text) messages, e-mail messages and push notifications;
- Other professionals such as lawyers or auditors;
- Governmental authorities such as judicial authorities.
We may share your personal information with our partners in order to provide you with certain services you have asked us for. We will only share your personal information in this way if you have asked for the relevant service. You can withdraw your permission at any time by contacting us through the Joompay mobile application. However, this may affect your ability to continue to use those services.
How we transmit personal data abroad
As Joompay provides an international service, we may need to transmit your personal information to the states outside the European Economic Area (EEA). For example, if you ask to make an international payment, we will send funds to banks overseas. We might also send your information overseas to keep to global legal and regulatory requirements, and to provide ongoing support services and application development.
While performing its activities, Joompay shall ensure that the recipient of the data guarantees an appropriate level of data protection. In order to ensure an appropriate level of protection by the recipient of the data, we use the standard contracts of the European Union for the transmission of data outside the EU, as amended, as well as entering into standard protection clauses adopted by the European Commission, in order to protect your personal data adequately. If you would like more information, please contact us by sending an email to firstname.lastname@example.org .
How long we will keep your personal information
The Company will only retain your personal data:
- for as long as it is necessary for the purpose or purposes for which it was intended;
- for as long as required or permitted by law taking into consideration the statutory limitation period.
The way we analyse personal data relating to our Services may involve profiling. This means that we may process your personal data using software that can evaluate your personal circumstances and other factors to predict risks or outcomes. We may also use profiling, or other automated methods, to make decisions about you that relate to the following.
- Anti-money laundering and sanctions checks;
- Identity and address checks;
- Monitoring your account for fraud and other financial crime, either to prevent you committing fraud, or to prevent you becoming a victim of fraud;
- Screening people who may be classed as ‘politically exposed’ (for example, if you are a government minister);
- Assessments required by our regulators and appropriate authorities to make sure we meet our regulatory obligations (for example, making decisions about those at risk of becoming financially vulnerable).
This is known as ‘automated decision-making’ and is only allowed when we have a legal reason for this type of decision-making. We may make automated decisions about you in the following circumstances.
- If automated decisions are necessary for us to enter into a contract;
- If automated decisions are required or authorised by law,for example, to prevent fraud.
You can contact us to ask to review an automated decision sending an email to email@example.com.
Cookies can be used to recognize you when you visit our website or application, remember your preferences, and give you a personalized customer experience according to your settings. Cookies enable us to provide you Services faster. We use them for the following purposes:
- Authentication. Cookies may be used in order to recognize that you are already logged into your account with Joompay;
- Enabling features and services. Some cookies enable us to provide you with the functionality offered by the Services as well as to remember your settings and preferences. For example, such cookies are used to remember the language you chose;
- Analytics. This type of cookies helps us to evaluate our Services, and help us customize and improve them.
You can manage your cookie preferences through our pop-up cookie banner that appears when you first visit the website, through your browser settings and other tools on your device.
Some of the cookies are placed by third parties. You may visit their websites and read their privacy policies:
- Google (https://policies.google.com/privacy);
- ThreatMetrix (https://risk.lexisnexis.com/privacy-policy);
- Facebook (https://www.facebook.com/about/privacy/);
- Adjust (https://www.adjust.com/terms/privacy-policy/).
We respect your rights to determine how your personal data is used and seek to ensure that you are able to exercise your rights at any time to the extent required by the law and the regulation. These rights include:
Right of access to your personal data
You have the right to ask us for access to your personal data that we process and to ask for a copy of such personal data.
Right to rectification
You have the right to ask us to update your personal data and to request the rectification of inaccurate personal data.
Right to erasure (‘right to be forgotten’) and the right to restriction
If at any time you decide that you do not want us to retain any personal data we collected from you, you may request we delete your data. You may also request the restriction of the processing of your personal data such as where the accuracy of the data is being contested or the processing is unlawful. We will take reasonable measures to comply with your request to the extent required by applicable law and regulation.
Right to data portability
You have the right to receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format and to transmit such data to another controller. You also have the right to have your personal data transmitted directly from us to another data controller only when you have asked us to do so and have consented to such sharing, and when technically feasible.
Right to object
You may object to the processing of your personal data on grounds relating to your particular situation and particularly when the processing is based on our legitimate interests. You have also the right to object to the processing of your personal data for direct marketing purpose.
Right to withdraw your consent
You have the right to withdraw your consent at any time, when the processing is based on your consent.
Right to lodge a complaint with the CNPD (National Commission for Data Protection)
You have the right to lodge a complaint with the CNPD, where you believe that your data is being processed in a way that does not comply with the applicable law and regulation, by filling in an online complaint form available on the CNPD website or by letter addressed to Commission Nationale pour la Protection des Données, Service des Réclamations, 1, Avenue du Rock'n'Roll, L-4361, Esch-sur-Alzette. When you reside in another EU member state, you have the right to lodge your complaint with your local data protection supervisory authority.
How you can exercise your rights
All the above listed rights may be exercised through the following channels:
- customer support chat available within Joompay application;
- e-mail addressed to firstname.lastname@example.org;
- e-mail addressed to email@example.com.
How we protect your data
In accordance with the law and regulation, we take appropriate technical (IT security) and organisational measures (contractual measures) to ensure the protection of your personal data. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.