Joompay Privacy Policy

Download as PDF
Effective Date is 18 April 2023. To view our previous terms, click here.

Joompay Privacy Policy

In this Privacy Policy (“Policy”) we describe how Joompay collects, uses, shares, protects and keeps your personal data when you use our products, content, features, technologies, or functions, and all related websites and applications offered to you by Joompay collectively defined as “Services”. It also contains information on your rights with respect to your data and how you may exercise them. This Policy applies when you use our Services. While this Policy is provided in several languages, the version of this Policy in English shall prevail.

You may contact our Data Protection Officer with any privacy-related questions by email at

About Us

Joompay means Joompay Europe S.A., and its subsidiaries or affiliates. In this Policy, Joompay is sometimes referred to as “we”, “us”, or “our” depending on the context.

Joompay acts as a data controller with respect to the data collected for purposes of processing corresponding to any Services available through the use of Joompay website or mobile application, i.e. we determine the purpose and means of your personal data processing.

Which personal data we use about you

Joompay collects and processes information about you when you use our Services. The specific personal data we collect and process depends on the context of your interactions with Joompay, i.e. Services you are using. Below you can find personal information we collect and use in accordance with the General Data Protection Regulation and the applicable data protection law of Luxembourg:

Information you give us

  • login credentials you use for authentication in Joompay mobile application;
  • your identification data, such as paytag, name, surname, date of birth and nationality;
  • contact details, e.g. address, email address, mobile number;
  • identification documents (e.g. passport), photos, video and audio recordings and any other information you provide for identification purposes to prove you are eligible to use Services;
  • details of bank account, debit or credit cards you use to add cash to Joompay account, including the card number, expiry date and CVC/CVV code, as well as an amount of the acquiring transaction;
  • information about the other participants associated with the transactions executed using Joompay mobile application, website or paylink, such as bank account of the recipient of the fund transfer executed using Joompay mobile application or name and email of the sender involved in person-to-person transfer through paylink;
  • data that you choose to provide us to obtain specific Services, such as delivery address for your Joompay plastic card or employment data in the course of application for our Business oriented services;
  • information that you give by communicating with us, whether by phone, email, online, or otherwise;
  • data and content shared by you when participating in online discussions, surveys or promotions including those you post on our social media pages and community pages;
  • photo (only if one is uploaded).

Information we collect from you or generate about you

  • personal details retrieved from your identification documents;
  • information about the products and services you hold, e.g. details of your Joompay card including card number, expiry date and CVC/CVV code;
  • information on your transactions (e.g. payments into and out of the account), including the date, time, amount, currencies, exchange rate, beneficiary details, details of the merchant or ATMs associated with the transaction, IP address of sender and receiver, sender's and receiver's name and registration information, messages sent or received with the payment, details of device used to arrange the payment and the payment method used;
  • information about your visit, including the links that have been clicked on, through and from the site (including date and time), services viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page, codes/tags that are used to identify human languages;
  • technical information, including the internet protocol (IP) address used to connect to the internet, log-in information, the browser type and version, the time-zone setting, the operating system and platform, the type of device, a unique device identifier (for example, the device's IMEI number, the MAC address of the device's wireless network interface), mobile network information, etc.;
  • information stored on the device that you provide us with access to, such as your contacts, photos, videos or other digital content;
  • if you have a location services in the Joompay application switched on, we track the location using GPS technology and IP address;
  • cookies and similar technologies we use to recognise you, remember your preferences and tailor the content we provide to you;
  • risk rating information, e.g. transactional behaviour and underwriting information;
  • investigations and public information data, e.g. due diligence checks, sanctions and anti-money laundering checks;
  • information that we need to support our regulatory obligations, e.g. information about transaction details, detection of any suspicious and unusual activity.

Information we receive from other providers

  • your profile information, order and delivery history including address, data on your preferences and behavior, information about your transactions, data regarding your device and analytics gathered about you from parties with which we operate as co-branded businesses, such as Joom application;
  • technical data from analytics providers such as Google Analytics;
  • demographic data from advertising sources such as Facebook;
  • transaction data from merchants who you make transactions with using our services;
  • data about your purchases from affiliate advertising networks;
  • creditworthiness information;
  • other information to help Joompay verify your identity and information relating to your transactions.

We do not process special categories of data such as racial or ethnic data, health data, religious or philosophical beliefs.

It is to be noted that you have choices about the personal data we collect, e.g. when you are asked to provide personal data, you may decline. Please refer to Your Rights section below for details.

How and why we process your personal data

We use your personal data for the following purposes and based on the corresponding legal basis:

  1. Processing is necessary to fulfill our contractual and pre-contractual obligations. These actions are only taken when requested by you, e.g. we will process your name and contact information if you ask us to deliver you a plastic Joompay card.
  2. Processing is necessary for the purpose of legitimate interests of the Joompay, including to:
    • manage risk, fraud, and abuse of Joompay services;
    • contact you when needed;
    • manage our everyday business needs, such as monitoring, analysing;
    • provide recommendations and personalisation;
    • advertise and market our services and experiences;
    • collect debts and enforce claims;
    • anonymise personal data in order to provide aggregated statistical data to third parties;
    • ensure IT security.
  3. Processing is based on your consent, e.g. we will access the list of your contacts only if you allow us to do so.
  4. Processing is necessary for compliance with a legal obligation. In some cases, we have a legal responsibility to collect and store your personal information in accordance with money-laundering laws or other applicable legislation in Luxembourg or in the EU.

Who we disclose or share your personal data with

From time to time we share with and disclose your personal data to third-parties for purposes including but not limited to the following:

  • Companies of our group – to ensure availability and connectivity of our Services;
  • Suppliers who provide us with IT, payment and delivery services – to help us provide you our services;
  • Our banking and financial services partners and payments networks, including MasterCard and Visa – to jointly create and offer you services;
  • Participants associated with the transactions — to facilitate transactions;
  • Card manufacturing, personalization and delivery companies – to create and delivery your Joompay card;
  • Advertisers – to promote our Services;
  • Affiliate advertising networks – to provide you with requested Services;
  • Customer service providers and developers – to help us to develop our Services and deliver them to you;
  • Communications services providers – to help us send you SMS (text) messages, e-mail messages and push notifications;
  • Credit bureaus and collection agencies;
  • Other professionals such as lawyers or auditors;
  • Governmental authorities such as judicial authorities.

We share your personal information with our partners in order to provide you with certain services you have asked us for. We will only share your personal information in this way if you have asked for the relevant service. You can withdraw your permission at any time by contacting us through the Joompay mobile application. However, this may affect your ability to continue to use those services.

Data transmission to SCHUFA

In Germany, we transfer personal data collected within the scope of pay later services as well as data regarding conduct that violates such services and/or is fraudulent, to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden. The legal basis for such transmission comprise Art. 6 (1) (b) and Art. 6 (1) (f) General Data Protection Regulation (GDPR). Data may only be transmitted on the basis of Art. 6 (1) (f) GDPR to the extent necessary for the purposes safeguarding our or third parties’ legitimate interests and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The exchange of data with SCHUFA likewise facilitates the satisfaction of statutory obligations to perform an evaluation of the creditworthiness of customers (§ 505a and 506 of the German Civil Code). SCHUFA processes data it receives and also uses such data for purposes of profile creation (Scoring) in order to provide its contractual partners domiciled in the European Economic Area and Switzerland as well as third countries as applicable (to the extent an adequacy decision from the European Commission is available for such countries) information to be used to evaluate the creditworthiness of natural persons amongst other things. Additional information regarding SCHUFA’s business may be found in the SCHUFA Information Sheet or online at

How we transmit personal data abroad

As Joompay provides an international service,sometimes we need to transmit your personal information to the states outside the European Economic Area (EEA). For example, if you ask to make an international payment, we will send funds to banks overseas. We might also send your information overseas to keep to global legal and regulatory requirements, and to provide ongoing support services and application development.

While performing its activities, Joompay shall ensure that the recipient of the data guarantees an appropriate level of data protection. In order to ensure an appropriate level of protection by the recipient of the data, we use the standard contracts of the European Union for the transmission of data outside the EU, as amended, as well as entering into standard protection clauses adopted by the European Commission, in order to protect your personal data adequately. If you would like more information, please contact us by sending an email to .

How long we will keep your personal information

The Company will only retain your personal data:

  • for as long as it is necessary for the purpose or purposes for which it was intended;
  • for as long as required or permitted by law taking into consideration the statutory limitation period.

Automated processing

The way we analyse personal data relating to our Services involves profiling. This means that we process your personal data using software that can evaluate your personal circumstances and other factors to predict risks or outcomes. We also use profiling, or other automated methods, to make decisions about you that relate to the following:

  • Anti-money laundering and sanctions checks;
  • Identity and address checks;
  • Monitoring your account for fraud and other financial crime, either to prevent you committing fraud, or to prevent you becoming a victim of fraud;
  • Screening people who may be classed as ‘politically exposed’ (for example, if you are a government minister);
  • Assessments required by our regulators and appropriate authorities to make sure we meet our regulatory obligations (for example, making decisions about those at risk of becoming financially vulnerable).

This is known as ‘automated decision-making’ and is only allowed when we have a legal reason for this type of decision-making. We make automated decisions about you in the following circumstances.

  • If automated decisions are necessary for us to enter into a contract;
  • If automated decisions are required or authorised by law,for example, to prevent fraud.

You can contact us to ask to review an automated decision sending an email to

Cookies policy

We use cookies (small files placed onto your device) and similar technologies (e.g., pixels, ad tags, local storage etc.) to recognize you and/or your device(s) across different services as well as in order to allow the use of certain functionality, including making your experience convenient and secure. For simplicity, we refer to all these technologies together as "cookies".

Cookies can be used to recognize you when you visit our website or application, remember your preferences, and give you a personalized customer experience according to your settings. Cookies enable us to provide you Services faster. We use them for the following purposes:

  • Authentication. Cookies are used in order to recognize that you are already logged into your account with Joompay;
  • Security and fraud prevention. We use cookies in order to prevent fraudulent and other unlawful actions. These technologies are also vital to keep your information and our Services secure;
  • Enabling features and services. Some cookies enable us to provide you with the functionality offered by the Services as well as to remember your settings and preferences. For example, such cookies are used to remember the language you chose;
  • Analytics. This type of cookies helps us to evaluate our Services, and help us customize and improve them.

You can manage your cookie preferences through our pop-up cookie banner that appears when you first visit the website, through your browser settings and other tools on your device.

Some of the cookies are placed by third parties. You may visit their websites and read their privacy policies:

Your rights

We respect your rights to determine how your personal data is used and seek to ensure that you are able to exercise your rights at any time to the extent required by the law and the regulation. These rights include:

Right of access to your personal data

You have the right to ask us for access to your personal data that we process and to ask for a copy of such personal data.

Right to rectification

You have the right to ask us to update your personal data and to request the rectification of inaccurate personal data.

Right to erasure (‘right to be forgotten’) and the right to restriction

If at any time you decide that you do not want us to retain any personal data we collected from you, you may request we delete your data. You may also request the restriction of the processing of your personal data such as where the accuracy of the data is being contested or the processing is unlawful. We will take reasonable measures to comply with your request to the extent required by applicable law and regulation.

Right to data portability

You have the right to receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format and to transmit such data to another controller. You also have the right to have your personal data transmitted directly from us to another data controller only when you have asked us to do so and have consented to such sharing, and when technically feasible.

Right to object

You may object to the processing of your personal data on grounds relating to your particular situation and particularly when the processing is based on our legitimate interests. You have also the right to object to the processing of your personal data for direct marketing purpose.

Right to withdraw your consent

You have the right to withdraw your consent at any time, when the processing is based on your consent.

Right to lodge a complaint with the CNPD (National Commission for Data Protection)

You have the right to lodge a complaint with the CNPD, where you believe that your data is being processed in a way that does not comply with the applicable law and regulation, by filling in an online complaint form available on the CNPD website or by letter addressed to Commission Nationale pour la Protection des Données, Service des Réclamations, 1, Avenue du Rock'n'Roll, L-4361, Esch-sur-Alzette. When you reside in another EU member state, you have the right to lodge your complaint with your local data protection supervisory authority.

How you can exercise your rights

All the above listed rights may be exercised through the following channels:

How we protect your data

In accordance with the law and regulation, we take appropriate technical (IT security) and organisational measures (contractual measures) to ensure the protection of your personal data. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.

Contact Us

Should you have any questions about this Privacy Policy, please do not hesitate to send us an e-mail at: Also, you could contact us via

Open your free account
Scan the QR code👇 with your phone to download Joompay app