JoomPro Privacy Policy

This Privacy Policy, also referred to as “Policy” describes how JoomPro uses and protects the information we process about our users. Any use (including registration or visit) of the JoomPro service (the Service) is subject to this Policy and updates thereof.

The controller of your data is SIA Joom (registration number: 40103993365, VAT number LV40103993365, registered at Gustava Zemgala st. 78-1, LV-1039, Riga, Latvia) (email for personal data management requests: privacy@joom.com).

1. Data that we collect and process

In course of your use of our Service, we collect and process certain data relating to you. “You” means an individual authorized to act on behalf of a person who is a party to the current terms of use of the Service. Please note that this Policy covers only the processing of data that you provide to us in your capacity as a representative. Information regarding a legal entity or sole proprietor does not fall within the scope of this Policy.

Data you provide to use the Service

In order to provide you with our services, we will require certain information relating to you. In particular, we will require your name, your email address and phone number in order to contact you. Such information can be requested from you both through the Service and through other interfaces of communication, for example, via e-mail.

While you use our Service, you may contact our support agents at any time. Please note that your interactions with the support agents are monitored and may be stored following the resolution of your issue in order to assist you in subsequent inquiries as well as to improve our Service.

Webform data

You are invited to fill in various forms available on our Service, including, for example, the feedback form. The contents of the form may differ, but they typically request your contact data (name, email, phone number) as well as useful input (such as your feedback, your preferences and interests etc.).

Technical data relating to your visit

We aim to better understand how our Service is used. To this end, we collect certain technical data when you visit the Service, such as your device details and details regarding your connection (such as IP address).

This data may include, inter alia, your user id, UTM labels. We receive the relevant information about your visits and interaction with third-party services provided by others, the country where you are currently located, advertising that you click on, cookies, device information and internet protocol (“IP”) address (if applicable). If you use our Service from a mobile device, that device will send us data about your chosen language interface based on your phone settings, your advertising ID. We may also obtain additional available information regarding your device in order to tailor the Services to you.

Information we receive from third parties

Users prefer their orders and other user-generated information to remain safe and up to date when changing or using numerous devices. To make this possible, we support registration through social networks, so that your user account can be accessed in the future.

Should you decide to use your social media login (e.g. Facebook Login) to create and log into your account, you share some information (including your social id with us, as well as other information that you choose to share when establishing your social login, including your name, photo, gender etc.). This saves you from having to remember yet another username and password. We may receive info about you from our partners, e.g. when our ads are published on our partners’ websites and platforms (they will share with us details on the marketing aspects).

2. Duration of processing

We process your data no longer that it is necessary for the purposes identified in this Policy. Unless we are obligated by law to retain such data, we safely delete or anonymize the data so it may no longer be attributable to you in accordance with our retention policies. We may keep de-personalized information after your account is closed.

Below you may find the factors we take into consideration when determining specific retention periods:

  • For processing based on your consent we store your data as long as necessary to achieve the purpose indicated in your consent or until you withdraw it, whichever earlier;
  • For processing based on performance of a contract with you the retention period is generally the duration of the contract;
  • For processing based on our legal obligation, the terms are provided under the relevant law;
  • For processing based on legitimate interests, the specific retention term is determined based on the balance between risks for your rights and freedoms against our legitimate interests.

3. Purposes of processing and legal basis for data processing

In order to process your personal data, we need to establish and secure a lawful basis in accordance with the requirements of the applicable law. You may be acquainted with consent as one of the lawful bases that you come across while using this or other services. Apart from consent, there are, however, other grounds for processing your data. For example, we will need to process your data in order to perform our contract with you. In other cases, we may be obliged by the law to process certain data, for example, under applicable accounting law. Furthermore, in certain cases we may have legitimate interest to process your data.

Please note that each legal basis comes with its own set of rights granted to you attached to it. Please read the below section carefully, since, for example, we will not be able to stop processing data in connection with our performance of the contract without terminating our contract with you.

Processing is necessary for the performance of a contract with you or in order to take steps to enter into a contract with you, such as use of our Services

  • Performance of your contract with us;
  • Provision of user support services to you.

Processing is necessary to comply with our legal obligations

  • Retention of data in order to comply with specific applicable retention requirements, including those under applicable accounting law.

Processing is based on our legitimate interest

  • Participation in judicial, enforcement and other similar proceedings by state courts, supranational bodies, enforcement agencies, arbitral tribunal etc. with respect to protection of interests of JoomPro and/or third parties as well as prosecution of illegal activities where it is proportional, taking into account all relevant factors, to disclose the information to third parties;
  • Maintenance of information security of our Service;
  • Development of information security of our Service;
  • Prevention, detection and investigation of security breaches, fraudulent and other prohibited or unlawful activities;
  • Communication of advertising messages and other content to you where such communication is not subject to consent;
  • Evaluation, monitoring of user actions to assess the success of our marketing actions;
  • Performance of analysis of user behavior, including analytics allowing us to tailor and improve our Service to provide the best experience to you specifically and to make our suggestions generally more relevant;
  • Customization of content made available to you and recommendations based thereon;
  • Development and improvement of our Service, including provision of safer and smoother authentication, provision of site features as remembering your shopping cart or interface language chosen;
  • Review of your communications left on our Services (e.g. your product feedback) automatically and manually in order to ensure that such feedback and products are acceptable to other users.

Processing based on your consent

  • Communication of advertising to you where the local law requires your consent to do so;
  • Optimization of our advertising functions, such as personalization of advertisement shown to you, including through cookies, where the local law requires your consent to do so.

4. Recipients of your data

Where necessary, we transmit personal data pertaining to you the to the following recipients:

  • Members of our group of companies and affiliated entities;
  • Merchants who you entered into sales agreement with;
  • Payment service providers;
  • Companies providing shipping services and customs clearance brokers in order to deliver purchases to you;
  • Companies providing security services to us, including the Google reCAPTCHA tool (please see their Terms of Use and Privacy Policy for more info);
  • Law enforcement agencies, courts, government agencies or public authorities;
  • Third party service providers;
  • Third parties involved in judicial and/or administrative proceedings.

5. Technical and organizational security measures followed by the controller

In accordance with the applicable requirements, we have determined and implemented appropriate technical and organizational measures to safeguard your data against accidental loss and unauthorized disclosure.

We require our processors acting under our instructions to protect any data they may receive in a manner consistent with this Policy. We do not allow them to use such information for any other purpose.

6. International data transfers

In order to provide our service, we process, incl. transmit your data within the EU as well as outside of it. In the latter case we undertake all the necessary safeguards provided under the applicable legislation.

Where data is transferred outside of the EU to a territory that has not been deemed adequate by the European Commission, we rely on appropriate safeguards under Article 46 of the GDPR. As a rule, the safeguard applied is that the transfer is subject to standard contractual clauses (SCC) adopted by the European Commission binding upon recipients of your data. You may learn more about the standard contractual clauses here.

7. Your Rights

You are entitled to contact JoomPro with requests for exercising of rights granted under the applicable data protection law.

We will process your request and provide you the relevant option without undue delay within 30 days after such request has been submitted. When you make such requests, we may need time to investigate and facilitate your request. After we process your request we will send you a confirmation at the email address that you provide us for this purpose.

When you submit such request you warrant and represent that you are the natural person in relation to which the contemplated data have been provided, shared and/or processed and you have full capacity and authority to submit such request. We reserve right to check this based on the data, that was shared with us, in case we have doubts and also to provide this information to the third parties, including the authorities, should they lawfully request such information.

Pursuant to the GDPR, you have the following rights with respect to your data:

  • Request access your data as well as receive personal data relating to you in a structured, commonly used and machine-readable format (right to data portability).
  • Request rectification of your data where the data is inaccurate. You may edit your data through your account settings.
  • Withdraw your consent, which will result in the termination of processing based on your consent as the lawful basis for personal data processing.
  • Object to processing of your personal data where the data processing is based on our legitimate interest. In order to process your request we kindly ask you to provide the ground for your particular situation why you object. We will cease processing related to direct marketing purposes upon your objection.
  • To have your data erased, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation which requires processing by Union or Member State or for the performance of a task carried out in the public interest; for the establishment, exercise or defence of legal claims.
  • To restrict processing where the accuracy of the personal data is contested by you; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; we no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; you have objected to our use of your data pending the verification whether such processing should be carried on.
  • To lodge a complaint with the supervisory authority in accordance with their competence. Typically, you may address the supervisory authority of your place of residency, as well as the supervisory authority as the registered address of the controller.

You may manage your data by sending an email at privacy@joom.com in case you have any other request not listed above or you have any question in connection therewith.

You may also have the right to contact our Data Protection Officer via privacy@joom.com.

Should you wish to communicate with us via mail:

SIA “Joom”
Address:
Gustava Zemgala st. 78-1, LV-1039, Riga, Latvia

Country Annex

Russia

For purposes of compliance with Russian law and to the extent the processing under this Policy relates to processing of personal data subjects in Russia, this country annex for Russia applies.

  • Any reference to GDPR and applicable legislation is deemed to include the Russian Federal Law 152-FZ “On personal data” (as amended from time to time).
  • The terms “controller” and “processor” used in this Policy shall be deemed to be equivalent to the definition of “operator” and “person processing data under assignment”, respectively, as provided by the Russian Federal Law 152-FZ “On personal data” (as amended from time to time).
  • Section 5. Technical and organizational security measures followed by the controller shall be amended as follows:
    • The heading shall read “Legal, organizational and technical security measures followed by controller”;
    • The first paragraph of section 5 shall read “In accordance with the applicable requirements, including Article 19 of the Russian Federal Law 152-FZ “On personal data”, we have determined and implemented appropriate legal, organizational and technical measures to safeguard your data against accidental loss and unauthorized disclosure.”;
  • To the extent allowed by applicable law and solely for purposes of compliance with Russian law, the use of the Service constitutes acknowledgement and consent to the Policy’s contents as an alternative to the legal bases provided herein, should they be deemed invalid by the Russian data protection authority or applicable judicial authority.
  • The rights provided under Articles 14-17 of the Russian Federal Law 152-FZ “On personal data” are incorporated herein by reference to the extent they are not already covered by Section 7. Your Rights and are not in conflict with other provisions of this Policy.