Privacy Notice
This Privacy Notice explains how we, Joom, the company that operates Joom marketplace, including the joom.com website (the ‘Website’) and Joom app (the ‘App’), handle your personal data when through the Website and/or App we make available to you any resources, features, functionality, or services (all together the ‘Services’). For the avoidance of doubt, the term ‘Website’ shall include https://www.joom.com and other websites operated by SIA Joom in connection with Joom marketplace.
When we mention "you" and "your" data, we are referring to users of our website joom.com and our Joom apps, as well as customers of the Joom marketplace.
General Information about…
1. This Notice and how to read it
Our goal with this Privacy Notice is to provide you with clear information about when, why, and how we process your personal data. To help you navigate through the information easily, we have divided it into two parts.
First, we have compiled all the general information you should know about:
- How to read this Privacy Notice (you are reading this section right now).
- The data controller and useful contacts.
- Your rights of the data subject and how to manage your data shared with us.
- Limitations of the Services associated with data processing.
- Security measures that we implement to ensure security of data processing.
- Retention of data.
- Automated decision making.
- Terms used in this Privacy Notice.
Second, we have organized details of our processing activities into sections that cover the main stages of your interaction with Joom:
- Using the Website and the App: This section includes general information about the processing activities related to common operations on the Website and App, as well as marketing activities. Here you can also find information about our use of cookies.
- Making an order on Joom: This section describes all the stages involved in fulfilling an order, such as payment, delivery, and so on.
- Interacting with Joom user support: This section covers how we process your data when providing user support.
- Sharing your feedback: This section explains how your data is processed when you share your thoughts through comments or participate in customer research activities.
- Complying with applicable legal requirements: This section addresses processing of your data in connection with our legal obligations and the need to defend our rights and assist third parties in defending their rights.
Each section provides details about the processing activities relevant to the specific way you interact with Joom, including the purpose and legal basis for the processing, categories of data processed, and information about sharing data with third parties, including data transfers outside the EU/EEA. If you want more information on a specific topic, you can click on "learn more" to access the details.
General information that applies to all processing activities, such as your rights, automated decision making, and data retention practices, is available at the beginning of the document.
The version of this Privacy Notice available at https://www.joom.com/privacy is always the effective one. Sometimes, we update the Privacy Notice, and in such an event, the new version will become effective from the date of its publication, unless otherwise explicitly stated. If any major changes occur, we will reach out to ensure that you stay informed. The previous versions of this Privacy Notice can be found at the bottom of this page.
If you believe there is something missing or have any questions, feel free to contact our support team.
2. Data Controller and Useful Contacts
The controller of your personal data is SIA Joom, a company incorporated and registered under the laws of the Republic of Latvia with company number 40103993365, legal address: Gustava Zemgala gatve 78-1, Rīga, Latvija, LV1039. You can access the terms governing your relationship with SIA Joom in the Terms of Use.
If you need to reach out to us or require any assistance, please contact:
- Us (by regular mail): SIA “Joom”, Gustava Zemgala st. 78-1, LV-1039, Riga, Latvia.
- Our privacy team: for any inquiries regarding the management of your data or to exercise your rights, please contact our privacy team at privacy@joom.com.
- Our Data Protection Officer: if you have any specific concerns or questions regarding data protection, you can reach out to our Data Protection Officer at privacy.officer@joom.com.
To contact the Data State Inspectorate, our lead supervisory authority (data protection authority), you can send an email to pasts@dvi.gov.lv or reach them by regular mail at the following address: Elijas iela 17, Rīga, LV-1050, Latvia.
3. Your Rights and How to Manage Your Data
According to the GDPR, you have certain rights as a data subject, including the right to access, right to data portability, right to rectification, right to withdraw consent, right to object, right to erasure, right to restriction of processing, right to lodge a complaint, and right to contact a Data Protection Authority (DPA). Please be aware that there may be limitations or exceptions to these rights, depending on the specific circumstances and legal requirements.
It's important to note that you also have the right to information, so if anything is unclear, please don't hesitate to contact us and ask any questions. Below, you can find more information about these rights and how you can exercise them.
Learn more
Right to Access: You have the right to request access to the personal data we hold about you. We will provide you with information about the processing, including the purposes of the processing, the categories of personal data involved, recipients of your data, etc.
Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format.
Right to Rectification: If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request its correction or update.
Right to Withdraw Consent: If we process your personal data based on your consent, you have the right to withdraw it at any time. Please note that this will not affect the lawfulness of processing based on consent before its withdrawal.
Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing your data, unless we have compelling legitimate grounds or need to continue for legal reasons. Processing related to direct marketing purposes will be ceased upon your objection.
Right to erasure: You have the right to request the erasure of your personal data, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation which requires processing by Union or Member State or for the performance of a task carried out in the public interest; for the establishment, exercise or defense of legal claims.
Right to Restriction of Processing: You have the right to request the restriction of processing your personal data where the accuracy of the personal data is contested by you; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; Joom no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; you have objected to our use of your data pending the verification whether such processing should be carried on.
Right to lodge a complaint: You have the right to lodge a complaint with the supervisory authority that has jurisdiction over your place of residence or with our lead supervisory authority, the Data State Inspectorate (Datu valsts inspekcija). To lodge a complaint with our lead supervisory authority, you can choose one of the following methods:
a) Send a complaint signed with a secure electronic signature to the official email address of the State Inspectorate at pasts@dvi.gov.lv or through the E-address information system.
b) Send a complaint signed by hand via mail or place it in the mailbox located on the 1st floor of the Data State Inspectorate at Elijas iela 17, Rīga, LV-1050.
For document samples and up-to-date information on filing a complaint, please visit: https://www.dvi.gov.lv/lv/iesniegumu-paraugi.
In the Settings section of the App, you can choose any of the personal data management options that you prefer. Once you submit a request, we will process it and provide you with the relevant reply promptly, within 30 days. Please note that in some cases, we may require additional time to investigate and facilitate your request. After we have processed your request, we will send a confirmation to the email address you have provided for this purpose.
By submitting such a request, you warrant and represent that you are the natural person to whom the relevant data pertains, and that you have the full capacity and authority to make this request. We reserve the right to verify this information based on the data shared with us, especially if we have any doubts. Additionally, if lawfully requested, we may be required to provide this information to third parties, including authorities.
4. Limitations of the Services
As described above, you have the option to choose not to provide us with certain data, request the deletion of your account, or withdraw your consent if the processing of your data is based on it. However, please note that these actions may affect the services we offer you. For example, the functionality of the services may be limited, we may become unable to complete your transactions, provide you with personalised experiences, or communicate our best offers to you.
Learn more
Limited functionality: Some features of the Services require personal data to function properly. If you choose not to provide the necessary information, it may limit your access to specific functionalities or services. For instance, without providing an email address, you will not receive order confirmations or updates. Additionally, if you make an order without creating an account, you will not be able to access your order history without contacting our user support and underging identity verification.
Incomplete transactions: If you refuse to provide the personal data required to complete a transaction, such as shipping address or payment details, we may not be able to process your order.
Personalized experiences: If you choose not to provide the personal information necessary to personalize your experience, such as by disabling cookies, we may not be able to offer customized recommendations, targeted advertising, or personalized content. As a result, you may have a more generic and less tailored user experience.
Communication limitations: If your consent is the basis for processing your data for marketing or communication purposes and you choose to withdraw it, we will refrain from sending promotional offers, newsletters, or updates. This may reduce our ability to engage with you as a customer and provide relevant information.
5. Security Measures
We take the protection of your personal data seriously. In accordance with the applicable requirements, we have determined and implemented appropriate technical and organizational measures to safeguard your data against accidental loss and unauthorized disclosure. It’s also worth noting that we are certified PCI-DSS 3.2.1 standard compliant for processing cardholders' data, which is relevant for handling payment information. The implemented security measures and their effectiveness are monitored on ongoing basis and reviewed as may be necessary.
Learn more
Access Controls: We have established strict access controls to limit who can access your personal data. This includes user authentication, strong passwords, and role-based permissions.
Data Encryption: We employ encryption techniques to protect your personal data during transmission and storage. This helps prevent unauthorized access and ensures the integrity of your information.
Regular Data Backups: We regularly back up your data to secure storage systems, minimizing the risk of data loss or corruption. This allows us to restore your information in the event of any unforeseen incidents.
Firewall and Intrusion Detection Systems: We utilize firewalls and intrusion detection systems to monitor and protect our network infrastructure from unauthorized access and potential threats.
Employee Training and Awareness: Our employees undergo regular training on data protection and privacy practices. They are aware of their responsibilities and obligations regarding the handling of personal data.
Third-party Contractor Management: We ensure the security of personal data by establishing comprehensive contractual agreements that enforce strict data protection and information security requirements for our external contractors. We continuously monitor and assess their adherence to these obligations to maintain the highest level of data privacy and compliance.
6. Data Retention
We understand the importance of data retention and maintain your personal information in strict accordance with our internal data retention policy. Our main principle is to retain and use data only for as long as necessary to fulfill the established purpose of the data processing. When establishing retention periods, we carefully assess the purpose of data processing, the scope of the processed data, their expected accuracy and usability in relation to the relevant purposes, as well as the legal basis for the processing. Below, you will find more information about how we set our retention periods and how you can influence the retention process.
Learn more
Since the legal basis of the processing significantly affects your control over the data, we believe that describing our retention practices using legal bases as a starting point is a good and convenient way to explain our data retention practices to you.
Here is a brief overview of our data retention practices based on different legal bases:
Performance of our contract: When we process your personal data based on the performance of our contract, we will retain your information for as long as necessary and possible to fulfill our contractual obligations and provide you with the necessary support. In most cases, the retention period will be two (2) years from the last use of the Services, unless we consider your account 'non-active' and delete it, or thirty (30) days from your request to delete your account. Please note that even after we cease retaining the data for contract performance purposes, we may still retain the same data for other purposes based on a different legal basis, such as our legitimate interest in protecting our rights or complying with applicable legal requirements.
Consent: If you have provided consent for the processing of your personal data, we will retain your information for as long as your consent remains valid. You have the right to withdraw your consent at any time, and upon withdrawal, we will securely delete or anonymize your data, unless there is another active purpose of processing with a different legal basis, such as stopping email communications for marketing purposes but still sending order updates by email.
Legitimate Interest: When processing data based on our legitimate interests, we will retain your information for as long as necessary to achieve the legitimate purpose. In most cases, where the information may become outdated and irrelevant for processing purposes, the retention period is two (2) years from your last use of the Services. If the legitimate interest is connected with the protection of rights and legal claims, the retention period depends on the applicable limitation of actions period. Please be informed that when processing and retaining personal data based on our legitimate interests, we always assess and balance our interests against your rights and freedoms, ensuring that your privacy is respected and protected.
Fulfilment of a legal obligation: In cases where we are legally obligated to process your personal data, we will retain your information for the period specified by applicable laws and regulations. This may include compliance with tax, product safety, or other legal requirements.
Please note that these retention periods are subject to periodic review to ensure compliance with applicable laws and evolving business needs. Once the retention period expires, we will securely dispose of or anonymize your personal data in a manner that protects your privacy.
7. Automated Decision Making
Automated decision making refers to the use of algorithms, artificial intelligence, or other automated systems to analyze and make decisions based on your personal data. However, in our case, these decisions are limited to non-legal matters and are solely used to improve our services, enhance user experience, or provide personalized recommendations.
8. Terms and Definitions
In this Privacy Notice, we use certain terms and definitions that are important to understand. The terms used in this Privacy Notice shall have the same meaning as defined in the GDPR, the General Data Protection Regulation, EU law regarding data protection and privacy which governs how we process personal data, and shall be interpreted in accordance with it, unless an alternative definition is explicitly provided.
To make this Privacy Notice easier to read and to refer to the legal bases of data processing or data transferring when providing you with information about them, we will not specify the GDPR article every time. Instead, we will use general terms such as 'legitimate interest', 'legal obligation', etc. You can always find a short description of the legal bases and the exact GDPR articles we are referring to below.
Learn more
Performance of our contract: This term refers to the legal basis provided under Article 6(1)(b) of the GDPR. It means that the processing of personal data is necessary for the performance of a contract between you as a data subject and us, or to take steps at your request before entering into a contract. The contract here refers to the Terms of Use that you agree to when using our Services.
Legitimate interest: This term refers to the legal basis provided under Article 6(1)(f) of the GDPR. It means that the processing of personal data is necessary for the legitimate interests pursued by us or a third party. However, we want to clarify that we do not rely on this legal basis unless we have determined that our interests are not overridden by your interests or fundamental rights and freedoms as the data subject that require protection of personal data.
Consent: This term refers to the legal basis provided under Article 6(1)(a) of the GDPR. It means that your personal data are processed because you as a data subject have given your consent to the processing.
Legal obligation: This term refers to the legal basis provided under Article 6(1)(c) of the GDPR. It means that the processing of personal data is necessary for compliance with a legal obligation to which we, as the controller, are subject.
The standard contractual clauses approved by the EU Commission: This term refers to the appropriate safeguard for transfer of personal data to a third country provided under Article 46(2)(c) of the GDPR. For the purposes hereof, a third country is a country which is not in the EEA territory and is not recognized by the EU Commission as a country that ensures an adequate level of protection. You can request more information about the clauses we use when transfer personal data to a third country by contacting our support team.
Derogation: This term refers to specific conditions provided under Article 49 of the GDPR, on which personal data can be transferred to a third country without applying appropriate safeguards such as the standard contractual clauses approved by the EU Commission.
Information about Data Processing in connection with…
1. VISITS TO AND USE OF JOOM
In this section, we will explain how we handle your personal data when you use our website and/or app. This includes activities such as creating a Joom account, browsing pages, searching for items, adding them to your favorites or cart, making orders, checking order details, viewing previous orders, and seeing ads, among others.
Please be aware that these data processing activities occur throughout your entire experience with Joom. This applies when you create an account, access the Website or App, place an order, contact our user support, leave comments, or read comments from other users.
If you don't have a Joom account, please note that the usage data we collect is anonymous. However, when you sign in, the information about your previous use of the Website and App will be connected to your account and become personally identifiable to us. Information about our use of cookies can be found in this section as well.
Purposes of Processing, Types of Data, Legal Bases
When you visit and use the Website and/or the App, we collect, store, use, and, where required for better performance, transmit to third parties, information associated with your use of the Website and App, including Basic Account Information, Third Party Login, Demographic Information (i.e., age range), Public Profile Information, Content Information, Stored Information (i.e., photographs on your mobile device’s camera roll), Device Information Device and Log Information, Location Information, User Behavior and Analytics Data, Order(s) Data, Delivery Information, Contact Details, Communications With Us. We do so to enable you to use the Website, App, and Services, maintain and ensure security of your use and develop new features of our Website and App, enhance your user experience. This is based on the contract we enter with you when you accept our Terms of Use and our legitimate interest in operating Joom business successfully which consists of some more specific interests described below.
We also engage in marketing activities such as showing you personalized ads, issuing coupons for you, and measuring the results of all these steps. For these purposes, we use data such as Location Information (approximate, mostly on a country-level), Device Information, User Behavior and Analytics Data, and Contact Details. We do so in pursuit of our legitimate interest in promoting our App, Website, and Services, which consists of some more specific interests described below, unless applicable laws require us to obtain your consent for such processing activities, including communicating with you. In such an event, you have the option to refuse or withdraw your consent later.
Some business decisions may lead to the necessity of transferring your account to our business partner/successor. Based on our and our partner's/successor's legitimate interest in maintaining your great user experience and loyalty to the Joom brand, we will transfer Basic Account Information, Demographic Information (i.e., age range), Public Profile Information, Delivery Information, ID Details, Content Information, Communications with us, Third Party Login, Order(s) Data to such business partner/successor.
Learn more
Purpose of Data Processing | Categories of Data | Legal Basis |
General operational activities | ||
Creating and maintaining your user account and enabling you to use all connected features like keeping your shipping details for smoother ordering, list of your favorite items, and order history. | Information You Provide to Us:
Basic Account Information, e.g., login email, password, name, username.
Information We Receive from Third Parties:
Third Party Login, i.e., login information (i.e., a connection token, your username, your email address) we receive through a service like Google or Facebook when you choose to create or log in to your Joom account through such third party service.
| Performance of our contract with you. |
Enabling you to use the Website, App, and Services, e.g. to search and view goods, share your feedback and recommendations regarding the goods purchased, including through our social networking functions. | Information You Provide to Us:
Basic Account Information, e.g., login email, password, name, username.
Demographic Information, i.e., your age range (that your age is 18+).
Public Profile Information, e.g., username, photo, and any other information you provide in your public profile.
Content Information, e.g., content of your comments and reviews, including any media you upload.
Stored Information, i.e., photographs on your mobile device’s camera roll which can be accessed via our App when you permit us to.
Information We Collect Automatically:
Please note that certain information is obtained through the use of cookies, please learn more about them below.
Device and Log Information, e.g., information that web browsers, mobile devices, and servers typically make available, including browser type, IP address, unique device identifiers, referring site, date and time of access, language preference, time zone, mobile network information, technical device information (hardware model, OS version, App version, screen dimensions), connectivity information, notification settings, any errors or event failures.
Location Information, i.e., the approximate location of your device based on your IP address.
| Performance of our contract with you. |
Tailoring our Services to provide the best experience to you specifically by remembering your shopping cart or interface language chosen. | Information We Collect Automatically:
Please note that certain information is obtained through the use of cookies, please learn more about them below.
User Behavior and Analytics Data, e.g., UTM labels, information about your visits and interactions with third-party services, the advertising you click on, your product views, searches, clicks, time spent on pages, items added to carts, and other data derived from your use of the Website, App, and Services or third-party services that share such data, including through cookies.
Device and Log Information, e.g., information that web browsers, mobile devices, and servers typically make available, including browser type, IP address, unique device identifiers, referring site, date and time of access, language preference, time zone, mobile network information, technical device information (hardware model, OS version, App version, screen dimensions), connectivity information, notification settings, any errors or event failures.
| Our legitimate interests, namely, enhancing your user experience; improving and developing our products and services and their features. |
Customization of content made available to you and recommendations based thereon, and to make our suggestions generally more relevant by performing analysis of user behavior. | Information We Collect Automatically:
Please note that certain information is obtained through the use of cookies, please learn more about them below.
Device and Log Information, e.g., information that web browsers, mobile devices, and servers typically make available, including browser type, IP address, unique device identifiers, referring site, date and time of access, language preference, time zone, mobile network information, technical device information (hardware model, OS version, App version, screen dimensions), connectivity information, notification settings, any errors or event failures.
Location Information, i.e., the approximate location of your device based on your IP address.
User Behavior and Analytics Data, e.g., UTM labels, information about your visits and interactions with third-party services, the advertising you click on, your product views, searches, clicks, time spent on pages, items added to carts, and other data derived from your use of the Website, App, and Services or third-party services that share such data, including through cookies.
Information We Receive from Third Parties:
Please note that certain information is obtained through the use of cookies, please learn more about them below.
User Behavior and Analytics Data, e.g., UTM labels, information about your visits and interactions with third-party services, the advertising you click on, your product views, searches, clicks, time spent on pages, items added to carts, and other data derived from your use of the Website, App, and Services or third-party services that share such data, including through cookies. | Our legitimate interests, namely, enhancing your user experience; improving and developing our products and services and their features; or
Consent, where the use of tools gathering information requires obtaining your consent.
|
Maintenance, development, and improvement of our Services, including provision of safer and smoother authentication, provision of the Website and App features, maintenance, development, and improvement of information security of our Services and prevention, detection, investigation, and suppression of unlawful activities, including security breaches and fraud. Processing for this purpose includes creating and maintaining logs to monitor performance of our Services, identify and correct errors, improve and develop our Services. | Information You Provide to Us:
Basic Account Information: login email, name, username.
Information We Collect Automatically:
Please note that certain information is obtained through the use of cookies, please learn more about them below.
Device and Log Information, e.g., information that web browsers, mobile devices, and servers typically make available, including browser type, IP address, unique device identifiers, referring site, date and time of access, language preference, time zone, mobile network information, technical device information (hardware model, OS version, App version, screen dimensions), connectivity information, notification settings, any errors or event failures.
User Behavior and Analytics Data, e.g., UTM labels, information about your visits and interactions with third-party services, the advertising you click on, your product views, searches, clicks, time spent on pages, items added to carts, and other data derived from your use of the Website, App, and Services or third-party services that share such data, including through cookies.
Location Information, i.e., the approximate location of your device based on your IP address.
Order(s) Data, e.g., order(s) contents, purchase price, the date and location of the transaction(s), order(s) status, payment status, delivery status.
| Our legitimate interests, namely enhancing your user experience; improving and developing our products and services and their features; ensuring and improving security of our products and services; protecting and securing our users, customers, business, and partners. |
Checking restrictions applicable to your jurisdiction based on general location data to determine the restrictions applicable in your jurisdiction. | Information We Collect Automatically:
Location Information, i.e., the approximate location of your device based on your IP address.
| Performance of our contract with you. |
Providing communications related to our services by email and/or push notifications. | Information You Provide to Us:
Contact Details, e.g., your email address.
Information We Collect Automatically:
Device Information, e.g., operating system, language preference, time zone, the App version you use, your notification settings.
| Performance of our contract with you. |
Transmitting your account to our business partner/successor providing marketplace services in Armenia, Russia, and Belarus (please note, that this applies only if you made any orders with delivery to Armenia, Russia, or Belarus). | Information You Provide to Us:
Basic Account Information, e.g., login email, password, name, username.
Demographic Information, i.e., your age range (that your age is 18+).
Public Profile Information, e.g., username, photo, and any other information you provide in your public profile.
Delivery Information, e.g., delivery method, delivery address.
ID Details, e.g., tax ID; applies only where provision of ID details is required by applicable customs laws and regulations.
Content Information, e.g., content of your comments and reviews, including any media you upload.
Communications with us, e.g., your inquiries to our user support, responses to surveys.
Information We Receive from Third Parties:
Order(s) Data, e.g., order(s) contents, purchase price, the date and location of the transaction(s), order(s) status, payment status, delivery status.
Third Party Login, i.e., login information (i.e., a connection token, your username, your email address) we receive through a service like Google or Facebook when you choose to create or log in to your Joom account through such third party service.
| Our and our partner’s/successor’s legitimate interests, namely, maintaining your great user experience when our business changes; maintaining your loyalty to Joom brand. |
Marketing activities | ||
Showing you personalized ads. | Information We Collect Automatically:
Please note that certain information is obtained through the use of cookies, please learn more about them below.
Location Information, i.e., the approximate location of your device based on your IP address.
User Behavior and Analytics Data, e.g., UTM labels, information about your visits and interactions with third-party services, the advertising you click on, your product views, searches, clicks, time spent on pages, items added to carts, and other data derived from your use of the Website, App, and Services or third-party services that share such data, including through cookies.
| |
Optimization of our advertising functions. | Information We Collect Automatically:Please note that certain information is obtained through the use of cookies, please learn more about them below.
User Behavior and Analytics Data, e.g., UTM labels, information about your visits and interactions with third-party services, the advertising you click on, your product views, searches, clicks, time spent on pages, items added to carts, and other data derived from your use of the Website, App, and Services or third-party services that share such data, including through cookies. | Our legitimate interests, namely, promoting our products and services; improving our marketing activities. |
Performing direct marketing activities, including communicating our marketing materials by email, push notifications, and other electronic means. | Information You Provide to Us:
Contact details, e.g., email, phone number.
Information We Collect Automatically:
Please note that certain information is obtained through the use of cookies, please learn more about them below.
Device Information, e.g., operating system, language preference, time zone, the App version you use, your notification settings.
Location Information, i.e., the approximate location of your device based on your IP address.
| Our legitimate interest, namely, promoting our products and services (unless where such communication is subject to consent); or
Consent, where required by applicable laws.
|
Issuing coupons including personalized, executing them, and measuring and analysing their effectiveness. | Information We Collect Automatically:
Please note that certain information is obtained through the use of cookies, please learn more about them below.
Device Information, e.g., operating system, language preference, time zone, information about the App version you use, your notification settings.
Location Information, i.e., the approximate location of your device based on your IP address.
User Behavior and Analytics Data, e.g., UTM labels, information about your visits and interactions with third-party services, the advertising you click on, your product views, searches, clicks, time spent on pages, items added to carts, and other data derived from your use of the Website, App, and Services or third-party services that share such data, including through cookies.
| Our legitimate interests, namely, promoting our products and services; enhancing your user experience; improving our marketing activities. |
Assessing and ensuring the success of our marketing actions by monitoring and evaluating user’s actions and that deep-links from our advertisements you find on third party sources lead to the exact product you were interested in. | Information We Collect Automatically:
Please note that certain information is obtained through the use of cookies, please learn more about them below.
User Behavior and Analytics Data, e.g., UTM labels, information about your visits and interactions with third-party services, the advertising you click on, your product views, searches, clicks, time spent on pages, items added to carts, and other data derived from your use of the Website, App, and Services or third-party services that share such data, including through cookies.
| Our legitimate interests, namely, promoting our products and services; improving our marketing activities. |
Data Recipients and Transfers Overseas
To enable you to use our Website, App, and Services we use certain third party IT services such as hosting, IT development, email automation services. The data we process to provide our Services to you are hosted in the EU territory, but some of our partners are located outside the European Union (EU) / European Economic Area (EEA) and transmission of personal data to them (even by providing access to data) constitutes a restricted data transfer. In such event as appropriate safeguards we use standard contractual clauses approved by the EU Commission.
To carry out our marketing campaigns, promote our Services, and show you ads, including personalized ads, we use third party marketing, analytics, and alike services. Some of these partners are based outside of the EU/EEA and transmission of personal data to them constitutes a restricted data transfer. In such event as appropriate safeguards we use standard contractual clauses approved by the EU Commission.
When we need to transfer your user account to our business partner/successor, we need to transmit the data associated with the account. If the business partner/successor is based outside of the EU/EEA, the transmission of personal data to them constitutes a restricted data transfer. In such an event, we use appropriate safeguards such as standard contractual clauses approved by the EU Commission.
Learn more
Category of Data Recipients | Purpose of Data Sharing | Restricted Transfer |
Hosting services, e.g. AWS. | Hosting all data and information to provide our Services and enable work of our Website and App. | No |
IT development services providers. | Maintenance, development, improvement of our Website, App, and Services. | If the necessary services are provided by a partner based in a non-EU/EEA country, a restricted data transfer occurs. In such cases, we will make every effort to abide by the standard contractual clauses approved by the EU Commission. |
Email notification automation services providers. | Sending you functional and marketing emails. | If the necessary services are provided by a partner based in a non-EU/EEA country, a restricted data transfer occurs. In such cases, we will make every effort to abide by the standard contractual clauses approved by the EU Commission. |
Marketing and ads services providers, including TikTok and Trusted Shops with whom we act as joint data controllers – you can learn more about our joint controllership agreements here: Additional information about recipients of your personal data. | Performing marketing campaigns, providing ads to you, including personalized ads, and ensuring their effectiveness. | If the necessary services are provided by a partner based in a non-EU/EEA country, a restricted data transfer occurs. In such cases, we will make every effort to abide by the standard contractual clauses approved by the EU Commission. |
Business partner/ successor to whom we might need to transfer your user account due to changes in our business. | Maintaining your user account after changes in the business structure of our business, i.e., changes of the party operating the marketplace or its part. | If the business partner/ successor is based in a non-EU/EEA country, a restricted data transfer occurs. In such cases, we will abide by the standard contractual clauses approved by the EU Commission. |
1.a. Use of Cookies
We use cookies and similar technologies, such as pixels, ad tags, and local storage, to enhance your experience, provide convenience, ensure security, and deliver personalized ads. We refer to all these technologies as "cookies" for simplicity. In simple terms, cookies help with things like authentication, security, enabling features and services, advertising, and analytics. There are two types of cookies: first party cookies placed by us and third party cookies placed by our trusted partners after careful assessment.
When you use our Website or App, you agree to the use of cookies. However, you have the option to manage and control cookies. Most web browsers allow you to change settings to block or disable cookies, but please note that doing so may affect certain functionalities and your user experience, especially when cookies are essential for providing our services to you.
Where we use cookies based on your consent, you have the option to refuse or withdraw your consent later.
Please note that we do not generally respond to "do not track" signals (a specification proposed by the US FTC to control tracking of online activities).
Learn more
Cookies serve various purposes, including:
Authentication: Cookies are used to recognize if you are already logged in to your Joom account, allowing for seamless access to our Services. Such cookies are essential and declining them will affect your experience.
Security and Fraud Prevention: Cookies play a crucial role in preventing fraudulent and unlawful activities on Joom, ensuring the security of both your information and our Services. Such cookies are essential and declining them can lead to your inability to use the Services.
Enabling Features and Services: Certain cookies enable us to provide you with specific functionalities offered by our Services. They remember your preferences and settings, such as your chosen language or items added to your cart. Such cookies are essential and declining them will affect your experience.
Advertising: We employ cookies to deliver advertising messages that are more relevant to you. These cookies help us select ads that align with your preferences and measure the effectiveness of the ads displayed to you. Such cookies are used based on your consent and you can decline them without significant adverse effect on your experience.
Analytics: This type of cookie aids us in evaluating the performance of our website and/or app, as well as our marketing efforts. It enables us to customize and improve both the website and app to enhance your overall experience. Such cookies are used based on your consent and you can decline them without significant adverse effect on your experience.
As mentioned above, some of the cookies are placed by third parties and thus their data protection practices apply as well. You may visit their websites and read their privacy policies:
- Google (https://policies.google.com/privacy).
- Facebook (https://www.facebook.com/about/privacy/).
- Branch (https://branch.io/policies/#privacy).
- Rakuten Marketing LLC dba Rakuten Advertising (https://go.rakutenadvertising.com/hubfs/Services-Privacy-Policy-English.pdf).
2. ORDERING ON JOOM
In this section, we will clarify how we handle your personal data when you make an order with Joom. Apart from processing your data as mentioned earlier, there are various steps involved in fulfilling your order that require the processing of your personal information. These steps include placing the order with the merchant, facilitating payment, arranging delivery, and so on.
Please note that this also applies when you place an order without creating or using your existing account on Joom, with certain exemptions related to connecting your order(s) to your future or existing, but unused, account.
Purposes of Processing, Types of Data, Legal Bases
When you place your order on Joom we process data required to fulfill the order and perform connected activities, such as Basic Account Information Contact Details, Order Details, Delivery Information, Payment Information, ID details (applies only where provision of such data is required by applicable customs regulations), Order(s) Data, Location Information (i.e., approximate, mostly on a country-level), and Device information. Such data as well as your Communications with us and Content Information can also be processed for the purposes of handling you complaints or enforcing our agreement with you. In rare cases we may also be required to contact you in relation to product safety issues, in such event we will need to process your Order(s) Data and Contact Details.
At this point, we also perform anti-fraud check and therefore we process such data as your Basic Account Information, Contact Details, Delivery Information, Payment Information, Location Information (i.e., approximate), Device and Log Information, and Order(s) Data.
Sometimes we conduct contests for our customers and if you decide to participate and accept terms of such contest, we will need to process your information such as Basic Account Information, Device Information, Order(s) Data, Contest Data, and Contact Details to determine that terms and conditions of such contest are fulfilled and, if you win, to deliver your prize.
As noted above, these processing activities are relevant as well when you you place your order without creating or using your existing account on Joom, in such event, Basic Account Information will not be processed, and other data will be processed as described.
Most of the associated processing activities are based on our contract with you, but there are also certain legal obligations which require us to process your data, our legitimate interest in operating Joom business successfully and securely which consists of some more specific interests described below, and circumstances where we can process your data only if you grant us your consent. In such an event, you have the option to refuse or withdraw your consent later.
Learn more
Purpose of Data Processing | Categories of Data | Legal Basis |
Processing your order, namely, receiveing the order, transmitting its details to merchant, and enabling you to manage it. | Information You Provide to Us:
Basic Account Information, e.g., login email (unless you make your order without creating/using your Joom account).
Contact Details, e.g., name, email, phone number.
Order Details, e.g., order contents (please note, the ‘Order Details’ data category further in this document is included in the data category ‘Order Data’).
Delivery Information, e.g., delivery method, delivery address.
Information We Collect Automatically:
Order Data, e.g., order contents, purchase price, the date and location of the transaction, order status, payment status, delivery status.
| Performance of our contract with you. |
Performing an anti-fraud check in connection with your order, refund request, etc. | Information You Provide to Us:
Basic Account Information, e.g., login email (unless you make your order without creating/using your Joom account).
Contact Details, e.g., name, email, phone number.
Delivery Information, e.g., delivery method, delivery address.
Payment Information, e.g., payment method and further payment details, depending on the the payment method you use.
Information We Collect Automatically:
Location Information, i.e., the approximate location of your device based on your IP address.
Order(s) Data, e.g., order(s) contents, purchase price, the date and location of the transaction(s), order(s) status, payment status, delivery status.
Device and Log Information, e.g., information that web browsers, mobile devices, and servers typically make available, including browser type, IP address, unique device identifiers, referring site, date and time of access, language preference, time zone, mobile network information, technical device information (hardware model, OS version, App version, screen dimensions), connectivity information, notification settings, any errors or event failures.
| Our legitimate interest, namely, ensuring protection of our business against fraudulent actions. |
Processing payment and refund in connection with your order. | Information You Provide to Us:
Basic Account Information, e.g., login email (unless you make your order without creating/using your Joom account).
Contact Details, e.g., name, email, phone number.
Delivery Information, e.g., delivery method, delivery address.
Payment Information, e.g., payment method and further payment details, depending on the the payment method you use.
Information We Collect Automatically:
Order Data, e.g., order contents, purchase price, the date and location of the transaction(s), order(s) status, payment status, delivery status.
| Performance of our contract with you. |
Providing our BNPL partners like KLARNA* with certain information for BNPL eligibility evaluation. | Information We Collect Automatically:
Order(s) Data, e.g., order(s) contents, purchase price, the date and location of the transaction(s), order(s) status, payment status, delivery status.
*To learn more about further data processing by KLARNA please see their privacy notice here: https://www.klarna.com/international/privacy-policy/.
| Our legitimate interest, namely, enhancing your user experience; increasing customer’s purchasing capacity; and third party legitimate interest in offering BNPL payment method to more people. |
Arranging delivery of your order. | Information You Provide to Us:
Delivery Information, e.g., delivery method, delivery address
ID Details, e.g., tax ID (applies only where provision of ID details is required by applicable customs laws and regulations).
Information We Collect Automatically:
Order(s) Data, e.g., order(s) contents, purchase price, the date and location of the transaction(s), order(s) status, payment status, delivery status.
| Performance of our contract with you. |
Processing of your exact location data (applies only in jurisdictions where customer pick-up is available). | Information We Collect Automatically:
Location Information, i.e. your location based on your IP address.
| Consent. |
Providing communications related to status of your order. | Information You Provide to Us:
Contact Details, e.g., name, email, phone number.
Information We Collect Automatically:
Order Data, e.g., order contents, purchase price, the date and location of the transaction, order status, payment status, delivery status.
Device Information, e.g., your language preferences, notification settings.
| Performance of our contract with you. |
Notifying you about product recall due to product safety concerns addressed by competent public authority. | Information You Provide to Us:
Contact Details, e.g., name, email, phone number.
Information We Collect Automatically:
Order Data, e.g., order contents, purchase price, the date and location of the transaction, order status, payment status, delivery status.
| Our legal obligation. |
Handling your complaints and enforcing our agreement in connection with your order(s). | Information You Provide to Us:
Basic Account Information, e.g., login email (unless you make your order without creating/using your Joom account).
Contact Details, e.g., name, email, phone number.
Delivery Information, e.g., delivery method, delivery address.
Payment Information, e.g., payment method and further payment details, depending on the the payment method you use.
Content Information, e.g., your comments, reviews, including any media you upload.
Communications with us, e.g., your inquiries to our user support, responses to surveys.
Information We Collect Automatically:
Order(s) Data, e.g., order(s) contents, purchase price, the date and location of the transaction(s), order(s) status, payment status, delivery status.
| Our legitimate interests, namely, effectively handling your compliants; protecting our rights. |
Conducting contests. | Information You Provide to Us:
Basic Account Information, e.g., login email (unless you make your order without creating/using your Joom account).
Contact Details, e.g., name, email, phone number.
Information We Collect Automatically:
Order(s) Data, i.e. information about the order(s), such as order contents, purchase price, the date and location of the transaction, order status, payment status, delivery status.
Device Information, e.g., operating system, language preference, time zone, information about the App version you use, your notification settings.
Contest Data, e.g., participant code(s), results of contest.
| Our legitimate interest, namely, promoting our products and services. |
Data Recipients and Transfers Overseas
In addition to sharing the data with the IT service providers described in the Section 1, we need to share your data with various parties when you place an order with Joom. This includes the merchant who sells the items you have ordered, payment service providers, our logistics partners, and email notification partners. The purpose of sharing this data is to ensure the successful delivery of your order and provide proper notification about the delivery details. The data is shared with these parties on a need-to-know basis. In certain (and rare) situations, where complaints or disputes arise that require the involvement of third-party consultants, we may need to share specific information with them.
It's important to note that some of our partners, particularly merchants and logistics partners, are located outside of the EU/EEA. When we transmit personal data to these partners, it falls under the category of restricted data transfer as defined by the GDPR. To ensure the appropriate protection of your data, we use standard contractual clauses that have been approved by the EU Commission. However, in some cases, and only after careful analysis, we may rely on a derogation provided for under the GDPR.
Learn more
Category of Data Recipients | Purpose of Data Sharing | Restricted Transfer |
Merchants. | Processing your order, namely, transmitting details of your order to the merchant, and enabling you to manage it.
Arranging delivery of your order. | Because of merchants’ location, in most cases, transmitting data to merchants qualifies as a restricted data transfer. After a thorough assessment, this situation is considered an exception, and the transfer will occur under the GDPR provisions governing Derogations, namely, Article 49(c). |
Payment services providers. | Processing payment and refund in connection with your order. | The possibility of restricted data transfer depends on the payment method you choose. In most cases, if you are in an EU/EEA country, the payment service provider will also be located there or will store the data in the EU/EEA territory. If payment services are provided by a partner based in a non-EU/EEA country, a restricted data transfer occurs. In such an event, we abide by the standard contractual clauses approved by the EU Commission. |
BNPL payment method providers such as KLARNA*. | Providing our BNPL partners with information required for BNPL eligIbility evaluation.
*To learn more about further data processing by KLARNA please see their privacy notice here: https://www.klarna.com/international/privacy-policy/.
| If the necessary services are provided by a partner based in a non-EU/EEA country, a restricted data transfer occurs. In such cases, we will make every effort to abide by the standard contractual clauses approved by the EU Commission. |
Logistics services providers. | Arranging delivery of your order. | Since our primary logistics partners are located in outside the EU/EEA, sending data to our logistics service providers qualifies as a restricted data transfer. To ensure restricted data transfer, we abide by the standard contractual clauses approved by the EU Commission. |
Email notification automation services providers. | Notifying you about your order and delivery. | If the necessary services are provided by a partner based in a non-EU/EEA country, a restricted data transfer occurs. In such cases, we will make every effort to abide by the standard contractual clauses approved by the EU Commission. |
Legal services providers and consultants. | Handling your complaints in connection with your order.
Enforcing our agreement with you in connection with your order. | If the data recipient is based outside the EU/EEA and there is no option to use necessary services of an EU/EEA based consultants, a restricted transfer will take place. In such cases, we will make every effort to abide by the standard contractual clauses approved by the EU Commission. However, if this is not feasible, we will conduct a thorough assessment to determine if the situation qualifies as a Derogation falling under Article 49(e) of the GDPR. |
Competent public authorities, which for the purposes of this list shall include law enforcement agencies, courts, etc. | Handling your complaints in connection with your order.
Enforcing our agreement with you in connection with your order. | If the data recipient is based outside the EU/EEA and there is no option to avoid applying to such party and providing them with the data, a restricted transfer will occur. In such cases, we will conduct a thorough assessment to determine if the situation qualifies as a Derogation falling under Article 49(e) of the GDPR. |
3. COMMUNICATIONS WITH USER SUPPORT
In this section, we will explain how we process your data when you interact with our user support.
Purposes of Processing, Types of Data, Legal Bases
When you reach out to Joom user support, to perform our contract with you, we collect and process the necessary information to assist you with your inquiry. The specific data we process depends on the nature of your request. Rest assured, our user support team only accesses data that is essential to address your concerns. Generally, the processed data includes your Basic Account Information, Contact Details, Communications with us, Content Information, Delivery Information, and Order(s) Data.
In pursuit of our legitimate interest in enhancing your user experience, we continuously monitor and improve the quality and efficiency of our support services and therefore analyze information about your user support case such as your Communications with us and associated User Support Inquiry Information and Device and Log Information.
To verify your identity, when necessary, and thereby protect us and our customers against fraud and misconduct, what constitutes our legitimate interest, we process certain data such as your Communications with us, Contact Details, Basic Account Information, Order(s) Details, and Delivery Information.
Learn more
Purpose of Data Processing | Categories of Data | Legal Basis |
Providing you with user support. | Information You Provide to Us:
Basic Account Information, e.g., login email.
Contact Details, e.g., name, email.
Communications with us, e.g., your inquiries to our user support.
Content Information, e.g., your comments, reviews, including any media you upload.
Delivery Information, e.g., delivery method, delivery address.
Information We Collect Automatically:
Order(s) Data, e.g., order(s) contents, purchase price, the date and location of the transaction(s), order(s) status, payment status, delivery status.
| Performance of our contract with you. |
Verifying your identity to be able to respond to your inquiry where you have made an order without creating or using your account or lost your login credentials. | Information You Provide to Us:
Communications with us, e.g., your inquiries to our user support.
Contact Details, e.g., name, email, phone number.
Basic Account Information, e.g., login email (if exists).
Order(s) Details, e.g. order(s) contents.
Delivery Information, e.g., delivery method, delivery address.
Information We Collect Automatically:
Order(s) Data, e.g., order(s) contents, purchase price, the date and location of the transaction(s), order(s) status, payment status, delivery status.
| Our legitimate interest, namely, protecting us and our customers against fraud and misconduct. |
Monitoring and improving our user support services. | Information You Provide to Us:
Communications with us, e.g., your inquiries to our user support.
Information We Collect Automatically:
User Support Inquiry Information, e.g., date of receipt and date of resolution, subject (category), status of the inquiry.
Device and Log Information, e.g., information that web browsers, mobile devices, and servers typically make available, including the browser type, IP address, unique device identifiers, the date and time of access, operating system, language preference, mobile network information.
| Our legitimate interests, namely, enhancing your user experience; improving our customer support services. |
Data Recipients and Transfers Overseas
In addition to sharing the data with the IT services providers described in Section 1, processing for the purposes described above involves sharing the data with our partner providing outstaffing services. We also engage some IT services providers to ensure performance of our user support services, and some of these partners are located outside the EU/EEA, which means that transferring data to them is considered a restricted data transfer. To ensure the security of your data in such cases, we adhere to the standard contractual clauses approved by the EU Commission. These clauses serve as appropriate safeguards for protecting your data during and after transmission to a party located in a country that is not recognized by the EU Commission as ensuring an adequate level of protection.
Learn more
Category of Data RecipientS | Purpose of Data Sharing | Restricted Transfer |
Outstaffing service providers. | Providing you with user support. | No |
IT development services providers. | Monitoring and improving our user support services. | Some of the involved IT development service providers are based outside the EU/EEA, thus a restricted data transfer occurs.
To ensure restricted data transfer, we abide by the standard contractual clauses approved by the EU Commission.
|
4. USER FEEDBACK
In this section, we will explain how we process your data when you share your feedback. This includes leaving comments as a reviewer on the Website, in the App, or on third-party services, as well as participating in customer research conducted by us or our partners.
Purposes of Processing, Types of Data, Legal Bases
When you share your feedback by publishing a comment on our Website, in the App, or on third-party services, we manage such content and therefore process your Basic Account Information, Contact Details, Public Profile Information, Content Information, Communications with us, Content Publication Information (content metadata), and Order(s) Data. We do so to fulfill our legal obligations and because of our legitimate interest to successfully operate Joom business.
Additionally, when you participate in customer research conducted directly by us or our partners (in which case we receive your information from a third party), in pursuit of our legitimate interest to successfully operate Joom business, we process your Basic Account Information, Contact details, Order(s) Data, Content information, Communications with us, Communications with third parties. In some cases, when we conduct our customer research activities, we may seek your consent to process the data. In such an event, you have the option to refuse or withdraw your consent later.
Our legitimate interest to successfully operate Joom business consists of some more specific interests described below.
Learn more
Purpose of Data processing | Categories of Data | Legal Basis |
Managing users’ and customers’ content, including reviewing automatically and manually your communications left on our Website, in the App, and on third party platforms (i.e., your reviews and comments). | Information You Provide to Us:
Basic Account Information, e.g., login email, name, username.
Contact Details, e.g., name, email, phone number.
Content Information, e.g., your comments, reviews, including any media you upload.
Communications with us, e.g., your inquiries to our user support, responses to surveys.
Public Profile Information, e.g., username, photo, and any other information you provide in your public profile.
Information We Collect Automatically:
Content Publication Information, e.g., content metadata such as date of publishing.
Order(s) Data, e.g., order(s) contents, purchase price, the date and location of the transaction(s), order(s) status, payment status, delivery status.
| Our legitimate interests, namely, ensuring relevance and authenticity of reviews and ethical acceptability of their contents; enhancing your user experience by providing you with feedback on your reviews; protecting our users and customers from misleading or explicit content. |
Conducting customer research activities. | Information You Provide to Us:
Basic Account Information, e.g., login email, name, username.
Contact Details, e.g., name, email, phone number.
Content Information, e.g., your comments, reviews, including any media you upload.
Communications with us, e.g., your responses to surveys conducted by our team.
Information We Collect from Other Sources:
Communications with third parties, e.g., your responses to surveys conducted for us by our partners.
| Our legitimate interests, namely, enhancing your user experience; improving and developing our products, services and their features; or
Consent, where there is no our or third party’s overriding legitimate interest.
|
Data Recipients and Transfers Overseas
In addition to sharing the data with the IT services providers described in Section 1, we share the data with our partners engaged in provision of customer support services, because customer support is sometimes involved in manual management of customer content. Furthermore, when we request our partners to conduct customer research, we share certain information with them to facilitate their work and subsequently obtain the information they have collected. Some of these partners are located outside the EU/EEA, which means that transferring data to them is considered a restricted data transfer. To ensure the security of your data in such cases, we adhere to the standard contractual clauses approved by the EU Commission. These clauses serve as appropriate safeguards for protecting your data during and after transmission to a party located in a country that is not recognized by the EU Commission as ensuring an adequate level of protection.
Learn more
Category of Data RecipientS | Purpose of Data Sharing | Restricted Transfer |
Outstaffing service providers. | Managing user’s and customers’ content. | No |
Customer research service providers. | Conducting customer research activities. | Certain customer research service providers are based outside the EU/EEA and a restricted transfer takes place. In such cases, we abide by the standard contractual clauses approved by the EU Commission. |
5. COMPLIANCE WITH LAWS AND PROTECTION OF RIGHTS
In this section, we will explain how we process your data when it is required in order to comply with applicable laws. We will also cover how we handle your data subject requests. Furthermore, we will provide information regarding how we process data in relation to our participation in judicial and enforcement proceedings.
Purposes of Processing, Types of Data, Legal Bases
When it comes to complying with applicable laws, namely, to fulfilling tax or customs data retention requirements, complying with product safety regulations, ensuring that no illegal content is published on our Website and in the App, or responding to your data subject access request or request to exercise other data subject rights, it is necessary for us to process certain information we have in connection with your use of the Services, such as Basic Account Information, Contact Details, Delivery Information, Content Information, Content Publication Information, Communications with us, Order(s) Data, and Information Regarding the Alleged Illegal Content. When we respond to your data subject access request or request to exercise other data subject rights, we may need to process additional data. In the case of a data subject access request, we may need to process all of the data we have in our possession. These processing activities will be based on our legal obligations.
Sometimes we may need to participate in judicial, enforcement and other similar proceedings to defend our rights and legal interests or help others defend theirs. For such purposes and because of our legitimate interest in protecting our and affected third party’s rights and legal interests, we process such data as your Basic Account Information, Contact Details, Order(s) Data, Delivery Information, Content Information, Content Publication Information, Communications with us, and Information Regarding the Alleged Illegal Content provided by an infringement reporter.
Learn more
Purpose of Data Processing | Categories of Data | Legal Basis |
Complying with applicable legal requirements, including retaining data under tax, customs and other applicable laws. | Information You Provide to Us:
Basic Account Information, e.g., login email.
Contact Details, e.g., name, email, phone number.
Communications with us, e.g., your inquiries to our user support, responses to surveys.
Information We Collect Automatically:
Order(s) Data, e.g., order(s) contents, purchase price, the date and location of the transaction(s), order(s) status, payment status, delivery status.
Please note that the scope of data we process always depends on the applicable legal obligations for compliance purposes. | Our legal obligation. |
Automatically and manually detecting illegal content and processing illegal content reports and taking further actions, including in respect of your account. | Information You Provide to Us:
Basic Account Information, e.g., login email, name, username.
Contact Details, e.g., name, email, phone number.
Content Information, e.g., your comments, reviews, including any media you upload.
Public Profile Information, e.g., username, photo, and any other information you provide in your public profile.
Information We Collect from Third Parties:
Information Regarding the Alleged Illegal Content, i.e., any information in connection with the alleged illegal content provided by the infringement reporter.
Information We Collect Automatically:
Content Publication Information, e.g., content metadata such as date of publishing. | Our legal obligation. |
Operations associated with responding to your data subject requests, including verifying your identity and authority to make the request, where you make it on behalf of another person. | Information You Provide to Us
Basic Account Information, e.g., login email.
Contact Details, e.g., name, email, phone number.
Communications with us, e.g., your inquiries to our user support, responses to surveys.
Please note that, as a result of exercising your rights, we may process other types of data that are in our possession at the time of your request, including information you provide to us, information we collect automatically, and information we receive from third parties.
| Our legal obligation. |
Participation in judicial, enforcement, and other similar proceedings by police, state courts, supranational bodies, enforcement agencies, arbitral tribunals, etc., is done to protect legitimate interests and rights of Joom and/or third parties, as well as to prosecute illegal activities. The disclosure of information to third parties is done in a proportional manner, considering all relevant factors. | Information You Provide to Us:
Basic Account Information, e.g., login email.
Contact Details, e.g., name, email, phone number.
Delivery Information, e.g., delivery method, delivery address.
Payment Information, e.g., payment method and further payment details, depending on the the payment method you use.
Content Information, e.g., your comments, reviews, including any media you upload.
Communications with us, e.g., your inquiries to our user support, responses to surveys.
Information We Collect Automatically:
Order(s) Data, e.g., order(s) contents, purchase price, the date and location of the transaction(s), order(s) status, payment status, delivery status.
Content Publication Information, e.g., content metadata such as date of publishing.
| Our legitimate interest, namely, protecting legitimate interests and rights of Joom and/or third parties. |
Data Recipients and Transfers Overseas
In addition to sharing data with the IT service providers described in Section 1 (by the way, for the purposes listed above the main IT service required is hosting), there may be rare cases where processing for these purposes goes beyond simple data retention. In such instances, we may need to share these data with competent public authorities, third-party consultants, and our affiliates where our business operation policies require their participation.
It is important to note that some affiliates, consultants and competent authorities may be located outside the EU/EEA. When we transmit personal data to them, it falls under the category of restricted data transfer as defined by the GDPR. To ensure the appropriate protection of your data, our aim is to always use the standard contractual clauses approved by the EU Commission. However, in rare cases and only after careful analysis, we may rely on a derogation provided for under the GDPR.
Learn more
Category of Data Recipient | Purpose of Data Sharing | Restricted Transfer |
Outstaffing service providers. | Manually detecting illegal content and processing illegal content reports. | No |
Legal services providers and consultants. | Processing copyright infringement reports.
Participation in judicial, enforcement and other similar proceedings. | If data recipient is based outside the EU/EEA and there is no option to use necessary services of an EU/EEA based consultants, a restricted transfer will take place. In such cases, we will make every effort to abide by the standard contractual clauses approved by the EU Commission. However, if this is not feasible, we will conduct a thorough assessment to determine if the situation qualifies as a Derogation falling under Article 49(e) of the GDPR. |
Competent public authorities, which for the purposes of this list shall include law enforcement agencies, courts, etc. | Processing copyright infringement reports.
Participation in judicial, enforcement and other similar proceedings. | If the data recipient is based outside the EU/EEA and there is no option to avoid applying to such party and providing them with the data, a restricted transfer will occur. In such cases, we will conduct a thorough assessment to determine if the situation qualifies as a Derogation falling under Article 49(e) of the GDPR. |
Our affiliates. | Processing copyright infringement reports.
Participation in judicial, enforcement and other similar proceedings. | Certain affiliates are based outside the EU/EEA and a restricted transfer will take place. In such cases, we will abide by the standard contractual clauses approved by the EU Commission. |