Last modified: March 2021
When you use these services, you will share some personal information with us. We operate our site and our services in compliance with applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). For more information, please see Section 6 “Your Rights Under GDPR”. If you are a California resident, please also see Section 7 “Information for California Residents.”
You can contact us if you have any questions about our privacy practices or about what we are doing with your personal information. We will be happy to assist you in any way we can.
1. WHO DECIDES “HOW” AND “WHY” YOUR PERSONAL DATA IS PROCESSED?
JWS Bill website is providing billing and payment related information to the Business Sites customers.
If you are a visitor of the website (you are not registered on a Business Site), for GDPR purposes, the following companies decide how and why your personal data is processed and they are “Joint Controllers”:
JWS Americas S.à r.l.
44, Avenue John F. Kennedy
Grand Duchy of Luxembourg
JWS International S.à r.l.
44, Avenue John F. Kennedy
Grand Duchy of Luxembourg
2. WHAT PERSONAL DATA DO WE PROCESS?
We collect, use, share, transfer, and store different types of personal data as a result of your visit of and/or use of our services.
The personal data we collect includes the following categories of data:
2.1. Personal data you give to us
Information about purchases on Business Sites
When you make purchase to participate on the Business Sites, depending on the payment method you choose, the relevant Data Controller may collect and process your identification information (e.g. full name, country, ZIP code) and payment/transaction information. When you request information through this website related to your transactions on the Business Sites, in order to provide you the requested support we might process the above information.
For further details please read carefully the below paragraphs.
As the case may be, we might process the information that you provide via the pay-out page on a Business Site, including:
- your billing address;
- depending on the pay-out method you choose (for example, wire transfer or by mean of a virtual account), your account information or other identification or payment information;
- the identification details and address of your beneficiary (if applicable).
If you are a company, we will ask you to provide the identification details of the managing director or representative of your company.
“Message Us” form
When you contact us via the “Message Us” form, we ask you to provide the following minimum information:
- The subject of your request,
- Your contact details (username, full name, e-mail address, phone number),
- Transaction information (number of the transaction, date of the transaction and amount),
- Card information (type of card, last 4 digits)
- Your comments and/or message.
You are not obliged to provide us with all the required information, however, we advise you to do so, so that we can identify you faster and provide the support you need. We may not be able to provide you with our assistance if we cannot identify yourself or the transaction.
“Live chat” page
We process the message you send us via the “Live chat” page and any information you provide in it. However, if you send a message and do not provide any personal data on the chat, we cannot identify you directly and your name for the Billing and/or Customer Support will appear as “guest1”, “guest2”, etc.
More generally, when you communicate with us in any other way, we will process whatever information you provide us with.
2.2. Personal Information from service use
We collect certain information about you when you are using our services and navigate our site.
We collect information about your activity on our site including:
- The tool you used (“Message Us” or “Live chat”),
- Time of use
We process any information you communicate and/or share with us on the site.
To the extent permitted by applicable laws, we collect all communication data such as telephone conversations, chat logs, text messages, faxes and letters.
Log data and device information
We automatically collect log data and information from or about your computer, phone, or other devices you use to access our services and navigate our site. This includes:
- your IP address;
- pages viewed;
- the hardware, software or internet browser used;
- computer’s operating system/ application version;
- language settings;
- identifiers associated with cookies or other technologies that may uniquely identify your device or browser.
If you are using a mobile device, we might also collect:
- data that identifies your mobile device;
- device-specific settings and characteristics;
- location details;
- app crashes and other system activity.
Information collected by cookies and other technologies
3. WHY DO WE PROCESS YOUR PERSONAL DATA?
We use the information we collect for the following purposes:
3.1. Customer relationship management, billing support and communication with you
The use of your personal data is strictly necessary in this instance in order to provide you the support and the information requested through the website.
We provide Customer and Billing Support service 24/7. Sharing your personal details with our Customer and Billing Support Team allows us to respond to any question you might have about our services.
All your communications with our Customer and Billing Support and all information you provide in the course of such communications are stored and reviewed so that we may respond to your request.
Some of the recorded communications with you are used for training purposes of our employees within the Customer and Billing Support so that we can ensure customer service excellence.
If you are registered on a Business Site, please be aware that when we receive a request or claim from you, our Customer and Billing Support team can access all information we have about you (provided and collected). By having this access, we ensure that our Customer and Billing Support team have everything they need to give you an appropriate and efficient response.
Please note that the Customer and Billing Support may also communicate with you through emails or any other means, as appropriate.
The use of your personal information is necessary given the data controller’s legitimate interest to deliver appropriate customer support to you and to provide you with the information you need.
3.2. Ensure a safe and trustworthy environment
Because we want to create and ensure a safe environment where you can peacefully enjoy our services, we use your personal data to detect and prevent fraud and other illegal activities on our site.
If you are a client of a Business Site or a service provider registered on such site, we also use your data to detect potential breaches of the terms & conditions of these sites, including without limitation age verification.
Finally, we use your personal information for security purposes and risk assessment.
We process this information given our legitimate interest in ensuring compliance with the rules of our site and Business Sites, fraud detection, and prevention, as well as, information, system, network, and cybersecurity.
3.3. Comply with any legal requirements and enforce our legal rights
We may be legally required to process/keep your personal data. For example, we retain your transaction information to maintain legally required accounting records.
We may also use your information to respond to requests of competent authorities or given our legitimate interest to establish, exercise or defend legal claims. We also use your data, if necessary, to investigate issues with the bank processing your payment or with a debt collector, in case of unpaid transactions, chargebacks or refunds.
We may combine your information with information lawfully obtained from other third-party sources and use it for the above purposes.
4. HOW DO WE PROTECT AND HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
We implement various security measures, technical and organizational, to grant protection to your personal data against unauthorized access, modification, disclosure or deletion.
We implement data loss prevention systems against leakage, theft and data breach. We periodically test our IT systems and do penetration tests. Our site incorporates reasonable security technologies available to ensure safety of its users and the safekeeping of their related information.
We retain your personal data for as long as we consider it necessary to:
- Provision of Support Services;
- Legal Obligation Compliance;
- Legitimate Interests and Business Conduct including, without limitation, establishing, exercising or defending legal claims and chargeback prevention;
Residual copies of some of your personal information will be kept on our backup systems for 30 days.
Some anonymized copies of your information (e.g. log records) may also remain in our database.
5. WITH WHOM DO WE SHARE YOUR DATA?
We share a portion of your personal data with the following parties:
5.1. Entities of our company’s group
We share your personal information with the following companies of our group based in Luxembourg and Hungary, as they are helping us deliver the services to you:
- Jasmin IP S.à r.l., 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg;
- Jasmin Holding SA, 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg;
- Docler IP S.à r.l., 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg;
- Docler Services S.à r.l., 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg;
- Jasmin SSC Kft, Expo tér 5-7, H-1101, Budapest, Hungary;
- Jasmin IP S.à r.l. Hungary Branch, Expo tér 5-7, H-1101, Budapest, Hungary;
- Escalion S.à r.l., 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg;
- American Payments United Inc., 16192 Coastal Highway, Lewes, Delaware 19958, County of Essex;
5.2. Service Providers
We use carefully selected and trusted third parties, who act as service providers.
As we constantly work on the development and enhancement of the technology to support our site, our third party processors may regularly change. Such entities mainly operate in the following areas: (a) customer care/payment/payout; (b) fraud prevention.
5.3. Payment providers and financial institutions
5.4. Law enforcement agencies or governmental authorities
To the extent permitted by applicable laws, we may share information with law enforcement agencies or authorities, if such disclosure is reasonably necessary to:
- comply with our legal obligations,
- respond to information requests for fraud investigations and alleged illegal activities,
- enforce and administer our terms and conditions, and/or
- protect our rights or defend ourselves against any claims.
6. YOUR RIGHTS UNDER GDPR
6.1. Information on the transfer of your personal data outside of the European Economic Area
As we are a Luxembourg based company, we comply with the EU Data Protection Regulation, “GDPR”. Regardless of whether you are located in Europe or elsewhere, our own location in Europe requires us to comply with GDPR. You can read the entire Regulation here.
If we transfer your personal data outside of the EEA, we endeavor to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected. For this purpose, we utilize the Standard Contractual Clauses approved by the European Commission that you can find here.
6.2. What are your rights regarding your personal data?
You have choices as regards the use of your personal data. If you are registered on a Business Site, you may address your request directly to the Business Site.
We will provide you with information on actions taken within one month of the day of receipt of your request. Only in exceptional circumstances, when we face complex and a high number of requests, we may extend this period of response up to two further months.
Please note that rights may be exercised free of charge. However, unfounded or excessive requests, in particular, because of their repetitive character, will lead to the payment of a fee.
Please also understand that, because your privacy is so important for us, we may need to duly verify your identity and ask for additional information before executing your request.
If you want to exercise your rights, please contact us via the contact details provided in Section 9 "HOW TO CONTACT US".
6.2.1. Data access and data portability
You have the right to access the personal data that we hold about you by requesting a copy of your personal data free of charge.
If we consider that your request is manifestly unfounded or excessive (for example, because you requested a copy of your data numerous times in a short period), we may refuse to act or charge a reasonable fee taking into account the administrative costs for providing you with the information.
In certain cases, you are entitled to request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).
6.2.2. Rectification of inaccurate or incomplete data
You have the right to request that we correct any inaccuracies in your personal data.
6.2.3. Data erasure
If you no longer want us to use your information, you can request that we erase your personal information. Please note that even if your request the erasure of your personal information, we will retain your personal data for the purposes explained in Section 4 “HOW DO WE PROTECT AND HOW LONG DO WE RETAIN YOUR PERSONAL DATA?”.
6.2.4. Right to object
We process your data for a variety of reasons as explained in Section 3 “WHY DO WE PROCESS YOUR PERSONAL DATA?”.
Applicable law may entitle you to require us not to process your personal data for certain specific purposes where such processing is based on legitimate interest. If you object to such processing we will stop processing your personal data for those purposes.
In specific situations, we may have to refuse the execution of your request. This would be the case where we have legitimate grounds to continue such processing or if we have to establish, exercise or defend legal claims.
6.2.5. Right to restriction of processing
You have the right to request that we stop processing your personal data, while we resolve any issues.
This is only possible in the following four cases:
- Accuracy: If you contest the accuracy of your personal data, processing would be stopped while we verify your claim.
- Legitimate Interest: If you object to a processing activity based on legitimate interest, you can require the processing operation to be put on hold while we verify your grounds for objecting.
- Unlawful Processing: You can request the restriction of data processing if you consider your data is being processed unlawfully, but do not wish your data to be immediately erased.
- Data Storage: We have no further need for the data but you require it to establish, exercise, or defend legal claims.
Despite your request, we may continue to process your data if we have to establish, exercise, or defend legal claims. We will notify you before lifting a restriction.
6.2.6. Right to lodge a complaint with a supervisory authority
If you consider that our processing of your personal data infringes the GDPR or any other applicable national laws, you have the right to lodge a complaint with the relevant supervisory authority.
7. INFORMATION FOR CALIFORNIA RESIDENTS
If you are registered on a Business Site, you may address your request directly to the Business Site.
Please note that we do not “sell” your personal data, as that term is defined in CCPA.
If you want to exercise your rights, please contact us via the contact details provided in Section 9 "HOW TO CONTACT US?".
7.1. Your Right to “Know” and to Request Deletion
You have the right to know the categories and specific pieces of personal data we have collected about you. You have the right to know the categories of sources from which the personal data has been collected, the business or commercial purpose for collecting or selling personal data, and the categories of third parties with whom we share personal data.
You also have the right to request deletion of personal data we’ve collected or maintain. Please note this right is subject to certain exceptions, including without limitation our retaining information as necessary to protect against malicious, deceptive, fraudulent, or illegal activity, to comply with our legal obligations, and for other internal purposes.
Please note that any requested disclosures in connection with a request to know will only apply to the 12-month period preceding the request, and you are entitled to request disclosure twice in any 12-month period.
7.2. Personal Information Disclosed
You also have the right to know what categories of personal data we’ve disclosed for a business purpose, and the third parties to whom that information was disclosed. In the past 12 months, we’ve disclosed for a business purpose the following categories of information to the following parties: Identification information and payment/transaction data to our customer/payment/payout service providers; Identification information, contact information, device/usage information (including, without limitation, your IP address and the website you are coming from, as the case may), information relating to the purchase, payment/payout information (as the case may be) to our antifraud service providers and auditing service providers.
7.3. Your Right to Non-Discrimination
You have the right not to receive discriminatory treatment for the exercise of the privacy rights conferred by CCPA, including but not limited to by denying you services, charging different prices or rates, or providing you with a different level or quality of services. Please note, however, that the exercise of some of your rights (e.g., to delete your data) may render it impossible for us to continue to deliver services to you.
7.4. Your Right to Use an Authorized Agent
You have the right to designate an authorized agent to make a request under the CCPA on your behalf. In order to verify you have authorized an agent we may require a signed, written authorization from you.
7.5. Do Not Track
Some browsers have a “do not track” feature that lets you tell websites you do not want to have your online activities tracked. Because these features are not yet uniform, we do not presently respond to “do not track” signals. We will however treat any “do not sell” or similar signals as opt-out requests under CCPA.
If we make changes we consider important, we will let you know by placing a notice on the relevant site and/or contact you directly using other methods such as email.
9. HOW TO CONTACT US?
We are happy to inform you that we have an employee dedicated to ensuring your privacy, our Data Protection Officer. You can directly reach our Data Protection Officer via email at email@example.com or by mail at the following address:
To the attention of the DPO
JWS International S.à r.l.
44, Avenue John F. Kennedy
Grand Duchy of Luxembourg