Table of Contents
Jingle Pay Privacy Policy
1. About this policy
We, Jingle Pay Limited (“JPL”), take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data when you use this website at https://jinglepay.com/ or otherwise when we collect personal data from you such as when you use our app, or call or email us. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the laws and regulations applicable in the UAE as well as the DIFC.
JPL is the data controller of that personal data for the purposes of those laws. Our full details are set out at the end of this policy.
Your obligations
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
If you provide us with information about any other person, for example any other individuals you may have a joint bank account with, then you must ensure that you have their consent to pass those details to us and for us to use those details in accordance with this privacy policy. You should also make sure that you bring this privacy policy to their attention.
2. Key terms
It would be helpful to start by explaining some key terms used in this policy:
| Term | Meaning |
|---|---|
| We, us, our | Jingle Pay Limited |
| Personal data | Any information relating to an identified or identifiable individual. |
| Special category personal data | Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership; genetic and biometric data (when processed to uniquely identify an individual); data concerning health, sex life or sexual orientation. |
| Data subject | The individual who the personal data relates to. |
| Wallet | Also known as a digital wallet (or electronic wallet); it is a financial transaction application that runs on mobile devices. It securely stores your payment information and passwords. The Jingle Pay application allows you to pay when you’re shopping using your device so that you don’t need to carry your cards around. You enter and store your debit card or bank account information and can then use your device to pay for purchases. |
3. Personal data we collect about you
We may collect, use and transfer the personal data about you that include, but are not limited to:
- Identity and Contact Data: such as your name and contact information, including email address (if applicable), date of birth, telephone number and company details (if applicable) and your gender.
- Financial Data: such as your billing information, information about your transactions (such as direct debits and standing orders), your bank account (or any other bank account connected via our services) and IBAN details, and your payment card information.
- Special Categories of Data: including biometric data such as facial recognition.
- Technical Data: including information about how you use our website, IT, communication and other systems, internet protocol (IP) address, your location data, login data, browser type and version, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Marketing and Communications Data: which includes your preferences in receiving marketing from us and your communication preferences, and your responses to surveys, competitions and promotions.
- Profile Data: including username and password details and profile photographs.
We collect and use this personal data to provide products and/or services to you. If you do not provide personal data we ask for, it may delay or prevent us from providing products and/or services to you.
4. How your personal data is collected
We collect most of this personal data directly from you by email, over the phone, text and/or via our website and applications you download. For example, you might provide certain identity information by completing one of our online forms. However, we may also collect information:
- From publicly accessible sources, e.g., Companies House or Land Registry;
- Directly from a third party, e.g.,
- sanctions screening providers;
- credit reference agencies; and
- customer due diligence providers;
- From a third party with your consent, e.g., your bank;
- From cookies on our website – for more information on our use of cookies; and
- Via our IT systems, e.g., automated monitoring of our websites and other technical systems, such as our computer networks and connections, communications systems, email and instant messaging systems (for example, via the use of cookies and similar technologies).
We collect and use this personal data to provide products and/or services to you. If you do not provide personal data we ask for, it may delay or prevent us from providing products and/or services to you.
5. How and why we use your personal data
Under data-protection law, we can only use your personal data if we have a proper reason, e.g.:
- to comply with our legal and regulatory obligations;
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party; or
- where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
The table below explains what we use your personal data for and why:
| What we use your personal data for | Types of personal data used | Our reasons |
|---|---|---|
| To provide products and/or services to you, including for example, to contact you or deal with our internal record keeping. To manage the relationship which we have with you, such as dealing with enquiries or complaints. | Identity and Contact Data; Financial Data | To perform our contract with you or to take steps at your request before entering into a contract. This is also in our legitimate interests in ensuring that our services we provide are properly managed, and to comply with our regulatory obligations to handle complaints. |
| We, us, our | Jingle Pay Limited | Jingle Pay Limited |
| Preventing and detecting fraud against you or us | Identity and Contact Data; Financial Data; Technical Data | For our legitimate interests or those of a third party, ie to minimise fraud that could be damaging for you and/or us |
| Conducting checks to identify our customers and verify their identity; screening for financial and other sanctions or embargoes; other activities necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under anti-money laundering legislation or rules issued by the DIFC/DFSA; to gather information on your use of our services and to provide you with custom information relating to your use of finances and/or our services | Identity and Contact Data; Financial Data; Technical Data | To comply with our legal and regulatory obligations. This will be necessary for our legitimate interests in the operation of our business |
| Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies | Identity and Contact Data; Financial Data; Technical Data | To comply with our legal and regulatory obligations |
| We, us, our | Jingle Pay Limited | Jingle Pay Limited |
| Ensuring business policies are adhered to, e.g. policies covering security and internet use | Technical Data; Profile Data | For our legitimate interests or those of a third party, ie to make sure we are following our own internal procedures so we can deliver the best service to you |
| Operational reasons, such as improving efficiency, training and quality control. To administer our website, including troubleshooting, data analysis, testing, system and maintenance support. | Identity and Contact Data; Technical Data; Marketing and Communications Data; Profile Data | For our legitimate interests or those of a third party, ie to be as efficient as we can by improving our website and our customer service to you, improving the services and/or products we offer so we can deliver the best service to you at the best price, and in ensuring that our website works properly and for network security. |
| Ensuring the confidentiality of commercially sensitive information | Technical Data | For our legitimate interests or those of a third party, ie to protect trade secrets and other commercially valuable information; to comply with our legal and regulatory obligations |
| Statistical analysis to help us manage our business, eg in relation to our financial performance, customer base, product range or other efficiency measures | Identity and Contact Data; Financial Data; Technical Data; Marketing and Communications Data | For our legitimate interests or those of a third party, ie to be as efficient as we can so we can deliver the best service to you at the best price |
| Preventing unauthorised access and modifications to systems | Identity and Contact Data; Special Categories of Data; Technical Data; Profile Data | For our legitimate interests or those of a third party, ie to prevent and detect criminal activity that could be damaging for you and/or us; to comply with our legal and regulatory obligations |
| Updating and enhancing customer records | Identity and Contact Data; Marketing and Communications Data; Profile Data | To perform our contract with you or to take steps at your request before entering into a contract; to comply with our legal and regulatory obligations; for our legitimate interests or those of a third party, eg making sure that we can keep in touch with our customers about existing orders and new products |
| Statutory returns | Identity and Contact Data; Financial Data | To comply with our legal and regulatory obligations |
| Ensuring safe working practices, staff administration and assessments | Career Data | To comply with our legal and regulatory obligations; for our legitimate interests or those of a third party, eg to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you |
| Marketing our services and those of selected third parties to: · existing and former customers; · their parties who have previously expressed an interest in our services; · third parties with whom we have had no previous dealings. | Identity and Contact Data; Marketing and Communications Data | For our legitimate interests or those of a third party, eg to develop, market and promote our services and products |
| To ensure our third-party providers can perform their obligations to us, such as to complete credit reference checks via external credit reference agencies | Identity and Contact Data; Technical Data; Profile Data | For our legitimate interests in ensuring our third-party providers perform their services to us. From time to time we may also use IT providers and marketing consultants for the proper function of the website and to help us promote our services and products. |
| External audits and quality checks, eg for ISO or Investors in People accreditation and the audit of our accounts | Identity and Contact Data; Financial Data; Technical Data; Profile Data | For our legitimate interests or those of a third party, ie to maintain our accreditations so we can demonstrate we operate at the highest standards; to comply with our legal and regulatory obligations |
| To deal with new enquiries and contacts | Identity and Contact Data; Financial Data; Career Data | Necessary for our legitimate interests in the operation of our business in order to respond to and deal with new enquiries, and to assess your application if you have applied for a job vacancy. |
| To gather your feedback on our services | Identity and Contact Data; Marketing and Communications Data | Necessary for our legitimate interests in seeking to improve the quality of our services |
| To authenticate your access to your account, for example by using your biometric data, or by sending a temporary pass code to your phone. | Identity and Contact Data; Special Categories of Data | Necessary for complying with our legal obligations under payment services legislation, and for our legitimate interests in providing our services to you, ensuring our applications are easy to use and secure. We will only process Special Categories of Data, such as biometric data, on the basis that you have given your express consent for us to process it for this purpose. |
Where we process special category personal data, we will also ensure we are permitted to do so under data protection laws, eg:
we have your explicit consent;
the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent; or
the processing is necessary to establish, exercise or defend legal claims.
In addition, we may disclose information about you to the extent that we are required to do so by law, regarding any legal proceedings or prospective legal proceedings, in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk) and / or where we may otherwise do so in accordance with applicable data protection legislation.
6. Marketing
We may use your personal data to send you updates (by email, text message, telephone or post) about our products and/or services, including exclusive offers, promotions or new products and/or services.
We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.
Email, text message and any other marketing messages we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data. You have the right to opt out of receiving marketing communications at any time by:
- contacting us at [email protected]
- using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts
- updating your marketing preferences by contacting us at [email protected]
We may ask you to confirm or update your marketing preferences if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.
7. Who we share your personal data with
We routinely share personal data with:
- companies within the Jingle Pay group;
- third parties we use to help deliver our products and/or services to you, e.g. payment service providers, and providers of identity and screening checks. Our identity and screening checks (known as KYC and AML checks) are outsourced to our KYC partner;
- other third parties we use to help us run our business, e.g. marketing agencies or website hosts;
- third parties approved by you, e.g. social media sites you choose to link your account to or third-party payment providers;
- credit reference agencies;
- our bank;
- money exchange companies.
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
We may also need to:
- share personal data with external auditors, e.g. in relation to ISO or Investors in People accreditation and the audit of our accounts;
- disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations; or
- share some personal data with other parties, such as potential buyers of some or all of our business or during a restructuring. Usually, information will be anonymised but this may not always be possible; however, the recipient of the information will be bound by confidentiality obligations.
8. Third-party links
This website may include links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. You should read any policies and other statements on such websites carefully.
9. Where your personal data is held
Personal data may be held at our offices and those of our group companies, third-party agencies, service providers, representatives and agents as described above (see above: ‘Who we share your personal data with’).
Some of these third parties may be based outside the UAE. For more information, including on how we safeguard your personal data when this happens, see below: ‘Transferring your personal data out of the UAE’.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know it. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10. How long your personal data will be kept
We will keep your personal data while you have an account with us or we are providing products and/or services to you. Thereafter, we will keep your personal data for as long as is necessary:
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly;
- to keep records required by law.
To determine how long we should keep the different types of personal data we hold about you, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will not keep your personal data for longer than necessary.
In some circumstances, we may anonymise personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
11. Transferring your personal data out of the UAE
We will keep your personal data while you have an account with us or we are providing products and/or services to you. Thereafter, we will keep your personal data for as long as is necessary:
- with our offices or other companies within our group located outside the UAE;
- with your and our service providers located outside the UAE;
- if you are based outside the UAE;
Under data protection law, we can only transfer your personal data to a country or international organisation outside the UAE where allowed by the law.
Transfers with appropriate safeguards
Where there is no adequacy decision, we may transfer your personal data to another country or international organisation if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.
Transfers under an exception
In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g.:
- you have explicitly consented to the proposed transfer after having been informed of the possible risks;
- the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
- the transfer is necessary for a contract in your interests, between us and another person; or
- the transfer is necessary to establish, exercise or defend legal claims.
We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.
12. Your rights
You have the following rights, which you can exercise free of charge:
| Your right | What it means |
|---|---|
| Access | The right to be provided with a copy of your personal data |
| Rectification | The right to require us to correct any mistakes in your personal data |
| Erasure (also known as the right to be forgotten) | The right to require us to delete your personal data—in certain situations |
| Restriction of processing | The right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data |
| Data portability | The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations |
| To object | The right to object: —at any time to your personal data being processed for direct marketing (including profiling); —in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests |
| Not to be subject to automated individual decision-making | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you |
You will not have to pay a fee to access your personal data (or to exercise any other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure personal data is not disclosed to a person who has no right to receive it. We may also contact you to ask you to clarify your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests in which case we will keep you updated.
If you would like to exercise any of those rights, please:
- email, call or write to us – see below: ‘How to contact us’; and
- let us have enough information to identify you (e.g. your full name, address and customer or matter reference number);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know what right you want to exercise and the information to which your request relates.
13. Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
14. How to complain
Please contact us if you have any query or concern about our use of your information (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.
You also have the right to lodge a complaint with JPL at [email protected] or telephone: (04) 547-7778
15. Changes to this privacy policy
We may change this privacy notice from time to time – when we do we will inform you via our website or other means of contact such as email.
16. How to contact us
If you have any questions about this privacy policy including any requests to exercise your data privacy rights, please contact:
Email: [email protected]
Address: Gate District 4, Level 6, Unit 3, DIFC, Dubai, UAE
