View Privacy Policy (US)

Privacy Policy (GB)

Policy last updated on May 19, 2022

ARTICLE 1. PURPOSE OF THE PRIVACY POLICY

This privacy policy (known collectively as the “Policy”) sets forth the terms and conditions for processing information that both directly or indirectly identifies Members (the “Personal Data”) when using the App, as well as Members’ legal rights in respect of such Personal Data.

The terms defined in the General Terms and Conditions are relevant to this Policy, including defined terms for the Company,Members and App.

The App complies with UK, French and other European legislation on Personal Data protection. The Company is obliged to respect and to have its staff members, service providers and subcontractors (the “Staff”) abide by all these legal obligations.

ARTICLE 2. CHANGES TO THE PRIVACY POLICY

If changes are made to the Policy, the Company is bound to maintain an equivalent level of Personal Data privacy and security.

If a Member does not accept the Policy or any new version of the Policy, this may result in the removal of the Member's Account and the subsequent deletion of their Personal Information as described in the Policy.

ARTICLE 3. PURPOSE AND LEGAL BASIS OF PROCESSING PERSONAL DATA

Processing Personal Data is only possible if used for a specific and explicit purpose, namely for reasons provided for by the law, referred to as the « legal basis ».

In general, Personal Data pertaining to a Member is collected in order to allow him/her to develop his/her loyalty with partnering brands by analyzing his/her banking transactions. For this purpose, Personal Data are processed by and/or on behalf of the Company, reachable at the following address: Wylr 5 avenue du Général de Gaulle - 94 160 Saint Mandé, France. Email : dpo@joko.com - Phone: (+33) 9 74 59 25 75

The following chart describes the intended purpose of various data collecting measures and indicates their applicable legal basis:

Link to table

In cases where data processing is done pursuant to the Company’'s legitimate interest, the reason for the Company’'s interests is stated in the subsection. In all such cases, the Company has ascertained beforehand that its legitimate interests do not infringe upon the rights and interests of any Member. Under no circumstances are data used for a purpose that would infringe upon Members' privacy.

ARTICLE 4. PROCESSED AND STORED PERSONAL DATA

For the App to be used, various types of Personal Data can be collected, processed and stored. Whenever supplying Personal Data is mandatory, an asterisk (*) will appear next to the Personal Data or category of Personal Data concerned. The following chart outlines the Personal Data that may be processed by the Company and the duration that it can be stored:

Link to table

These data are collected whenever a Member uses the App, or indirectly, whenever a Member activates an Online Offer. Furthermore, some Personal Data may be collected when a Member uses the web browser plug-in and clicks on the Offer button while on a Merchant's website.

ARTICLE 5. DATA RECIPIENTS

All Personal Data are intended for the Company, its service providers and subcontractors as well as its commercial partners, excluding data relating to a Member's identity.

All Personal Data are intended for the Company, its Staff and its commercial partners under the following terms and conditions:

Link to table

The Data may also be made available to competent public institutions where required by law or in case of requisition.

When using Facebook Connect and contacting the Support team via the Zendesk tool, Identification Data may be transferred to the United States. Similarly, some or all login and technical data may be transferred to the United States to companies Sentry, Amplitude and Adjust.

In order to ensure Personal Data is protected, the Company has put in place standard contractual clauses with these companies. In addition, Zendesk has established binding corporate policies approved by Ireland's supervisory regulators that ensure data protection within Zendesk operations.

For more information, Members can access these companies' privacy policies at the links below:

Members’ banking data may be transferred to the European Union and the United Kingdom.  There is a European Commission adequacy decision in respect of the United Kingdom.

ARTICLE 6. MEMBER RIGHTS

The legislation on Personal Data protection recognizes various rights granted to Members:

  • Access and correction rights: any Member may request access to his or her Personal Data and, if necessary, correct such data;

  • Right to withdraw consent: where consent has been the legal basis for processing the Personal Data, any Member may at any time withdraw his or her consent to have Personal Data about him or her processed, such withdrawal being effective for future use only;

  • Right to object: any Member may object to having his or her Personal Data processed, provided that he or she has legitimate reasons for doing so (legitimate reasons are not required in relation to processing data for commercial prospecting purposes);

  • Right to erasure: any Member has the right to have his/her Personal Data erased after a certain period of time, provided that the Company does not have an overriding legal basis for continuing to process it;

  • Right to restrict processing: any Member may request that Personal Data concerning him or her be specifically flagged to restrict future processing, under various circumstances;

  • Right to data portability: any Member can request a copy, in an interoperable format, of the sole Personal Data he/she has provided to the Company, or even that the Personal Data in question be directly transferred to another data controller;

  • Right not to be subject to automated decision making: any Member who is subject to automated individual decision making must be able to see the logic behind the decision and discuss it with a physical person.

Moreover, in any event, any Member has the possibility to define instructions relating to the storage, deletion and communication of Data concerning him/her after his/her death.

If a Member considers that the Company has not complied with its obligations, he/she can address a complaint or a request to the competent authority. In France, the competent authority is the CNIL, to which any Member can submit a request electronically by clicking on the following link: 

https://www.cnil.fr/fr/plaintes/internet.  

In the UK, the supervisory authority is the Information Commissioner’s Office, to which any UK-based Member can submit a complaint using the form in the following link: 

https://ico.org.uk/media/2259547/personal-information-complaints-form-new-final-2307.pdf

ARTICLE 7. DATA SECURITY

The Company ensures that Personal Data collected and processed are safeguarded. In this respect, the Company and its service providers are obliged to take a set of measures to guarantee maximum protection of Personal Data, such as preventing this data from being altered, destroyed or distributed by unauthorized third parties.

The Company only receives the data necessary to enhance Member loyalty with its partnering retailers.

All the Personal Data processed by the Company is encrypted.

Staff members are bound by a confidentiality clause, whereas Personal Data circulating on networks, such as the Internet, are systematically encrypted.

Access to a user Account is secure and is achieved through any login credential that complies with local law applicable to the Company, such as a user ID and password. Login credentials are strictly personal. The Member is responsible for ensuring the privacy of their login credentials. In case of loss or theft of his/her login credentials, or if a Member becomes aware that these credentials are being used by an unauthorized third party, he/she must immediately inform the Company at the following address: contact@hellojoko.com, in order to revoke his/her login credentials and obtain new ones. The Company shall not be liable for the use of a Member's Account by unauthorized third parties permitted by the unlawful use of a Member's login credentials.

The Company and its service providers store data in their computer systems that allow any person connected to the Account to be identified, especially for the purpose of legal proceedings in court.

The Company agrees to immediately notify any Member, as soon as it is made aware of any serious incident, intrusion, disclosure, unlawful access or alteration to Joko or any malicious act against Personal Data that has or is likely to have a serious impact on a Member. Notifying a data breach is a legal obligation and does not constitute any acceptance of responsibility by the Company for the breach or its occurrence.  The Company will also comply with its notification obligations in respect of any notifiable Personal Data breach to the appropriate competent/supervisory authority, as set out in Article 6.

ARTICLE 8. COOKIES & TRACKERS

The Company and its partners may use cookies and trackers in Joko, which will be stored on Members' devices when they use Joko.

The Company uses the following cookies and trackers on both its Joko web and mobile applications:

  • Navigation cookies, which are necessary for Joko to successfully operate because they allow optimized content to be displayed on each terminal and to follow the transactions of the Members carried out within the framework of an Online Offer;

  • functional cookies, which are not indispensable for Joko to operate but optimize Members' experience, detect fraud, or provide support to members via Joko services. For this purpose the Company uses services from the following providers:

  • on the Joko web and mobile application:

    • Apple Sign In, which enables a Member to login via the Member's Apple account, if necessary. Apple's privacy policy is available at this link;

    • Facebook Sign In, which enables a Member to login via the Member's Facebook account, if necessary. Facebook's privacy policy is available at this link;

Link to table

  • These trackers are only used when the Member chooses to create an account on Joko via the third party social network.

  • only on the Joko mobile application:

    • CodePush, from Microsoft, which enables Members to update the app without collecting any personal data and whose privacy policy is available at this link.

    • Zendesk, for Member support;

    • Branch, which allows the Company to create deep links between different Joko applications to make its users' experience more fluid. The Branch privacy policy is available at this link;

  • analytics and audience measurement, which enables the Company to follow Members' browsing for optimization purposes. The Company uses its own trackers, as well as cookies and trackers from the following providers:

    • on the Joko web and mobile application:

      • Amplitude, to monitor the number of Joko Members and how Joko is used. The information collected is shared with the Company product team to improve the app experience and create new features, whose privacy policy is available at this link;

Link to table

  • On the Joko mobile app only:

  • Sentry, to monitor and report errors and accidents within the Joko system. Sentry's privacy policy is available at this link;

  • Advertisers, which enable data to be collected relating to the performance and exposure of advertising campaigns and distribute advertisements to Members. The Company uses its own tracers, enabling it to record a Member's actions, as well as cookies from the following providers:

    • on the Joko web and mobile application:

      • Amplitude, to analyze where Members are coming from on Joko (e.g. via a paid advertising campaign) and to determine the conversion rate achieved through marketing campaigns, whose privacy policy is available at this link ;

Link to table

  • Facebook Ads, to manage advertising, and to track members' actions on Joko. The Facebook privacy policy is available at this link;

Link to table

Only on the Joko web application:

  • Google Ads, to manage advertising and track members' actions on Joko. The Google Ads privacy policy is available at this link;

Link to table

Outbrain, to manage advertising, and track members' actions on Joko. The Outbrain privacy policy is available at this link;

Link to table

Only on the Joko mobile app:

  • Adjust, a tool that analyzes and manages acquisition campaigns, whose privacy policy is available at this link;

  • OneSignal, which manages push notifications sent to Members, and whose privacy policy is available at this link;

  • Firebase, a tool published by Google that manages push notifications sent to Members, and whose cookie policy is available at this link.

A Member can opt out of push notifications at any time via their Joko settings or their smartphone settings.

A Member can fully or partially accept and refuse these cookies or trackers by clicking on the banner provided when logging in to Joko. A Member can change his/her choice at any time. Using Joko may be adversely affected if the Member refuses to accept cookies.

None of these cookies or tracers allow a Member to be directly identified. The information collected by cookies and tracers are stored for thirteen (13) months and a Member's choice pertaining to these cookies and tracers is taken into account for six (6) months.