Data Protection Policy
We are committed to protecting the privacy and personal data of our employees, customers, partners, and other stakeholders. This Data Protection Policy outlines our approach to data protection, including the collection, processing, storage, access, and disposal of personal data in compliance with applicable data protection laws and regulations.
Our platform collects certain personal information to enhance user experience and provide tailored services. The information we collect includes:
1. Mobile Phone Number:
- We collect users’ mobile phone numbers when they choose to log in using this method. This information is crucial for account verification, security, and communication purposes.
- The collection of email addresses is optional for users. Users may choose to provide their email addresses to receive important updates, notifications, and newsletters. Email addresses also serve as an additional means of communication and account verification.
- The collection of usernames is optional and provides users with a personalized identity on our platform. The use of usernames also offers an additional layer of privacy for users who prefer not to disclose their real names.
Collection and Use
The app collects personal information through a user-friendly sign-up process and allows users to voluntarily contribute additional details to enhance their experience. The emphasis is on user consent, data security, and transparency, ensuring that users have control over their information while enjoying the benefits of a personalized and efficient app experience.
The reason for collection:
1. Customer Service:
- The primary purpose of collecting personal information is to enhance customer service. By obtaining users’ mobile phone numbers and email addresses, we can promptly and efficiently address any issues or concerns users may encounter while using our platform. This information allows our customer service team to reach out to users, provide assistance, and resolve problems in a timely manner. This ensures a positive and supportive user experience.
2. Communication of Important Information:
- Mobile phone numbers and email addresses are essential for communicating important information to users. This includes sending receipts for orders, which serves as a confirmation of their transactions. Additionally, in the case of failed payments, users are notified through email to address the issue promptly. This proactive communication ensures that users are informed about their transactions and any potential problems that may arise, contributing to transparency and trust in our platform.
3. Order Confirmation:
- Collecting personal information enables us to send users detailed and accurate receipts for their orders. This documentation serves as a record of the transaction, including items purchased, payment details, and other relevant information. This not only helps users track their purchases but also provides a level of security and assurance regarding the completion of their transactions.
4. Payment-related Communication:
- In the event of a failed payment or any payment-related issues, users are promptly notified via email. This ensures that users are aware of the situation and can take appropriate action, such as updating payment information or contacting customer support for further assistance. Timely communication regarding payment matters is crucial for a smooth and reliable user experience.
We capture the users card details / payment information (only capture / store the last 4 digits in our MySQL DB) to complete the rental service.
Process the user data is collected:
- User downloads Joos and signs up using mobile phone number or 3rd party logins.
- After the user input email, username, card details the Joos app communicates with our Joos app server. Joos app server is the system responsible for all core transaction process such as users orders, user registration and payment information.
- Once it has communicated with the Joos app server this data is then passed over to and stored securely within our mySQL data base.
We prioritize the security and integrity of the personal information entrusted to us by our users. To ensure a robust and reliable storage solution, we utilize MySQL as our database management system. Currently, our MySQL database is housed in the Alicloud Frankfurt server room.
- MySQL is a widely used and trusted relational database management system known for its reliability and performance. It allows us to efficiently organize, manage, and retrieve data, providing a solid foundation for the seamless functioning of our platform.
Alicloud Frankfurt Server Room:
- The choice of Alicloud (Alibaba Cloud) as our cloud service provider reflects our commitment to leveraging industry-leading infrastructure. The Frankfurt server room is strategically selected for its advanced facilities, robust security measures, and high-performance computing capabilities. By hosting our database in this location, we aim to ensure both the accessibility and security of the stored data.
Ensuring the robust security of our stored data is a paramount priority. The data resides in a MySQL database, and our MySQL service is fortified with a comprehensive security policy, safeguarding it from external access.
To fortify our data against potential external threats, our MySQL service is meticulously configured to be inaccessible from external networks. This strategic measure acts as a critical barrier, thwarting any unauthorized attempts to access or compromise our database from outside sources.
Furthermore, our security policy extends to internal access controls within the organizational network. While internal access to MySQL is facilitated, it is meticulously limited to specific user accounts. These accounts are exclusively owned by designated individuals within our organization, ensuring that access to the database is restricted to authorized personnel only.
Access to the stored data is restricted to a select group of individuals within our organization. Currently, only a small number of our technical staff members have been granted access to this data. This intentional limitation is in line with the principle of least privilege, where access permissions are granted only to the extent necessary for individuals to perform their specific job responsibilities.
User data is continuously stored in our secure databases and is disposed of under specific circumstances. Users can initiate data clearance by contacting us to cancel their account or by using the app’s self-service cancellation feature. This user-initiated approach ensures prompt and thorough data removal, respecting user preferences. Our retention periods balance user needs with operational requirements, allowing for necessary processes while upholding user privacy.