Scope of the Privacy Policy

Juba Express has developed this privacy policy to explain how we may collect, retain, process, share and transfer your personal data in relation to the services you receive through our website or mobile application. This policy (together with our Terms and Conditions) constitutes the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

This privacy policy details how Juba Express may collect, retain, process, share, and transfer your personal data when you use our services via our website or mobile application. Along with our Terms and Conditions, this policy governs how we process any personal data you provide or that we collect from you.

Commitment to privacy

Juba Express is dedicated to protecting the privacy of every customer using our website and mobile application. As a Data Controller, we comply with the Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR). This regulation mandates stringent data protection and privacy measures for all individuals within the European Union (EU) and the European Economic Area (EEA). It gives individuals control over their personal data and simplifies the regulatory environment for international business. Our privacy policy, adhering to GDPR, is designed to ensure that your personal data is handled securely, and your privacy rights are respected.

We regularly review and update our privacy policy, reflecting changes in law or improvements in data protection practices. It’s important to regularly check this page to stay informed about how we protect your privacy and handle your personal data.

Significance and Use of Information Collected

The information we collect at Juba Express is crucial for providing and enhancing our service to customers. The types of personal data we gather include:

• Data for account opening and service usage.
• Additional KYC (Know Your Customer) information upon request.
• Information for temporary increase of sending limits.
• Communication with customer support.
• Participation in our competitions or campaigns.
• Sharing information on social media.
• Electronic verification of details with National and Credit agency databases.
• Personalized service provision.
• Market research surveys.
• Competition management.
• Marketing of our products and services.
• Compliance with mobile applicable regulations for internal records.

This information is not disclosed, except as required by law. We use aggregated data, ensuring individual users are not identified, for marketing profiles, strategic development, managing advertiser relationships, and site and mobile application usage audits.

The collection of this data might include indirect methods, like e-ID submission or uploading passport and facial recognition images. Opting not to provide information may limit our ability to provide services as per regulatory obligations.

Use of Cookies

Juba Express employs cookies on our website to recognize customers and enhance the user experience. Cookies, small data files stored on your device, help streamline interactions with our site, remembering user preferences and settings. They play a crucial role in improving website functionality and user navigation. For a comprehensive understanding of how we use cookies, including the types of cookies deployed and how they impact your browsing experience, please refer to our detailed Cookie Policy.

Customer Reviews

Customer reviews are periodically displayed on our website, showcasing experiences and feedback from our users. These reviews are featured with the express consent of the customers who provided them, reflecting their satisfaction with our services. If you have submitted a review and wish to update or remove it, you can easily do so by contacting us at customersupport@jubaexpress.com. We respect the preferences of our customers regarding their feedback and ensure their reviews are managed in line with their wishes and our commitment to transparency and customer service.

Information from third parties

If you reside in Sweden or Norway, Juba Express obtains your address information from third-party service providers. These providers source this information from databases that are publicly available, ensuring the data is obtained in a lawful and transparent manner. This process is part of our commitment to maintaining accurate and up-to-date records, as well as facilitating efficient and effective service delivery. By sourcing from public databases, we adhere to legal standards for data collection, ensuring your information is gathered in compliance with relevant data protection and privacy regulations.

Purposes and Legal Basis of Data Collection

The purpose of processing your data and the corresponding legal basis are as follows:

• To Identify You: We process data to comply with legal obligations.
• To Verify Your Identity: This is done in adherence to legal requirements.
• To Verify Your Address: Also, a compliance with legal obligations.
• To Process Transactions: Necessary for the performance of our contractual agreement.
• To Collect Payment: This processing is essential for the performance of our contract.
• Transaction Alerts: For the performance of the contract to keep you informed.
• Information about the Service: Part of our contractual service offering.
• Conduct Competitions and Campaigns: A contractual obligation to provide these activities.
• Direct Marketing: Based on our legitimate interest in promoting any updates to our services.
• Developing the Service: Innovations are based on our legitimate interest.
• Fraud Detection and Prevention: Essential for compliance with legal obligations.
• Complying with AML and CTF Laws: To adhere to anti-money laundering and counter-terrorist financing laws.
• Legal Claims: Processing data based on our legitimate interest in protecting our legal rights.

How Long We Keep Your Personal Data

We may keep data longer if required by law or to protect Juba Express's rights, property, or safety. The retention period for your data depends on its purpose:

• Basic KYC Data: Purpose: To identify you. Retention: Minimum 5 years post-contract, 10 years if required by authorities.
• Identity Verification Data, Personal Number, Photo Image: Purpose: Identity verification. Retention: Minimum 5 years post-contract, 10 years if required by authorities.
• Address Verification Data: Purpose: Address verification. Retention: Minimum 5 years post-contract, 10 years if required by authorities.
• Name, Contact, Address, Payment, Recipient Data: Purpose: Transaction processing. Retention: As long as you remain to be a customer.
• Basic KYC, Payment Data: Purpose: Payment collection for the Service. Retention: Minimum 5 years post-contract, 10 years if required by authorities.
• Name, Contact, Recipient Data: Purpose: Transaction alerts. Retention: As long as you remain to be a customer.
• Name, Contact Data: Purpose: Service information and marketing. Retention: As long as you remain to be a customer.
• Device, Service Data: Purpose: Service development. Retention: 1 year from collection.
• Email, Photo Image: Purpose: Fraud prevention. Retention: Minimum 5 years post-contract, 10 years if required by authorities.
• Additional KYC, Address, Recipient Data: Purpose: Compliance with anti-money laundering and counter-terrorist financing laws. Retention: Minimum 5 years post-contract, 10 years if required by authorities.

How we Share Information with Other Parties

We share your personal data in the following ways:

• With Third-Party Service Providers: Contracted by Juba Express for operations like transaction processing, fraud prevention, and marketing. They can only use your data for services to us.
• With Third Parties for Money Transfers: Your name is shared to confirm recipient identity in the mobile application.
• During Capital Raising or Sale Processes: To prospective buyers, we may disclose your personal data including KYC and usage data.
• With Law Enforcement and Government Officials: Only upon legal requests like subpoenas or when necessary for legal compliance, reporting illegal activities, or investigating our Terms violations.

We promise not to sell or transfer your data for third-party promotional purposes without explicit consent.

Transferring data outside of European Economic Area

Personal data which is submitted via our Service is sent to and stored on secure servers owned by, or operated for, us in the European Economic Area ("EEA"). Such data may be transferred to, or stored at, a destination outside the EEA and may also be processed by staff operating outside the EEA who work for us or for one of our service providers. Such transfers may be made in order to operate the Service, improve our Service, or to assist in our security or fraud protection activities.

Whenever we transfer personal data to a destination outside EEA, we take applicable legal measures to:

• Make sure that the data transfer complies with applicable law.
• Ensure that your data has the same level of protection as it has in the EU/EEA.

To ensure that each data transfer complies with mobile applicable EU/EEA legislation, we use the following legal mechanism:

• Standard Contractual Clauses, which are clauses that require the other party to protect your data with EU-level rights and protections.
• Adequacy decision, which means that we transfer personal data to a destination outside EEA which have adequate laws to protect personal data, as determined by the European Commission.

Depending on your use of the Service, including the countries you send money to, we may transfer your data to the following countries outside of the EEA: our recipient countries as displayed in the Service from time to time, Somalia, Kenya, the USA and the UK.

When we transfer your data to the UK, we do so on the basis of an adequacy decision issued by the European Commission in accordance with Article 45 of GDPR. The decision confirms that the regulatory requirements in these countries ensure an adequate level of protection for your personal data. For transfers to all other countries, we rely on standard data protection clauses adopted by the European Commission. If you would like to obtain a copy of the clauses we use, please contact us by sending an email to customersupport@jubaexpress.com.

Security

To prevent unauthorised disclosure or access to your information, Juba Express has implemented strong physical and electronic security safeguards. Juba Express has robust security measures and controls in place to protect systems and data. Juba Express follows stringent procedures to ensure we work with all personal data in line with the GDPR.

Juba Express employs robust physical and electronic safeguards to prevent unauthorized disclosure or access to your information. This includes rigorous security measures to protect systems and data, adhering to strict procedures in compliance with the General Data Protection Regulation (GDPR).

Transmission over the internet carries inherent risks; we can't guarantee complete security for data sent to our site. We implement stringent measures upon receiving your data to prevent unauthorized access. For financial information entered in our Service, such as e-ID or debit card details, we use SSL encryption and 256-bit data security, ensuring privacy and security in data transmission.

Additionally, we have implemented technical and organizational measures for data protection, aligning with GDPR and the Swedish Payment Services Act (2010:751). These measures ensure confidentiality, appropriate data availability, accuracy, and GDPR compliance.

Please note that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Your Rights Related to Personal Data

Under the GDPR, you have the following rights related to your personal data:

• Information: The right to be informed about how your personal data is used by Juba Express.
• Rectification: The right to correct, amend, or update your personal data if inaccurate or outdated.
• Erasure: The right to request deletion of your personal data from our records, applicable in certain situations such as data no longer being necessary for the purposes it was collected for, withdrawal of consent, objection to data use, unlawful data processing, or legal requirements to delete data.
• Restriction: The right to request suspension of data processing under certain circumstances, like verifying accuracy, unlawful use without wanting deletion, need for data in legal claims, or pending verification of our processing grounds.
• Objection: The right to object to our data processing, including profiling, based on legitimate interests, unless our processing grounds override your rights and interests.
• Access and Portability: The right to access your personal data in a structured, commonly used format and transfer it to another controller, applicable when processing is based on consent or contract and is carried out by automated means.

You can contact us regarding these rights but note exceptions may apply due to financial institution regulations, like mandatory retention periods overriding erasure rights.

To exercise these rights, contact us at info@vpayments.ie or by mail at Consulting International Europe AB (CIEAB), Odinsgatan 13, 41103 Göteborg, Sverige.

Your Right to Request a Change to Data

You have the right to request changes or deletion of your personal data, which we will address without charge and aim to respond within 30 days. However, charges may apply if requests are excessive or beyond reasonable rights, and we may decline unreasonable requests.

To ensure security and privacy, we may request specific account information and proof of identification to verify your identity.

If unsatisfied with our response, you can lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) at www.imy.se/en/. Their website offers a structured format for GDPR-related complaints at www.imy.se/en/individuals/forms-and-e-services/file-a-gdpr-complaint/.

You can find a helpful format for such a complaint on the Swedish Authority for Privacy Protection's website at www.imy.se/en/individuals/forms-and-e-services/file-a-gdpr-complaint/.

Automated Decision Making, including Profiling

We engage in automated processing and profiling using data you provide and information from third parties. This includes making automated decisions regarding identity verification, sanction and PEP checks. Automated processes might limit or suspend your access to our Service if they detect high-risk activities.

You have the right to object to decisions made solely through automated means, especially those with significant effects on you. In such instances, you can request a manual review of the automated decision to ensure fairness and accuracy, in line with your rights under data protection laws.

In some cases, automated processes may restrict or suspend access to our Service if such process’s identity activity that we believe poses risks to our Service, other users, or third parties.

You have the right to not be subject to individual decisions made solely by automated means. This means that if we make an automated decision about you that significantly affects you, you can request us to perform a manual review of this decision.

Contact

For inquiries, requests, or concerns about our privacy policy or your personal data use, please email us at customersupport@jubaexpress.com or write to Consulting International Europe AB, Ostra Hamngatan 17, 411 10 Goteborg, Sverige, Sweden. If your concerns are not satisfactorily addressed, you have the right to lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten), the supervisory authority for data protection issues in Sweden. Their contact details and further information can be found at https://www.imy.se.