Skip to main content

PRIVACY NOTICE

Last update: 20-09-2024

This privacy notice (the “Privacy Notice“) governs the manner in which Paymall Luxembourg SARL, a limited liability company incorporated under the laws of Luxembourg, established and having its registered office at 10, Giällewee, L-9749 FISCHBACH (Clervaux) and registered with the Luxembourg Trade and Companies Register, Section B, under number 287408 (“PAYMALL” or “we“) processes personal data collected in connection with the paymall.lu website (the “Site“) in its capacity as data controller.

If you have any questions about this Privacy Notice or the processing of your personal data, you can contact us by post or via the following details:

Phone: +35227522860

Email: info@paymall.lu

 

  1. Compliance with Data Protection Legislation

PAYMALL undertakes to make every effort to comply with the laws and regulations governing the processing of personal data, including, but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the “GDPR“) and any other applicable national laws or regulations governing the processing of personal data.

  1. Data Subjects

The Site allows you to create a user account to order items of any kind, select offers from those proposed by PAYMALL and have them delivered to the location of your choice (the “User Account“).

The persons whose personal data we process (the “Data Subjects” or “you“) are:

  • Users of the Site who have created a User Account, who may be either consumers or independent contractors or the manager(s) and employee(s), acting as a point of contact for PAYMALL, if the customers are legal entities (the “Users“); and
  • Any other natural person whose personal data you transmit to us within the framework of the Site. The personal data of these other persons is submitted to PAYMALL under the responsibility of the Users who, by transmitting it, undertake to have all the legal authorisations to do so. The data will only be used if it is necessary for the provision of our services on the Site;
  • Any visitor to the Site.
  1. Processing of Personal Data

User Account

When you register on the Site, we collect and process your identification and contact details to create your User Account.

Once your User Account has been created, we process your personal information to:

  • Ensure secure access to the User Account,
  • Offer services accessible via the User Account (access to order history, status of orders placed, etc.).

This data is processed based on your consent (article 6-1, a), GDPR). Fields marked with an asterisk must be completed to create a User Account.

Data relating to the User Account will be kept until you delete your User Account or when it is considered inactive, i.e. after a period of inactivity of two (2) years.

Orders, delivery of items and services

When you place an order via the User Account, we process your personal data to:

  • Process your order and submit the offer(s) selected,
  • Ensure delivery of ordered items and,
  • Manage the issue and payment of invoices.

This data processing is necessary for the performance of the contract concluded between the User and us (article 6-1, b), GDPR) or is based on our legitimate interests in honouring our contractual commitments to our legal entity customers (article 6-1, f), GDPR). The communication of this data is necessary to enable you to place an order via the User Account.

Data relating to orders placed will be kept for ten (10) years from the deletion of the User Account or from the time when the account is considered inactive, i.e. after two (2) years of inactivity.

Answers to questions and contact requests

You may contact us by the various means available on the Site, including via the User Account or the social networks. In this case, we will only process your personal information to respond to your requests for information and questions.

The processing of your data is based on our legitimate interest in responding to Data Subjects and follow up our commercial relations (article 6-1, f), GDPR).

If you send your request via the User Account, your data will be kept until the User Account is deleted or, in the case of commercial correspondence, for ten (10) years from the deletion of the User Account or from the time the account is considered inactive. Data relating to communications sent by any other means will be kept for three (3) years from the last contact with the Data Subject.

Marketing communications

We send informative and commercial emails (“Marketing Communications“) to Users whose electronic contact details we have obtained by providing our services through the Site, where such Users have not objected to such use of their data.

Marketing Communications are intended to transmit marketing offers to the Users concerned, information on events organised by PAYMALL or to inform Users of the addition of new functions, products or services to the Site.

This processing is based on our legitimate interest in providing information about our activity and promoting our image to Users (article 6-1, f), GDPR).

The User concerned has the option of objecting to such use of his/her email address, free of charge and in a simple manner, by clicking on the “Unsubscribe” link included in each email sent.

In this case, his/her details will be deleted from the PAYMALL database established for Marketing Communications within thirty (30) days from that moment. If the User does not object to receiving Marketing Communications, their personal data will be kept until the User Account is deleted or when the account is considered inactive, i.e. after a period of inactivity of two (2) years.

Legal and regulatory compliance

In the course of our business, we may also need to process your personal data in order to comply with the legal and regulatory obligations to which we are subject (accounting and tax obligations, protection of personal data, etc.).

This processing is necessary to comply with the said legal obligations (article 6-1, c), GDPR).

Personal data processed in this way will be retained in accordance with the applicable limitation periods and legal retention obligations to enable us to demonstrate compliance with our legal and regulatory obligations.

Website and security

When you browse the Site, data relating to your activity is also collected to ensure optimal, secure and appropriate use of the Site (for example, by adapting the display of the Site if the connection comes from a mobile phone).

The processing of this information is based on our legitimate interest in providing a reliable and secure Site to Data Subjects (article 6-1, f), GDPR).

This data is kept in event logs for a maximum period of one (1) year from the date of collection.

Backups

By setting up backups, we can ensure that data is available and can be accessed within an appropriate timeframe in the event of a physical or technical incident.

Safeguarding Data Subjects’ data is based on our legitimate interest in ensuring our digital resilience and business continuity in the event of an incident (article 6-1, f), GDPR).

The data contained in the backups is kept until it is overwritten by a new backup. This data is “out of use” and is only used for backup purposes. In the event of a request for deletion, the personal data contained in these backups will be deleted insofar as this is technically possible.

  1. Use of cookies

We also use cookies to ensure the optimal operation of the Site. Some of these cookies do not require your consent as they are purely technical and their use is based on our legitimate interests in providing an operational, reliable and secure website (article 6-1, f), GDPR).

Some others are not necessary for the operation of the Site and require your consent. In these cases, we obtain your consent before depositing or reading these cookies by means of a cookies banner accessible on the Site (article 6-1, a), GDPR).

For more information on the cookies used, please consult our Cookie Policy, which can be accessed here .

  1. Data sharing

PAYMALL may share your personal data:

  • To its sub-contractors, within the limits of the services sub-contracted and insofar as this is necessary for the purposes set out in point 3 above (IT service providers, suppliers of cloud-based solutions, marketing and advertising service providers, etc.);
  • With third parties, as part of their services and expertise (lawyers, banks, etc.).

PAYMALL may also disclose your personal data if it considers such disclosure necessary to comply with the law, protect its rights, property or safety, or those of others.

  1. Data retention

We take all reasonable steps to ensure that your personal data is processed and stored only for as long as necessary for the identified purposes, in accordance with the retention periods described in point 3 above.

We undertake to delete or anonymise your personal data on expiry of the defined retention periods, plus a period of a few days if necessary to ensure the deletion or anonymisation of the data concerned in practice.

  1. Data security

We put in place appropriate security measures for the collection, storage and processing of data to protect against unauthorised access, modification, disclosure or destruction of personal data.

Data Subjects are responsible for ensuring that any personal data they send to PAYMALL is sent securely.

  1. International transfers

We do not transfer personal data outside the European Economic Area or to any international organisation, except for transfers carried out as part of exchanges on social networks and the use of Google Analytics.

In this context, your data may be transferred to organisations that are members of the Data Privacy Framework Program in the United States. Transfers carried out within this framework are considered by the European Commission to offer an adequate level of data protection.

  1. Data Subject Rights

Under the applicable legislation on the protection of personal data, you have the right to access, rectify, limit and object to the processing of your personal data, the right to erasure and the right to portability of your data by sending an e-mail to info@paymall.lu. These rights may only be exercised within the limits of any contractual or legal obligation.

You also have the right to lodge a complaint with the Luxembourg supervisory authority, the Commission nationale pour la protection des données (Asserting your rights – Individuals – National Data Protection Commission – Luxembourg (public.lu)).

Where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent carried out prior to the withdrawal of consent.

  1. Changes to this Notice

We reserve the right to update this Privacy Notice at any time and will revise the date of the last update at the top of this page.

We encourage you to check frequently for changes to this Privacy Notice and will inform you of any substantial changes to this page.

Address

Paymall Luxembourg s.àr.l.
10, Giällewee
L-9749 Fischbach (Clervaux)
Luxembourg

Contact

+352 275 228 60

info@paymall.lu

© 2025 Paymall

Legal noticeData protectionTerms & Conditions