A separate agreement (the “Customer Agreement”) may be in place between your organization and June that governs the commercial terms of delivery, access and use of the Service by users who are authorized by your organization to use its instance of the Service (such Customer-specific instance of the Service is referred to herein as the “Customer Workspace”).
With reference to the General Data Protection Regulation 2016/679 (“GDPR”), we take great effort in complying with the EU legislation to deliver our services to EU/EEA customers as well as processing our customers’ data properly. In this section, we provide the details related specifically to GDPR. Data Controller: We act as data controller when processing your personal information about you as a (i) personal customer or (ii) a primary contact person for a business customer. EU Representative: ferruccio[at]june[dot]so
The requirement comes from article 27 of the GDPR regarding representatives of controllers pr processors not established in the Union. Data Processor and DPA: We act as data processor in relation to all the personal data you upload to us as part of our delivery of the Services. This means that your customer data will be processed by us. It also means that your employees’ account information will be processed by us on your behalf when you establish their accounts. Therefore, the entity who enters into the Customer Agreement with June controls the Customer Workspace used by its authorized users and may set certain rules related to your utilization of the Service, including limitations regarding which third party applications you can connect to via the Service. If you have questions about your organization’s specific Service settings and practices, you should contact them directly. In our capacity as data processor of the information uploaded by our customers to the Services, we have a data processor agreement in place based on the EU Commission’s Standard Contractual Clauses (the data processor agreement hereinafter referred to as the “DPA SCC”). You can read more about the DPA SCC here
When you register for a June account you are required to provide certain personal information (the “Personal Data”), such as your name, and email address, and telephone number, as well as other information that you voluntarily choose to add to your account profile, like a profile photo. If you choose to register for an account utilizing your credentials from a third-party service (such as Google or Microsoft), then your name and email address will be provided to us as permitted by your profile settings within that third-party service.
If you are registering for a paid account, you will also be required to provide payment information, such as payment card details (collected by our payment service provider), and Single Sign On (SSO) SAML 2.0 credentials.
You can access our list of data processors here:
We share only the data strictly necessary to deliver the Services, including maintaining our IT-infrastructure. EU/EEA: Due to the nature of the service, some Third-Party service providers may be data controllers in the sense of GDPR, Article 4(7). For instance, this would cover most payment service providers. Sharing with Our Subsidiaries and Affiliates June is managed and operates primarily out of the United States and France. We allow our French subsidiary, June SARL, and its employees and agents to access your Personal Data for the purposes described in this policy (this sharing is in our legitimate interest). EU/EEA: We have the SCC DPA in place between our group companies. Sharing for Legal Purposes to Protect June and the Service We may disclose your Personal Data if required to do so by law or if we have a good faith belief that such action is necessary to (i) comply with a legal obligation or lawful requests by public authorities, including to meet national security or law enforcement requirements, (ii) protect and defend the rights or property of June, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability. EU/EEA: Our legal basis for processing the above information is GDPR Article 6(1)(f) regarding processing necessary for the purposes of the legitimate interests pursued by June or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (you) which require protection of personal data. Sharing with Your Consent We may share Personal Data about you with third parties when you give us consent to do so. For example, with your permission we may publish and display testimonials or featured customer stories on our Websites, including names and profile photo of representatives of our customers alongside the testimonial. EU/EEA: Our legal basis for processing the above information is GDPR Article 6(1)(a) regarding your consent on the Websites for our marketing communication. 6 – Data Retention June generally retains your Personal Data for a limited period, which is consistent with the original purpose of collection. We use the below default retention periods. Account Data and User Data: For 2 years after the end of the business relationship (closure of the account). The limitation is set for us to protect our legitimate interests in a potential dispute regarding the use of the account. No other use of any data will take place after the closure of the account. Customer Data: For a maximum of 30 days after the termination of the business relationship. We refer to the provisions regarding consequences of termination in the SCC DPA. Marketing Data: Until you withdraw your consent.
Get actionable insights and
custom built reports in
seconds, not hours.