1. About Juni 

We are Juni Technology AB, Juni Capital Ltd., and Juni Financial Ltd. (‘Juni’, ‘we’, ‘our’, ‘us’) and operate under the business name Juni. Juni Technology AB is registered with the Swedish companies register (registration number 559248-0908), at Masthamnsgatan 21, 413 28 Gothenburg, Sweden, and Juni Capital Ltd and Juni Financial Ltd. with the Companies House (registration number 13687134 and 13687140 respectively), at Suite 1, 7th Floor, 50 Broadway, London SW1H 0BL, United Kingdom. In the UK, we are registered with the UK data protection authority (Information Commissioner’s Office or ICO) under number ZB260204 for Juni Financial Ltd. and ZB267576 for Juni Capital Ltd.

Under data protection law, we are a data controller regarding the personal data we receive from or collect about you. We are responsible for ensuring that your personal data is processed in compliance with applicable data protection laws in the EU, European Economic Area (EEA) and the UK, such as Regulation 2016/679 (‘General Data Protection Regulation’).

2. Setting the scene 

This Privacy Policy describes what information Juni collects about you and how Juni uses your personal data when reaching out to you, when you open an account with us, use the Juni platform, our cards, app or website www.juni.co or our credit lines. This Privacy Policy also describes your rights in relation to our use of your personal data, and how to exercise them.

Juni is committed to protecting and respecting your privacy and personal data. If you have any questions or concerns about our Privacy Policy or practices regarding your personal data, please contact us at privacy@juni.co.

When we use the term personal data, we use it in reference to any information which can be used to personally identify you (for example, a combination of your name and postal address). Personal data does not include information about a business that can not be used to personally identify a natural person.

If you give us personal data concerning other people (like Directors, owners, or employees), you confirm that you’ve been authorised by them to disclose this information, and that they understand how we will use their personal data.

Please read this Privacy Policy carefully, as it will help you make informed decisions about sharing your personal data with us.

3. What personal data do you collect about me? 

In short: Juni will collect and use specific types of information about you at different times. We will collect personal data when you interact with us (for example through our website, app or the Juni platform), if you have an account with us, use a service that integrates with Juni, sign-up for and use the Juni payment services, create an application for credit and when you interact with our representatives. In some cases, we will also collect information about you from third parties.

‍

When you apply for a Juni account

• Personal details of the applicant (authorised representative of the company), the Director(s), and any ultimate beneficial owners of the company, e.g., their full name and date of birth.
• Contact details, such as the physical address of the applicant, Director(s), any ultimate beneficial owners, and the applicant’s email.
• Information about your identity, such as a copy of your passport or relevant identification document. We may also receive this information from, or have it processed by, ID verification entities or services, or e-signature services, to help verify your identity and ensure the validity of any e-signatures provided.
  
• Biometric information to verify whether the identification documents that have been provided correspond to your identity. This may include, for example, a picture of your face (selfie). Please note that biometrics used on your device to e.g. log in or authenticate certain actions, are not processed by us. In those cases, we simply receive a confirmation from the device when the check has been successful.

‍

Regarding our credit offering

Information we receive about you from you:

• Personal details of the applicant (authorised representative of the company), the Director(s), and any ultimate beneficial owners of the company, such as their full name and date of birth.
• Contact details, such as the physical address of the applicant, Director(s), any ultimate beneficial owners, and the applicant’s email.
• Information about your identity, such as a copy of your passport or relevant identification verification documents.
• Information about your Juni cards, including the card number, expiry date, and CVC.
• Details about transactions made with your Juni card and on integrated accounts, including the date, time, amount, currencies, exchange rate, beneficiary details, details of the merchant or ATMs associated with the transaction (including merchants’ and ATMs’ locations), IP address of sender and receiver, sender’s and receiver’s name and registration information, messages sent or received with the payment, details of device used to arrange the payment, and the payment method used.
• Your email when you contact us via the Juni chat.
• Your email address and the contents of your communications.
• Public details from your social media profile (e.g. Facebook) if you reach out to us via these platforms, and the contents of your messages or posts to us.

‍

Information we receive about you from 3^rd parties:

• Information from fraud prevention agencies, KYC (Know-Your-Customer) and anti-money laundering service providers to meet our regulatory obligations.
• Bank account information, provided by account information service providers, for banks we have received transaction information from through the integration between such bank accounts and the Juni website (e.g. Yapily Ltd. or Salt Edge Limited).
• Information related to your company from publicly available sources of information (e.g. Companies House, other national company registration services and TrustPilot).
• Information from ad networks you integrated through the Juni website to allow us to receive your activity information (e.g. Google Ads).
• Information from credit reference agencies to help us to verify your identity, determine whether we can offer you our services, and calculate your risk profile. This information includes information concerning financial transactions, balances, identity, and investments.
• Information from the accounting information service providers integrated through the Juni platform to allow us to receive accounting and CRM information (e.g. Exact Online, FortNox).

‍

Information we collect or generate about you when you use the Juni platform and card

• Information about your Juni cards, including the card number, expiry date, and CVC.
• Details about transactions made with your Juni card and on integrated accounts, including the date, time, amount, currencies, exchange rate, beneficiary details, details of the merchant or ATMs associated with the transaction (including merchants’ and ATMs’ locations), IP address of sender and receiver, sender's and receiver's name and registration information, messages sent or received with the payment, details of the device used to arrange the payment, and the payment method used.
  
• Information we receive as a result of you, or other users, uploading invoices, receipts or other documents to our platform.
• For information collected and generated to comply with our obligations under Open Banking, please see section section 13.

‍

Information we collect or generate when you get in touch with us

• Your email when you contact us via the Juni chat.
• Your email address and the contents of your email communications with us.
• Public details from your social media profile (e.g. Facebook) when you reach out to us via these platforms, and the contents of your messages or posts to us.
• Recordings of your phone calls with us for training and performance review.
• We may perform recordings (audio and/or video) when we have internal meetings, or meetings between Juni staff and third parties (e.g. Sana, Gong). Such recordings may be done in order to ensure compliance, gather evidence, and document specific arrangements. You will be informed prior to each recording.
• Any feedback or other information you may provide to us, including any interviews or customer research activities you choose to participate in.

‍

Information we collect from your device

• IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our site or app, and other technical information. This information is primarily collected for security and operational purposes and analytics, but also can be used to provide personalised content and offers.

• By amending the web settings of your device or browser, you can disable the collection of some of this data. However, doing so may impact the functionality of our website. For more information, please consult the Juni Cookie Policy.
  

• When you utilise biometric data, such as Touch ID or Face ID, to unlock the Juni app on your device, we only receive approval or rejection values. We do not receive the biometric data.

‍

Information we collect from third parties

Our sales team may collect certain information from third parties prior to contacting you. This may include:

• Business information received from Cognism, a business data provider, including information on key employees, such as their name, email address, job title, department and phone number. For more information on the types of information collected and how these third parties process your data, please see the Cognism Privacy Policy.
• Contact details that you have submitted for conferences or events we sponsored, if such was agreed upon in the terms for the conference or event. We encourage you to get in touch with the relevant event organiser for further details.
• Information from online forms provided through our website, social media accounts or other channels.
• Referral information if you have been referred to us by a partner. In such cases, it is the responsibility of the partner to ensure that they have an appropriate legal basis to share such information with us. You are encouraged to get in touch with the referring partner for more information on how they process your personal data.

We may collect information through integrations with other services providers that you use, where you consent to such information being shared. This may include:

• Information we receive from the enabled integrations between Juni and your accounts, and held with other financial institutions, as supported by our open banking partners.
• Information which we have received from integrations with accounting software providers, where you have consented to us retrieving such information, in order to integrate this accounting software with your Juni account.

If you choose to add your Juni card to the digital wallet app on a device we may receive the following information from the providers of these apps:

• Information regarding the device on which the app is installed, the account held with the app provider, the payments made through such app and location data for such payments. For more information on how these parties collect and process your personal data, please review the relevant privacy policies.

When you register with us, we will also check your records with:

• fraud prevention agencies, KYC (Know-Your-Customer) and anti-money laundering service providers to meet our regulatory obligations, and
• credit reference agencies to help us verify your identity, determine whether we can offer you our services, and calculate your risk profile. This information includes data regarding financial transactions, balances, identity, and investments. Bear in mind that this is a “soft search” and will have no impact on your credit score.

Juni may collect personal data from publicly available sources, such as official public records and information published in the press or on social media, for enhanced due diligence checks, KYC purposes and market research.

When you transfer funds from an external account to a Juni account holder:

• fraud prevention agencies, KYC (Know-Your-Customer) and anti-money laundering service providers to meet our regulatory obligations.

4. What legal basis do you use? 

In short: Juni will only collect and process your personal data if we have a legitimate reason to do so. We always rely on one of the following legal bases when we use your personal data: contractual obligations, legal obligation, legitimate interest, consent, and substantial public interest. 

Contractual obligations

To meet our contractual obligations towards you and to be able to offer you our services, Juni needs to process certain personal data. 

Legal obligation 

In some cases, Juni needs to collect and retain your personal data to comply with applicable laws and regulations. For example, we must keep certain personal data about our customers to meet legal obligations imposed by anti-money laundering legislation. 

Legitimate interest 

Juni might use this legal basis to pursue our legitimate interest to collect and process your personal data, or share it with other organisations, provided that our legitimate interests are not overridden by your interests, rights, or freedoms. 

Consent 

This legal basis applies when you have affirmatively consented to Juni collecting or processing your personal data, e.g. by ticking a consent box. In cases where Juni processes personal data based on your consent, you reserve the right to revoke this consent at any time. For more information, please refer to section 8 (How to exercise your rights). 

Substantial public interest 

Sometimes Juni will collect your personal data to perform a task in the public interest that is set out in law. 

5. How do we use your personal data?

In short: Juni uses your personal data to carry out our operations smoothly and offer you our services, to ensure we meet all our contractual obligations, to keep both our customers and Juni safe and secure, and to comply with all applicable regulations.

‍

General Administration

We will use your personal data for administrative purposes, including tax administration; auditing; reporting and accounting functions; statistical analysis and market research; and market, regulatory and operational risk management.

In these instances, Juni will process your personal data under legal obligation (in regard to tax administration, auditing, reporting and accounting), legitimate interest (in regards to market, regulatory and operational risk management) and consent (in regards to statistical analysis and market research).

‍

Providing our services

When you apply to open an account with us, Juni will use the personal data you provide to verify your identity and make a decision on your application. The legal grounds for processing your data in this case will be our legal obligation.

We also use your personal data to ensure we can continue to promptly offer our services. For example, we will use your personal data to properly execute transactions, such as payments with your Juni card, payments into or out of your Juni account or cash withdrawals. Lastly, Juni will use your personal data to assist you when you contact customer support.

In these instances, Juni will process your personal data to fulfil a contractual obligation.

‍

Development of our products and services, commercial communication, and targeted advertising

Juni and our third-party partners may use your personal data to send you marketing and commercial communications regarding our services, in accordance with your selected preferences. You can opt-out of our marketing communications at any time by emailing our privacy team at privacy@juni.co. For more information on how to exercise your rights, please see section 8 (How to exercise your rights).

We may also use your personal data to develop content and display it to you, as well as to track, analyse and improve our ads. Additionally, we may process your data to provide you with additional commercial offerings and benefits. We may

also anonymize and aggregate your personal data, which will then be used to further improve our products and services.

For the above purposes, we will process your information based on our legitimate interest to understand how to market our services to you and improve Juni.

With your consent, we may record our phone calls with you for training and performance review purposes. We will be processing this data on the legal basis of consent.

‍

To keep our services up and running

Juni will use your personal data to manage www.juni.co and the Juni platform and app. For example, we may use your personal data to perform statistical or data analysis, testing, or research purposes and to ensure that we continue improving your experience and the content that is presented to you.

The legal basis for processing your personal data to manage and improve the Juni platform and app will in general be our legitimate interest in ensuring our ability to efficiently fulfil our contractual obligations towards you and provide you with the best experience when using our product.

The legal basis for processing your personal data through cookies necessary for the functioning of our platform and app is Juni’s contractual obligation, as outlined in the terms of your engagement with the Juni card and/or platform. Regarding the information collected through analytical or marketing cookies, Juni’s legal basis for processing your personal data is consent.

For more information, please see our Cookies Policy.

‍

To use our WiFi wireless internet service

When you access our guest WiFi wireless internet service in one of our offices, Juni will use your personal data to manage the WiFi wireless internet services, to prevent fraud and to detect, prevent and diagnose potential security beaches. The legal basis for processing this information will be Juni’s legitimate interest, namely to provide WiFi wireless internet services in our offices.

Occasionally Juni might need to share your personal data in cooperation with legal authorities and/or third parties in the investigation of a suspected or alleged crime or civil wrongdoing. In these cases, Juni will process your personal data based on our legal obligation or a substantial public interest.

‍

Processing in order to comply with applicable law and enforce our rights

As a financial services provider, Juni needs to use your information to confirm your identity when you sign up with us, perform checks on your record with fraud prevention and credit agencies, and comply with applicable financial crime laws.

In these cases, Juni will process your personal data based on legitimate interest. We ensure that we only process the personal data necessary to achieve this interest, and that our interest in conducting the processing outweighs your interest not to have your data processed in this manner.

Sometimes Juni will need to share your personal data with our regulators, partners on the basis of whose licence we operate, partners, tax authorities, law enforcement or fraud prevention agencies.

In these cases, Juni will process your personal data based legal obligation or substantial public interest.

Please read Section 7 (Your rights) for more information about your rights regarding our processing activities. For more information about who we share your personal data with, please read section 13 (Who do you share my personal data with?). You can also contact these companies directly to assert your rights under Section 7 with them.

We may need to use your personal data to protect Juni from legal claims and enforce our rights. If we do so, we will be relying on our legitimate interest as it arises in such instances.

‍

Information we collect when you integrate Google Ads

We offer the option to connect your Juni account with your Google Account to give you insights into your Google Ads campaign metrics and to create reporting for you based on your Google Ads expenditure. If multiple Google Ads accounts are connected to your Google Account, you can choose which ones you want to connect to your Juni account.

To provide these services, we will need you to give Google permission to share the following data with us:

• the names, IDs, and Manager Google Account IDs for each Google Ad Account connected;
• the campaign metrics available in your Google Ads Account, including e.g. the clicks and CPM; and
• the campaign reporting metrics, including e.g. the spend of a campaign.

Juni will be relying on contractual obligation to process this personal data. You can choose to disable the connection to the Juni platform if you no longer wish to provide us access to the above-described information. In such cases, we will erase any data related to your Google Ads Accounts and cease collection of this information from Google.

‍

Information we collect when you integrate Gmail

We enable you to connect your Juni account with your Gmail Account for the purpose of automatically fetching and matching receipts or invoices received in your Gmail account with transactions visible in your Juni account.

To do this, we will ask you to give Google permission to share the following data with us:

• Gmail email metadata, including but not limited to the recipient(s) name and email address, the sender(s) name and email address, the time sent and received and the email subject.
  
• Gmail email content data, including text and attachments.

We will not process this data for any purpose other than under our contractual obligation to provide you with the services described above. We will only share or transfer this data if (a) it is necessary to provide or improve prominent user-facing features on the requesting app's user interface, (b) to comply with applicable laws, or (c) as part of a merger, acquisition or sale of our assets. The legal basis for this processing would be legal obligation if done to comply with applicable laws, and otherwise legitimate interest.

No individual employed by Juni or our processors will be able to manually read the Gmail email content data unless:

• it is necessary for security purposes (for example, investigating a bug or abuse);
• it is necessary to comply with applicable law; or
• the data (including derivations) is aggregated and used for internal operations in accordance with governing privacy or other legal requirements.

Additionally, we will discard all data received through Gmail integrations except as the data directly relates to the receipts or invoices we match to the transactions.

If you no longer wish to provide us access to the above-described information, you can easily disable connection to the Juni platform. In such cases, we will erase any data related to your Gmail Account and cease any further collection of this information.

Juni's use or transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

‍

Information we collect when you integrate accounting software

We offer the option to connect your Juni account to your account with accounting software providers (e.g. Exact and Fortnox), in order to automatically fetch and make all of the data jointly visible on your Juni account. For us to be able to integrate the accounts properly and provide you with the services, we will both receive personal data from such accounting software providers, as well as share certain data with them.

In order to integrate enable these integrations, we will ask you to give permission to share the data such as

• User data, including codes, descriptions and customer ID.
• Bank and purchase journals, including account names, properties, IDs, codes, IBAN, VAT codes, and descriptions.
• General ledger accounts as well as bank and purchase entries, vouchers or equivalent, including information related to amounts, dates, descriptions, notes, currencies, and entry numbers.
• Cost centres and projects, including IDs, codes, names, dates, statuses and descriptions.
• CRM accounts, including names, addresses and billing information subject to your customers or suppliers.

The main data which we will share through the integrations to your accounting software provider consists of:

• Transactions, including information related to transaction IDs, amounts, currencies descriptions, references, settlement dates, statement IDs, notes, and files attached to the transaction.
• Pre-accounting data, accounts and journals, including information related to VAT, cost centres, projects, voucher series, account codes and IDs.

We will not process the data for any purpose other than under our contractual obligation to provide you with the services described above. We will only share or transfer this data if (a) it is necessary to provide or improve prominent user-facing features on the requesting app's user interface, (b) to comply with applicable laws, or (c) as part of a merger, acquisition or sale of our assets. The

legal basis for this processing would be legal obligation if done to comply with applicable laws, and otherwise legitimate interest.

If you no longer wish to provide us access to the above-described information, you can easily disable connection to the Juni platform. In such cases, we will erase any data related to your account with your accounting software provider and cease any further collection of this information, with the exception of such data which we are legally obligated to retain and data relating to your accounting dimensions (which we will delete upon your request).

‍

Information we collect in an application for credit

If you proceed with an application for credit with us, we may use your information to obtain credit and identity checks on your business with one or more credit reference agencies (“CRAs”). Juni’s basis for processing this data will be legitimate interest.

To obtain the credit and identity checks, we will supply your business registration number to CRAs, and they will provide us with information regarding your business. CRAs will supply us with public and shared credit information, financial situation and financial history data, and fraud prevention information.

We will use this information to:

• Assess your creditworthiness;
• Verify the accuracy of the data you have provided to us;
• Prevent criminal activity, fraud and money laundering;
• Manage your account(s);
• Trace and recover debts; and
• Ensure any offers provided to you are appropriate given your circumstances.

If we assign a credit to a third party, we may share this data with the third party in order for such a partner to independently review your creditworthiness. The name(s) of such partner(s) will clearly be displayed to you.

6. Profiling and Automated Decision Making (ADM) 

To offer you efficient services while achieving accurate, fair, and non-biased outcomes, we may need to engage in automated decision making. As a financial services provider, we use ADM to protect our customers and comply with regulatory and supervisory requirements such as the Anti-Money Laundering Directive (AMLD), which requires the detection and prevention of fraud, terrorism financing and other criminal activity. Juni processes this personal data under the legitimate interest basis. Examples of where Juni employs ADM include:

• when deciding whether we can offer our services, based on variables such as your age, financial position and the results of anti-money laundering and sanctions checks;
• to verify the identity documents and information you provided to open an account with us;
• to monitor your account for fraud and money laundering, and take any subsequent necessary actions; and
• to screen any transaction from an external account to a Juni account holder.

The types of personal data that are used in these decisions are described in Section 3 (What personal data do you collect about me). More information concerning who we share this personal data with can be found in Section 13 (Who do you share my personal data with?).

You always have the right to object to profiling and automated decisions that significantly affect you or which have legal consequences. You can exercise this right by sending an email to privacy@juni.co or filling out this form. After receiving your objection, a Juni employee will further investigate the decision, taking into account any further information or circumstances you provide.

7. Your rights 

In short: Under data protection legislation in the UK, EEA, and this Privacy Policy, you may have certain rights, including but not limited to the right to access or manage your personal data, to delete or update it, and to restrict its use.

‍

Right to be informed

You have the right to be informed about how Juni collects and processes your personal data. We provide you with this information through this Privacy Policy and by answering your privacy-related questions when you contact us.

You can find more information about this right on the Swedish Data Protection website and the UK Information Commissioner’s Office website.

‍

Right to access your personal data (“data subject access right”)

You have the right to find out whether Juni processes your personal data and request a copy of the personal data we hold about you.

You can find more information about this right on the Swedish Data Protection website and the UK Information Commissioner’s Office website.

‍

Right to rectification

You have the right to have inaccurate or incomplete personal data rectified, and that we supplement your information.

You can find more information about this right on the Swedish Data Protection website and the UK Information Commissioner’s Office website.

‍

Right to erasure (“Right to be forgotten”)

Under certain circumstances, you may have the right to have your personal data deleted. Examples of when this right may be exercised include when:

• it is no longer necessary to process your data for the purpose for which it was originally collected,
• you have withdrawn your consent for processing that was based on consent,
• we have used your personal data unlawfully, or
• we have a legal obligation to remove your data.

Please note that Juni is a regulated financial services provider, and due to our corresponding regulatory responsibilities, we may be unable to grant your request. For more information, please refer to section 15 (How long do you keep my personal data?).

You can find more information about this right on the Swedish Data Protection website and the UK Information Commissioner’s Office website.

‍

Right to restrict the processing of your personal data

In certain circumstances, Juni may agree to restrict or suppress the processing of your personal data. Examples include when:

• you have asked Juni to verify the accuracy of your data,
• Juni has processed your data unlawfully, but you do not want your data anonymized,
• Juni no longer needs your personal data, but, in order to establish, exercise, or defend a legal claim, you do not want your data anonymized,
• or you objected to Juni's use of your personal data, but your objection was outweighed by our legitimate interests.

You can find more information about this right on the Swedish Data Protection website and the UK Information Commissioner’s Office website.

‍

Right to challenge an automated decision

You have the right to request Juni manually review an automated decision made about you if that decision has a legal or similarly significant effect on you. For more information, please refer to section 6 (Profiling and Automated Decision Making(ADM)).

You can find more information about this right on the Swedish Data Protection website and the UK Information Commissioner’s Office website.

‍

Right to withdraw consent

If the legal basis we use for the processing of your personal data is consent, you can withdraw your consent at any time. When you withdraw your consent we will stop processing your personal data.

You can find more information about this right on the Swedish Data Protection website and the UK Information Commissioner’s Office website.

‍

Right to move your personal data to another recipient (“Data Portability”)

You have the right to request a copy of the data Juni processes about you to fulfil an agreement with you, or that Juni processes about you based on your consent, in a machine-readable format that you can easily transfer to another recipient.

You can find more information about this right on the Swedish Data Protection website and the UK Information Commissioner’s Office website.

‍

Right to object to our processing and right to opt-out of commercial communications

You have the right to object to our processing of your personal data when it is based on our legitimate interest. You also always have the right to opt-out of future commercial communications through the unsubscribe link provided in each commercial email. You also have the right to not be contacted by phone regarding Juni’s commercial offerings. Please note that your country may offer a telemarketing do-not-call-list you could also register with.

You can find more information about this right on the Swedish Data Protection website and the UK Information Commissioner’s Office website.

8. How to exercise your rights 

If you wish to exercise your right to access your data, rectify your data, erase your data, or restrict the processing of your data, please fill out this form so we can address your request in an expedient and secure manner.

If you wish to exercise any other rights mentioned in the previous section, you may contact us via chat at Juni or send us an email at privacy@juni.co. Additionally, you may use the same channels to contact us with questions about

our Privacy Policy. For security purposes, Juni will ask you to verify your identity when you submit a request.

9. How to lodge a complaint

You have the right to lodge a complaint with your national data protection authority if you are not satisfied with how Juni handles your personal data. A list of all competent data protection authorities in the EU can be found here. In the UK, you can refer the issue to the Information Commissioner’s Office, the UK’s supervisory data protection authority. In Sweden, you can refer the issue to the Swedish Data Protection Authority.

10. Where do you store my personal data?

All personal data is stored on our secure servers (or those of 3^rd parties or contractors we employ) in accordance with the General Data Protection Regulation within the EEA. In limited situations, personal data may be temporarily stored outside the EEA. Please see section 12 (Is my personal data transferred internationally?) below. Your rights regarding your personal data (as outlined in section 7, “Your rights”) are not affected by the data being transferred outside of the EEA. The 3^rd parties who we share personal data with are outlined in section 13 (Who do you share my personal data with?). For further information about where we store your personal data you can contact us at privacy@juni.co.

11. Do you keep my information safe?

In short: We aim to protect your personal data through a system of organisational and technical security measures.

Juni has adopted a series of robust technical and organisational security measures designed to protect your personal data from any unauthorised access, use or disclosure. These measures include anonymization, pseudonymization

and encryption of personal data and the creation of access and storage policies. Juni employees also receive data protection and information security training in accordance with data protection legislation.

Although we take all reasonable steps to ensure that your personal data is secure and treated with the highest level of care, we cannot guarantee its security as you transfer it to the Juni platform, website, or other services.

You need to keep your login information to the Juni platform confidential, and accordingly never share it with anyone.

Please note that any data shared on our social network accounts, such as our Facebook Community page, is public. Thus, it can be seen, collected, or used by anyone

12. Is my personal data transferred internationally?

In short: We may transfer, store, and process your information in countries other than your own.

Juni provides an international service which, in some instances, may require transferring, storing, and processing of your personal data in a country outside the UK and EEA. To do so, we have taken all necessary steps to ensure that your data is afforded a level of protection that is essentially equivalent to that guaranteed within the EEA.

For that reason, we will only transfer your data to a third country:

• if the European Commission has adopted a decision confirming that a third country provides an adequate level of protection, equivalent to the level of protection provided by the GDPR; or
• if all parties have agreed to standard contractual clauses approved by the European Commission. The recipient of the data in these cases guarantees that the protections for your data under the GDPR still apply. If there is legislation in the recipient country that affects the level of protection for your data, we take special technical and organisational measures to ensure the protection of your data when it is transferred outside the UK or EEA.
  

To obtain further information regarding the measures we are taking to protect your data when transferring it outside of the EEA and UK, please reach out to privacy@juni.co.

Information regarding countries which have been deemed to have an adequate level of protection can be found on the EU Commission’s website.

More information regarding the Standard Contractual Clauses that protect your personal data can be found on the Swedish Data Protection Authority’s website.

13. Who do you share my personal data with?

In short: Sometimes Juni will share your personal data with companies we do business with, with credit references, fraud prevention and law enforcement agencies, and with our regulators.

‍

Companies that provide services to Juni

To be able to offer our services, and deliver a smooth and tailored experience to you, we have business relationships with several companies with whom we share your personal data. Juni will share as little information as possible with the third parties mentioned below:

• KYC service providers that help us verify your identity and/or carry out fraud checks (TruNarrative, iDenfy, Dow Jones, Salv Technologies, Nordea, BankID)
• E-signature providers used to sign the agreement with us (Scrive, Nordea, BankID)
• Cloud computing power and storage providers (Amazon Web Services)
• Cyber security service providers (Auth0)
• Website hosting providers (Amazon Web Services)
• Analytics providers and search information providers (Google Analytics)
  
• Communication services providers, who help us stay in touch with you and provide customer service (HubSpot, Salesforce, Salesloft, Chili Piper, Sana, Gong)
• Companies that help us with marketing and advertising (Facebook Audience Network, Facebook Advertising, Google AdSense, Snapchat, Google Ads Remarketing and Facebook Remarketing, Cognism)
• Companies that allow you to connect your financial data (Token.io, Plaid, Yapily)
• Companies that help us with functionality and infrastructure optimisation (Kickofflabs, Zapier, GetResponse, Lago)
• Card producers and networks (allpay cards)
• Card issuers (Payrnet, B4B)
• Banking-as-a-Service providers (Railsbank and B4B- who will process your data as a controller and in accordance with their own privacy policy)
• Banking-as-a-Service providers (BankingCircle - who will process your data as a controller and in accordance with their own privacy policy.)
• Account integration service providers (SaltEdge, who will process your data in accordance with their own privacy policy .)
• Credit reference agencies (CallCredit, Equifax and Experian)
• API providers allowing us to integrate with the CRAs (Noble)
• Accounting service providers allowing us to integrate (Exact, Fortnox)
• Credit financing partners (e.g. Froda).

‍

Companies that provide services to you

You may contract with service providers to receive services (partially) enabled through Juni. To enable you to choose to use those services, and we may need to share your personal data with these companies described below:

• Digital wallet providers

‍

Fraud prevention agencies

Juni will share your personal data with fraud-prevention agencies to verify your identity and minimise fraud and money laundering risks. If fraud is detected, other organisations might also use this information to refuse their services, finances, or employment.

‍

Other financial institutions (Open Banking)

We may share your personal data with other financial institutions, if you ask us to. For example, through an account you hold with another financial institution you can request that we share data from your Juni account (such as the balance,

payment transactions, account number and sort code) with that financial institution. Before we do so, we will request you to provide permission to share this information.

If you instead request through an account you hold with another financial institution, that a payment is made from your Juni account and provide permission for such a payment, we will provide the information regarding this transaction to the financial institution through which the payment was initiated.

This information is processed, shared and stored in accordance with the legal obligations applicable to us under the Open Banking regulations (e.g. PSD2 or the Payment Services Regulations 2017). To provide these services we work with SaltEdge Inc. who may process your personal data on our behalf.

‍

Law enforcement and other external parties

Juni may share your personal data with the following:

• Police, courts, alternative dispute resolution bodies, and any other third party (for example, our regulators) required to meet our legal obligations.
• Other financial institutions, such as banks or e-money institutions, to assist in tracing your funds if you have been a victim of fraud or resolving ongoing dispute claims regarding a payment.
• When required, competent authorities who carry out financial crime, money laundering, terrorism, and tax evasion investigations.

14. Do you collect information from minors?

In short: We do not knowingly collect data from, or market to, children under 13 years of age.

We do not knowingly solicit data from, or market to, children under 13 years of age. By using our services, you represent that you are at least 18 years of age. If we learn that personal data from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data collection activity from children under the age of 13, please contact us at privacy@juni.co.

15. How long do you keep my personal data?

In short: We keep your information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless otherwise required by law.

‍

UK

To meet our regulatory obligations under anti-money laundering and e-money laws in the UK, we are required to keep your personal data as long as you are using Juni. Additionally, some personal and transactional data must be kept for an additional 5 years after our contract with you is terminated. Occasionally we will have to keep your data for even longer, such as when it is relevant to a potential or ongoing court claim.

‍

EEA

To meet our regulatory obligations under anti-money laundering and e-money laws in the EEA, we are required to keep your personal data as long as you are using Juni, and up to 8 years after our contract with you is terminated. In some cases, such as those involving a potential or ongoing court case, we might need to keep your personal data for even longer.

16. Cookies and similar tracking technologies

Juni uses cookies to analyse how you use our website. Please read the Cookies Policy for more information about cookies.