1. About Juni
We are Juni Technology AB (‘Juni’, ‘we’, ‘our’, ‘us’) and operate under the business name Juni. Juni is registered with the Swedish companies register (registration number 559248-0908), at Masthamnsgatan 21, 413 28 Gothenburg, Sweden.
Under data protection law, we are a data controller regarding the personal data we receive from you, or collect about you. We are responsible for ensuring that your personal data is used in compliance with applicable data protection laws in the EU, European Economic Area (EEA) and the UK, such as Regulation 2016/679 (‘General Data Protection Regulation’).
2. Setting the scene
In the UK, we are registered with the UK data protection authority (Information Commissioner’s Office or ICO) under number ZA841298.
When we use the term personal data, we use it in reference to any information which can be used to personally identify you (for example, a combination of your name and postal address).
If you give us personal data concerning other people (like Directors, owners, or employees), you confirm that you’ve been authorised by them to disclose this information, and that they understand how we will use their personal data.
Note that information about how your personal data is processed in regards to our credit offering can be found in our Fair Processing Notice.
3. What personal data do you collect about me?
In short: Juni will collect and use specific types of information about you at different times. We will collect personal data when you interact with us, for example through our website or the Juni platform, if you have an account with us, when you apply for a job, or use a service that integrates with Juni. In some cases, we will also collect information about you from third parties.
When you apply for a Juni account
- Personal details, such as the full name and date of birth of the applicant (authorised representative of the company), the Director(s), and any ultimate beneficial owners of the relevant company.
- Contact details, such as the address of the applicant, Director(s), any ultimate beneficial owners, and the applicant’s email.
- Information about your identity, such as a copy of your passport or relevant identification verification document.
Information we collect or generate about you when you use the Juni platform and card
- Information about your Juni cards, including the card number, expiry date, and CVC.
- Details about transactions made with your Juni card and on integrated accounts, including the date, time, amount, currencies, exchange rate, beneficiary details, details of the merchant or ATMs associated with the transaction (including merchants’ and ATMs’ locations), IP address of sender and receiver, sender's and receiver's name and registration information, messages sent or received with the payment, details of the device used to arrange the payment, and the payment method used.
Information we collect or generate when you get in touch with us
- Your email when you contact us via the Juni chat.
- Your email address and the contents of your communication, when you contact us through email.
- Public details from your social media profile (e.g. Facebook) if you reach out to us via these platforms, and the contents of your messages or posts to us.
- Recordings of your phone calls with us for training and performance review.
- Any feedback or other information you may provide to us, including any interviews or customer research activities you may choose to participate in.
Information we collect from your device
- IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our site, and other technical information. This information is primarily collected for security and operational purposes, or analytics.
Information we collect from third parties
Our sales team may collect certain information from third parties before contacting you. This may include:
- Contact details that you have submitted to conferences or events that we have sponsored, if such was agreed in the terms for the relevant conference or event. We encourage you to get in touch with the relevant event organiser for further details.
- Information provided through online forms that you have filled out through such channels as our website, social media accounts etc.
- Information that we receive from the integration between Juni and your accounts held with other financial institutions as enabled by our open banking partners, to the extent that you have enabled such integrations in the platform.
- Referral information if you have been referred to us by a partner. In such cases it is the responsibility of the partner to ensure that they have an appropriate legal basis to share such information with us. You are encouraged to get in touch with the referring partner for more information on how they process your personal data.
When you register with us, we also will check your records with:
- fraud prevention agencies, KYC (Know-Your-Customer) and anti-money laundering service providers to meet our regulatory obligations, and
- credit reference agencies to help us verify your identity, determine whether we can offer you our services, and calculate your risk profile. The information includes financial transactions, balances, identity and investments. Bear in mind that this is a “soft search”and will have no impact on your credit score.
For enhanced due diligence checks, KYC purposes, or market research, Juni may also collect personal data from publicly available sources, such as official public records and information published in the press or on social media.
4. What legal basis do you use?
In short: Juni will only collect and process your personal data if we have a legitimate reason to do so. We always rely on one of the following legal bases when we use your personal data: contractual obligations, legal obligation, legitimate interest, consent, and substantial public interest.
To meet our contractual obligations towards you and be able to offer you our services, Juni needs to process certain personal data.
In some cases, Juni needs to collect and retain your personal data in order to comply with applicable laws and regulations. For example, we must keep certain personal data about our customers to meet legal obligations imposed by anti-money laundering legislation.
Juni might use this legal basis to collect and process your personal data, or share it with other organisations, to pursue our legitimate interests provided that the latter are not overridden by your interests, rights, or freedoms.
This legal basis applies when you have affirmatively consented to Juni collecting your personal data. This is usually the case when you indicate that you agree that your personal data is collected, e.g. by ticking a box. In cases where Juni processes personal data based on your consent, you reserve the right to revoke this consent at any time. For more information, please refer to section 8 (How to exercise your rights).
Substantial public interest
Sometimes Juni will collect your personal data in order to perform a task in the public interest that is set out in law.
5. How do we use your personal data?
In short: Juni uses your personal data to carry out its operations smoothly and offer you our services, to make sure that we meet all our contractual obligations, to keep both our customers and Juni safe and secure, and comply with all applicable regulations.
Providing our services
When you apply to open an account with us, Juni will use the personal data you provide to verify your identity and reach a decision on whether we will be able to provide you with our services. The ground for processing your data in this case will be our legal obligation.
We also use your personal data to ensure that we can continue offering you our services promptly. For example, if you make any transactions, such as payments with your Juni card, payments into and out of your Juni account, and cash withdrawals, we will use your personal data to properly execute them.
Juni will use your personal data when you contact customer support with any queries or issues you may have in order to assist you.
In these instances, Juni will process your personal data to fulfil contractual obligations.
Development of our products and services, commercial communication, and targeted advertising
Juni or our third party partners will use your personal data to send you marketing and commercial communications regarding our services, and in accordance with your selected preferences. You can always opt-out of our marketing communications at any time by emailing our privacy team at email@example.com. For more information on how to exercise your rights, please see section 8 (How to exercise your rights).
We may also use your personal data to track, analyse and improve how you respond to the ads we show you, and develop and display content. Additionally, we may process this data to provide you with additional commercial offerings and benefits.
For the purposes mentioned above, we will process your information based on our legitimate interest in understanding how to market our services to you and improve Juni.
We may record our phone calls with you for training and performance review purposes, if you consent to such recording.
To keep our services up and running
Juni will use your personal data to manage www.juni.co and the Juni platform. For example, we may use your personal data to perform statistical or data analysis, testing, or research purposes, making sure that we continue improving your experience and the content that is presented to you. The legal basis for such processing will be the terms of your engagement with the Juni card and/or platform, or Juni’s legitimate business interests, namely to efficiently fulfil our contractual obligations towards you.
For more information, please see our Cookies Policy.
Processing in order to comply with applicable law and enforce our rights
As a financial services provider, Juni needs to use your information to confirm your identity when you sign up with us, perform checks on your record with fraud prevention and credit agencies, and comply with applicable financial crime laws.
Sometimes Juni might need to share your personal data with our regulators, tax authorities, law enforcement or fraud prevention agencies.
In these cases, Juni will process your personal data based on substantial public interest or legal obligation.
For more information on who we share your personal data with, please read section 13 (Who do you share my personal data with?).
We will use your information to protect Juni from legal claims and enforce our rights. We will do so relying on our legitimate interest arising in such instances.
Information we collect when you integrate Google Ads
We offer the option for you to connect your Juni account with your Google Account in order to show you insights into your Google Ads campaign metrics and to create reporting based on your Google Ads expenditures. If multiple Google Ads accounts are connected to the Google Account, you can choose which ones you want to connect to your Juni account.
To do this, we will ask you to give Google permission to share the following data with us:
- The names, IDs, and Manager Google Account IDs for each Google Ad Account connected.
- The campaign metrics available in your Google Ads Account, including e.g. the clicks and CPM.
- The campaign reporting metrics, including e.g. the spend of a campaign.
You can choose to disable the connection to the Juni platform if you no longer wish to provide us access to the above described information. In such cases, we will erase any data related to your Google Ads Accounts and stop collecting this information from Google.
Information we collect when you integrate Gmail
We enable you to connect your Juni account with your Gmail Account for the purpose of automatically fetching and matching receipts or invoices received in your Gmail account with transactions visible in your Juni account.
To do this, we will ask you to give Google permission to share the following data with us:
- Gmail email metadata, including recipient(s) name and email address, sender(s) name and email address, the time sent and received, email subject etc.
- Gmail email content data, including text and attachments.
We will not process this data for any purpose other than to provide you with the service described above. We will only share or transfer this data if (a) this is necessary to provide or improve user-facing features that are prominent from the requesting app's user interface, (b) to comply with applicable laws, or (c) as part of a merger, acquisition or sale of our assets.
No individual at Juni, nor at any of our processors, will be able to manually read the Gmail email content data unless:
- it is necessary for security purposes (for example, investigating a bug or abuse);
- it is necessary to comply with applicable law; or
- the data (including derivations) is aggregated and used for internal operations in accordance with applicable privacy and other jurisdictional legal requirements.
Additionally, we will discard all data received through the Gmail integration except for the data directly related to those receipts and invoices that we are able to match to transactions.
Again, you can choose to disable the connection to the Juni platform if you no longer wish to provide us access to the above described information. In such cases, we will erase any data related to your Gmail Account and no longer collect any of this information.
Juni's use or transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
6. Profiling and Automated Decision Making (ADM)
In order to offer you efficient services while achieving accurate, fair, and non-biased outcomes, we may need to engage in automated decision making. As a financial services provider, we use ADM to protect our customers and comply with regulatory and supervisory requirements. This includes the Anti-Money Laundering Directive (AMLD) which requires the detection and prevention of fraud, terrorism financing and other criminal activity. Examples of when Juni employs ADM include:
- when you register with Juni, to decide whether we can offer you our services based on a number of factors, including your age, financial position and other circumstances, such as the results of anti-money laundering and sanctions checks.
- when you open an account with us, to verify the identity documents and information you provided.
- to monitor your account for fraud and money laundering, and take any subsequent necessary actions.
7. Your rights
Right to be informed
Right to access your data
You have the right to request a copy of the personal data we hold about you.
Right to rectification
You have the right to have inaccurate or incomplete personal data rectified.
Right to erasure
Under certain circumstances, you may have the right to have your personal data deleted. Examples of when this request may be granted include when::
- it is no longer necessary to process your data for the purpose it was collected,
- you have withdrawn your consent for consent-based data processing,
- we have used your personal data unlawfully, or
- we have a legal obligation to remove your data.
Please note that Juni is a regulated financial services provider and consequently may be unable to grant your request due to our regulatory responsibilities.. For more information, please refer to section 15 (How long do you keep my personal data for?).
Right to restrict or object to the processing of your personal data
In certain circumstances, Juni may agree to restrict or suppress the processing of your personal data. Examples of when Juni may agree to this include:
- you have asked Juni to verify the accuracy of your data,
- Juni has processed your data unlawfully, but you do not wish your data to be deleted,
- Juni no longer needs your personal data, but you do not wish your data to be deleted in order to establish, exercise, or defend a legal claim, or
- you objected to Juni's use of your personal data, but your objection was outweighed by our legitimate interests.
Right to challenge an automated decision
You have the right to request Juni manually reviews an automated decision made about you if that decision has a legal or similarly significant effect on you.
Right to withdraw consent
If the legal basis we use for the processing of your personal data is consent, you can withdraw your consent at any time.
Right to opt-out of commercial communication
You have the right to opt-out of any future commercial communication through the unsubscribe link provided with each commercial email. You further have the right to not be contacted by phone regarding Juni’s commercial offering. Please note that your country may offer a telemarketing do-not-call-list.
8. How to exercise your rights
If you wish to exercise your right to access your data, to rectify your data, to erase your data, or to restrict the processing of your data, please fill out this form so we can address your request in an expedient and secure manner.
9. How to lodge a complaint
You have the right to lodge a complaint with your national data protection authority if you are not satisfied with how Juni uses your personal data. A list of all competent authorities in the EU can be found here. In the UK, you can refer the issue to the Information Commissioner’s Office, the UK’s supervisory data protection authority.
10. Where do you store my personal data?
All personal data is stored on our secure servers in accordance with the General Data Protection Regulation within the EEA. In limited situations, personal data may temporarily be stored outside the EEA. Please see under 12 (Is my personal data transferred internationally?) below.
11. Do you keep my information safe?
In short: We aim to protect your personal data through a system of organisational and technical security measures.
Juni has adopted a series of robust technical and organisational security measures designed to protect your personal data from any unauthorised access, use or disclosure. Juni employees receive data protection and information security training in accordance with data protection legislation.
Although we take all reasonable steps to ensure that your personal data is secure and treated with the highest level of care, we cannot guarantee that it will be secure during transmission by you to the Juni platform, website, or other services.
You need to keep your login information to the Juni platform confidential and never share it with anyone.
When you interact with our social network accounts, such as our Facebook Community page, remember that any personal data you share in this space will be publicly available, and thus could be seen, collected, or used by other customers.
12. Is my personal data transferred internationally?
In short: We may transfer, store, and process your information in countries other than your own.
Juni provides an international service which, in some instances, may require transferring, storing, and processing of your personal data in a country outside the UK and EEA. To do so, we have taken all necessary steps to ensure that your data is afforded a level of protection that is essentially equivalent to that guaranteed within the EEA.
For that reason, we will only transfer your data to a third country:
- if the European Commission has adopted a decision confirming that a third country provides adequate protection.
- if we’ve agreed to standard contractual clauses approved by the European Commission with the organisation.
13. Who do you share my personal data with?
In short: Sometimes Juni will share your personal data with companies that we do business with, with credit references, fraud prevention and law enforcement agencies, and with our regulators.
Companies that provide services to Juni
In order to be able to offer our services, and deliver a smooth and tailored experience to you, we have business relationships with a number of companies with whom we share your personal data. Juni will only share as little information as possible with the third parties mentioned below:
- KYC service providers that help us verify your identity and carry out fraud checks (TruNarrative, iDenfy)
- Cloud computing power and storage providers (Amazon Web Services)
- Cyber security service providers (Auth0)
- Website hosting providers (Amazon Web Services)
- Analytics providers and search information providers (Google Analytics)
- Communications services providers that help us stay in touch with you and provide customer service (HubSpot, Salesforce, Salesloft, Chili Piper)
- Companies that help us with marketing and advertising (Facebook Audience Network, Facebook Advertising, Google AdSense, Snapchat, Google Ads Remarketing and Facebook Remarketing)
- Companies that allow you to connect your financial data (Token.io, Plaid, Yapily)
- Companies that help us with functionality and infrastructure optimisation (Kickofflabs, Zapier, GetResponse)
- Card producers and networks (allpay cards)
- Card issuers (Payrnet, B4B)
- Banking-as-a-Service providers (Railsbank, BankingCircle)
Fraud prevention agencies
Juni will share your personal data with fraud-prevention agencies to verify your identity and minimise fraud and money laundering risks. If fraud is detected, other organisations might also use this information to refuse their services, finance, or employment.
Law enforcement and other external parties
Juni may share your personal data with the following:
- Police, courts, alternative dispute resolution bodies, and any other third party (for example, our regulators) to meet our legal obligations.
- Other financial institutions, such as banks or e-money institutions, to assist with tracing of your funds in case you have been a victim of fraud or to help resolve an ongoing dispute claim about a payment.
- Competent authorities that carry out financial crime, money laundering, terrorism and tax evasion investigations, if we are required to do so.
14. Do you collect information from minors?
In short: We do not knowingly collect data from or market to children under 13 years of age.
We do not knowingly solicit data from or market to children under 13 years of age. By using the services, you represent that you are at least 18 years of age. If we learn that personal data from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under the age of 13, please contact us at firstname.lastname@example.org.
15. How long do you keep my personal data for?
To meet our regulatory obligations under anti-money laundering and e-money laws in the UK, we are required to keep your personal data as long as you are using Juni, and some of your personal and transactional data for 5 years after our contract with you is terminated. In some cases, such as a potential or ongoing court claim, we might need to keep your personal data for even longer.
To meet our regulatory obligations under anti-money laundering and e-money laws in the EEA, we are required to keep your personal data as long as you are using Juni, and some of your personal and transactional data for 8 years after our contract with you is terminated. In some cases, such as a potential or ongoing court claim, we might need to keep your personal data for even longer.
16. Cookies and similar tracking technologies