Personal data: collecting, processing, and use
Personal data is any information related to an identified or identifiable natural person. An identifiable natural person is an individual who can be identified, directly or indirectly, in particular by reference to an identifier, i.e., their name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Just Services controls your personal data collected through our website or when you otherwise interact with us. It is our decision what for and how we process this data. It is only used for our legitimate business interests: to get a better understanding of who our customers, current and potential, are and why they are using our services, and to manage the relationships between our customers and suppliers.
Personal data that reflects how our services are used can be controlled by both our customers and us, each for their own purposes. When we process this data to provide services to our customers, it makes us the data processor, and the customer is the data controller. When we process this data for our own purposes, e.g., to manage the customer relationship and billing or to understand how our customers use our services and apply this data to develop our products, we are the data controller.
Personal data that may be included in customer content—the content that customers manage and control in our services. In this context, we are always the data processor. We process personal information adhering to the conditions of our customer agreements.
The types of personal data that we collect
Account Information: name, email address, account type, password, phone number, photo, bank account details, credit or debit card details.
Information From Third-Party Services: If you, of your own accord, connect your account in Just Services to your account in another service, e.g., Facebook or Google, we may receive information from that other service, e.g., your name, profile picture, age, language, email address. You may also allow us access to additional personal information from third-party services. To stop sharing it with us, you have to disconnect your account in that service from your account in Just Services.
Payment and Card Information: Just Services relies on third-party payment partners to carry out payments and transactions. To use this feature, you must provide information for identification and verification, i.e., your name, payment card number, card expiration date, and CVV code. For other payment methods, e.g., bank transfer, PayPal, Yandex Money, QIWI, WebMoney, or CloudPayments payment systems, you may need to provide your account and other required details. Your personal data relating to you as a cardholder is securely stored and handled by our payment partner. Their services are certified to PCI-DSS Level 1, the highest certification level within the Payment Card Industry Data Security Standard.
- - you can remove payment-related information from your account at any time using your account settings.
Why and how your personal data is used
We collect and use our customers’ personal data for the following purposes:
- Development of Just Services and our other products and services. With the help of personal data, we prevent, protect against, detect, and fix errors, analyze, test, and add new features to our products and services.
- Customer communications: notifications, updates, and responses to your requests for customer support. We also use your personal data to determine which new features of our products and services you would be interested in and notify you.
- Safety and security maintenance for our products and services, users, and third parties. We may use personal data for user authentication, secure payments, fraud and abuse prevention, responses to legal requests or claims, audits, and effective implementation of our terms and policies.
This section explains the rights that you have concerning our handling of your personal data. If you want to exercise your rights, please contact us.
Your rights under the GDPR
If we process your personal data under the European Union General Data Protection Regulation (“GDPR”), you can exercise the following rights:
- Right of access: GDPR article 15 enables you to request information about your personal data that we process.
- Right to erasure: GDPR article 17 enables you to request the deletion of your personal data.
- Right of rectification: GDPR article 16 enables you to request a correction of your personal data that is not correct or completion of it if your personal data is not complete.
- Right to restriction of processing: GDPR article 18 enables you to request a restriction of processing your personal data.
- Right to withdraw your consent: GDPR article 7.3 enables you to revoke your consent for processing your personal data if you have given it.
- Right to data portability: When met, the conditions of GDPR Article 20.1 (a), (b) enable you to receive your personal data that you have provided to us in a structured, common, and machine-readable format and to transfer this data to another data controller.
- Right to lodge a complaint with a supervisory authority: GDPR article 77 enables you to file a complaint about our processing of your personal data with a data protection supervisory authority.
- Right to object: GDPR article 21.1 enables you, for reasons arising from your particular situation, to object to processing your personal data on the basis of GDPR Article 6.1 (e) or (f) at any time. In this case, we will stop processing your data until we can provide compelling legitimate reasons to do so which are more relevant than your interests, rights, and freedoms, or if we need to process your personal data to establish, assert, exercise, or defend against legal claims. Moreover, GDPR article 21.2 enables you to object to processing your personal data — or any profiling —for direct marketing purposes.
Your rights under the CCPA
If we process your personal data under the California Consumer Privacy Act (“CCPA”), you can exercise the following rights:
- The right to know what personal data of yours we collect and process and the right to access it.
- The right to request deletion of your personal data.
- The right to not be discriminated against in the event that you exercise your rights to access, delete, or opt out of sale under the CCPA. We will not charge you different prices for products or services, deny the provision of services or sale of products, provide a different quality of products and services, or suggest that a penalty should be imposed due to you having exercised your rights under the CCPA.
Retention of your personal data
Your personal information may be stored for a period that is required or advisable for legitimate business purposes or under the obligations of a contract. A longer retention term may be possible under applicable legal or regulatory obligations. If the personal information cannot be deleted or anonymized due to technical limitations, we will safeguard it and limit its active use.
If you terminate the terms we entered with you or delete your account, your personal information will be returned to you or securely destroyed within 30 days unless we are prevented from doing so by a legal process or applicable legislation.
Protection of your personal data
To keep your personal information safe and secure, we apply a combination of technical, administrative, and physical controls, which include, but are not limited to:
- Use of Tier IV data centers in the U.S. and EU, run by AWS and Microsoft Azure, which are SOC-1, SOC-2, and SOC-3 compliant. This level of protection is much higher than the one provided by conventional office servers;
- Storing passwords in hashed and salted form (and several external authorized services are supported via OAuth 2.0);
- Encrypting all passwords in the production configuration files. The certificates required to decrypt configs are installed by and only accessible to administrators;
- Allowing access to personal data only for a limited number of our employees, who are all bound by relevant confidentiality agreements under the terms of their employment or civil law;
- Security checks of our employees’ (those who can access personal data as part of their work) usage of your personal data. Special authorization procedures and infrastructure are put in place to prevent employees with lower access levels from accessing personal data.
However, it should be borne in mind that there is no completely safe method of transmitting, storing, and using data, considering the fast pace of changes and technological development.
Using our services
This section describes how we process personal data and customer content in Just Services.
The personal data we use in Just Services includes:
- Data related to you as the user of Just Services,
- Personal data from the content managed in Just Services if you choose to manage such content in Just Services and request headers in the API requests from customer applications (like websites to which the customer content is delivered from Just Services). This personal data can include IP addresses that may belong to the end-user of the customer application.
Content publishing through Just Services and interaction with end-users
This section only applies to those who operate in our content management service. It does not apply to the visitors of our website or anyone using other services, except the content management service.
- Our customers can integrate their web and mobile applications with Just Services and deliver customer content to them. This can be done with the help of an API (application programming interface). It is the customers who control and are responsible for the applications and the data they collect from end-users.
- We collect end-user data from the API request to the customer website. We only collect the data whose collection was allowed by the customer ( (i.e., name, email, IP, location, interests/tags, actions) and in order to deliver the customer content in a proper manner.
Where your personal data is sent
We operate in several countries and may transfer your personal data within, from, to the EU, the U.S., and other countries. These countries have different privacy and data protection laws and can potentially provide a lower level of protection than your country.
If we send your personal data to legal entities in countries without adequate personal data protection, we may execute data processing agreements with attached model contractual clauses or rely on other solutions under GDPR or other applicable data transfer laws to help protect your data, regardless of the place of its current location.
By giving us your consent and creating an account at Just Services, you agree to the methods and operating procedures listed above.
Personal data consent
Under GDPR and other applicable laws, we must get your express consent concerning the personal information we obtain from you.
The consent you are giving relates to the personal data entered on your profile page at Just Services. It is your free, willful, clear, and explicit consent to:
- Our processing of your personal data for the purpose of providing, supporting, and improving Just Services and features, as well as for the purposes outlined in the Terms. Appropriate technical, administrative, and organizational security measures are applied;
- Be subject to a decision by any user or affiliate of Just Services based solely on automated processing, including profiling, which has legal effects concerning you or affects you in a similarly significant way;
- Transferring of your personal data to the countries where Just Services operates or may operate in the future with the understanding that these countries may have a different level of personal data safeguarding and protection and different legislative regulation of the process than the one provided by the EU countries and some other countries.
You have the right not to provide us with your personal information, either entirely or partially. However, if you choose not to provide your personal data, we may not be able to provide you with our services to a degree limited by the provided personal data volume. If you choose to opt-out of your personal data processing, we will respect that under our legal obligations.