Summary

Privacy policy for Users of JOIN Services

This Privacy Policy aims to inform you, as a user of JOIN Services, about the reasons why we collect your personal data and the measures we implement to protect it, in strict compliance with your rights and the applicable regulations (i.e., French Law No. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties, as amended, Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data — the “GDPR” — as well as the recommendations issued by the CNIL).

1. Who are we and on what basis do we collect your data?

We are JOIN, a simplified joint-stock company (SAS), registered with the Paris Trade and Companies Register under number 833 938 269, with its registered office at 62 rue du Faubourg Poissonnière, 75010 Paris, France.
We act as the data controller for the data we collect from you when you use our company’s Services.

For any questions regarding these data processing activities, you may contact us by email at privacy@teamjoin.fr.

Note: This Privacy Policy does not concern the protection of personal data processed by JOIN in its capacity as data processor, within the framework of its contractual relationships with its clients.

2. What personal data do we collect?

We collect this data either directly from you when you provide it to us, or indirectly through automated means (for example, IP address or cookie identifier).

Data you provide directly

These are the data you provide when using our Services:

Identification, contact, and professional information (name, first name, company, postal and email addresses, telephone numbers) to enable authentication and access to your account.
Connection data (login logs, encrypted passwords).
Usage data concerning our Services, in order to resolve technical issues and identify potential product improvements.

Data collected through automated means

We use automated technologies such as cookies to collect data from your computer or mobile device (phone or tablet) when you connect to your account to use our Services.

The table below specifies, for each provider, the cookies used, their purpose, and their retention periods, which allow us to ensure the proper functioning of our Services.

Suppliers	Cookies	Types	Storage Duration
Datadog	_dd_s	Functional	Session
Intercom	intercom-device-id-xxxxxxxx	Functional	9 months
Intercom	intercom-session-xxxxxxxx	Functional	7 days
Intercom	intercom.xxxxxxxxxx	Functional	Session
AWS	CognitoIdentityServiceProvider.xxxxx	Functional	Session
JOIN	analytics_session_id	Performance	Session
Segment	ajs_anonymous_id	Performance	12 months
Segment	ajs_user_id	Performance	12 months
Segment	ajs_user_traits	Performance	12 months

3. For what purposes, on what legal basis, and for how long do we keep your data?

Purpose	Legal Basis	Retention Period
Creating an account and enabling authentication on our software	Performance of the contract entered into by you or your company with JOIN	When you have created an account, your personal data are retained for the entire duration of your account’s existence. Your connection logs are retained for one (1) year. If your account remains inactive for two (2) years, your personal data will be deleted in the absence of any response from you to our reactivation email. In addition, your data may be archived for evidentiary purposes for a period of five (5) years.
Performing customer management operations (contracts, quotes, invoices, and monitoring the contractual relationship)	Performance of the contract	Personal data are retained for the entire duration of the contractual relationship. In addition, your data may be archived for evidentiary purposes for a period of five (5) years. With regard to payment data, such information is processed, protected, and retained in accordance with the terms and conditions of our payment service provider, and is kept until the completion of the payment service, plus the applicable withdrawal period.
To create and maintain a client database	Our legitimate interest in developing and promoting our business	The data are retained for the entire duration of the contractual relationship.
To send newsletters, solicitations, and promotional messages	Our legitimate interest in retaining and informing our clients of our latest news	The data are retained for three (3) years from the date of your last contact with us.
To respond to your information requests	Our legitimate interest in responding to your requests	The data are retained for the time necessary to process your information request and are then kept for one (1) year thereafter.
To comply with the legal obligations applicable to our business activity	To comply with our legal and regulatory obligations	Invoices are archived for a period of ten (10) years.
To manage requests to exercise data subject rights	Our legitimate interest in responding to your requests and maintaining a record of them	If we ask you to provide proof of identity, we retain it only for the time necessary to verify your identity. Once the verification has been completed, the proof of identity is deleted. If you exercise your right to object to receiving marketing communications, we retain this information for three (3) years.

4. Who has access to your data?

Access to your data is strictly limited to:

JOIN personnel, bound by confidentiality obligations;
certain sub-processors, such as hosting providers, newsletter services, analytics and audience measurement providers, email services, CRM management tools, and cookie management tools;
where applicable, audit and oversight bodies (e.g. statutory auditors), and public or private authorities solely for compliance with our legal obligations.

5. Do we sell or share your data?

No. Your personal data are never sold, rented, or exchanged with third parties.

6. Where is your data stored and transferred?

Your data are stored for the duration of processing on the servers of the providers listed above (see Section 2).

Where applicable, your personal data may be transferred by these companies to countries outside the European Union. In such cases, the transfer is secured using one of the following safeguards:

The data are transferred to a country that benefits from an adequacy decision by the European Commission (Article 45 GDPR).
The data are transferred to a country whose level of data protection has not been recognized as adequate under the GDPR. In such cases, these transfers are based on appropriate safeguards as provided for in Article 46 of the GDPR, adapted to each service provider, including, but not limited to, the execution of standard contractual clauses approved by the European Commission, the implementation of binding corporate rules, or reliance on an approved certification mechanism.
The data are transferred on the basis of one of the appropriate safeguards described in Chapter V of the GDPR.

7. What are your rights regarding your data?

You have the following rights with regard to your personal data:

Right to information: this is precisely the reason why we have drafted this policy. This right is provided for in Articles 13 and 14 of the GDPR.
Right of access: you have the right to access all of your personal data at any time, pursuant to Article 15 of the GDPR.
Right to rectification: you have the right to rectify your personal data at any time if they are inaccurate, incomplete, or obsolete, in accordance with Article 16 of the GDPR.
Right to restriction: you have the right to obtain restriction of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
Right to erasure: you have the right to request that your personal data be erased and to prohibit any future collection thereof, for the reasons set out in Article 17 of the GDPR.
Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a breach of the applicable provisions, in accordance with Article 77 of the GDPR.
Right to define instructions relating to the retention, erasure, and communication of your personal data after your death.
Right to withdraw your consent at any time: for processing operations based on consent, Article 7 of the GDPR provides that you may withdraw your consent at any time. Such withdrawal shall not affect the lawfulness of processing carried out before the withdrawal.
Right to data portability: under certain conditions set out in Article 20 of the GDPR, you have the right to receive the personal data that you have provided to us in a standard, machine-readable format and to request that they be transferred to a recipient of your choice.
Right to object: pursuant to Article 21 of the GDPR, you have the right to object to the processing of your personal data. However, please note that we may continue to process them despite your objection, for legitimate reasons or for the establishment, exercise, or defence of legal claims.

You may exercise these rights by writing to us using the contact details indicated at the beginning of this Privacy Policy. In doing so, we may ask you to provide additional information or documents to verify your identity.

8. Updates to this Privacy Policy

We reserve the right to update or amend this Privacy Policy at any time, in whole or in part, notably to comply with applicable legislation or if required by a law, regulation, or judicial or administrative authority.

Such modifications shall take effect upon publication of the updated Privacy Policy online. You are therefore encouraged to consult this policy regularly.

‍

Voir la politique de confidentialité website