action.skip

Does JustOn software comply with the EU GDPR?

← Legal FAQ

The General Data Protection Regulation (GDPR) is a comprehensive European privacy law, which regulates the processing of data for EU individuals, which includes collection, storage, transfer, or use.

JustOn software, like JustOn Billing & Invoice Management or JustOn Cash Management, runs as integrated application on the Salesforce Platform and Heroku, the cloud-based platforms for software development and operation from Salesforce. As JustOn software is developed using the features provided by Salesforce Platform and Heroku, it is completely integrated in these environments with respect to security, availability, confidentiality, processing integrity, and privacy.

With respect to the GDPR, there are three main players in the Salesforce ecosystem:

  • Data subject, the individual to whom personal data relates
  • Controller, the organization that uses Salesforce CRM and integrated 3rd party apps (like JustOn software) to run its business – that is, you or your company
  • Processor, Salesforce CRM and any 3rd party app (like JustOn software), which may handle personal data, acting exclusively upon instructions of the controller

gdpr
GDPR main players

Note

JustOn GmbH merely serves as an enabler of tools and features, and does not actively process any of an organization's data.

It is the controller's responsibility to assess the scope of GDPR impact on their workflow and to ensure compliance.

JustOn software does not interfere with the Salesforce Platform's support for the main GDPR principles: the right to be forgotten, data portability, consent, restriction of processing, transparency, accountability and security.

JustOn software does not track or collect user data, nor does it use cookies or other internet technologies to keep track of interactions with the software.

GDPR compliance implementation

The major activities for implementing GDPR compliance usually include:

  • Build a data inventory of all apps you use down to field level
  • Identify all data fields in the data inventory that hold personal data
  • Ensure that all end customer data has a justification for holding it (consent, contract, legal basis, etc.)
  • Provide an option for end customers to request data access, transfer, or deletion (based on the GDPR regulations)
  • Describe the new GDPR workflows and revise existing workflows
  • Train your teams on the implications of GDPR

Related information:

How to monitor sensitive data?
JustOn – Terms of Use
Salesforce Privacy Statement
Salesforce Privacy Resource Website
Data Protection and Privacy | Salesforce Help
Salesforce Trust | Compliance
Complete guide to GDPR compliance