Privacy Policy

VISUM
SAS registered at the RCS of Creteil (France) under the n° 898 855 036

Update : 2024.04.26

1.PURPOSE

This Privacy Policy (the "Privacy Policy") is provided by ScrapIn (VISUM SAS), incorporated and registered in France 898 855 036 RCS CRÉTEIL whose registered office is 14, boulevard de Brandebourg F-94200 IVRY SUR SEINE (FR) (the “Company”)


This Privacy Policy illustrates the commitment of the Company with regard to respecting your privacy and protecting your personal data from the following website: https://www.scrapin.io/ (the "Site").

The Site notably allows you to:

  • To have detailed information about the operations of ScrapIn.
  • To obtain information on the pricing of the ScrapIn service.
  • To have access to a FAQ.
  • To obtain information through a chat.
  • To have information on case studies.
  • To know the different APIs used by ScrapIn.
  • To have access to a support service
  • To have access to a dashboard
  • To create an account and a user space
  • To subscribe to a newsletter

For any questions about this Cookies Policy and the use of cookies placed on the Site, you can contact the Company

  • at the following email address: dpo@scrapin.io
  • or at the registered office postal address

2. PROCESSING OF YOUR PERSONAL DATA

2.1.   Description of the processing of your personal data

The main purpose of collecting your personal data is to offer you a safe, optimal, efficient and personalized experience. To this end, you agree that we may use your personal data to:

  • provide our services and facilitate execution, including verifications concerning you;
  • resolve any issues to improve the use of our Site and our services;
  • personalize, evaluate and improve our services, content and materials;
  • analyze the volume and history of your use of our services;
  • inform you about our services as well as services and/or promotional offers from our partners;
  • prevent, detect and investigate potentially prohibited, illegal or contrary to good practices activities and ensure compliance with our Terms of Use and our sending policy;
  • comply with legal and regulatory obligations.

We use personal data submitted to us only in compliance with applicable data protection laws.

For our customers who have registered on our Site, we process your personal data for the performance of the contract concluded between us for the provision of our services.

For our newsletter, case study use cases, and marketing document registrations, we process your personal data based on the explicit consent you give us for this specific purpose.

In accordance with current laws and regulations, the Company, acting as the data controller, collects some of your personal data during your visit to the Site:

  • Email address;
  • Unique ID;
  • First and last name;
  • Company;
  • email address;
  • first name;
  • last name;
  • login;
  • password;
  • postal address;
  • country
  • bank details;
  • phone number.

When using our services, the following data is collected and managed:

  • connection and navigation data when you authorize it;
  • order history;
  • complaints;
  • incidents;
  • subscription information;
  • messages on our site.

When you connect to the Site, the Company, acting as the data controller, also collects the following personal data:

  • Your connection logs;
  • Your connection data
  • Your domain name
  • Your IP address.

The submitted data must not include sensitive personal data, such as government identifiers (i.e. social security numbers, driver's license or taxpayer identification numbers), full credit card or personal bank account numbers, medical records, or details related to requests for care or treatment associated with individuals.

The Company uses your personal data for the following purposes:

Purpose Legal Basis Retention period of your personal data
Reception and management of contact requests with the Company The processing is based on your consent Until your consent is withdrawn or for a period of three years from the last contact with you
Management of requests for access rights, portability, erasure, restriction of processing, rectification, and objection The processing is necessary to respond to your requests to exercise rights and is based on your consent Up to one year from your request to exercise rights.
Management of requests for the right to object to commercial prospecting The processing is necessary to respond to the request to exercise the right of objection. Up to three years from the exercise of your right to object
Reception of bank details, recording of these details, and communication to online payment platforms. The processing is based on the execution of the contractual relationships between you and the Company. Your bank details are kept for a period of 13 months if the payment is made with a debit card, and for a period of 15 months if the payment is made with a credit card.
Management of the customer account, shopping cart, and orders The processing is based on the execution of the contractual relationships between you and the Company. Your data is kept for a period of 5 years from the conclusion of the contract entered into between you and the Company
Management of the customer relationship (telephone/chat/email), order tracking, after-sales service, product returns, and refunds The processing is based on the execution of the contractual relationships between you and the Company. Your data is kept for a period of 5 years from the conclusion of the contract entered into between you and the Company.
Combating fraud during the payment of the order and managing unpaid bills after ordering The processing is based on the execution of the contractual relationships between you and the Company. Your data is retained for a period of 5 years from the conclusion of the contract entered into between you and the Company.
Provide our services and facilitate execution, including verifications concerning you The processing is based on the legitimate interest of the Company Your data is retained for three years from the end of the contractual relationship.
Resolve any issues to improve the use of our Site and our services The processing is based on the legitimate interest of the Company Your data is retained for three years from the end of the contractual relationship.
Prevent, detect and investigate potentially prohibited, illegal or contrary to good practices activities and ensure compliance with our terms of use and our sending policy The processing is based on the legitimate interest of the company Your data is retained for five years from the end of the contractual relationship.
Comply with legal and regulatory obligations. The processing is based on a legal obligation Your data is retained for 5 years from the end of the contractual relationship.

2.2. Recipients / transfers of your personal data

Access to your personal data is restricted to those individuals who need your personal data in order to fulfill the specific purpose of the processing. Your personal data may also be communicated by the Company to third parties:

  • if the law or a legal procedure requires the Company to share your personal data;
  • in response to the request of a public or judicial authority (especially in case of a judicial requisition);
  • when the Company considers that the transmission of your personal data is necessary or appropriate to ensure the safety of individuals or to protect the public.

Your personal data is transmitted to OVH, which hosts the Site in France, as well as to the companies

  • MongoDB (Clever Cloud / OVH)
  • Brevo (transactional / marketing email solution)
  • Stripe (Payment processor)
  • Gocardless (Payment processor)
  • Server logs (Clever Cloud / OVH)

Therefore, your personal data is subject to transfer outside the European Economic Area.

The Company ensures a level of protection of your personal data identical to the level of protection provided by the application of the GDPR. The European Commission has recognized the adequacy of the GDPR level of protection implemented by the United States. Indeed, on July 10, 2023, the European Commission issued an adequacy decision, establishing that the Data Privacy Framework, proposed by the US government, offers a level of personal data protection comparable to that guaranteed by the GDPR in the European Union. The European Commission recognizes only those companies that have subscribed to the Data Privacy Framework, and only these recognized companies are considered adequate under the GDPR. For companies that have not subscribed, they must use the Standard Contractual Clauses amended in June 2021 with companies located outside the EEA and implement additional security measures in accordance with the ruling of the European Court of Justice on July 16, 2020 ("Schrems II" judgment).

2.3. Security

As part of its services, ScrapIn attaches the utmost importance to the security and integrity of its clients' personal data.

In accordance with the GDPR, ScrapIn shall take all relevant precautions to preserve the security of data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, circulation or unauthorized access, as well as against any other form of unlawful processing or disclosure to unauthorized persons.

ScrapIn implements standard industry security measures to protect personal data against any unauthorized disclosure.

In order to prevent unauthorized access, ensure the accuracy and proper use of data, ScrapIn has put in place appropriate electronic, physical, and management procedures to secure and preserve data collected by its services.

Despite this, there is no absolute security against hacking or hackers. That's why, in the event that a security breach may affect you, ScrapIn shall inform you immediately and make its best efforts to take all possible measures to neutralize the intrusion and minimize the impacts. If you suffer harm as a result of a third party exploiting a security vulnerability, ScrapIn shall provide all necessary assistance to enable you to assert your rights.

Furthermore, if, in exceptional circumstances, the direct harm suffered results from gross negligence or fault on the part of ScrapIn, you may seek compensation within the limit of the liability set out in our terms of use.

You should keep in mind that any user, customer, or hacker who discovers and takes advantage of a security vulnerability may be subject to criminal prosecution, and Visium will take all necessary measures, including filing a complaint and/or initiating legal action, to protect the data and rights of its users and itself and to limit the impacts.

2.4. Your rights over your personal data

You have the following rights over your personal data:

Rights of access and rectification

You can request access to your personal data.

You can also request the rectification of your personal data that would be inaccurate or for your incomplete personal data to be completed.

You also have the right to know the origin of your personal data.

Right to erasure

You can request the deletion of your personal data when:

  1. Your personal data are no longer necessary for the purposes for which they were processed;
  2. You have chosen to withdraw your consent (in cases where consent is the legal basis for processing), this withdrawal not affecting the lawfulness of processing before its implementation;
  3. You have objected to the processing of your personal data;
  4. Your personal data have been unlawfully processed;
  5. Your personal data must be erased to comply with a legal obligation; or
  6. The deletion of your personal data is required to ensure compliance with current legislation, especially in regard to applicable retention periods.

Right to object

You can object to the processing of your personal data in compliance with the legal obligations imposed on the Company.

Right to restriction

You can also request the restriction of processing of your personal data if:

  1. You contest the accuracy of your personal data;
  2. The Company no longer needs your personal data for processing purposes; and
  3. You have objected to the processing of your personal data.

Right not to be subject to a decision based solely on automated processing of data

You have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or significantly affects you, including profiling.

Right to portability

You can ask the Company to provide you with your personal data in a structured, commonly used, machine-readable format, or request that they be "ported" directly to another data controller under the following conditions: that the processing is based on your consent; and that the processing is carried out by automated means.

Right to issue advance directives on the processing of personal data after your death

In accordance with Article 85, I of the Data Protection Act of January 6, 1978, as amended, you can define directives regarding the exercise of your rights provided for by this section after your death (including the duration of storage of your personal data, their deletion and/or the communication of your personal data), as well as designate a person responsible for exercising these rights.

In the absence of such directives, the Company will grant the requests of your heirs, as specifically stated in Article 85, II of the Data Protection Act.

Right to withdraw your consent

You can withdraw your consent to the processing of your personal data at any time. The withdrawal of your consent only applies to the future and does not affect the lawfulness of processing carried out by the Company based on your consent before your withdrawal or the lawfulness of processing based on another legal basis, such as the execution of a contract between you and the Company.

Right to lodge a complaint with a supervisory authority

If you have concerns or complaints regarding the protection of your personal data, you have the right to file a complaint with the National Commission on Informatics and Liberty (CNIL) via the following link: https://www.cnil.fr/fr/plaintes

The CNIL can also be reached at the following address: 3 Place de Fontenoy, F-75007 Paris - telephone: +33 (0)1 53 73 22 22.

You are encouraged to inform the Company's Delegate in advance so that they can handle the request and attempt to find an amicable solution.

You can exercise the aforementioned rights and/or ask any questions related to the processing of your personal data by the Company to the Company's Delegates

  • via email at the following address: dpo@scrapin.io
  • or at the following postal address: 14 BD DE BRANDEBOURG F-94200 IVRY-SUR-SEINE (FR)

To enable the Company to process your request as quickly as possible, you can specify in it the subject and the context in which your personal data were processed by the Company.

In case of reasonable doubt about your identity, the Company may ask you to provide a valid front and back copy of an identification document.

This will be deleted by the Company as soon as your request has been granted. The Company may keep a copy of your identification document for the sole purpose of establishing proof, in case of a dispute with you.

2.5. Disclosure to third parties

In order to improve the quality of the Site, the Company may include links on the Site that redirect to third-party sites. These sites have a privacy policy that is different and independent from that of the Company. You are invited to consult the privacy policy of the third-party sites you may visit.

Personal data collected about you on our Site is intended for ScrapIn's own use and may be transmitted to ScrapIn's partner companies so that we can obtain assistance and support in carrying out our services. ScrapIn ensures clear data protection requirements for all its third-party suppliers.

ScrapIn does not sell or rent your personal data to third parties for marketing purposes, whatever they may be.

In addition, ScrapIn does not disclose your personal data to third parties unless:

  • You (or your account administrator acting on your behalf) request or authorize their disclosure;
  • The disclosure is necessary to process transactions or provide services you have requested,
  • ScrapIn is compelled to do so by a government authority or regulatory body, in the case of a court order, a subpoena to appear in court, or any other similar request from a government or judicial body, or to establish or defend a legal claim; or,
  • The third party is a subcontractor or subcontractor of ScrapIn in the performance of services (e.g., ScrapIn uses the services of an internet service provider or a telecommunications company).

2.6 Language

This Privacy Policy is written in english. Should it be translated into one or more foreign languages, only the English version shall be deemed authoritative in the event of a dispute.

2.7 Cookies

The provisions relating to the placement of cookies on the Website are included in the cookie policy available on the Website.

2.8 Storage location and data transfers

The host servers on which ScrapIn processes and stores its databases are located exclusively within the European Union.

ScrapIn will immediately inform you, to the extent legally permitted, of any request or order from an administrative or judicial authority concerning your personal data.

2.9   Third-party data

As part of the use of our services, namely contact data enrichment, ScrapIn has access to the information contained in the contact lists you create in your account, as well as the enrichment obtained through our services.

This data is not stored on servers, with the exception of our file enrichment for technical reasons, the data is stored for 1 month and allows for the restitution in the form of an enriched file to our clients.

Under no circumstances does ScrapIn sell, share or rent your contact lists to third parties, nor does it use them for any purposes other than those set out in this policy. We will only use the information from your contact lists to comply with legal requirements, to bill and collect summaries for our own statistics, and to provide you with customer support services.

As the creator of the contact lists and associated enrichment, you are considered the data controller within the meaning of the GDPR, and ScrapIn acts only as the data processor. In this capacity, you are notably responsible for:

  • Making all necessary declarations to the relevant data protection authority,
  • Complying with all applicable regulations, including data protection laws,
  • Obtaining explicit consent from the persons concerned when collecting their personal data,
  • Ensuring your authority to use the collected personal data in accordance with the defined final objectives and refraining from any unauthorized use.

If one of your contacts enriched through our services requests us to modify or delete their personal data, we will honor this request after appropriate verification and inform you.

2.10  Remove your data

We do not have a contact database, as we do every process in real-time, so we can’t remove your data from a database that does not exist.

However, we can do something else: We can put your personal data on an exclusion list that prohibits any user from typing your name or anything related to you in our search engine

This way, nobody can find you. To do that, you can fill our opt-out form below (request a withdrawal).

ScrapIn does not own any personal data others than active users (people who use ScrapIn services).

We are not a contact database. When one of our clients requests data from us data, we use the OSINT method in real-time to deliver it to our client.

We never store the data, except for file upload enrichment to render the data in CSV format (data store only for 30 days).

You can still request a withdrawal that will entrain two things:

  • The destruction of your data if we have data about you in the 30 days for the CSV file.
  • We will prevent our customers from looking for you in the future through our platform.

You can request a withdrawal from ScrapIn in two clicks here: Request withdrawal

Withdrawal takes place in less than 72 hours and you will be informed when your request has been executed.

2.11 Newsletter and marketing emails

An unsubscribe link must be included in each newsletter and marketing email you send.

For those of you who have expressly chosen to receive our ScrapIn newsletter, you can easily unsubscribe by following the "unsubscribe" links included in each email.

2.12 Statistics on emails

Without doing it systematically, we may analyze and track various rates (for example: click-through rates, open rates, bounce rates) and the number of emails sent with ScrapIn that you open to evaluate the performance rates of your email campaigns.

2.13 Testimonials

ScrapIn publishes a list of clients and testimonials on its site with information about the names and positions of our clients. ScrapIn commits to obtaining each client's authorization before publishing any testimonial on its site. If you wish to be removed from this list, you can send us an email at dpo@scrapin.io, and we will remove your information as soon as possible.

2.14 Privacy policy changes

ScrapIn reserves the right to update this privacy policy at any time, particularly in response to changes in applicable laws and regulations. Any changes will be notified to you via our website or by email, where possible, at least thirty (30) days before the changes take effect. We recommend that you check these rules from time to time to stay informed about our procedures and rules regarding your personal information.