1. Preamble
The purpose of this privacy policy (the “Privacy Policy”) is to inform future prospects, customers, consultants, partners, service providers, and suppliers (including their employees) and more generally anyone browsing VostokInc's website at the following address https://www.scrapingbee.com/ (the “Website”) and use VostokInc’s services about how VostokInc, a joint-stock company (“société par actions simplifiée”) with registered address located at 66 Avenue des Champs Élysées – 75008 Paris – France and registered before the Company House of Paris under number 843 352 683 (“VostokInc” or “We”) processes Personal Data in its capacity as data controllers and their rights in this respect.
In this Privacy Policy, We seek to explain to You in the clearest way possible what Personal Data We collect, how We use it, and what rights You have in relation to it. We hope you take some time to read through it carefully as it is important. If there are any terms in this Privacy Policy that You do not agree with, please discontinue the use of our Website and our services.
2. Definition
For the purpose of the Privacy Policy, notably, the terms “Personal Data,” “Processing,” “Data Subject,” “Data Controller,” “Data Processor,” and “Personal Data Subject” have the meaning given by the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (the “GDPR”) and the French Data Protection Act entitled “Loi Informatique et Libertés” No. 78-17 of 6 January 1978 as amended (the “LIL”) (altogether the “Data Privacy Regulation”).
3. Who is Data Controller and Data Subjects?
In short: VostokInc is Data Controller and You are Data Subjects
VostokInc is responsible for all data processing in its professional capacity and within its business activity. In this capacity, VostokInc is subject to the obligations imposed upon it by the Data Privacy Regulation.
Data subjects are suppliers, service providers, consultants, partners, customers, and prospects as well as their employees and more generally anyone using the Website (the “Users” or “You”).
In the event our Website or services contain links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, You should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.
4. What Personal Data do We collect?
In short: Some Personal Data — such as IP address and/or browser and device characteristics — is collected automatically when You visit our Website and some is mandatory to use VostokInc’s services.
Personal Data automatically collected
We automatically collect certain information when You visit, use, or navigate the Website and our services. This information does not reveal Your specific identity (like your name or contact information) but may include device and usage information such as Your IP address, device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Website and services, and other technical information. This information is primarily needed to maintain the security and operation of our Website and services, and for Our internal analytics and reporting purposes. Like many businesses, We also collect information through cookies and similar technologies.
Personal Data that You provide VostokInc with
VostokInc collects Personal Data directly from Users, notably via data collection forms on the Website or otherwise or during meetings, trade discussions, email exchanges, or as part of performing a contract. This Personal Data is updated directly by Users. To this end, any update of said Personal Data must be immediately communicated to the relevant VostokInc department (marketing department/customer service accounts, etc.).
Personal Data obtained by third parties
Personal Data can also be provided indirectly from Your personal devices (mobile phones or other devices) through a secure connection to VostokInc’s information system or through an application programming interface (API) such as LinkedIn or X (formerly known as Twitter). The privacy policies for these services offered by LinkedIn or X can be viewed at the following links:
Additionally, VostokInc collects Personal Data using cookies and/or tracers that can analyze the behavior of web users.
VostokInc may also receive Personal Data about You via banking or credit institutions. In such cases, We will update Your Personal Data in Our database.
Personal Data regarding third parties that You provide VostokInc with
If You provide us with Personal Data relating to somebody else (e.g. your employees’ Personal Data for maintenance purposes or for partner recommendations), You guarantee that You have the authority to consent to the processing of Data on their behalf or more generally to communicate said Personal Data to us and that You receive any correspondence relating to their Personal Data on their behalf.
The type of Data being processed
Personal Data collected as part of a processing operation is strictly limited to the purpose for which it has been collected. As such, the Personal Data that we collect from prospects include first and last names, a work email address, employer details, work phone number, and browsing data (cookies).
In addition to the above Personal Data, we process the following Personal Data concerning Users and their employees: IP address, function, login, and login details.
Personal Data relating to suppliers is as follows: First and last names, email address, contact phone number, banking details, contract documents, and qualifications.
5. What are the Legal Bases for Processing Your Personal Data?
In short: We process Your Personal Data for purposes based on legitimate business interests, the fulfillment of Our contract with You, compliance with Our legal obligations, and/or Your consent.
We will only collect and use Your Personal Data when we have a legal right to do so. In which case, we will collect and use Your Personal Data lawfully, fairly, and in a transparent manner.
Our lawful bases depend on the services You use and how You use them. This means We only collect and use Your Personal Data on the following grounds:
Consent From You Where You give us consent to collect and use Your Personal Data for a specific purpose. You may withdraw Your consent at any time using the features we provide; however, this will not affect any use of Your Personal Data that has already taken place. You may consent to provide Your email address for the purpose of receiving marketing emails from Us. While You may unsubscribe at any time, We cannot recall any email We have already sent. If You have any further inquiries about how to withdraw Your consent, please feel free to inquire using the details provided hereinafter.
Performance of a Contract or Transaction Where You have entered into a contract or transaction with Us or in order to take preparatory steps prior to Our entering into a contract or transaction with You. For example, if You contact Us with an inquiry, We may require Personal Data such as Your name and contact details in order to respond.
Our Legitimate Interests Where We assess it is necessary for Our legitimate interests, such as for Us to provide, operate, improve, and communicate Our services. We consider Our legitimate interests to include research and development, understanding Our audience, marketing, and promoting Our services, measures taken to operate Our services efficiently, marketing analysis, and measures taken to protect Our legal rights and interests.
Compliance with Law In some cases, We may have a legal obligation to use or keep Your Personal Data. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations. If You have any further inquiries about how We retain personal information in order to comply with the law, please feel free to inquire using the details provided in the Contact Us section of this Privacy Policy.
6. How do VostokInc use Your Personal Data?
In short: We process Your Personal Data for the provision of our services, legitimate business interests, compliance with Our legal obligations, and/or Your consent.
Depending on whom it concerns (prospects, customers, service providers, or suppliers), VostokInc carries out various types of processing.
Personal Data from prospects is processed to:
- Build a database of prospects and carry out sales canvassing as well as to manage and send business newsletters (unless the recipient has opted out).
Personal Data relating to User’s employees is processed as per the following objectives:
- Facilitate account creation and logon process: If You choose to link Your account with us to a third-party account (such as your Google or GitHub account), We use the Personal Data You allowed Us to collect from those third parties to facilitate account creation and logon process for the performance of the contract.
- Provision of services: This relates to in particular allowing contracts to be drawn up, services to be provided, and invoices to be issued and sent. As part of Our activities, VostokInc archives and logs all actions performed on the API by the User’s employees.
- License management: VostokInc collects and processes Personal Data relating to User that are using the VostokInc API as defined in the General Conditions and more generally in the Agreement.
- Litigation management: VostokInc collects and processes Personal Data relating to User payment delays and defaults in order to prepare, take, and monitor any recovery action or legal remedy and where applicable enforce the judgment issued.
- Auditing: As part of an audit or potential buyback operation of VostokInc, audits by potential investors, buyers, or purchasers may be carried out. Internal audits may also be carried out to check that Our processes are being correctly implemented or to verify Personal Data processing from the User database.
- Customer relationship management: In order to provide Users with the best possible service and improve the solutions offered, VostokInc also processes User Personal Data when managing the termination of a contract or in order to offer new services, commercial offers, and discounts. As part of its customer relationship management, VostokInc must also record all email exchanges with the User’s employees. Finally, VostokInc may conduct surveys on the quality of the services provided in order to improve said services.
- Marketing: Create a database of persons interested in VostokInc’s API and services and conduct possible marketing actions as well as to manage and send newsletters (unless Users have expressly opted out as described hereinafter in the “What are Your privacy rights?”).
- Other Business Purposes: VostokInc may use Your Personal Data for other Business Purposes such as data analysis, identifying usage trends, determining the effectiveness of Our promotional campaigns, and evaluating and improving our services, Website, products, marketing, and your experience. VostokInc may use and store this information in aggregated and anonymized form so that it is not associated with individual end-users and does not include personal information. VostokInc will not use identifiable Personal Data without Your consent.
Regarding the Processing of Personal Data from Cookies, the dedicated VostokInc’s Cookie Policy describes the terms and conditions of implementation of such processing.
Supplier Personal Data is only processed for:
- The purposes of establishing, negotiating, and monitoring a contractual relationship (carrying out services, invoicing, payment, etc.) as well as for the purposes of dealing with any disputes that may arise.
7. Will Your Personal Data be shared with anyone?
In short: We only share information with Your consent to comply with laws, to provide You with services, to protect Your rights, or to fulfill business obligations.
Access to Personal Data is restricted to those who require access to such information in order to fulfill their duties within VostokInc. Personal Data collected can thereby be accessed within VostokInc by the appropriate departments in order to manage the different processes concerned (sales department for contractual relationships, legal department for disputes, IT department for maintenance, etc.) User’s employee Personal Data may also be viewed by the User itself.
For certain purposes, VostokInc may sometimes use the services of subcontractors or service providers (e.g. those in charge of maintaining VostokInc’s information system or providing administrative services such as accounting and payroll) such as IT service providers (e.g. web hosting) offering SaaS solutions who require access to Personal Data to carry out the tasks entrusted to them by VostokInc, including some which may be located outside of France. In this instance, VostokInc enforces strict obligations on these co-contracting parties in accordance with data processing confidentiality and security Data Privacy Regulations to which these service providers have access. This is particularly important if these transfers take place outside of the EU.
In certain specific cases, VostokInc may also communicate Personal Data to third parties:
- Business Transfers: We may share or transfer Your Personal Data in connection with or during negotiations of including for auditing purposes any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. If all or part of VostokInc’s assets are acquired by a third party, Personal Data will be one of the transferred assets. Personal Data will be processed by the purchaser who will act as the new Data Controller, and the purchaser’s policy on data protection will then govern the data processing.
- Vendors, Consultants, and Other Third-Party Service Providers: We may share Your Personal Data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include payment processing, data analysis, email delivery, hosting services, customer service, and marketing efforts. We may allow selected third parties to use tracking technology on the services, which will enable them to collect Personal Data about how You interact with the services over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content, and better understand online activity. Unless described in this Privacy Policy, we do not share, sell, rent, or trade any of Your Personal Data with third parties for their promotional purposes.
- Third-Party Advertisers: We may use third-party advertising companies to serve ads when you visit the services. These companies may use information about Your visits to our Website(s) and other websites that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you.
- Business Partners: We may share Your information with our business partners to offer you certain products, services, or promotions.
- A parent, subsidiary, or affiliate of VostokInc.
- If VostokInc is obliged to disclose or provide access to Personal Data in order to comply with any legal obligation or a court ruling or in order to uphold or apply the service agreement or circumstances other than those accepted or to protect the rights, property, or safety of VostokInc, its customers, or its employees.
- If this transfer of data by VostokInc is permitted by law.
VostokInc does not sell any Personal Data to third parties. For purposes of the Privacy Policy, “sell” means the disclosure of Personal Data to a third-party for monetary or other valuable consideration.
8. How long do we keep Your Personal Data?
In short: We keep Your Personal Data for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.
Personal Data (especially Personal Data that relates to contracts concluded with VostokInc) is stored as long as is strictly necessary in order to allow us to provide our services, until the termination of a contract, for the duration required by law, or for a duration sufficient for the objective sought to be secured. In any case, this Personal Data must be stored in accordance with CNIL recommendations. For example:
- Personal Data relating to prospects or Customers is deleted within 3 years of its collection or within 3 years of the last contact with the prospect or Customer.
- Pre-litigation: Personal Data is held until a settlement agreement has been concluded or failing this until the corresponding legal action has been prescribed.
- Judicial litigation: Data is held until the decision has the force of res judicata.
When we have no ongoing legitimate business need to process Your Personal Data, we will either delete or anonymize it, or if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store Your Personal Data and isolate it from any further processing until deletion is possible.
Furthermore, anonymous data and data relating to Users may be held for an unlimited period of time when it does not contain or no longer contains any Personal Data.
9. Actions carried out on Personal Data
In short: We carry out actions on Your Personal Data to achieve the purposes described in this Privacy Policy.
The following actions are carried out on Personal Data:
- Collection and recording
- Organization and structuring
- Hosting or retention using third-party software
- Consultation / visualization
- Personal Data sorting (using a solution published by a third party)
- External archiving
- Transmission, distribution, or otherwise in any form making available of the concerned services
- Modification/consultation by customer service, marketing, accounts, or IT department
- Deleting, destroying, or anonymization
10. Personal Data localization and existing safety measures
In short: Personal Data collected is hosted and/or processed in France or where we or our partners, affiliates, and third-party providers maintain facilities. In any case, VostokInc ensures that all transferred Personal Data is adequately protected in accordance with the applicable regulation.
Personal Data We collect is hosted and/or processed by providers located either in the United States, the European Union, or where We or our partners, affiliates, and third-party providers maintain facilities in compliance with the regulations applicable for this type of Personal Data transfer.
For Personal Data transfers, VostokInc has adopted specific measures; for instance, standard contractual clauses adopted by the European Commission have been added and include additional safeguards for Personal Data processes in countries with legislation that does not meet European standards. In any case, VostokInc ensures that all transferred Personal Data is adequately protected in order to guarantee the Personal Data’s security, integrity, and confidentiality in accordance with the applicable regulation.
VostokInc shall take all suitable precautions to guarantee the confidentiality and security of the Personal Data and to prevent it from being tampered with, corrupted, or accessed by unauthorized persons. A security policy for the information system has been implemented within VostokInc. For example, Personal Data is stored on secured servers and banking details are encrypted. A login and password are required to access Personal Data.
However, transferring Personal Data via the Internet is not without risk. Therefore, VostokInc does not guarantee the security of any Personal Data transferred online even when VostokInc has complied with its security commitments.
11. Do VostokInc collect Personal Data from minors?
In short: VostokInc do not knowingly collect or process by any means Personal Data from Data Subjects under 18 years old.
We do not knowingly solicit data from or market to children under 18 years of age. As stated in the General Conditions, by using the Services, You represent and warrant that You are at least 18. If We learn that Personal Data from users less than 18 years of age has been collected, We will deactivate the Account and take reasonable measures to promptly delete such Personal Data from our records. If You become aware of any Personal Data We have collected from children under the age of 18, please contact Us at the addresses indicated hereinafter.
12. What are Your privacy rights?
In short: You may review, change, or delete Your Personal Data at any time.
Users have the following rights on their Personal Data processed by Us:
- Access to or obtain a copy of their Personal Data.
- Rectification of their Personal Data.
- Have all or part of their Personal Data deleted when the Personal Data (i) is no longer needed for the purposes for which it was collected (ii) is exclusively based on User’s consent (iii) and their Processing undergoes an objection proceeding.
- Limit the processing of their Personal Data temporarily when the accuracy of said Personal Data is challenged, when the User has objected to its processing, and when the Personal Data is no longer needed by VostokInc but is still mandatory for the establishment, exercise, or advocacy of their rights in court.
- Unsubscribe or opt out of receiving marketing messages at any time by clicking on the “unsubscribe” link in any emails or communication sent by VostokInc.
- Object to the Processing or withdraw their consent at any time when Personal Data processing is based on consent.
- Portability of their Personal Data when Personal Data is processed based on consent and when the processing is carried out using automated processes.
- Decide what happens to their Personal Data after their death.
- File a complaint with the local control’s authority.
To exercise their rights or for any questions relating to this Privacy Policy, Users may contact VostokInc at the following addresses: VostokInc, 66 Avenue des Champs Élysées – 75008 Paris France or at contact@scrapingbee.com and attach a copy of their ID card.
For individuals submitting a request on behalf of another person, we may require proof of authorization and verification of identity directly from the person for whom the request is made.
13. Updates
In Short: We will update this Privacy Policy as necessary to stay compliant with relevant laws and to reflect updates to Our business processes or practices. Any modifications will be enforceable after the Effective date.
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify You either by prominently posting a notice of such changes or by directly sending You a notification. We encourage You to review this Privacy Policy frequently to be informed of how we are protecting Your information.