This Privacy Policy explains how we use your personal data (your "information"). It applies to the Information we collect about you when:
- you are a Customer (see our "Customer Policy")
- you are a Prospect (see our "Policy on Prospects")
Finally, it contains information applicable to all our Policies (see our section "Information applicable to all our Policies"). This Privacy Policy came into effect on January 1, 2022.
1. Basic information
1.1 Who are we?
AppCraft is a simplified joint stock company (SAS) with its registered office located at 28 rue des Acacias, Le Mesnil-le-Roi (78600), France, and SIREN number 818 821 597 (hereinafter referred to as "AppCraft").
1.2 How can you contact us?
If you have any questions regarding the protection of your personal data, you can contact us by any of the following means:
- By email: dpo[@]appcraft.com
- By mail: AppCraft – Personal Data Department – 28 RUE DES ACACIAS – 78600 LE MESNIL-LE-ROI
2. Customer Policy
This Policy explains how we process your Information when you are an AppCraft Customer.
2.1 What information do we collect about our customers?
When you are a Customer, we use different categories of Information about you, which you may provide to us yourself or which we may collect indirectly.
| Category of information collected |
Description of the information that may be collected |
| Identity |
Company name, SIREN number, address (registered office, billing address); contact details (phone, email). |
| Information about employees |
Identity and contact details (phone number, email address) of the employees with whom the AppCraft teams will communicate (sales, technical, events), role and responsibilities of the employees. |
| Payment / Settlement |
Agreed terms and conditions of payment, information on payment methods (bank transfer, bank account details, SEPA credit transfer), payment history. |
| Monitoring of the business relationship |
Details of service offerings (options) and orders placed, duration of service provision. Billing. Commercial exchanges with you within the framework of the commercial relationship and technical support. |
| Unpaid bills |
Identity details, payment incident concerned (date of non-payment, invoice concerned, amount of non-payment, reason if applicable), payment method used. |
2.2 Why do we use our Customers' Information and for how long?
When you are a Customer, we use your Information for various reasons:
- we may need it to provide you with the Services you have ordered from us (Performance of a contract);
- we may need it to comply with our legal obligations (Legal Compliance);
- we may have legitimate interests in using your Information (Our Legitimate Interest);
- We may do so after obtaining your consent (Consent). You may withdraw your consent at any time.
Below are the reasons why we process your Information (the purposes of our processing) and the retention periods for your Information:
| Purpose |
Legal basis |
Shelf life |
| Management of our business relationship (provision of services, technical support) |
Performance of a contract |
Throughout the duration of our contractual relationship |
| Management of our legal, accounting, and tax obligations within the framework of our contractual relationship |
Compliance with the law |
Storage in the form of an archive for the legal retention period to which we are bound (e.g., up to 10 years for our accounting obligations) |
| Management of unpaid bills (Recording of unpaid bills and exclusion from any future transactions in the event of unpaid bills not being settled) |
Performance of a contract |
No later than 48 hours after the unpaid amount has been settled |
| Claims and litigation management |
AppCraft's legitimate interest in establishing proof of a right or the proper performance of our contractual obligations |
Throughout the entire duration of the statute of limitations applicable to our business relationship (e.g., up to 5 years for civil statutes of limitations) |
| Conduct satisfaction surveys or request feedback following an order |
AppCraft's legitimate interest in conducting satisfaction surveys to gather feedback from its customers |
For 3 years |
| Sending our newsletter |
Consent |
Until you withdraw your consent |
| Organization of our webinars/in-person events to promote AppCraft's services |
AppCraft's legitimate interest in promoting its Services |
Up to 15 days after the last event you registered for has taken place |
| Prospecting in connection with products or services similar to those already purchased by you |
AppCraft's legitimate interest in promoting its Services |
Up to 3 years from our last contact with you
You have the right to object to receiving our marketing communications. |
| Managing an opt-out list |
AppCraft's legitimate interest in no longer sending marketing communications to customers who have opted out |
For 3 years from the date you exercise your right to object |
2.3 Who do we share our Customers' Information with?
2.3.1 To our teams
Your Information may be shared with all of our teams who need it to perform their duties in the context of managing our business relationship. For example: our Sales team to enter into a contract with you, our Support/After-Sales Service team to handle your questions or complaints, etc.
2.3.2 To our subcontractors
We use different technical service providers for various reasons:
| Identity |
Reasons |
| OVH |
Data hosting |
| Google |
Data hosting |
| Google |
Email management |
| Google |
Video conference |
| Concept |
Client project management |
| Your invoices |
Billing |
2.3.3 To administrative or judicial authorities
We may be required to disclose some of your Information to administrative or judicial authorities when we receive a court order.
2.4 Where do we store our Customers' Information?
Our main computer servers are geographically located within the European Union. Some of our technical subcontractors may host some of your Information outside the European Union.
When this is the case, we ensure in advance that our subcontractors provide adequate safeguards in accordance with the General Data Protection Regulation (GDPR). Below is a list of data transfers outside the European Union that may be carried out and the adequate safeguards we take:
| Recipient's identity |
Adequate safeguards taken |
| Google |
European Commission standard contract terms |
| Concept |
European Commission standard contract terms |
3. Prospect Policy
This Policy explains how we process your Information when you are an AppCraft Prospect.
3.1 What information do we collect about our Prospects?
When you are a Prospect, we use different categories of Information about you, which you may provide to us yourself or which we may collect indirectly (for example, from publicly available sources).
| Category of information collected |
Description of the information that may be collected |
| identity |
Last name, first name, work contact details (phone number, email address), work address |
| Professional situation |
Employer name, position held, industry |
| Prospect relationship tracking |
Prospecting activities carried out by AppCraft, requests for documentation or trials received from the prospect, direct solicitations received from the prospect, correspondence with you, scheduling appointments for demonstrations, etc. |
3.2 Why do we use our Prospects' Information and for how long?
When you are a Prospect, we use your Information for various reasons:
- we may have legitimate interests in using your Information (Our Legitimate Interest);
- We may do so after obtaining your consent (Consent). You may withdraw your consent at any time.
Below are the reasons why we process your Information (the purposes of our processing) and the retention periods for your Information:
| Purpose |
Legal basis |
Shelf life |
| Management of our prospecting relationship (providing our solicitations, responding to your solicitations, scheduling appointments, etc.) |
AppCraft's legitimate interest in developing its commercial activity |
Up to 3 years from the last contact with you |
| Sending our newsletter |
Consent |
for 3 years from our last contact with you or until you withdraw your consent |
| Organization of our webinars/in-person events to promote AppCraft's services |
AppCraft's legitimate interest in promoting its Services |
Up to 15 days after the last event you registered for has taken place |
| Email prospecting aimed at professionals for offers related to the prospect's profession |
AppCraft's legitimate interest in sending commercial offers to prospects who may be interested |
For 3 years from our first prospecting or our last exchange with you. You may object to our prospecting activities. |
| Prospecting by mail |
AppCraft's legitimate interest in sending its commercial offers to prospects who may be interested |
For 3 years from our first prospecting or our last exchange with you. You may object to our prospecting activities. |
| Telephone prospecting |
AppCraft's legitimate interest in sending its commercial offers to prospects who may be interested |
For 3 years from our first prospecting or our last exchange with you. You may object to our prospecting activities. |
| Managing a do-not-call list |
AppCraft's legitimate interest in no longer sending marketing communications to individuals who have opted out |
For 3 years from the date you exercise your right to object |
3.3 Who do we share our Prospect Information with?
3.3.1 To our teams
Your Information may be shared with all of our teams who need it to carry out their tasks in the context of the commercial management of our prospects. Example: our Sales team to send you commercial solicitations, to respond to your requests for documentation, etc.
3.3.2 To our subcontractors
We use different technical service providers for various reasons:
| Identity |
Reasons |
| OVH |
Data hosting |
| Google |
Data hosting |
| Google |
Email management |
| HubSpot |
Making appointments and sending emails |
| Modjo |
Scheduling appointments with our sales teams |
| Lemlist |
Sending prospecting emails |
| DNA Data |
Prospect acquisition and segmentation |
| Dux-Soup |
Prospect acquisition and segmentation |
| Drop Contact |
Prospect data enrichment |
| Kaspr |
Prospect data enrichment |
| Waalaxy |
Automation of email prospecting |
3.4 Where do we store our Customers' Information?
Our main computer servers are located within the European Union. Some of our technical subcontractors may host some of your Information outside the European Union. When this is the case, we ensure in advance that our subcontractors provide adequate safeguards in accordance with the General Data Protection Regulation (GDPR).
Below is a list of data transfers outside the European Union that may be carried out and the adequate safeguards we take:
| Recipient's identity |
Adequate safeguards taken |
| HubSpot |
European Commission standard contract terms |
| Google |
European Commission standard contract clauses |
| Concept |
European Commission standard contract terms |
4. Cookie Policy
4.1 Preamble
When you visit our Site as a User, we may place or read cookies or trackers on your device.
4.2 What is a cookie?
A cookie is a small file stored or read on your device (computer, tablet, smartphone). They enable information relating to your browsing on our Site to be stored on your device. Reading and storing cookies generally requires your consent; however, certain technical cookies may be stored without your consent.
4.3 What types of cookies do you use?
We use different types of cookies:
| Cookie category |
Supplier |
Purpose |
| Technical cookies |
lemon tart |
Collected your choices regarding cookies |
| Audience measurement cookies |
Google Analytics |
Audience measurement services generate traffic statistics that are useful for improving the site. |
| Audience measurement cookies |
Google Tag Manager |
Audience measurement services generate traffic statistics that are useful for improving the site. |
| Video platform cookies |
Vimeo |
Video sharing services enrich the site with multimedia content and increase its visibility. |
Information collected through audience measurement cookies is stored for a maximum period of twenty-five months.
Necessary
Necessary cookies are crucial for the basic functions of the website, and the website will not function as intended without them. These cookies do not store any personally identifiable data.
Functional
Functional cookies enable certain features such as sharing website content on social media platforms, collecting feedback, and other third-party features.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information about the number of visitors, bounce rate, traffic source, etc.
Performance
Performance cookies are used to understand and analyze key website performance metrics, enabling us to provide a better user experience for visitors.
Advertisement
Advertising cookies are used to provide visitors with personalized advertisements based on previously visited pages and to analyze the effectiveness of the advertising campaign.
Others
Other cookies are those that are currently being identified and have not yet been classified in any category.
5. Information applicable to all our Policies
5.1 What are your rights?
Regulations on personal data protection grant you several rights:
| Right of access |
You may request access to all information we hold about you. |
| Right of rectification |
You can ask us to correct your information if it is inaccurate. |
| Right to object |
You may request that we cease using your information when we do so based on a legitimate interest
. You may also request that we cease sending you marketing communications. |
| Right to withdraw your consent |
When one of our processing operations is based on your prior consent, you may withdraw your consent at any time. We will then cease to use your information for that processing operation. |
| Right to erasure |
You may request that we delete your information and cease using it. |
| Right to restriction |
You may ask us to temporarily stop using your information while requiring us to retain it temporarily. |
| Right to portability |
You can ask us to provide you with an export of your information in a reusable format and, where possible, ask us to transfer it to another organization that can use it. |
| Right not to be subject to an automated individual decision |
You have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or significantly affects you. |
| Right to set guidelines regarding your assets in the event of death |
You have the right to define, update, or revoke guidelines regarding the storage, deletion, or communication of your information after your death. |
| Right to lodge a complaint |
You may lodge a complaint with the authority responsible for protecting personal data (in France, the CNIL, www.fr) if you believe that your rights have not been respected. |
5.2 How to exercise your rights?
To exercise your rights, please contact us using the contact details provided in the section "How can you contact us?"
We will do our best to respond within one month.
The rights you can exercise are defined by the GDPR and depend on the legal basis for our processing. We may therefore be unable to accept a request to exercise your rights because the right invoked cannot be exercised. If this is the case, we will inform you.
We may also ask you to provide proof of identity to ensure that it is you who is exercising your rights and when we have no other means of verifying this. You should only send us proof of identity if we ask you to do so.
