Privacy Policy
LAST UPDATED: 11.03.2020
ScrapingAnt (“we”, “our”, “us”) knows that you care about your personal data privacy. On this page, you can learn about what information about you we collect while you interact with ScrapingAnt and what for, how it is used, stored, disclosed etc. All the actions with your personal data shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the different countries’ specific data protection regulations applicable to ScrapingAnt.
1. Definitions
Site means the website https://scrapingant.com and other webpages under this domain.
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject means any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organizing, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Controller means the natural or legal person, public authority, agency or other body, which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor means a natural or legal person, public authority, agency or other body, which processes personal data on behalf of the controller.
Encryption means procedure that converts clear text into a hashed code using a key, where the outgoing information only becomes readable after using the correct key. This action minimizes the risk of an incident during data processing, as encrypted contents are unreadable for third parties who do not have the correct key. Encryption is one of the best ways to protect personal data during transfer and store it securely.
2. Contacts of the Controller
ScrapingAnt is a service that is operated by DATAANT SP. Z O.O., registered and acting under the laws of the Republic of Poland under the business registration number (KRS) 0000848755. We are the controller in relation to your personal data collected for the purposes herein.
If you have any questions in regard to this policy or your personal data, as well as in case of violation of the provisions of GDPR, you can contact ScrapingAnt via telephone number +380677518922 or email support@scrapingant.com.
3. Contacts of the Supervisory Authority
Our Supervisory Authority is located in Poland at the address:
Urząd Ochrony Danych Osobowych
ul. Stawki 2, 00-193 Warszawa
kancelaria@uodo.gov.pl
In case of violation of the provisions of GDPR, you can lodge a complaint with the President of the Personal Data Protection Office (learn more about the procedure at the link: https://uodo.gov.pl/en/559/941), but as advised by the Authority, all complaints of this kind should be first addressed to a controller.
4. Personal Data We Collect
We may collect, use and otherwise process your personal data in different ways. In all cases, we are committed to protecting your personal data. We do not use automated decision-making and profiling. In each of the sections listed below, we describe how we obtain your personal data and how we process it.
4.1 Personal Data We Collect Automatically
When you access the Site, we use third-party services, such as Google Analytics for analytical purposes. We collect your IP address in order to remember your user settings as part of our legitimate interest.
We also use cookies and other tracking technologies on our Site. You can learn more about cookies from our Cookie Policy.
4.2 Personal Data Received Directly From You
When you send us your request through the Contact Us form, we require your username (name) and your email address. We do not request other personal data; however, we sincerely ask you not to disclose any sensitive data in the “Message” field unless absolutely necessary. All of these data are being sent to our email support@scrapingant.com.
When you register an account on our Site, we may ask you to provide us with your name, your email address and information on your workplace. We require these categories of your personal data due our legitimate interest.
We also use widgets of other platforms for your quick sign-up. When a customer clicks such a widget, we automatically receive data (such as mentioned above) on request from another controller (for example, a social network). You can see the list of data the controller discloses to us in the window of the controller’s platform that asks for your permission to send the data to us. Currently, we use widgets of GitHub and Google, which are the companies established in the United States of America. You can see their privacy policies here:
GitHub: https://docs.github.com/en/github/site-policy/github-privacy-statement
Google: https://policies.google.com/privacy?hl=en-US
4.3 Transaction Data
We do not use a payment system of our own; therefore, we do not collect your bank account/credit card number, CVV etc. However, we need the transactions data to provide our services and for accounting purposes.
4.4 Customer Data
We acknowledge that we can possibly collect personal data while providing services for our clients. We do not initiate such collection of personal data; we do not determine purposes of such collection and normally do not use the data our clients have collected for our own purposes except providing the service to such clients as described in the Terms of Use. We do not obtain any information whether any personal data being collected or not.
In this case, our client acts as the controller, while we act as the processor. Therefore, this Privacy Policy does not apply to such personal data collection, and we will readdress your requests to the data controllers. In accordance to Article 28 and Article 32 of GDPR, we sign data processing agreements (DPAs) with our clients.
5. Subscription to Our Newsletter and Other Marketing Purposes
When you send us a question through the Contact Us form or register an account on the Site, we ask you if you like to subscribe to our newsletter and special offers.
Usually, we send information on our news and improvements so you could keep the track. Some of our letters contain special offers that we form basing on information on your workplace. We try to keep our offers interesting and send not too many letters to our subscribers, but you can always unsubscribe if you are not interested or messages are too often for you.
By checking in the check box of our consent form you give your consent to receive, process and transmit your personal data to the countries outside the EU that are not determined to offer an adequate level of data protection on the basis of article 45 of GDPR (adequacy decision).
6. How We Use Personal Data
We may use personal data we collect for a number of business, commercial and compliance purposes based on different legal grounds for lawful processing of personal data.
We may use your personal data for the following purposes under the ground of our legitimate interest (Article 6(1)(f)):
- In order to have the ability of contacting you when needed or at your request;
- For analytics and browsing experience, in order to identify your country and your language, so it is more comfortable for you to use the Site;
- For authorization and authentication, so only you have the access to your account.
We may use your personal data for the following purposes under your consent (Article 6(1)(a)):
- For the marketing purposes and special offers, so you can learn about our changes and improvements and receive offers made personally for you.
We may use your personal data under the ground of performance of contract (Article 6(1)(b)):
- For invoicing and processing of payments.
We may use your personal data for the following purposes under the ground of our legal obligation (Article 6(1)(c)):
- For complying with applicable laws and regulations of countries where services of ScrapingAnt are available.
7. Rights of a Data Subject
As a data subject, you have certain rights under the GDPR, which are listed below. If you wish to avail yourself of any of these rights, you may contact us at any time.
- Right of confirmation
You have a right to obtain confirmation from the controller as to whether or not your personal data is being processed.
- Right of access
You have a right to obtain at any time information from the controller about:
- your personal data stored;
- the purposes of the processing; the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Furthermore, you have a right to obtain information as to whether personal data is transferred to a third country or to an international organization and of the appropriate safeguards relating to the transfer, if it occurs.
- Right to rectification
You have the right to obtain the rectification of inaccurate personal data concerning you from the controller without undue delay. You have the right to have incomplete personal data completed, including by means providing a supplementary statement.
- Right to erasure (“right to be forgotten”)
You have the right to have your personal data deleted from the controller’s records and access without undue delay, and the controller must erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
- in relation to the purposes for which they were collected or otherwise processed;
- you as the data subject withdraw consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing;
- you as the data subject object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you as the data subject object to the processing pursuant to Article 21(2) of the GDPR;
- the personal data has been unlawfully processed.
The personal data also must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
If one of the aforementioned reasons applies and you wish to request the erasure of personal data stored by us, you may contact us at any time. We will immediately erase your personal data that we hold as a data controller, provided that no other lawful basis applies. Please, note that after your personal data is deleted, we will not be able to provide our services to you.
- Right of restriction of processing
You have the right to obtain restriction of processing from the controller where one of the following applies:
- the accuracy of personal data is contested by you (for a period enabling the controller to verify the accuracy of the personal data);
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
- the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims;
- you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override yours.
- Right to data portability
You have the right to receive your personal data, which was provided to a controller, in a structured, commonly used and machine-readable format. You have the right to transmit such data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Right to object
You have the right to object, on grounds relating to your particular situation, at any time, to processing of your personal data, which is based on necessity for the performance of a task carried out in the public interest or of our legitimate interests. This also applies to profiling based on these provisions, if any.
ScrapingAnt shall no longer process your personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
As ScrapingAnt processes personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.
- Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between you and a data controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the your rights and freedoms and legitimate interests, or (3) is not based on your explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between you and a data controller, or (2) it is based on the your explicit consent, ScrapingAnt shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.
As a data controller, we do not use the automated decision-making.
- Right to withdraw consent
You have the right to withdraw your consent to processing of your personal data at any time. However, it does not automatically make the processing of personal data prior to the withdrawal illegal.
8. Data storage
All the data collected is located on the servers of Amazon in the USA. Amazon Corporate Headquarters Address is 410 Terry Ave. North, Seattle, WA, 98109-5210.
We provide secure transfer and storage of personal data held by third parties (e.g. encryption, special software, access only for certain persons, etc.) accordingly to the policies of Amazon. Their privacy policy is here: https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ. We use backups to restore the data.
All the data you provide us with and we automatically collect as a data controller while you are using our Site is stored for 12 months. If you have an account on our Site, we store your personal data as long as you keep the account active and 12 months after you delete it. After this term expires, or we do not need the personal data for our purposes anymore, or we have received a request from you to delete your personal data we retain, or we receive a court opinion that prohibits processing, we delete it (including backup) or anonymize it.
9. Who Do We Disclose Your Personal Data To
We only transfer your personal data to third parties within requirements under GDPR. Where possible, we always sign data processing agreements (DPAs) with them and treat them seriously. We may transfer your personal data to countries outside the EU and EEA (e.g. Ukraine, the USA etc.) that are not determined to offer an adequate level of data protection on the basis of article 45 of GDPR (adequacy decision) with all of the requirements of GDPR.
We may disclose some your personal data to our outsource accounting professionals in order to make our business legal and accurate.
We also disclose your personal data to third parties only for the purpose of making our services more comfortable for you.
Using the API with Sendgrid (a service of Twilio, Ireland), we send you our newsletter and special purposes. Their privacy policy is here: https://www.twilio.com/legal/privacy.
Using the API with Paddle (United Kingdom), we transfer you to Paddle’s web-page so you could make the payment for ScrapingAnt’s services. We do not collect your payment data ourselves. Their privacy policy is here: https://paddle.com/privacy/.
We use Google Analytics (United States of America) in order to make our Site work properly. Their privacy policy is here: https://policies.google.com/privacy?hl=en-US .
We shall not be responsible for actions these companies apply to your personal data. Please, revise privacy policies of the mentioned above services before you give them your personal data.
10. Changes to This Policy
We keep this Policy under regular review and reserve our right to imply changes to it.
If we make any major change(s) to the Policy, we will post a notice on our Site prior to such changes(s) taking effect.