Data Processing Agreement
Last updated on January 21st, 2021
Data Processor provides the following services:
Kaspr services are designed to help Users and vendors (e.g. HR professionals, B2B partners, sales platforms) validate and verify contact information and to find business profiles they seek in order to interact with relevant Contacts (as defined below), through access to individual business profiles retained in Kaspr’s database.
The term of the Services is from the Effective Date to: Personal Information will be retained by Kaspr for as long as necessary to provide our Services, and as necessary to comply with our legal obligations, resolve disputes and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it was collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.
THE CATEGORIES OF DATA SUBJECT TO WHOM PERSONAL DATA RELATES
– “Contacts”: individuals who make their contact information publicly available.
– “Users” : Person who download, install or use the Kaspr browser extension ( “Plugin”) or access Kaspr’s website ( “Site”).
THE NATURE AND PURPOSE OF THE PROCESSING OF CONTACTS PERSONAL DATA
Individuals’ business information collected :
- We collect Business Profiles which are related to Contacts from different public sources and from our trusted business partners in order to enhance, optimize and enrich the Kaspr Database and make it current and up to date as possible, thus allowing us to provide our Services. We collect information from the following third-party sources: (i) third parties who license, sell or otherwise provide data they have collected; or (ii) information from publicly available sources, such as via the Internet and social networks, including through public or licensed APIs. For example, we use open web services and APIs to complete and update the information we have about Contacts and enrich it (e.g. by adding links to Contacts’ verified social network profiles), in order to allow our Users and vendors to find relevant Business Profiles.
- Kaspr collects from Contacts: Email Addresses, Phones, Social profiles (id, url, name, job title, company, location, skills …).
- We do not add to the Kaspr Database any Business Profiles or any other information which is shared with us by our Users when downloading or using our Plugin or accessing our Site.
We do not add to The Kaspr Database any information which is shared with us by our Users when downloading or using our Plugin or accessing our Site.
THE NATURE AND PURPOSE OF THE PROCESSING OF PERSONAL DATA
Users data collected :
(i) The first category of information is unidentified and non-identifiable information pertaining to a User(s), which may be made available or gathered via your use of the Services (“Non-personal Information”). We are not aware of the identity of the User from which the Non-personal Information was collected. Such information includes the following:
- a. (a) We collect technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preference, access time and the domain name from which you linked to the Services; etc.), in order to enhance the functionality of the Services and to provide you with a better user experience.
- b. (b) We may also collect information about your use of the Services, such as log files, time stamps, alerts, etc. This information is collected for amongst other things troubleshooting errors and bugs as well as for research and analytics purposes about your use of the Services.
(ii) The second category of information is information about you that specifically identifies you or when combined with other information we have, can be used to identify you. Such information is collected as part of the following activities and includes the following items:
- a. (a) User activity (e.g. pages viewed, browsing activity, page viewed, etc.), Location (e.g. country or origin, we do not collect your specific location);
- b. (b) In order to download our Plugin, you will be required to register for the Services (e.g. through our Site). As part of the registration process, we will collect your full name, email address, and telephone number. In addition, when you upgrade and purchase our paid version of the Plugin you will be requested to enter your payment information (e.g. your credit card number, PayPal account, etc.). We do not collect such information directly and the processing of such payment information is made by our trusted third party service providers.
- c. (c) When you register or connect the Site or Services with your social network account (each a “Platform”), we may have access to basic information about you from such Platform, such as your name, home address, email address, contact list, as well as any other information you made publicly available on such Platform or agreed to share with us. At all times, we will abide by the terms, conditions, and restrictions of such Platforms. If you wish to use our emailing services, we will allow you to gain access to additional information on individuals interacting with you via your email account, for authenticating and verification purposes, directly through the Plugin (“Email Services”), which will enable us to access your contacts and email account solely for the purpose of enabling the Email Services.
- d. (d) We collect information which you provide us voluntarily. For example, when you respond to communications from us, performing a purchase through our Site, communicate with us via email or the Site or share additional information about yourself or about others through your use of the Services.
- e. (e) If you agree to use Kaspr’s referral service to invite friends to use Kaspr, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting them to visit the Site and install the Plugin.
PROCESSING OPERATIONS (AS APPLICABLE)
The personal data transferred will be subject to the following basic processing activities:
In order to provide people data, Data Processor receives identifying Personal Data to permit Data Processor to query, cleanse, standardize, enrich, (when required) send to additional data to feed providers, and to store the query information.
We do not currently pseudonymize or encrypt Users data in our database. Our Users database is accessible via a Virtual Private Network, and only our Technical Director is allowed to access it. All data transfers are encrypted.
- Ensure confidentiality, integrity, availability and resilience of processing systems and services that process Users Personal Data.
- Ensure persons authorized to process the Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- Notify the Customer without undue delay after becoming aware of a Security Incident;
- Take adequate technical and organizational security measures to safeguard Customer Personal Data against unauthorized access, destruction, disclosure, transfer, or other improper use as required under Article 32 of the GDPR;
Annex 1: Authorized Other Processors
Name of Other Processor : Description of Processing : Location of Other Processors
OVH : Computing Infrastructure, Storage : FRANCE
Amazon : Web Services Backup Storage : FRANCE
STRIPE : Paiement Platform : USA
Google Service : Tracking monitoring : USA
Hubspot : CRM for Users Data : USA
Active Campaign : Marketing Automation : USA
Sendinblue : Transactional Emails : FRANCE
MailGun : Transactional Emails : USA