lemlist for Sheets Privacy Policy

Date: as of July 20^th, 2023

Privacy and security are of utmost importance to Lempire (hereinafter known as “lempire”, “Provider,” “us”, “we”, “the App” or “the Site”) and we strive to ensure that our technical and organizational measures in place respect your data protection rights.

This Privacy Policy describes how we manage, process and store personal data submitted in the context of providing our services. “Personal data” refers to any information relating to an identifiable individual or his or her personal identity.

It applies to the processing of personal data carried out on our lemlist for sheets add-on and completes the legal notice and the General Conditions of Use that can be consulted by users at the following address.  

www.lemlist.com/terms-of-use-lemlist-for-sheets

We use the personal data submitted to us only in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "GDPR") and the French Data Protection Act of 6 January 1978 (referred together as the “Applicable Regulation”).

1. The Data controller

When using our App, the data controller is lempire SAS, a company registered under France law number 823 475 082 with the Paris Trade & Companies Register and having its registered office at 128 rue La Boétie, 75008 Paris, France (“We” or “Us”). 

However, when we provide our services to our clients, we process personal data on their behalf and for their own purposes. Our clients act therefore as data controllers in accordance with Article 4 of GDPR while we act as data processor.

If you have any question, please contact our Data Protection Officer: [email protected]. 

2. Personal data collected

• When you subscribe to our services, the following data is collected and managed: mailing address 

•  By using our services, the following data is collected and managed: complaints, incidents, information on subscriptions and messages on our site. 

The data submitted should not include any sensitive personal data, such as government identifiers (i.e. social security, driving licence, or taxpayer identification numbers), complete credit card or complete personal bank card numbers, medical records or particulars connected with applications for care or treatment associated with private individuals.

3. Purposes of processing and legal basis

Your personal data is processed to meet one or several of the following purposes. Each purpose is associated with a legal basis, the list of which can be found below.

Based on our legitimate interest of offering you a safe, optimum, efficient, and personalized experience, we carry out processing operations for the following purposes:

• To solve any problems and improve the use of our sites and services.
• To personalize, assess, and improve our services, content, and materials.
• To analyze the volume and history of your use of our services.
  
• To inform you about our services as well as our partners’ services and/or promotional offers.
• To sign up to our newsletters, use case studies and marketing material.
  

On the performance basis of a contract to which you are a party, we carry out processing operations for the following purposes:

• To provide our services. 
• To facilitate performance, including verifications relating to you.

Based on the compliance with our legal and regulatory obligations, we carry out processing for the following purposes:

• To prevent, detect and investigate any activities that are potentially prohibited, unlawful, contrary to good practices and to ensure compliance with our terms of use and sending policy.
• To answer to exercise of rights

4. Third party disclosures

Personal data relating to you collected on our website are destined for lemlist for Sheets’s own use and may be forwarded to lemlist for Sheets’s partner companies so that we may obtain assistance and support in the context of carrying out our services. 

lemlist for Sheets ensures that it has in place clear data protection requirements for all its third-party providers. 

We do not sell or rent your personal data to third parties for marketing purposes whatsoever.

In addition, lemlist for Sheets does not disclose your personal data to third parties, except if: 

• you (or your account administrator acting on your behalf) requests or authorized disclosure thereof.

• the disclosure is required to process transactions or supply services which you have requested (i.e. to check you are employing best practices in your mailings or for the purposes of processing an acquisition card with credit-card issuing companies) ; 

• lemlist for Sheets is compelled to do so by a government authority or a regulatory body, in the case of a court order, a summons to appear in court or any other similar requisition from a government or the judiciary, or to establish or defend a legal application ;

• or the third party is a subcontractor or sub-processor of lemlist for Sheets in the carrying out of services (lemlist for Sheets uses the services of an Internet provider, a telecommunications company, a host provider, CRM tools, customer support client tools, invoices tools, payment tools, analytics tools).

5. Data retention periods

Your personal data is kept for the periods set out below.

• Personal data collected for the execution of the services as well as information about how and when you use the services: The time needed to provide to you our services, and in no event no longer than 3 years after closing your account (unless otherwise required by law).
• Personal data collected in order to send newsletters, requests and direct marketing: 3 years from data collection or last active contact with the prospect.
• Personal data collected for evidentiary purposes: Duration of the statutory limitation period (generally 5 years).
• Personal data collected as part of your data subject’s rights: If we ask you for proof of identity, we only retain it for the time necessary to verify your identity. Once the verification has been carried out, the proof is deleted.

If you exercise your right to object to direct marketing: we keep this information for 3 years. The information allowing the management of your requests to exercise your rights under the GDPR will be kept for 3 years from the date of the request

6. Location of data storage and transfers

The host servers on which lemlist for Sheets processes and stores its databases are located exclusively within the European Union.

Regarding the tools we use (see article “Third party disclosures” on recipients of the collected data, concerning our processors), your personal data could be transferred outside the European Union. The transfer of your data within this framework is secured by the following safeguards:

• These data are transferred to a country which has been deemed to offer an adequate level of protection by the European Commission.
• Or we have concluded with our processors a specific contract governing the transfer of your data outside the European Union, based on the standard contractual clauses approved by the European Commission between a data controller and a processor.

7. SECURITY

Within the framework of its services, lemlist for Sheets attributes the very highest importance to the security and integrity of its customers’ personal data.

Thus and in accordance with the GDPR, lemlist for Sheets undertakes to take all pertinent precautions in order to preserve the security of the data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, unauthorized circulation or access, as well as against any other form of unlawful processing or disclosure to unauthorized persons.

To this end, lemlist for Sheets implements industry standard security measures to protect personal data from unauthorized disclosure. Using industry recommended methods of encoding, lemlist for Sheets takes the measures necessary to protect information connected with payments and credit cards.

Moreover, in order to avoid in particular all unauthorized access, to guarantee accuracy and the proper use of the data, lemlist for Sheets has put the appropriate electronic, physical and managerial procedures in place with a view to safeguarding and preserving the data gathered through its services.

Notwithstanding this, there is no absolute safety from piracy or hackers. That is why in the event a breach of security were to affect you, lemlist for Sheets undertakes to inform you thereof without undue delay and to use its best efforts to take all possible measures to neutralize the intrusion and minimize the impacts. Should you suffer any loss by reason of the exploitation by a third party of a security breach, lemlist for Sheets undertakes to provide you with every assistance necessary so you are able to assert your rights. Moreover if, by some exceptional case, the direct loss incurred arose due to fault or gross negligence by lemlist for Sheets, you will be able to seek compensation within the limit of liability referred to in our Terms of Use.

You should keep in mind that any user, customer or hacker who discovers and takes advantage of a breach in security renders him or herself liable to criminal prosecution and that lemlist for Sheets will take all measures, including filing a complaint and/or bringing court action, to preserve the data and the rights of its users and of itself and to limit the impacts.

8. Your data protection rights

In accordance with the French Data Protection Laws and the European General Data Protection Regulation 2016/679 (GDPR) you have several rights related to the collection of your personal data:

• Right to be informed: This is precisely why we have drafted this privacy policy.
• Right of access: You have the right to access all your personal data at any time.
• Right to rectification: You have the right to rectify your inaccurate, incomplete or obsolete personal data at any time.
• Right to restriction of processing: You have the right to restrict the processing of your personal data in certain cases stated in art.18 of the GDPR.
• Right to erasure (‘right to be forgotten’): You have the right to demand that your personal data be deleted and to prohibit any future collection.
• Right to file a complaint to a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a breach of applicable regulations.
• Right to define instructions related to the retention, deletion and communication of your personal data after your death. 
• Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR provides that you may withdraw your consent at any time. Such withdrawal will not affect the lawfulness of the processing carried out before the withdrawal.
• Right to data portability: You have the right to receive the personal data you have provided us in a standard machine-readable format and to require their transfer to the recipient of your choice.
• Right to object: You have the right to object to the processing of your personal data. Please note however that we may continue to process your personal data despite this opposition for legitimate reasons or for the defence of legal claims.

1. How to exercise your rights

You can exercise these rights by sending us a support ticket directly on the support chat (either on the website or on the app) or, by sending an email at [email protected]. Your requests will be processed within 30 days. We may require that your request be accompanied by a photocopy of proof of identity or authority.

You are also able at any time to modify personal data by logging into your account and navigating to “User Settings”.

2.  Right to refer to the supervisory authority

If you believe, after having contacted us, that your rights on your data are not respected, you can address a complaint to the competent Supervisory authority of your country of residence.

In France, where our head office is located, the control authority is the CNIL. 

3. Newsletters and marketing emails 

For those of you that have expressly opted in to receive our lemlist for Sheets newsletters, you are easily able to unsubscribe by following the “unsubscribe” links included in every email sent.

4. Testimonials 

lemlist for Sheets publishes a list of Customers & Testimonials on its sites with information on our customers’ names and job titles. 

lemlist for Sheets undertakes to obtain the authorization of every customer before publishing any testimonial on its websites. 

If you wish to be removed from this list, you can send us an email to [email protected] and we will delete your information promptly.

9. Third party data 

In the context of using our services, lemlist for Sheets has access to the email address you use in your account.

lemlist for Sheets use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

This data is stored on secure servers and only a limited number of people are authorized to access your contact lists, in particular for the purpose of providing support services.

As creator of the contact lists and associated email campaigns, you are considered the data controller within the meaning of the GDPR, and lemlist for Sheets is acting only as a data processor. In this capacity, you are responsible in particular for:

• making all the declarations necessary to the relative data protection authority,
• complying with all current regulations in force, including the data protection laws,
• obtaining the explicit consent of the persons concerned when collecting their personal data,
• ensuring your authority to use the personal data collected in accordance with the defined end purposes and refraining from any unauthorized use.

10. PRIVACY POLICY CHANGES

lemlist for Sheets reserves the right to update this Privacy Policy at any time, in particular pursuant to any changes made to the laws and regulations in force. 

Any modifications made will be notified to you via our website or by email, to the extent possible, thirty (30) days at least before any changes come into force. We would recommend that you check these rules from time to time to stay informed of our procedures and rules relating to your personal information.

11. CONTACT US

If you have questions, you can email at Data Protection Officer directly at: [email protected] or by mail to:

 lempire SAS, Attn: 

Data Protection Officer / Legal Department, 128 rue La Boétie, 75008 Paris, France.