Privacy Policy

1. Purpose

This Privacy Policy is provided by Reverse Contact (VISUM SAS), incorporated and registered in France under n° 898 855 036 RCS CRÉTEIL, whose registered office is at 14, boulevard de Brandebourg, F-94200 Ivry-sur-Seine, France (the "Company").

This Privacy Policy illustrates the commitment of the Company with regard to respecting your privacy and protecting your personal data from the following website: https://www.reversecontact.com/ (the "Site").

The Site notably allows you to:

Obtain detailed information about the operations of Reverse Contact.

Obtain information on the pricing of the Reverse Contact service.

Access a FAQ.

Obtain information through a chat.

Access case studies.

Know the different APIs used by Reverse Contact.

Access a support service.

Access a dashboard.

Create an account and a user space.

Subscribe to a newsletter.

For any questions about this Privacy Policy and the use of your personal data, you can contact the Company at dpo@reversecontact.com or at the registered office postal address.

2. Processing of Your Personal Data

2.1 Description of Processing

The main purpose of collecting your personal data is to offer you a safe, optimal, efficient and personalized experience. To this end, you agree that we may use your personal data to:

Provide our services and facilitate their execution, including verifications concerning you.

Resolve any issues to improve the use of our Site and our services.

Personalize, evaluate and improve our services, content and materials.

Analyze the volume and history of your use of our services.

Inform you about our services as well as services and/or promotional offers from our partners.

Prevent, detect and investigate potentially prohibited, illegal or contrary to good practices activities, and ensure compliance with our Terms of Use and our sending policy.

Comply with legal and regulatory obligations.

We use personal data submitted to us only in compliance with applicable data protection laws.

For our customers who have registered on our Site, we process your personal data for the performance of the contract concluded between us for the provision of our services.

For our newsletter, case study use cases, and marketing document registrations, we process your personal data based on the explicit consent you give us for this specific purpose.

In accordance with current laws and regulations, the Company, acting as the data controller, collects the following personal data during your visit to the Site: email address, unique ID, first and last name, company, login, password, postal address, country, bank details, and phone number.

When using our services, the following data is collected and managed: connection and navigation data when you authorize it, order history, complaints, incidents, subscription information, and messages on our site.

When you connect to the Site, the Company also collects: your connection logs, your connection data, your domain name, and your IP address.

The submitted data must not include sensitive personal data, such as government identifiers (social security numbers, driver's license or taxpayer identification numbers), full credit card or personal bank account numbers, medical records, or details related to requests for care or treatment associated with individuals.

2.2 Recipients and Transfers of Your Personal Data

Access to your personal data is restricted to those individuals who need it in order to fulfill the specific purpose of the processing. Your personal data may also be communicated by the Company to third parties:

If the law or a legal procedure requires the Company to share your personal data.

In response to the request of a public or judicial authority, especially in case of a judicial requisition.

When the Company considers that the transmission of your personal data is necessary or appropriate to ensure the safety of individuals or to protect the public.

Your personal data is transmitted to OVH, which hosts the Site in France, as well as to the following companies: MongoDB (Clever Cloud / OVH), Brevo (transactional and marketing email solution), Stripe (payment processor), GoCardless (payment processor), and Server Logs (Clever Cloud / OVH).

Your personal data may therefore be subject to transfer outside the European Economic Area. The Company ensures a level of protection identical to that provided by the GDPR. On July 10, 2023, the European Commission issued an adequacy decision establishing that the Data Privacy Framework proposed by the US government offers a level of protection comparable to that guaranteed by the GDPR. For companies that have not subscribed to the Data Privacy Framework, Standard Contractual Clauses amended in June 2021 must be used, along with additional security measures in accordance with the "Schrems II" ruling of July 16, 2020.

2.3 Security

Reverse Contact attaches the utmost importance to the security and integrity of its clients' personal data. In accordance with the GDPR, Reverse Contact takes all relevant precautions to preserve the security of data and to protect it against any accidental or unlawful destruction, accidental loss, corruption, unauthorized access, or any other form of unlawful processing or disclosure.

Reverse Contact implements standard industry security measures and has put in place appropriate electronic, physical and management procedures to secure and preserve data collected through its services.

Despite this, there is no absolute security against hacking. In the event that a security breach may affect you, Reverse Contact will inform you immediately and make its best efforts to take all possible measures to neutralize the intrusion and minimize the impacts. If you suffer harm as a result of a third party exploiting a security vulnerability, Reverse Contact will provide all necessary assistance to enable you to assert your rights.

Any user, customer, or hacker who discovers and takes advantage of a security vulnerability may be subject to criminal prosecution. Reverse Contact will take all necessary measures, including filing a complaint and/or initiating legal action, to protect the data and rights of its users and to limit the impacts.

2.4 Your Rights Over Your Personal Data

You have the following rights over your personal data:

Right of access and rectification — You can request access to your personal data, request the rectification of inaccurate data, or request that incomplete data be completed. You also have the right to know the origin of your personal data.

Right to erasure — You can request the deletion of your personal data when: it is no longer necessary for the purposes for which it was processed; you have withdrawn your consent; you have objected to the processing; the data has been unlawfully processed; or its deletion is required to comply with a legal obligation.

Right to object — You can object to the processing of your personal data in compliance with the legal obligations imposed on the Company.

Right to restriction — You can request the restriction of processing if you contest the accuracy of your data, the Company no longer needs it for processing purposes, or you have objected to its processing.

Right not to be subject to automated decision-making — You have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or significantly affects you, including profiling.

Right to portability — You can ask the Company to provide your personal data in a structured, commonly used, machine-readable format, or request that it be ported directly to another data controller, provided the processing is based on your consent and carried out by automated means.

Right to issue advance directives after death — In accordance with Article 85, I of the Data Protection Act of January 6, 1978, as amended, you can define directives regarding the exercise of your rights after your death, including the duration of storage, deletion and/or communication of your personal data, and designate a person responsible for exercising these rights.

Right to withdraw your consent — You can withdraw your consent to the processing of your personal data at any time. Withdrawal only applies to the future and does not affect the lawfulness of processing carried out before your withdrawal or based on another legal basis.

Right to lodge a complaint — If you have concerns regarding the protection of your personal data, you have the right to file a complaint with the CNIL at https://www.cnil.fr/fr/plaintes, or at 3 Place de Fontenoy, F-75007 Paris — telephone: +33 (0)1 53 73 22 22. You are encouraged to inform the Company's Delegate in advance so that they can attempt to find an amicable solution.

To exercise any of the above rights, you can contact the Company's Delegate at dpo@reversecontact.com or at 14 BD DE BRANDEBOURG, F-94200 Ivry-sur-Seine, France.

In case of reasonable doubt about your identity, the Company may ask you to provide a copy of a valid identification document. This will be deleted as soon as your request has been granted, unless a copy must be retained for evidentiary purposes in the event of a dispute.

2.5 Disclosure to Third Parties

The Company may include links on the Site that redirect to third-party sites. These sites have a privacy policy that is different and independent from that of the Company. You are invited to consult the privacy policies of any third-party sites you visit.

Personal data collected on our Site is intended for Reverse Contact's own use and may be transmitted to partner companies to obtain assistance and support in carrying out our services. Reverse Contact ensures clear data protection requirements for all its third-party suppliers.

Reverse Contact does not sell or rent your personal data to third parties for marketing purposes. Reverse Contact does not disclose your personal data to third parties unless: you request or authorize their disclosure; the disclosure is necessary to process transactions or provide services you have requested; Reverse Contact is compelled to do so by a government or judicial authority; or the third party is a subcontractor of Reverse Contact in the performance of services.

2.6 Language

This Privacy Policy is written in English. Should it be translated into one or more foreign languages, only the English version shall be deemed authoritative in the event of a dispute.

2.7 Cookies

The provisions relating to the placement of cookies on the Site are included in the cookie policy available on the Site.

2.8 Storage Location and Data Transfers

The host servers on which Reverse Contact processes and stores its databases are located exclusively within the European Union. Reverse Contact will immediately inform you, to the extent legally permitted, of any request or order from an administrative or judicial authority concerning your personal data.

2.9 Third-Party Data

As part of the use of our services, namely contact data enrichment, Reverse Contact has access to the information contained in the contact lists you create in your account, as well as the enrichment obtained through our services.

This data is not stored on servers, with the exception of file enrichment for technical reasons. In that case, data is stored for 1 month to allow for restitution in the form of an enriched file to our clients.

Under no circumstances does Reverse Contact sell, share or rent your contact lists to third parties, nor does it use them for any purposes other than those set out in this policy. We will only use the information from your contact lists to comply with legal requirements, to bill and collect summaries for our own statistics, and to provide you with customer support services.

As the creator of the contact lists and associated enrichment, you are considered the data controller within the meaning of the GDPR, and Reverse Contact acts only as the data processor. In this capacity, you are notably responsible for:

Making all necessary declarations to the relevant data protection authority.

Complying with all applicable regulations, including data protection laws.

Obtaining explicit consent from the persons concerned when collecting their personal data.

Ensuring your authority to use the collected personal data in accordance with the defined final objectives and refraining from any unauthorized use.

If one of your contacts enriched through our services requests the modification or deletion of their personal data, we will honor this request after appropriate verification and inform you accordingly.

2.10 Remove Your Data

We do not maintain a contact database, as we process every request in real-time. Therefore, we cannot remove your data from a database that does not exist.

However, we can place your personal data on an exclusion list that prohibits any user from searching for your name or anything related to you in our search engine, so that nobody can find you.

Reverse Contact does not own any personal data other than that of active users (people who use Reverse Contact services). We are not a contact database. When one of our clients requests data, we use the OSINT method in real-time to deliver it. We never store data, except for file upload enrichment to render it in CSV format (stored for 30 days only).

You can request a withdrawal, which will result in two things:

The destruction of any data we may hold about you within the 30-day CSV file window.

Prevention of our customers from searching for you on our platform in the future.

You can request a withdrawal from Reverse Contact in two clicks here: Request withdrawal. Withdrawal takes place in less than 72 hours and you will be informed when your request has been executed.

2.11 Newsletter and Marketing Emails

An unsubscribe link is included in each newsletter and marketing email we send. If you have chosen to receive our newsletter, you can easily unsubscribe by following the "unsubscribe" link included in each email.

2.12 Email Statistics

Without doing so systematically, we may analyze and track various rates (such as click-through rates, open rates, and bounce rates) as well as the number of emails you open, in order to evaluate the performance of your email campaigns.

2.13 Testimonials

Reverse Contact publishes a list of clients and testimonials on its site with information about the names and positions of our clients. Reverse Contact commits to obtaining each client's authorization before publishing any testimonial. If you wish to be removed from this list, you can send us an email at dpo@reversecontact.com and we will remove your information as soon as possible.

2.14 Privacy Policy Changes

Reverse Contact reserves the right to update this privacy policy at any time, particularly in response to changes in applicable laws and regulations. Any changes will be notified to you via our website or by email, where possible, at least thirty (30) days before the changes take effect. We recommend that you check this policy from time to time to stay informed about our procedures and rules regarding your personal information.