We may collect the following types of personal data:
Contact Form Data: If you contact us via a form (e.g., for sandbox access, inquiries), we may collect your name, email address, company name (optional), and the content of your message.
Server Logs: Our web servers automatically log information when you access our Website or API. This may include your IP address, browser type, operating system, access times, pages viewed, and the referring URL.
Cookies and Similar Technologies: We use cookies to operate and administer our Website, gather usage data, and improve your experience. Please see our Cookie Policy for more details.
Purpose and Legal Basis for Processing (GDPR Art. 6 §1)
We process your personal data for the following purposes and on the following legal bases:
To provide and manage our Service (Art. 6 §1 lit. b GDPR): Processing is necessary for the performance of a contract with you (e.g., providing API access if requested) or to take steps at your request prior to entering into a contract.
To respond to your inquiries and provide support (Art. 6 §1 lit. b or f GDPR): Processing is necessary for contract performance or based on our legitimate interest in communicating with users and potential clients.
To improve our Website and Service (Art. 6 §1 lit. f GDPR): We have a legitimate interest in understanding how our Service is used to enhance its functionality and user experience. This includes analyzing server logs and aggregated cookie data.
To ensure security and prevent fraud (Art. 6 §1 lit. f GDPR): We have a legitimate interest in protecting our Service, users, and business.
With your consent (Art. 6 §1 lit. a GDPR): For specific processing activities where we ask for your explicit consent (e.g., certain types of cookies, marketing communications if applicable).
Data Retention Periods
We retain your personal data for as long as necessary to fulfill the purposes for which it was collected:
Server Logs: Typically retained for up to 12 months for security and analytical purposes.
Contact Form Data / Prospect Data: Retained for up to 3 years after our last interaction with you, or as long as necessary to manage an ongoing contractual relationship.
Cookie Data: Retention periods vary by cookie type; please see our Cookie Policy.
Sub-processors and Data Sharing
We may share your personal data with third-party service providers (sub-processors) who assist us in operating our Service. These include:
Amazon Web Services (AWS): For hosting our infrastructure (servers, databases). Data is primarily hosted in the EU (Ireland).
CloudFront (AWS): Content Delivery Network which may process IP addresses and log data.
Calendly: For processing meeting scheduling requests. Please refer to their privacy policy for details on their data processing practices.
We ensure that our sub-processors are bound by appropriate data protection obligations.
International Transfers
If we use sub-processors located outside the European Economic Area (EEA), such as in the United States (e.g., certain AWS services or other tools), we ensure that data transfers are protected by appropriate safeguards, typically Standard Contractual Clauses (SCCs) as approved by the European Commission, or other valid transfer mechanisms under the GDPR.
Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Right of access: You can request a copy of the personal data we hold about you.
Right to rectification: You can request correction of inaccurate or incomplete data.
Right to erasure ("right to be forgotten"): You can request deletion of your personal data under certain conditions.
Right to restriction of processing: You can request that we limit how we use your data under certain conditions.
Right to data portability: You can request to receive your data in a structured, commonly used, and machine-readable format, and to transmit it to another controller, under certain conditions.
Right to object: You can object to processing based on our legitimate interests, or for direct marketing purposes.
Right to withdraw consent: If processing is based on consent, you can withdraw it at any time.
How to Exercise Your Rights
To exercise any of these rights, please contact our DPO at dpo@simperic.com. We will respond to your request in accordance with applicable data protection laws.
Right to Lodge a Complaint
You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. In France, the supervisory authority is the Commission Nationale de l'Informatique et des Libertés (CNIL) - www.cnil.fr/en/plaintes.