Privacy Policy

Last revised: 31 July 2024

Agorapulse is committed to strict, secure, and transparent data protection practices, which are at the very heart of our business.

We do everything in our power to protect your data and prevent it from being misused or abused. For example

  • Under no circumstances will we pass on Personal Data to anyone else
  • We carry out all processing operations in strict compliance with European data protection regulations
  • ou will retain control over your personal information at all times.

Our Privacy Policy specifies:

  • What information we collect and process as a data controller within the meaning of the Regulation, and why we process it
  • How we use, share and protect that information as a data controller.

This Privacy Policy covers the processing of Personal Data that we carry out in the following scenarios:

  • (i) Processing of Personal Data from visitors of our Site,
  • (ii) Processing of Personal Data from prospects who contact us via the forms on our Site,
  • (iii) Processing of Personal Data from our Clients' employees in the context of managing the contractual relationship with our Clients, as well as the configuration, maintenance, and security of the Services.

Details of these processing activities are provided in Article 3 of this Privacy Policy.

This Privacy Policy does not apply to the processing of Personal Data we carry out as a data processor on behalf of our Customers, namely the processing of data from End Users and employees of our Customers in the context of their interactions on social profiles on the Associated Platforms. In this context, our Customers are the data controllers, while we act as a data processor in accordance with the Regulation. As data controllers, it is the responsibility of our Customers to ensure that their operations comply with the Regulations, in particular with regard to the collection of Personal Data which is then transmitted to Agorapulse, and to ensure that they provide the necessary information. For any questions relating to this processing, the persons concerned are invited to contact our Customers.

1- Definitions

"Associated Platform(s)" means the social networking site(s) currently supported by the Service, including X (Twitter), Facebook, LinkedIn, Instagram, YouTube and the other social networks described on the Site.

"Authorised User" means an individual who directly accesses the Service as a Customer, or individual users authorised and/or invited by Customers to use the Service.

"Customer" refers to a legal entity that has subscribed to a subscription plan for the Service.

"End User(s)" means a user of an associated Platform who interacts with a Customer via a Social Profile.

"Personal Data" means any information relating to an identified or identifiable natural person within the meaning of the Regulations.

"Regulation" means the European Union Regulation 2016/679 (GDPR).

"Service" refers to the software application and associated services provided by Agorapulse based on the subscription plan to which the Customer has subscribed. This includes all the free tools available at https://www.agorapulse.com/free-social-media-marketing-tools/.

"Site" refers to the www.agorapulse.com website, in addition to any sub-pages integrated into this website.

2- About us

Agorapulse SAS ("Agorapulse") is a European company based in Paris, France. It was founded in July 2000.

Agorapulse offers a Service that enables companies and agencies to manage their social media profiles on various social networks.

Agorapulse applies French data protection law, which incorporates all applicable EU data protection regulations.

3- How do we process Personal Data?

The processing operations we carry out, their purposes, the Personal Data processed and the legal bases are listed in the table below.

Purpose of data processing

Legal basis of the processing

Personal data processed

Duration of conservation

Visitor

To enable visitors to browse the Site, adapt the display, improve browsing and optimise the Site

To compile statistics and measure visitor numbers and behaviour on our Site

For the cookies necessary for the operation of our Website: it is in our legitimate interest to process this personal data for the purposes of depositing these necessary cookies (article 6.1. f) of the GDPR).

For non-functional cookies: the consent of Visitors when they accept the deposit of cookies (article 6.1. a) of the GDPR)

Browsing data, in particular IP address, browser version, operating system used

13 months

Prospective custers

Handle enquiries from prospective customers

Formulate commercial offers

It is in our legitimate interest to be able to process the personal data of employees and managers of prospective customers in order to respond to requests from prospective customers (article 6.1. f) of the GDPR).

Identification and contact details

Data concerning their function

Data concerning their needs

Any other personal data that the prospect communicates to us in the forms

Some information is compulsory. Without this information we will not be able to process your request.

We retain this data for 3 years from the date of collection or the last contact you have with us, unless a commercial relationship has been established with us. The data is then deleted.

Customer

Contractualize and monitor the contractual relationship

Checking the transaction and its security

Invoicing

Manage any outstanding payments and disputes

Keep you informed about the Service, its features, events and related information

It is in our legitimate interest to be able to process the personal data of Customers' employees and managers in order to meet these objectives (article 6.1. f) of the GDPR)

Identification and contact details

E-mail exchanges

Telephone exchanges

Data is retained for the duration of the Service, followed by archiving for the period required by law and to comply with obligations to retain financial documents. The data is then deleted.

For telephone exchanges, data is kept for 6 months and then deleted..

Carrying out the subscribed Service, configuring the customer account, enabling identifications to the Service

Assist the Customer or Authorised Users in using the Service

Ensure product maintenance and diagnose issues

Improve Service and customer relations

Ensuring the safety of the Service

Identification and contact data

Browsing data, in particular the time and date of visits, pages visited and configurations selected

Telephone exchanges

Any other data communicated to us in connection with the Service or your requests

The data is retained for the duration of the Service and then archived for the period required by law. The data is then deleted.

For telephone exchanges, data is kept for six months and then deleted.

4- Who receives your Personal Data?

Only the persons mentioned below may have access to your Personal Data:

  • our employees who need access in the course of their duties
  • parent companies, subsidiaries, joint ventures or other companies under joint control with Agorapulse
  • another entity in the event that we are acquired by or merged with that other entity (in which case we will require that entity to fulfill our obligations under this Privacy Policy or to notify you that you are subject to a new privacy policy)
  • a third party social network, the Site using plugins provided and operated by these third parties. Consequently, by clicking on this plugin, you can send third parties the information that you view in a section of our Site. If you are not logged into your account with the third party, the third party will not be able to know your identity. If you are logged into your account with the third party, then the third party will be able to link information or actions relating to your interactions with the Site to your account with the third party. Please consult the third party's confidentiality policies to find out more about their data practices
  • to our advisors when they need to know about them
  • to bodies, auxiliaries of justice, judicial officers when we are legally obliged to do so
  • to third parties if we consider, on the basis of reasonable information, that disclosure is necessary for the purposes of an investigation and/or in order to enforce breaches of the Terms of Use (where applicable), to detect, prevent or otherwise combat fraud and remedy security and technical problems or other irregularities or illegalities, or to protect the rights and interests and property of Agorapulse.

In addition, some of your personal data may be processed by third party service providers in order to carry out some of the processing operations listed below, after we have ensured that they comply with the obligations relating to the protection of personal data:

  • third parties responsible for hosting the technical infrastructure and our data warehouses
  • third parties in charge of our customer support
  • third parties responsible for call recording
  • third parties responsible for analysing navigation and sessions
  • third parties in charge of our CRM, emails and communications
  • third parties responsible for preventing attacks on the Site or the Service, as well as the destruction or theft of its data.

Some of the Personal Data we process involves cross-border data exchanges with companies located in countries outside the European Union. In the event that the recipient country does not ensure a level of protection of personal data equivalent to that of the European Union, we provide a framework for these transfers using appropriate legal mechanisms, in particular contractual clauses specifically designed for this type of transfer. For more information on this subject, please contact us by sending an e-mail to legal@agorapulse.com.

4- Who receives your Personal Data?

The security of your personal information is of the utmost importance to us.

Agorapulse has implemented various measures to ensure that information is adequately protected against unauthorized access, use, disclosure and destruction. Please bear in mind that while the risk cannot be eliminated, it can be significantly mitigated and reduced. You should also be aware that sending information over the Internet is never completely secure. All the measures taken by Agorapulse considerably reduce the risk. Third parties, including yourself, may not invoke Agorapulse's liability in respect of any unauthorized access, use and/or disclosure of information, provided that such acts do not result from gross negligence, wilful misconduct, fraud or an act committed in bad faith attributable to Agorapulse.

The security measures taken by Agorapulse are as follows:

  • Access to information stored on Agorapulse servers is limited to a restricted number of Agorapulse employees;
  • We apply industry best practices to ensure the security of all information collected and/or transmitted to the associated Platforms. The Site and the Service are secured via the SSL protocol, which ensures the encryption of all data transmitted;
  • Agorapulse's servers are protected by a) firewalls establishing a barrier between our reliable and secure internal network and the Internet, and b) IP restrictions, limiting access to whitelisted addresses;
  • Agorapulse uses third party suppliers and hosting partners (such as Amazon AWS) to provide the hardware, software, networking, storage and related technology required to run the Services. These providers all offer unrivalled security. You can view Amazon's security features by clicking on the following link: aws.amazon.com/security ;
  • When payments are made by credit card, Agorapulse uses third-party suppliers that comply with the PCI_DSS standard;
  • Agorapulse periodically reviews its information gathering and processing practices and, where appropriate, will review and amend this Privacy Policy accordingly;
  • Agorapulse uses third-party suppliers to prevent attacks against the Site or the Service, as well as the use of the Service by third parties.

Agorapulse takes reasonable security measures to protect your personal information against loss, misuse, unauthorized access, disclosure, alteration and destruction. Please note, however, that despite our efforts, no security measure is completely infallible.

6- What are your rights?

You have the following rights:

  • Right of access to your Personal Data: you may obtain confirmation from us that your Personal Data is being processed and check its content.
  • Right to rectification of your Personal Data: you may request that inaccurate and/or incomplete Personal Data be rectified and/or completed.
  • Right to the deletion of your Personal Data: you may, under certain conditions, obtain the deletion of your Personal Data.
  • Right to limit processing: in certain situations, you may ask us to restrict the use of your Personal Data.
  • A right to object to the processing of your Personal Data: for processing based on Article 6.1.f) of the GDPR, you may object to us using some of your Personal Data under certain conditions.
  • A right to the portability of your Personal Data: for processing based on article 6.1.a), you may request to retrieve your Personal Data in a machine-readable format.
  • A right to decide what happens to your Personal Data after your death.

You can ask to exercise your rights at any time by sending an e-mail to legal@agorapulse.com. If necessary, we may ask for proof of identity to confirm your identity in our records.

Whatever the type of processing, you also have the right to lodge a complaint with the competent supervisory authority.

7- How can you contact us?

If you have any concerns regarding the respect of your privacy, please send an e-mail to Agorapulse at legal@agorapulse.com, describing your concerns in detail. Agorapulse will use its best efforts to resolve such concerns within a reasonable period of time.

8- Revision of the Privacy Policy

We may amend this Privacy Policy at any time.

The most recent version of this Policy, available at https://www.agorapulse.com/privacy-policy/, will govern our use of your information collected and processed in connection with the Service.