Privacy Policy

English version

What is the purpose of our Privacy Policy?

The Phantom Company, which manages the PhantomBuster platform, attaches great importance to the protection and confidentiality of your personal data, which we consider to be a guarantee of our professionalism and trustworthiness.

As such, our Privacy Policy clearly demonstrates our commitment to ensuring that The Phantom Company complies with the applicable rules on personal data protection, in particular the General Data Protection Regulation (“GDPR”).

In particular, our Privacy Policy aims to inform you about how and why we process your personal data in connection with the services we provide to you.

Who is our Privacy Policy for?

In particular, our Privacy Policy aims to inform you about how and why we process your personal data in connection with the services we provide to you.

Why do we process your personal data and on what basis?

We process your personal data for the following purposes:

To navigate our websites, benefit from our services, and so that we can respond to your requests based on our terms and conditions and our legitimate interest in providing you with the best service.
To use and benefit from our service and all its features based on our terms and conditions.
To manage user accounts and Workspaces (e.g., account creation, access to the service, and account deletion) based on our terms and conditions.
To write comments about the management of your files based on our terms and conditions.
To communicate with our customer support service via our customer service platform and our chat/chatbot based on our terms and conditions and our legitimate interest in responding to your requests and complaints in the best possible way.
To resolve any difficulties you may encounter when using our services when you contact our support service based on our terms and conditions and our legitimate interest in resolving your issues.
To manage subscriptions, online payments, and billing based on our terms and conditions and our legitimate interest in obtaining compensation for the provision of our services.
To receive technical emails (e.g., password changes, etc.) that are essential to the proper functioning of our service based on our terms and conditions.
To be able to download and import documents onto our platform based on our terms and conditions.
To guarantee and enhance the security and quality of our services on a daily basis (e.g., statistics, data security, etc.) based on our legal obligations, our terms and conditions, our legitimate interest in ensuring the proper functioning of our services, and our legal and contractual obligations regarding the security of our services and the data we process.
To send you satisfaction surveys or ask for your opinion on our services based on our legitimate interest in improving our services.
To receive our newsletter, marketing and commercial emails, and personalized advertising campaigns about our services (Ads), based on our legitimate interest in maintaining a relationship with our users, allowing you to opt out at any time.
To organize webinars and engage our community based on our legitimate interest in retaining our users.
To monitor and comment on our publications on our community, the academy, social networks, and video sharing platforms based on our legitimate interest in having a dedicated page on these sites and allowing you to use the product optimally.
To manage the affiliate program based on the affiliate program’s terms and conditions.
To provide you with external support and assistance in using all the features of PhantomBuster based on our legitimate interest in offering you the best service.
To apply for a position at The Phantom Company based on the discussions we have with you during the recruitment process and our legitimate interest in recruiting and selecting candidates and pre-contractual measures (employment contract).
To manage any disputes or pre-litigation, combat fraud or misuse of our platform, or to comply with certain legal obligations incumbent upon us based on our legitimate interest in defending ourselves in the event of a claim or dispute, and legal obligations.

Your data is collected directly from you when you use our services, and we undertake to process your data only for the reasons described above.

What personal data do we process and for how long?

We have summarized below the categories of personal data and their respective retention periods:

Professional identification data relating to account and Workspace management (e.g., last name, first name, position, company, etc.) and contact details (e.g., email address and work phone number, etc.) are retained for the duration of the service provision, plus the legal limitation periods, which are generally five years.
Economic and financial data (such as bank details or billing information) retained for the time necessary to process the transaction and manage billing. This period may be extended in accordance with legal obligations, in particular for accounting purposes (10 years, or in the event of a dispute, 5 years). The Phantom Company only has access to the last four digits of your credit card number, the cardholder’s name, and the expiration date for verification or identification purposes.
Professional identification data collected for marketing and advertising purposes is retained until you unsubscribe/object, or until your account is deleted.
Data relating to messages sent by you within the community is kept for three years from the date of publication.
Data relating to your identification as an affiliate of the company is kept for the duration of the commercial relationship. In addition, there are legal limitation periods, which are generally five years.
Email addresses for receiving our newsletter are kept until you unsubscribe from the newsletter.
Connection data (e.g., logs, IP address, etc.) is kept for a period of one year.
Data provided in your resume/cover letter or digital equivalent will be retained for the duration of the recruitment process and for two years after the last contact, or when you request its deletion.
Cookies and trackers are generally retained for a period of 13 months (see our cookie policy for more information).

Upon expiry of the applicable retention periods, the deletion of your personal data is irreversible and we will no longer be able to communicate it to you after this period. At most, we may only retain anonymous data for statistical purposes.

Please also note that in order to protect ourselves in the event of a dispute, we are required to retain all data concerning you for the entire statute of limitations for legal action even after the expiry of the retention periods described above.

What rights do you have to control the use of your personal data?

The applicable data protection regulations grant you specific rights that you can exercise at any time and free of charge to control how we use your data.

Right to access and copy your personal data, provided that this request does not conflict with business secrecy, confidentiality, or the secrecy of correspondence.
Right to rectify personal data that is inaccurate, obsolete, or incomplete.
Right to request the erasure (“right to be forgotten”) of your personal data that is not essential to the proper functioning of our services.
Right to restrict the processing of your personal data, which allows us to photograph the use of your data in the event of a dispute over the legitimacy of processing.
Right to data portability, which allows you to retrieve some of your personal data in order to store it or transfer it easily from one information system to another.
Right to give instructions on the fate of your data in the event of death, either through you, a trusted third party, or a beneficiary.

For a request to be taken into account, it must be made directly by you at dpo@thephantomcompany.com.

Any request that is not made in this manner cannot be processed.

Requests cannot be made by anyone other than you or your duly authorized representative. We may therefore ask you to provide proof of identity or of your authorization or power of attorney if we have doubts about the identity of the person making the request.

We will respond to your request as soon as possible, within a maximum of three months of receipt, in the event that the request is technically complex or if we receive numerous requests at the same time.

Please note that we may always refuse to respond to any request that is excessive or unfounded, particularly if it is repetitive.

Who can access your personal data?

Your personal data is processed by our teams and our technical service providers for the sole purpose of operating our service.

We would like to point out that we check all our technical service providers before hiring them to ensure that they strictly comply with the applicable rules on personal data protection.

FURTHERMORE, WE GUARANTEE THAT WE WILL NEVER SELL YOUR DATA TO THIRD PARTIES.

Can your personal data be transferred outside the European Union?

The personal data processed by our PhantomBuster platform is hosted exclusively on servers located within the European Union.

Furthermore, we do our utmost to only use technical tools whose servers are also located within the European Union. If this is not the case, we take great care to ensure that they implement the appropriate safeguards required to ensure the confidentiality and protection of your personal data.

How do we protect your personal data?

We implement the following technical and organizational measures to ensure the security of your personal data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration, or disclosure.

Our hosting systems benefit from systematic encryption, network partitioning, and strict role-based access control. Sensitive connections are logged, passwords are encrypted, and secure backups are performed regularly. Access to data is subject to rigorous authorization procedures, with enhanced authentication (MFA) and compliance with the principle of least privilege.

Our teams apply regular security patches, perform audits and intrusion tests, and have implemented a bug bounty program. Confidentiality is contractually guaranteed, and all employees receive regular training on GDPR and cybersecurity.

Finally, we continuously monitor the security status of our infrastructure and have implemented an incident management plan to protect your data in all circumstances.

Do we use cookies when you browse our platform?

We inform you that we use cookies when you browse our platform. For more information, please consult our Cookie Policy.

Who can you contact for more information about the use of your personal data?

To best ensure the protection and integrity of your data, we have officially appointed an independent Data Protection Officer (“DPO”) to our supervisory authority.

You can contact our DPO at any time, free of charge, at dpo@thephantomcompany.com to obtain more information or details about how we process your data.

How can you contact the CNIL?

You can contact the “Commission nationale de l’informatique et des libertés” or “CNIL” at any time at the following address: Service des plaintes de la CNIL, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone on 01.53.73.22.22.

Can the Privacy Policy be modified?

We may modify our Privacy Policy at any time to adapt it to new legal requirements or to new processing methods that we may implement in the future.

Certified compliant by Dipeeo ®

French version of PhantomBuster’s Privacy Policy