Privacy policy

Set your cookies

Within this privacy policy, you will find information on the scope and consequences of the processing carried out by SCANLITT using your personal data.

This privacy policy applies to any personal data concerning you that we collect via the website: https://www.scanlitt.com/. It is purely informative and does not create any obligation beyond what is provided for by the regulations on personal data protection.

Definitions
  • "Personal Data": refers to any information related to a Data Subject that allows them to be identified, directly or indirectly, by reference to an identification number or one or more specific elements (including their name, phone number, email address, without this list being exhaustive) and processed in the context of using the Site.
  • "Data Subject": refers to any end user whose Personal Data may be subject to Processing.
  • "Applicable Regulations": refers to all legal and regulatory provisions in force applicable to the protection of Personal Data, including (i) Law No. 78-17 of January 6, 1978, relating to data processing, files, and freedoms, and its implementing texts, (ii) the GDPR, and (iii) any legal or regulatory provisions that may be added or replaced thereafter.
  • "GDPR": refers to the General Data Protection Regulation, Regulation (EU) 2016/679 of April 27, 2016, regarding the protection of natural persons in relation to the processing of personal data and the free movement of such data, repealing Directive 95/46/EC.
  • "SCANLITT": refers to the company SCANLITT in accordance with the identification details provided below.
  • "Website": refers to SCANLITT's website accessible from the following URL: https://www.scanlitt.com/.
  • "Processing": refers to any operation or set of operations performed on Personal Data, regardless of the method used (collection, recording, organization, storage, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of provision, matching or interconnection, locking, erasure, or destruction, etc.) in accordance with the Applicable Regulations.
Who processes your Personal Data?

The Personal Data of each Data Subject is processed by SCANLITT, a simplified joint-stock company with a capital of €151,106.00, registered with the GRASSE Trade and Companies Register under number 918 612 276, with its registered office located at Business Pôle 1 – 1047, route des Dolines – 25 Allée Pierre Ziller – 06560 VALBONNE – FRANCE, represented by Mrs. Isabella CHEMLA, née WALSH, the current President ("we").

Why do we process your Personal Data?

We process the Personal Data of each Data Subject in order to:

  • Provide and perform services related to the Site, including account creation, providing access to our software solutions, as well as our associated online training services (legitimate interest);
  • Send information about the Website (legitimate interest);
  • Improve the quality of services (legitimate interest);
  • Ensure the security of your account (legitimate interest);
  • Ensure compliance with applicable legislation (legal obligation);
  • Allow the exercise of your rights (legal obligation);
  • Register the Data Subject in internal databases (legitimate interest);
  • Manage incidents and anomalies to ensure the proper functioning of the services (legitimate interest); and
  • Send the Data Subject, in accordance with the Applicable Regulations and with their consent when required by law, marketing, advertising, and promotional messages, invitations to events, and requests for feedback (consent).
What Personal Data do we process?

 We process the following Personal Data:

  • Name;
  • First name;
  • Email address;
  • Phone number;
  • Affiliated institution.
Who has access to your Personal Data?

We personally collect and process the Personal Data of the Data Subject through their legal representative and team, including collaborators, employees, or external service providers, who are bound by a confidentiality clause and informed of the security obligations related to the collection and processing of Personal Data.

As part of the use of the services, some of the collected information may be transmitted:

  • To our teams (legal representative and, where applicable, collaborators, employees, occasional interns, or external service providers);
  • To our IT services;
  • To the hosting and backup server of the Data Subject's Personal Data;
  • When we are legally required to do so, to comply with any judicial request;
  • In the event that we transfer our business by any means, to the potential acquirer of our business or shares in our capital.

The Personal Data of the Data Subject is stored in France, within the premises of Amazon Web Services France. The service providers we have selected have committed not to transfer Personal Data outside of the European Union. To date, no transfer outside of the European Union has been recorded. If this were to happen in the future, the selected service providers have committed to informing us in advance and ensuring compliance with the Applicable Regulations.

We host the Website with Webflow, a Delaware-based company (USA), located at 398 11th Street – Floor 2 – CA 94103 SAN FRANCISCO – UNITED STATES. However, no Personal Data is hosted by this provider. The Personal Data is hosted with Amazon Web Services France, located at 52 rue du Port – 92000 NANTERRE – FRANCE, and its privacy policy is available at the following URL: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice_10.28.24_FR-FR.pdf.

How long do we keep your Personal Data?

The Personal Data collected and processed is kept for the entire duration of the use of the account by the Data Subject and/or the execution of the service that required such collection, in a manner that does not exceed the duration necessary for the purposes for which it is processed.

The Personal Data will be kept for a period of three (3) years from the last contact with the Data Subject for the transmission of any commercial offer (commercial prospecting action), by electronic means, provided that the Data Subject has not withdrawn their consent or requested the erasure of their Personal Data.

However, at the end of this period, we may keep the Personal Data necessary for the processing of disputes or to comply with a legal obligation. It will then be archived for a duration not exceeding the time required for the purposes for which it is kept, in accordance with the applicable provisions (including but not limited to those provided by the Commercial Code, the Civil Code, and the Consumer Code). It will then be anonymized or deleted.

What rights do you have?

 Your rights are as follows:

  • To obtain our confirmation as to whether or not your Personal Data is being processed;
  • When it is being processed, to access your Personal Data, as well as several pieces of information about the processing in place (right of access – Article 15 of the GDPR);
  • To have your Personal Data corrected if it is inaccurate (right of rectification – Article 16 of the GDPR);
  • To have your Personal Data erased under certain conditions (right to erasure or "right to be forgotten" – Article 17 of the GDPR);
  • To obtain the limitation of processing, in the cases specified within the Applicable Regulations (right to restriction of processing – Article 18 of the GDPR);
  • To receive your Personal Data in a structured, commonly used, and machine-readable format, and/or to request that we transmit this Personal Data to another data controller, when the processing is based on consent or on a contract and the processing is carried out using automated methods (right to data portability – Article 20 of the GDPR);
  • To object on legitimate grounds to the processing of your Personal Data (right to object – Article 21.1 of the GDPR);
  • To object to the processing of your Personal Data for commercial prospecting purposes without needing to invoke legitimate grounds (right to object to direct marketing – Article 21.2 of the GDPR): this right is absolute, and you can, at any time and free of charge, request not to receive commercial communications from us;
  • To define directives related to the retention, erasure, and communication of your Personal Data after your death, and to modify and revoke them at any time (Article 85 of the Data Protection Act). These directives can be general or specific, with the understanding that we may only be the custodian of specific directives concerning the Personal Data we process. General directives may be collected and stored by a certified digital trusted third party accredited by the National Commission for Information Technology and Freedoms (CNIL).

If you designate a third party to whom your Personal Data may be communicated after your death, you commit to informing this third party of your actions and providing them with this Privacy Policy.

The existence or non-existence of these different rights depends notably on the legal basis for the processing concerned by the request. These rights are not unlimited, and in some cases, we may refuse your request (for example, for overriding legitimate reasons concerning the right to object, excluding direct marketing).

In certain situations, we may not be able to provide a positive response to your request and will inform you within the required timeframe, providing justification for the decision.

How to exercise your rights?

Subject to the conditions set forth by the Applicable Regulations, you can exercise your rights by sending an electronic message to the following address: admin@scanlitt.com, or by mail to the following address: Business Pôle 1 – 1047, route des Dolines – 25 Allée Pierre Ziller – 06560 VALBONNE – FRANCE.

If we have reasonable doubt about your identity, we may ask for additional information or documents to verify it.

If you have an account, you may also make certain changes to your Personal Data from your personal space.

No payment is required to respond to your requests regarding the exercise of the aforementioned rights. However, in accordance with Article 12 of the GDPR, when requests are manifestly unfounded or excessive, particularly due to their repetitive nature, we may charge reasonable fees to cover the administrative costs incurred to provide the information, make the communications, or take the requested actions, or refuse to comply with these requests.

Your request will be processed no later than within one (1) month, which may be extended by two (2) months, considering the complexity of the request. In this case, you will be informed of the extension within one (1) month of receiving your request.

In case of non-compliance with your "Data Protection" rights, you also have the right to file a complaint with the competent supervisory authority (in France, the CNIL). For more information: www.cnil.fr

How is your Personal Data protected?

We implement appropriate technical and organizational measures to protect your Personal Data against accidental or unlawful destruction, accidental loss, alteration, dissemination, or unauthorized access.

However, we do not control all risks associated with the functioning of the internet and draw your attention to the potential risks inherent in its operation.

If you identify a security vulnerability affecting the site, you commit to providing us with the relevant information about this vulnerability, in a confidential manner.