Phone Finder Email Finder API Resources Pricing

Privacy Policy

DATAGMA
Last Updated: March 10, 2025

In Plain English

Before the legal details, here’s what you need to know:

We’re a B2B data enrichment company — we help businesses find professional contact information
We only use public data — LinkedIn profiles, company websites, business registries
We’re GDPR compliant — based in Paris, France, EU servers
You can opt out — anytime, no questions asked: opt-out form
We don’t sell your personal data — ever

Now, the full legal policy ↓

1. Data Controller

Depending on the context, Datagma acts either as data controller or as data processor.

When We’re the Data Controller

Datagma is the data controller when collecting and processing personal data of:

Visitors to our websites
Prospects and leads
Customers using our services

Contact the Data Controller:

📧 Email: gdpr@datagma.com
📍 Mail: Datagma, 3 Boulevard de Sébastopol, 75001 Paris, France

When We’re a Data Processor

Datagma acts as data processor when collecting and processing personal data on behalf of our customers through our B2B data enrichment services.

In this context:

Our customers are the data controllers
They’re responsible for ensuring lawful, fair, and transparent processing
We process data only according to their instructions

What we process on behalf of customers:

Identification data (name, job title)
Contact data (professional email, phone)
Professional data (company, position, seniority)

This data is either provided directly by the data subject or collected from publicly available business sources.

Important: We don’t intentionally collect non-business-related data or sensitive personal data (health, religion, political opinions, etc.).

Opt-out retention: When someone opts out, we retain their opt-out request for at least 3 years to ensure it remains effective, per French CNIL recommendations.

2. Categories of Personal Data, Purposes, Legal Bases, and Retention Periods

If You’re Browsing Our Website

What We Collect	Why	Legal Basis	Retention
IP address, browser info, device info	Website functionality, security, analytics	Consent (cookies) or legitimate interest (security)	Session cookies: end of session. Other cookies: up to 13 months. Analytics data: up to 25 months.
Pages visited, time spent, clicks	Improving user experience, fixing bugs	Consent	Up to 25 months
Country, language, screen resolution	Personalization, optimization	Consent	Up to 25 months

If You’re a Prospect or Customer

Action	What We Collect	Why	Legal Basis	Retention
Requesting info	Name, email, phone, message content	Responding to your inquiry	Pre-contractual measures	3 years from last contact
Creating a free account	Email, name, job title, company, password, usage logs	Providing the service	Contract performance	Active account duration. Deleted after 2 years of inactivity.
Paid subscription	Contact info, billing details, invoices, subscription history	Service delivery, billing, legal compliance	Contract performance	Duration of relationship + 5-10 years (tax/legal requirements)
Chrome extension	IP, browser, device info, usage logs	Providing the extension	Contract performance	As long as extension is installed
Newsletter	Email, engagement metrics (opens, clicks)	Sending relevant content	Legitimate interest (B2B marketing)	3 years from last contact or until unsubscribe

If You’re a Supplier or Partner

What We Collect	Why	Legal Basis	Retention
Contact info, contracts, invoices, correspondence	Managing the business relationship	Contract performance	Duration of relationship + 5-10 years (legal compliance)

3. Who Can Access Your Data

Your personal data may be accessed by:

Datagma employees — only those who need it for their job
Service providers — hosting, security, email services (all under DPA agreements)
Legal authorities — when required by law
Advisors during M&A — if we’re acquired (rare, and protected by confidentiality)

Our Main Subprocessor

Amazon Web Services, Inc.
410 Terry Avenue North, Seattle WA 98109, USA
Purpose: Infrastructure and data hosting
Safeguards: Standard Contractual Clauses (SCCs) in place

4. International Data Transfers

Your data may be transferred outside the European Union. When this happens, we ensure compliance through:

Safeguard	What It Means
Adequacy decisions	The destination country has GDPR-equivalent protection (recognized by EU Commission)
Standard Contractual Clauses	Legal contracts requiring the recipient to protect data like the EU does
Certified compliance mechanisms	Codes of conduct or certifications validated by EU authorities

We never transfer data without appropriate safeguards in place.

5. Your Rights Regarding Your Personal Data

Under GDPR (and similar regulations), you have these rights:

Right	What It Means
Access	Get a copy of all personal data we hold about you
Rectification	Correct inaccurate or incomplete data
Erasure	Request deletion of your data (with some exceptions for legal obligations)
Restriction	Ask us to limit how we use your data
Object	Object to processing based on legitimate interest
Portability	Receive your data in a standard, machine-readable format
Withdraw consent	Take back any consent you gave us (doesn’t affect prior processing)
Post-mortem rights (France)	Define how your data should be handled after death
File a complaint	Contact a supervisory authority if you’re unhappy with how we’ve handled things

How to Exercise Your Rights

📧 Email us: gdpr@datagma.com

We may ask for identity verification if we have reasonable doubts — this protects you from others accessing your data.

Response time: Within 30 days (usually faster).

Supervisory Authorities

🇫🇷 CNIL (France)
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
https://www.cnil.fr/

🇪🇺 Other EU countries: Contact your national data protection authority.

6. Policy Updates

We may update this Privacy Policy when necessary or required by law.

When we make significant changes, we’ll:

Update the “Last Updated” date at the top
Notify customers via email for material changes

Continued use of our services after updates constitutes acceptance of the revised policy.

Questions?

If anything in this policy is unclear, contact us:

📧 Email: gdpr@datagma.com
📍 Address: Datagma, 3 Boulevard de Sébastopol, 75001 Paris, France

We’re happy to explain anything in more detail.

Ready to Use Datagma Safely?

Our privacy practices are transparent, GDPR-compliant, and EU-native. You’re in good hands with Datagma.

Start Free Trial

See Full Trust Center →