- The Scrapeo extension – web browser extension for web site data extraction “Scrapeo AB” owned and provided by Swedish Aktiebolag company “Scrapeo AB”, registration number 559215-3331, headquarter address: Nackanäsvägen 19, 13133 Nacka, Sweden, (“Scrapeo AB”; “we”’; “us”).
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
- Personal data – any information relating to an identified or identifiable natural person; an identifiable natural person shall be one which may be identified directly or indirectly, in particular by reference to an identifier, such as the name, surname, location data, online identifier.
- Non-Personal data – any information that cannot be used to identify a natural person.
- Personal data processing – any activity or set of activities, which are performed on Personal data or on sets of Personal data with or without automated means, such as collecting, recording, organising, structuring, storing, adapting or transforming, recapturing, viewing, using, disclosing, transmitting, disseminating or otherwise making available, comparing or restricting Personal data or Personal data sets, removal, erasure or destruction of Personal data.
- User – a natural person who uses Scrapeo or other services.
- Data subject – a natural person identified or identifiable directly or indirectly, in some cases – the User.
- User’s consent – any freely provided, specific, informed and unequivocal reference to the wishes of the User, by which the User, in the form of a statement or clearly affirmative action, gives consent to the processing of his or her Personal data for a specific purpose.
- Sitemap – a plan for how a website should be traversed and what information should be extracted by using the Scrapeo extension.
What Personal data we process and for what purposes
- The Scrapeo extension itself does not collect or process any Personal data of the User immediately after installing Scrapeo, however, User’s Personal data may be collected and processed when the User uses Scrapeo, contacts us directly or reports an issue or suggestion to us or other Users (via User forum) regarding the use of the Scrapeo extension.
- When the User installs Scrapeo, we assign a unique identification number (“ ID number”) to each installation for us to be able to track the amount of active Scrapeo Users, however, the User cannot be directly or indirectly identified by the given ID number. The ID number only serves as means of separating one User’s account from another without being able to identify the User himself/herself. The ID number alongside with Scrapeo configuration will be synchronised across multiple browser installations in case when the User has enabled browser setting synchronisation globally.
- IP addresses are only collected for geolocation purposes on zip code level or above, for example, to determine the country or continent where Scrapeo is being used, to improve the Scrapeo extension gand its accessibility to Users, which on its own is not considered as Personal data.
- When the User contacts us directly, we may receive additional information about the User, such as name and surname, e-mail address, phone number and other information provided by the User upon contacting us.
- Since the Scrapeo extension can be downloaded for free, we do not collect or process any payment data of the User upon downloading the Scrapeo extension.
Basis for processing Personal data
How we protect and store Personal data
- We employ a variety of security measures to protect any information received from our Users from unauthorized access, use, erasure or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing Personal data, taking into account financial and technological resources reasonably available to us. Our security measures include, but are not limited to, transmitting Personal data in an encrypted form from the User to our database by the use of TLS/SSL certificates, storing Personal data in secure cloud storages provided by trusted service providers, protecting stored information with unique generated passwords, storing Personal data in an unidentifiable (pseudonymized) form only referring to individually assigned User ID number, which on its own cannot be directly or indirectly linked to a specific person, protecting our e-mail by using a unique username and password assigned to each person we employ.
- Our chosen cloud storage providers ensure that any information stored on their provided services is located on servers based within the European Economic Area (EEA) and the United States of America. In cases when any Personal or non-Personal data is being stored outside of the EEA, we make sure the respective service provider guarantees and provides the level of protection of stored data which is at least equivalent to that of the GDPR.
For how long we store and retain Personal data
We retain Personal data that we collect from the Users where we have an ongoing legitimate business need to do so, for example, to provide Users with the Scrapeo extension updates, review and answer Users’ queries and complaints, or to comply with applicable legal requirements.
When we have no ongoing legitimate business need or legal requirement to process User’s Personal data, we will either delete, anonymize or pseudonymize it or, if this is not possible, for example, because the User’s Personal data has been stored in backup archives, then we will securely store the Personal data and isolate it from any further processing until deletion is possible.
Do we transfer Personal data to anyone else
We do not transfer any User Personal data processed by us to third parties, unless:
- the User has given clear, unambiguous consent and requested the transfer of their Personal data;
- it is our obligation to disclose such Personal data to the persons provided for in the external regulatory enactments, upon a reasoned request, in accordance with the procedures and to the extent specified in the external regulatory enactments;
- we have to submit a claim to the court or other State authorities against a person who has infringed our legitimate interests.
We may use and share information about Users (the number of Users, geolocation, number of downloads) with our partners in aggregated or de-identified form that can’t reasonably be used to identify the User.
What non-Personal data we collect and process
When the User downloads and uses the Scrapeo extension, we may collect non-Personal data of the User to provide it with relevant updates, suggestions and chosen functions of the Scrapeo extension, as well as for determining User statistics. The data anonymous statistics collection can be managed via browser extensions options page. Collected data will include:
- web browser’s version and device’s operating system;
- occasional User surveys and information provided by the Users therein;
- information on when an installation, update, or uninstallation of the Scrapeo extension occurs;
- aggregated usage analytics, including the version of the Scrapeo extension used, version of the web browser, amount of data scraped excluding data itself, amount of scraping jobs, amount of created Sitemaps, amount of deleted Sitemaps, amount of imported Sitemaps, statistics on whether the Scrapeo extension has been opened on respective day
- aggregated information regarding Sitemaps, including sitemap count, selector count, start web address count in Sitemaps, used selector types.
Scraped website data is not being collected.
What Users can do regarding their Personal data processing
The User has the right to obtain information on what Personal data are at the disposal of the Scrapeo extension and its developers in relation to the processing of Personal data of the User and to request access to his or her Personal data, correction, update or deletion of it, to limit the processing of Personal data, including the processing of Personal data carried out on the basis of the legitimate interests, as well as to exercise the right to Personal data portability, to the extent that we can provide it technically. We can only exercise rights of the User to the extent that does not conflict with the obligations imposed on us by regulatory enactments.
In the case of the processing of Personal data, where the legal basis is solely the User’s consent, the User has the right to withdraw the consent given at any time by suspending further processing of Personal data which has been carried out on the basis of the consent. Withdrawal of consent shall not result in the cessation of the processing carried out on other legal bases. The withdrawal of consent shall not affect processing carried out during the period of when the consent was valid.
When we receive a request for the exercise of the rights of the User, we verify the identity of the User, evaluate the request and comply with it so far it is in accordance with regulatory enactments.
We will send the reply to User’s request to the e-mail address of the User within 30 days from the time we received the request, or through postal services by signed-for mail. If it is necessary to clarify the information or to carry out more detailed research, the reply may require a longer period than 30 days, depending on the content of the request, but not more than 60 days.
In some cases, a request for the deletion of Personal data may not be implemented, for which the User is informed within 30 days from the time when the responsible person of the Scrapeo extension has received a request for the deletion of Personal data. The answer is provided with clear, unequivocal justification for why the deletion of Personal data cannot be enforced. On the other hand, in the event of a reasoned request for the deletion of Personal data, we guarantee to accordingly delete User’s Personal data within 30 days of the date of receipt of the request from the User.
In cases where we detect a breach of the processing or protection of Personal data or when a potential breach is rectified, we carry out an assessment of the impact of the infringement or potential infringement on the processing of Personal data to the Scrapeo extension and/or the User. If necessary, we will inform the User of such violation or potential infringement and the National Data Inspectorate of Sweden within 72 hours from the time of the detection of the violation or the moment when we became aware of a potential violation of the processing of Personal data. The User can at any time submit a request to us for the provision of information relating to any identified or potential breaches of the processing of their Personal data.
If the User considers that the processing of their Personal data infringes their rights and interests in accordance with GDPR or other legal enactments, or that a serious infringement of the processing of Personal data of the User occurs, about which we have not reported to the User or the supervising authority, the User has the right to submit a complaint to Scrapeo AB, by writing to e-mail address: firstname.lastname@example.org