OPTIMUS NETWORK (hereinafter "ScaleUp", "we") places great importance on protecting your personal data. This policy explains which data we collect, why, how long we keep it, with whom we share it and how to exercise your rights.
This policy complies with Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and with the French Data Protection Act of 6 January 1978 as amended.
1. Data controller
OPTIMUS NETWORK, a SAS with share capital registered in the Bazas Trade and Companies Register under number 101 785 269.
Registered office: 1 Cours du Maréchal Joffre, 33430 Bazas, France
Legal representative: Fabien MICHEL, President
Email: support@scale-up.app
Data Protection Officer (DPO): [TO BE COMPLETED - DPO name + email] or, failing that, support@scale-up.app.
2. Data collected and purposes
| Purpose | Data collected | Legal basis | Retention period |
|---|---|---|---|
| Contact form / demo request | Last name, first name, email, phone, company, message | Pre-contractual measures (art. 6.1.b GDPR) | 3 years after last contact |
| Customer account management | Login credentials, billing data, activity logs | Performance of the contract (art. 6.1.b) | Term of the contract + 5 years (civil limitation period) |
| Audience measurement | Pages visited, duration, device type, traffic source | Consent (art. 6.1.a) | 13 months maximum |
| Marketing and prospecting | Professional email, sector, preferences | Legitimate interest or consent depending on the case | 3 years after last contact |
| Billing and accounting obligations | Invoices, IBAN, SEPA data | Legal obligation (art. 6.1.c) | 10 years (art. L123-22 of the French Commercial Code) |
3. Data recipients
Your data is accessible only to authorised personnel within OPTIMUS NETWORK and to the technical processors listed below, each governed by a contract compliant with Article 28 of the GDPR:
| Processor | Purpose | Location | Transfer outside the EU |
|---|---|---|---|
| IONOS SARL | Bare metal hosting (dedicated servers) | France / European Union | No |
| Resend (Resend, Inc.) | Transactional email delivery (demo confirmation, account notifications) | United States | Yes - DPF (EU-US Data Privacy Framework) + standard contractual clauses |
| Google Analytics (Google Ireland Ltd.) | Anonymised audience measurement of the scale-up.app site | Ireland / United States | Yes - DPF + IP anonymisation enabled |
| Stripe (Stripe Payments Europe Ltd.) | Payment processing and billing | Ireland / United States | Yes - DPF + standard contractual clauses |
| Cal.com (Cal.com, Inc.) | Demo appointment booking | Germany / United States | Yes - DPF + standard contractual clauses |
Transfers to the United States are governed by the EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023) and, on a subsidiary basis, by the standard contractual clauses adopted by the European Commission (decision 2021/914 of 4 June 2021).
4. Cookies
The use of cookies is detailed in our cookie policy. No non-essential cookie is placed without your prior consent.
5. Security
We implement appropriate technical and organisational measures to protect your data: TLS encryption in transit, encryption at rest, role-based access control, access logging, encrypted backups and incident management procedures.
6. Your rights
In accordance with the GDPR, you have the following rights:
- Right of access to your data;
- Right to rectification of inaccurate data;
- Right to erasure (subject to legal obligations);
- Right to restriction of processing;
- Right to portability;
- Right to object to processing based on legitimate interest or prospecting;
- Right to withdraw your consent at any time;
- Right to set instructions regarding the fate of your data after your death.
To exercise these rights, contact us at support@scale-up.app specifying the subject of your request. Proof of identity may be requested in case of doubt. You also have the right to lodge a complaint with the CNIL, the French data protection authority (www.cnil.fr).
7. Minors
The ScaleUp website and platform are not intended for persons under 16 years of age. No data is knowingly collected from minors.
8. Changes
This policy may be updated to reflect regulatory or operational developments. The version in force is the one published on the website, with the date of the last update shown at the top of the page.