Privacy Policy
Last updated – 9 May 2025 (Version 1.1)
Parallax 84 SAS (trading as Datafalk, "we", "our", or "us") operates the Datafalk supply-chain-intelligence platform (the "Service").
We respect your privacy and are committed to protecting your personal data. This Policy explains how we collect, use, disclose, and safeguard information when you visit https://datafalk.com or use the Service.
Quick summary
- We only collect the data we need to deliver and improve our Service.
- You stay in control — access, correct, delete, or export your data at any time.
- We never sell personal data.
- Processing occurs in the EEA by default, with Standard Contractual Clauses (SCCs – Modules 1 & 2) and additional safeguards for any international transfer.
- We do not process special-category or criminal-record data and ask customers not to upload it.
1. Who we are
Parallax 84 SAS
9 rue des Colonnes, 75002 Paris, France
SIRET 981 036 262 00013
Email : legal@datafalk.com
This Policy applies to Parallax 84 SAS and any future subsidiaries or affiliates listed at https://datafalk.com/legal/entities (collectively, "Datafalk Group"). If a country-specific supplement conflicts with this Policy, the supplement prevails.
We act as data controller for personal data collected through the Service under Regulation (EU) 2016/679 ("GDPR").
1.1 What is personal data?
"Personal data" means any information relating to an identified or identifiable individual.
We do not seek and ask you not to submit:
- Special-category data (health, biometrics, religious beliefs, etc.).
- Criminal-convictions data.
- Children's data (the Service is not directed to persons under 16).
2. Scope of this Policy
This Policy covers:
- Visitors to our websites and marketing pages.
- Users of the Datafalk platform, dashboards, and APIs.
- Representatives of customers, suppliers, and other business contacts.
- Job applicants.
It does not apply to aggregated or anonymised data that cannot identify you.
If you choose not to provide required information (marked in-app or on forms), we may be unable to create or maintain your account or deliver requested features.
3. The data we collect
| Category | Examples | Purpose & legal basis* |
|---|---|---|
| Account Data | Name, business email, role, company, password hash | Contract (Art. 6 (1)(b)); legitimate interest to provide the Service |
| Usage Data | Log files, page views, feature interactions, IP address, user agent | Legitimate interest to secure & improve the Service |
| Alert & Supply-Chain Data | Entities you track, custom thresholds, notes, uploaded files | Contract; legitimate interest |
| Payment & Billing Data | VAT number, billing address, transaction refs (via Stripe) | Contract; legal obligation |
| Marketing & CRM Data | Newsletter prefs, email-open & click metrics, Clearbit/LinkedIn enrichment, event attendance | Consent; legitimate interest (B2B soft opt-in) |
| Applicant Data | CV, cover letter, interview notes | Legitimate interest; legal obligation |
*See section 6 for details on legal bases and balancing tests.
3.1 Data you provide directly
You give us data when you fill forms, create an account, request demos, comment, or communicate with us.
3.2 Data we collect automatically
We log technical info (IP, device type, language, browser) and usage metrics through first-party analytics and security tooling. Email campaigns record opens and link clicks to gauge engagement.
3.3 Data from third parties
We enrich our CRM with publicly available business-contact data and reputable providers (e.g. Clearbit, LinkedIn) to keep records accurate and send relevant B2B communications.
4. How we use your data
- Providing the Service — account creation, authentication, delivering alerts, APIs, dashboards.
- Improving & securing — debugging, fraud detection, abuse prevention, performance optimisation.
- Customer support — responding to tickets, training, incident resolution.
- Marketing & analytics — sending updates, webinars, and tracking email engagement (open/click); you can opt out anytime.
- Compliance & legal — accounting, taxes, responding to lawful requests, enforcing contracts.
We do not perform automated decision-making or profiling that produces legal or similarly significant effects.
5. Cookies & similar technologies
Our site uses:
- Strictly necessary cookies — session & security.
- Optional analytics cookies (e.g. Plausible).
The first visit shows a banner where you can manage preferences. Details are in our separate Cookie Policy.
6. Legal bases (GDPR)
| Purpose | Legal basis |
|---|---|
| Deliver the Service | Art. 6 (1)(b) — contract |
| Improve, secure, personalise | Art. 6 (1)(f) — legitimate interest |
| Marketing communications & analytics | Art. 6 (1)(a) — consent; Art. 6 (1)(f) — legitimate interest |
| Compliance with laws | Art. 6 (1)(c) — legal obligation |
| Recruiting | Art. 6 (1)(f) — legitimate interest; national labour law |
When relying on legitimate interest, we perform a balancing test to ensure your rights are not overridden.
7. Data retention
| Data set | Retention period |
|---|---|
| Account Data | Contract term + 12 months |
| Logs & Usage Data | Up to 18 months |
| Marketing & CRM | Until you unsubscribe or 24 months of inactivity |
| Applicant Data | 24 months (longer with consent for talent pool) |
| Legal / finance records | 10 years (per French law) |
Encrypted backups are overwritten or anonymised within 90 days.
8. Sharing & disclosures
We share data only with:
- Service providers (cloud hosting, email delivery, payments, analytics) bound by DPAs.
- Affiliates & subcontractors operating the Service.
- Authorities when legally required (court orders, audits).
- Successors in mergers or acquisitions, subject to confidentiality.
Our current sub-processors list is available by email at privacy@datafalk.com and updated at least 30 days before change.
9. International transfers
Primary hosting is in the European Economic Area. When transferring data outside the EEA we rely on:
- Adequacy decisions (e.g. UK, Canada); or
- EU Standard Contractual Clauses (SCCs) — Modules 1 (controller↔controller) & 2 (controller→processor) plus extra technical safeguards (encryption in transit/at rest, zero-trust architecture).
You may request a copy of relevant SCCs via dpo@datafalk.com.
10. Security measures
- ISO 27001-aligned controls & independent audits.
- TLS 1.3 for all data in transit; AES-256 at rest.
- Role-based access control, least privilege, SSO (SAML/OIDC).
- 24 × 7 monitoring, incident-response playbooks, annual penetration tests.
11. Your rights
Under GDPR (and where applicable, UK GDPR & CCPA) you may:
- Access your data.
- Rectify inaccuracies.
- Delete ("right to be forgotten").
- Restrict or object to processing (including direct marketing).
- Data portability.
- Withdraw consent at any time.
- Lodge a complaint with the CNIL or your local supervisory authority (https://edpb.europa.eu/about-edpb/board/members_en).
Contact us at privacy@datafalk.com or use the in-app request form. We respond within 30 days.
12. Third-party links
Our Service may link to external sites. We are not responsible for their privacy practices; please review their policies.
13. Changes to this Policy
We may update this Policy for legal, technical, or business reasons. Users will be notified via email or in-app banner at least 15 days before material changes. The last updated date and version above show the current edition.
14. Contact us
Data Protection Officer (DPO)
Parallax 84 SAS – Datafalk
9 rue des Colonnes, 75002 Paris, France
Email : dpo@datafalk.com