Apify Technologies s.r.o., with its registered seat at Štěpánská 704/61, 110 00 Prague 1, Czech Republic, Company reg. no. 04788290, recorded in the Commercial Register kept by the Municipal Court of Prague, File No.: C 253224 (hereinafter referred to as “we“, “us”, “our”, the “Provider” or “Apify”) welcomes you (hereinafter referred to as “you” or the “User”) on our website apify.com (hereinafter referred to as the “Website”).
Apify may collect two types of information from Users: “Personal Data” and “Aggregate Information” (as defined below).
Processing personal data in a secure, fair, and transparent way is extremely important to us at Apify. We process personal data in accordance with the European Union's General Data Protection Regulation (“GDPR”) and best industry standards. This Policy uses the following definitions regarding your personal data:
- “Data Subjects” refers to those individuals residing in the European Union who are our Users or personnel.
- “Personal Data” is given the same meaning as in the GDPR, i.e. any data relating directly or indirectly to an identifiable data subject. Personal data does not include any data that is anonymized, aggregated, de-identified and/or compiled on a generic basis and which does not name or identify a specific individual, directly or indirectly.
- “Processing” is given the same meaning as in the GDPR, such as collecting, recording, using, storing, amending, adapting, disclosing, transferring or transmitting, structuring, using, combining, deleting or destroying personal data”
- “Controller” is given the same meaning as in the GDPR, i.e. a party that determines the purposes and means of the processing of personal data; Apify is the controller with respect to your personal data.
- “Processor” is the party that processes personal data on behalf of the controller; Apify is the processor of your personal data.
- “Incident” means: (a) a complaint or a request with respect to the exercise of an individual's rights under the GDPR; (b) an investigation into or seizure of the personal data by government officials, or a specific indication that such an investigation or seizure is imminent; or (c) any breach of the security and/or confidentiality as set out in this Policy leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the personal data, or any indication of such breach having taken place or being about to take place.
Apify collects personal data that is voluntarily provided when a User on our Website creates an account or logs into their account. Specifically, when you sign up for an account, we ask you for your name, email address, username, short bio, homepage URL, GitHub username, Twitter username, profile picture, business information, billing information and payment information. This information is used to assist us in helping you select the appropriate service package, to allow you to authenticate to the Website (Platform), to send you e-mail notifications, Apify's newsletters or other marketing materials. Some of the information might be displayed publicly on a public profile page upon your consent and only to the extent approved by you. Apify also collects and stores information about our user's use of the Website, Platform and our Services, including page scraping activities, so that information gathered by a user through our Website or Services can be served up each time a user logs in to the Website. Apify will process User's personal data only to the extent strictly necessary for the purpose of using the Website, Platform and/or providing Services in accordance with the Terms and this Policy and any further written instructions from the User that are mutually agreed upon in writing. Apify agrees that
- it will not modify, alter, delete, publish or disclose any User personal data to any third party, nor allow any third party to process such personal data on Apify's behalf unless the third party is bound to similar confidentiality and data handling provisions;
- only its personnel, contractors or third party providers who “need-to-know” will be given access to User personal data to the extent necessary to perform its obligations under the Terms. It shall provide adequate training to its staff and ensure that they comply with the obligations in this Policy; and
- it will implement and maintain a reasonable and appropriate security program comprising adequate security, technical and organizational measures to protect against unauthorized, unlawful or accidental processing, use, erasure, loss or destruction of, or damage to, User's personal data;
- it will only process User personal data to the extent necessary to perform its obligations under the Terms, upon written instructions of the User (only as mutually agreed upon), and in accordance with applicable laws.
Upon your request or termination of your user account, Apify will delete, destroy, or anonymize the personal data in accordance with our standard backup and retention Policy (no later than 60 days), unless we have terminated your account for violation of the Terms or in other cases foreseen by GDPR and applicable regulation in which we are not obliged to delete, destroy or anonymize your personal data.
The parties acknowledge that User may from time to time be in possession of personal data relating to Apify's personnel. Apify warrants that it has provided all necessary notifications and obtained all necessary consents, authorizations, approvals and/or agreements as required under any applicable law in order to enable: (i) the disclosure of Apify's personal data to User; and (ii) further processing of such Apify personal data by User.
By accepting this Policy, the User warrants that it has all necessary rights to provide to Apify the personal data for processing in connection with the provision of the services by Apify. To the extent required by applicable law, the User is responsible for ensuring that any data subject consents that may be necessary to this processing are obtained, and for ensuring that a record of such consents is maintained, including any consent to use personal data that is obtained from third parties. Should such consent be revoked by a data subject, the User is responsible for communicating the fact of such revocation to Apify, and Apify remains responsible for implementing any User instruction with respect to the further processing of that personal data, or, as may be in accordance with any of Apify's legal obligations.
Apify shall assist the User by implementing appropriate technical and organizational measures, insofar as this is reasonably and commercially possible (in Apify's sole determination and discretion), in fulfilling the User's obligations to respond to individuals' requests to exercise rights under the GDPR.
When either party becomes aware of an incident that impacts the processing of personal data, it shall promptly notify the other about the incident and shall reasonably cooperate in order to enable the other party to perform a thorough investigation into the incident, to formulate a correct response, and to take suitable further steps in respect of the incident.
Both parties shall at all times have in place written procedures which enable them to promptly respond to the other about an incident. Where the incident is reasonably likely to require a data breach notification under applicable laws, the party responsible for the incident shall notify the other no later than 24 hours of having become aware of such an incident.
Any notifications made under this section shall be made to firstname.lastname@example.org (when made to Apify) and to our point of contact with you (when made to the User), and shall contain: (i) a description of the nature of the incident, including, where possible, the categories and approximate number of individuals concerned and the categories and approximate number of records concerned; (ii) the name and contact details of the point of contact where more information can be obtained; (iii) a description of the likely consequences of the incident; and (iv) a description of the measures taken or proposed to be taken to address the incident including, where appropriate, measures to mitigate its possible adverse effects.
Apify may also collect aggregate information. Aggregate information is information about your activities on the Website and Platform or in connection with the Services that cannot be used to identify, locate, or contact you (such as frequency of visits to the Website, data entered when using the Website, Website pages most frequently accessed, browser type, etc.). Aggregate information is collected as you visit our Website (Platform) or interact with our Services even if you do not enter any information. Generally, aggregate information is used in a collective manner, and no single person can be identified by that compiled information. Apify uses aggregate information to provide its Services, as well as to determine the use of our Website (Platform) and to monitor, audit and analyze information pertaining to our business metrics.
We may use aggregate information to improve the Website and Services, to monitor traffic and general usage patterns, and for other general business purposes. We may disclose aggregate information to third parties for a variety of business reasons, including to potential investors so that they may better understand our user base, etc. Aggregate information will not include any personal information and we will not disclose any personal information except as expressly stated elsewhere in this Policy.
Security Pertaining to Your Information
We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data.
We restrict access to collected information to Apify employees, service providers and agents who need to know that information in order to operate, develop or improve our services. These individuals re bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. We use Secure Socket Layer (“SSL”) and Transport Layer Security (“TLS”) technology to encrypt and protect the security of your personal information, including but not limited to your credit card number, when it is sent over the Internet.
Integrity of Your Data
Apify processes your information only for the purposes for which it was collected and in accordance with this Policy. We review our data collection, storage and processing practices to ensure that we only collect, store and process the personal information needed to provide or improve our Services. We take reasonable steps to ensure that the personal information we process is accurate, complete, and current, but we depend on our users to update or correct their personal information whenever necessary.
Children and Privacy
Our Website, Platform and Services is not directed to children and we will not request personally identifiable information from anyone who we know to be under the age of 18, unless we have obtained verifiable parental consent from a parent or legal guardian. If we become aware that a user under the age of 18 has registered with our Website, Platform or Services, provided personal information, and Apify has not obtained prior verifiable consent from a parent or legal guardian, we will immediately remove the user’s personal information from our files.
In the event that Apify sells substantially all of its assets, or one of Apify’s business units is acquired, personal information of Users will likely be one of the transferred assets.
Corrections, Information Removal, Opt-out
If your name, e-mail or postal address, telephone number or other personal information changes, you may update, correct or omit the relevant information by contacting Apify User service at email@example.com or by updating your personal information on the Account settings page on the Website. If you prefer not to receive newsletters or other marketing e-mails from Apify, please let us know by clicking on the unsubscribe link within any newsletter or marketing e-mail you receive. If you prefer not to receive marketing mail via the mail carrier, please let us know by contacting User service at firstname.lastname@example.org. Please note that such requests may take up to ten (10) days to become effective.
Liability and Indemnity
Each party indemnifies the other and holds them harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the indemnified party and arising directly or indirectly out of or in connection with a breach of this Policy.
This Policy and any other contracts and legal relationships concluded by and between us (unless otherwise explicitly provided) shall be governed by the laws of the Czech Republic. Any disputes arising here from between us shall be resolved by the courts of general jurisdiction in the Czech Republic.
Should any of the provisions hereof be ascertained as invalid, ineffective or unenforceable, upon mutual agreement such a provision shall be replaced by a provision whose sense and purpose comes as closely as possible to the original provision. The invalidity, ineffectiveness or unenforceability of one provision shall not affect the validity and effectiveness of the remaining provisions hereof.
This Policy shall come into effect when published and shall continue until it is changed or terminated in accordance with the Terms and this Policy. We may change this Policy at any time and without prior notice, by posting the revised version of this Policy on our Website. Your continued use of the Website, Platform and/or Services indicates your consent to our collection of and use of your personal and aggregate information under the then current Policy. Termination or expiration of this Policy shall not discharge the parties from the confidentiality obligations herein.