Privacy Policy


1. Definition and nature of personal data

When you use the services provided by Scrupp (hereinafter the “Services”), including on (hereinafter the «Site») we may process personal data about you.

We also may process personal data about you that is publicly accessible.

For the purposes of this privacy policy, the term “personal data” means all data that allow an individual to be identified, which is in particular your surname, first names, professional postal address, professional email address, personal email address, landline phone number, mobile phone number, the name of the company you work for and the position you hold there, data relating to your professional life, data relating to your transactions on the Site and details of your purchases and subscriptions, IP address, and any other information you may choose to share with us about you.


2. Purpose of this privacy policy

The processing governed by this privacy policy is related to the data of Scrupp’s clients, prospects and suppliers.

The purpose of this privacy policy is to determine the methods of processing your personal data for which Scrupp is the Controller. It aims to inform you about the means we use to collect your personal data, in the strictest respect of your rights.

We inform you that we collect and process your personal data in compliance with with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”).


3. Identity of the Data Controller

The entity responsible for collecting and processing your personal data is the company Scrupp, a simplified joint stock company, registered in Ukraine 3206515011 Vorobiov Ihor.


4. Collection of personal data

The legal basis for our collection of your personal data is as follows:

(i) Scrupp’s legitimate interest when you voluntarily provide us with personal data during your visit to our Site, the data then being collected to enable us to better respond to your requests for information about our Services.

(ii) Your consent in the case of social network cookies, advertising cookies and Google Analytics cookies referred to in Article 10.

(iii) The performance of the contract entered into with Scrupp when you use our Services.

(iv) The performance of the contract concluded when you are a supplier of Scrupp.

Your personal data is collected to meet one or more of the following purposes:

(i) To manage your access to certain Services and their use,

(ii) To carry out operations relating to the monitoring of the relationship with customers and suppliers

(iii) To compile a file of users, customers, prospects and suppliers

(iv) To draw up commercial and frequentation statistics for our Services,

(v) To manage any unpaid bills and any disputes relating to the use of our Services, or the use by Scrupp of the services of our suppliers,

(vi) To personalise the responses to your requests for information.

We inform you, when collecting your personal data, whether certain data is mandatory or optional. Mandatory data is necessary for the operation of the Services. Concerning the optional data, you are entirely free to indicate them or not. We also inform you of the possible consequences of a lack of response.

We also inform you that we are likely to collect your data indirectly from publicly accessible information.


5. Recipients of collected data

Your personal data will be accessible to our company’s staff, the services in charge of the control (auditor in particular) and our processors.
The public bodies, paralegals, ministerial officers and bodies responsible for collecting debts may also be the addressees of your personal data, exclusively to fulfill our legal obligations.

The subcontractor’s use and transfer of information collected from Google APIs are in accordance with Google API Services User Data Policy including the Limited Use requirements.

Your personal data may also be disclosed to public bodies, exclusively to meet our legal obligations, to judicial officers, to legal agents, and to bodies responsible for debt collection.


6. Transfer of personal data

Your personal data may be transferred, leased or exchanged for the benefit of third parties. In case you wish it, we give you the option to express your acceptance on this subject when collecting your data by checking a box.


7. Personal data storage period

  ‍(i) With regard to data relating to the management of clients, prospects and suppliers

Your personal data is kept for the period strictly necessary for the management of our business relationship with you.

With regard to any prospecting operations intended for you, your data may be kept for a period of 3 (three) years from the end of the business relationship in an active database. They may then be kept for an additional 4 (four)-year period in an intermediate storage to allow us to retrieve the history of our relationship if you contact us.

The data used to establish proof of a right or contract, or which must be kept to comply with a legal obligation, will be kept for the period provided for by the applicable law.

The personal data relating to a prospect, non-client, may be kept for a three (3)-year period from their collection or the last contact from the prospect, in an active database. At the end of this 3 (three)-year period, we may contact you again to find out if you wish to continue to receive business solicitations. Beyond this period, the relevant data may be kept for a period of 4 (four) additional years in an intermediate storage to allow us to retrieve the history of our relationship if you contact us.

  (ii) Concerning identity documents:

In the event that the right of access or rectification is exercised, data relating to identity documents may be kept for the period provided for in Article 9 of the Code of Criminal Procedure, i.e. 1 (one) year. In the event of exercising the right of opposition, this data may be archived for a period of 3 (three) years.

(iii) Concerning data relating to bank cards: financial transactions relating to the payment of purchases and charges via the Site are entrusted to a payment service provider who ensures their smooth running and security.

For the purposes of services, this payment service provider may be required to receive your personal data relating to your bank card numbers, which it collects and stores in our name and on our behalf.

We do not have access to this data.

(iv) Concerning the management of the lists of opposition to receive canvassing:

The information enabling your right of opposition to be taken into account is kept for a minimum of 3 (three) years from the exercise of the right of opposition.

(v) Concerning cookies:

The retention period for cookies referred to in Article 10 is 13 (thirteen) months.


8. Safety

We inform you that we take all necessary precautions, organizational and technical measures to preserve the security, integrity and confidentiality of your personal data and in particular, to prevent that they are distorted, damaged or that any unauthorized third party have access to it. We also use secure payment systems that comply with the state of the art and applicable regulations.


9. Hosting and data transfer outside the EU

We inform you that your data is hosted on servers of companies located in the European Union.

Your data may also be stored and hosted on the servers of our subcontractors, some of which are located in the United States.

In the event that your data is transferred outside the European Union, these transfers are secured by means of the following tools:

– Either these data are transferred to a country that has been deemed to offer an adequate level of protection by a decision of the European Commission;

– Or we have concluded a specific contract with our subcontractors governing the transfer of your data outside the European Union, on the basis of standard contractual clauses between a data controller and a subcontractor approved by the European Commission.


10. Cookies

Cookies are text files, often encrypted, stored in your browser. They are created when a user’s browser loads a given website: the site sends information to the browser, which then creates a text file. Each time the user returns to the same site, the browser retrieves this file and sends it to the website server.

We can distinguish different types of cookies, which do not have the same purpose:

– Technical cookies are used throughout your navigation, to facilitate it and to perform certain functions. For example, a technical cookie can be used to store the answers filled in a form or the user’s preferences regarding the language or the presentation of a website, when such options are available.

We use technical cookies.

– Social network cookies can be created by social platforms to allow web designers to share their site content on these platforms. In particular, these cookies can be used by social platforms to track the navigation of Internet users on the website concerned, whether or not they use these cookies.

– We use social network cookies. These cookies are deposited only if you give your consent. You can find out about their nature, accept or refuse them.

We also invite you to consult the privacy protection policies of the social platforms that originate these cookies, to find out the purposes for which they use the browsing information they may collect thanks to these cookies and how you can exercise your rights with these platforms.

– Advertising cookies may be created not only by the website on which the user browses, but also by other websites displaying advertisements, ads, widgets or other elements on the page displayed. In particular, these cookies may be used to carry out targeted advertising, i.e. advertising determined according to the user’s navigation.

We also use advertising cookies.

  – We use Google Analytics, which is a statistical tool for audience analysis that generates a cookie to measure the number of visits to the Site, the number of page views and visitor activity. Your IP address is also collected to determine the city from which you connect.

For all intents and purposes, we remind you that you can oppose the deposit of cookies by configuring your browser. However, such a refusal could prevent the proper functioning of the Site.


11. Access to your personal data

In accordance with the law n° 78-17 of January 6, 1978 relating to data processing, data files and liberties, and to GDPR, you have the right to obtain the communication and, if necessary, the correction or the deletion of the data concerning you, through an online access to your file. You can also contact us at :

– e-mail


12. Rectification of your personal data

In accordance with the law n° 78-17 of January 6, 1978 relating to data processing, the files and freedoms, and with GDPR, you have the right to obtain the correction of the data concerning you which are inaccurate by addressing you to :

– e-mail address:


13. Erasure of personal data

In accordance with the law n° 78-17 of January 6, 1978 relating to data processing, the files and freedoms, and with GDPR, in the cases envisaged expressly by the regulation, you have the right to obtain the erasing of the data concerning you by addressing you to :

– e-mail address:


14. Opposition to data processing

Persons whose data are collected on the basis of our legitimate interest, as mentioned in Article 4, are reminded that they may at any time object to the processing of data concerning them. We may, however, be led to continue processing if there are legitimate reasons for the processing that prevail over your rights and freedoms or if the processing is necessary to ascertain, exercise or defend our rights in court.


15. Right to set guidelines for the processing of data after your death

You have the right to define guidelines for the storage, deletion and communication of your personal data after your death.

These guidelines may be general, i.e. they concern all personal data concerning you. In this case, they must be registered with a trusted digital third party certified by the CNIL.

The directives may also be specific to the data processed by our company. In this case, they should be sent to us at the following address:

– e-mail address:

By sending us such directives, you expressly give your consent for these directives to be kept, transmitted and executed in accordance with the terms and conditions set out herein.

You may designate in your directives a person responsible for their execution. This person will then be entitled, when you have died, to take note of the said instructions and to ask us to implement them. If you do not designate an executor, your heirs will have the right to take note of your instructions upon your death and to ask us to carry them out.

You may change or revoke your instructions at any time by writing to us at the contact details above.


16. Portability of your personal data

You have a right to portability of the personal data you have provided us with, construed as being the data that you have actively and consciously declared in the context of accessing and using the services, as well as the data generated by your activity in the context of using the services. We remind you that this right does not apply to data collected and processed on any other legal basis than consent or the performance of the contract binding us.

This right may be exercised free of charge, at any time, and in particular when closing your account with Scrupp, so that you may recover and store your personal data.

In this context, we will send you your personal data, by any means deemed useful, in a standard open format, commonly used and machine-readable, in accordance with the state of the art.


17. Making a complaint to a supervisory authority

You are also informed that you have the right to lodge a complaint with a competent supervisory authority in the Member State in which is located your habitual residence, your place of work or the place where the violation of your rights have been committed, if you consider that the processing of your personal data subject to this privacy policy constitutes a violation of the applicable texts.

This remedy may be exercised without prejudice to any other remedy before an administrative or judicial court. Indeed, you also have the right to an administrative or judicial remedy if you consider that the processing of your personal data subject to this privacy policy constitutes a breach of the applicable texts.


18. Limitation of treatment

You have the right to obtain the limitation of the processing of your personal data, in the following cases:

– During the period of verification that we implement, when you dispute the accuracy of your personal data,

– When the processing of such data is unlawful, and you wish to limit such processing rather than delete your data,

– When we no longer need your personal data, but you wish to retain them to exercise your rights,

– During the period of verification of legitimate reasons, when you have objected to the processing of your personal data.


19. Modifications

We reserve the right, in our sole discretion, to modify this Privacy Policy at any time, in whole or in part. These alterations will come into effect as of the publication of the new Privacy Policy. Your use of the Site after the changes have been implemented implicitly expresses your acknowledgement and acceptance of the new Privacy Policy. Otherwise, if this new Privacy Policy does not suit you, you will no longer be allowed to access the Site or use our Services.