Privacy and data protection policy

Stonly is a new medium for help and how-to content; solving the universal need for businesses, publishers, teachers - everyone, really - to teach audiences and users more effectively. Stonly empowers content creators to make interactive, step-by-step guides which can be embedded anywhere. Stonly (or "we", "us", "our") strives to preserve the confidentiality and security of the personal data that it processes, i.e. any information that makes it possible to identify, directly (surname, first name, profile photo, etc.) or indirectly (IP address, etc.) a natural person (the "Personal Data"). To this end, we have put in place strict procedures and made strong commitments which are described in this document (the "Privacy Policy").

1. When does the Privacy Policy apply?

The Privacy Policy applies as soon as you voluntarily communicate your Personal Data (i.e. it applies when you communicate your Personal Data by subscribing to our newsletter, by requesting or scheduling a demo, by giving you email address to get resources or content, by submitting a support inquiry or directly emailing to Stonly for information or by creating a client account, but it also applies when Stonly collects your Personal Data to manage the platform user access, to manage the after-sale service, and to analyze statistics regarding the website) or as soon as Stonly collects it.

2. Who are we?

Stonly acts as data controller, i.e. Stonly is the entity responsible for processing your Personal Data. Information about Stonly is available on the Legal Notice.

3. What are our commitments?

Stonly has made protection of Personal Data and privacy one of its priorities. We have thus chosen to work towards greater transparency.

Stonly is committed to processing your Personal Data in the strict respect of the Regulations (as defined below), this Privacy Policy and, when applicable, the lawful instructions of our clients - data controllers. Thus, and pursuant to the principle of data minimization, Stonly ensures to process only Personal Data strictly necessary regarding the specified, explicit, and legitimate purposes for which they are processed. The processing will only be carried out for the time necessary to achieve these purposes and within the framework of strict security and confidentiality measures.

4. Which regulations apply to the use of your Personal Data?

The regulations applicable to the processing of Personal Data cover all national and European laws and regulations in force and in particular (i) the European Data Protection Regulation 2016/679 of 27 April 2016 (the "GDPR"), (ii) the French provisions of Law No. 78-17 of January 6, 1978 as amended, (iii) the European Directive 2002/58/EC of July 12, 2002 and (iv) guidelines, opinions, recommendations, advice of the supervisory authorities, certifications, approvals and final court decisions (altogether, the "Regulations").

5. What are the Personal Data processing activities operated by Stonly?

Stonly operates three kinds of processing of Personal Data:

5.1 When Stonly acts as data controller:

5.1.1 If you are a client of Stonly or if, in general, you have a commercial relationship with us, we may collect and process Personal Data of your employees / collaborators / service providers or platform users (name, first name(s), business email address, telephone number, status within the client’s company, browsing data) for the following purposes:

PurposesLegal basis
Managing the platform user accessthe execution of the contract entered into between Stonly and you
Managing client relationship (contracts, invoicing, loyalty program, after-sales service/user assistance, satisfaction surveys, management of unpaid invoices, etc.)Stonly’s compliance with its legal obligations
Sending newslettersStonly’s legitimate interest regarding the continuation of the commercial relationship
Managing requests for access, rectification and opposition rightsStonly’s compliance with its legal obligations

Personal Data processed for the purposes of receiving our newsletter is kept until you unsubscribe via the “unsubscribe” link included in each newsletter.

Your Personal Data is only stored by our services for the time strictly necessary, namely two (2) years from the end of the contractual relationship between Stonly and you or, as regards the data strictly necessary for Stonly to comply with its legal obligations, for the applicable statute of limitations.

The guides created by a user can be kept available even after the user account has been deleted without any further storage of Personal Data.

Stonly only communicates your Personal Data to the recipients who are located in France, the United Stated and/or in the United Kingdom and who need to have access to it to the extent necessary for the accomplishment of the tasks entrusted to them:

5.1.2 When you consult a client’s guide, Stonly may process visitors’ anonymized data on its own behalf for the following purpose:

PurposesLegal basis
Analytics for product improvementStonly’s legitimate interest regarding the proper execution of the services it provides
Usage-based billingThe execution of the contract entered into between Stonly and the owner of the Stonly guide

The Personal Data processed as part of the anonymization process is kept for one (1) year.

Stonly only communicates your Personal Data to the recipients who are located in the European Union and who need to have access to it to the extent necessary for the accomplishment of the tasks entrusted to them:

5.1.3 When you (or your employer) are prospects of Stonly and/or when you visit our website, you may (i) communicate your name, first name(s), email address, browsing data etc. to us in order to subscribe to our newsletter and/or request additional information about Stonly’s services (e.g. by contacting Stonly’s support, downloading materials or asking for a scheduled demonstration) or (ii) authorize Stonly to place cookies on your terminal.

Your Personal Data is processed for the following purposes:

PurposesLegal basis
Subscription to our newsletter and/or request additional information about Stonly’s servicesStonly’s legitimate interest of initiating a commercial relationship
Manage your visit of our website. For more information, please refer to Section 6 below.Your consent or; and limited to functional cookies and/or cookies required for the running of our website, Stonly’s legitimate interest of ensuring the proper performance of the website. For further details, please refer to Section 6 below.
Managing requests for access, rectification, and opposition rightsStonly’s compliance with its legal obligations

Personal Data processed for the purposes of receiving our newsletter is kept until you unsubscribe via the “unsubscribe” link included in each newsletter..

Personal Data processed for the purposes of managing request for access, rectification, and opposition rights are kept for the duration required to perform the said purposes; unless a longer retention period is required to preserve evidence during the applicable statute of limitations and/or exercise rights during any proceedings, litigation or investigation.

Stonly only discloses your Personal Data to recipients who are located in the European Union and/or in the United States and/or in the United Kingdom and who need to have access to it to the extent necessary for the accomplishment of the tasks entrusted to them:

When Stonly acts as a processor:

When Stonly acts as a data processor, it is on behalf and on the instructions of its clients, through several Stonly features:

FeatureType of data processedPurposeLocation / duration of processing
Guide InsightsGuide browsing activity, including inputsProvide insights about guide activity to customerStonly servers (France), duration of contract + 2 years
Contact FormsContact form content and attachmentForward content of contact form to customerStonly servers, Email provider (France), maximum 1 month
TargetingTargeting events and properties sent by customerPersonalise content shown to end-users using stored properties and eventsStonly servers (France), duration of contract + 2 years
Interface RulesFull content of the pagePersonalise content shown to end-users using local properties and eventsDevice of the user, duration of the session

Some of these processing activities require the use of sub-processors. We maintain a full list of sub-processors on www.trust.stonly.com/subprocessors

6. What exactly is a cookie? How do we use them? How can you manage them?

"Cookies" are small data files placed on your device when you browse web pages subject to the choices you have made, in order to store and receive identifiers and other browsing information.

Cookies are used on the website and any Stonly’s services to (i) facilitate your browsing, (ii) offer you personalised ads and (iii) compile visit statistics:

You may at any time set your browser to express and modify your wishes regarding cookies, in particular by refusing certain cookies.

You can also use the interface that we make available to you via the cookie banner that appears when you first connect to the website or after any deletion of your cookies.

We remind you that, by disabling targeted advertising cookies and/or statistic cookies:

The Personal Data collected via our cookies are kept for one (1) year.

7. What are our requirements with respect to third party recipients?

We ask the recipients of your Personal Data to act in compliance with the Regulations and, in particular, to pay close attention to the confidentiality of your Personal Data.

8. Do we Transfer Your Personal Data outside the European Union?

The Personal Data collected may be processed outside the European Union by our data processors. In this case, Stonly takes the necessary steps with its data processors and partners to ensure an adequate level of protection to your Personal Data, in accordance with the Regulations. To do so, we ensure that our processors and partners (i) are located in a country ensuring an adequate level of protection, or (ii) have signed a contract with Us that includes the "standard data protection clauses" adopted by the European Commission.

You can find the adequacy decisions of the European Commission here.

If you would like further information on the “standard data protection clauses”, please see below:

9. What security measures does Stonly put in place to protect your Personal Data?

To provide the highest level of security for your Personal Data, Stonly implements appropriate physical, technical and organizational measures to prevent any alteration or loss of your Personal Data.
These measures are kept up to date on www.trust.stonly.com/controls

10. What are your rights and how to exercise them?

Pursuant to the Regulations, you have the following rights regarding the processing of your Personal Data by Stonly, in its capacity as data controller:

  1. To access and be informed: you have the right to be informed in a concise, transparent, intelligible and easily accessible form about the way your Personal Data is processed (this is precisely the purpose of this Privacy Policy). You also have the right to obtain (i) confirmation as to whether or not your Personal Data is being processed by Stonly and, if so, (ii) to access all your Personal Data and obtain a copy of it.
  2. To rectify: at any time, you can ask Stonly to rectify and/or complete any of your Personal Data which would be incomplete or erroneous, which Stonly will do as soon as possible.
  3. To erase: in certain cases, you can ask Stonly to erase your Personal Data ("right to be forgotten"); however, as this is not an absolute right, Stonly may have, in certain cases, legal or legitimate reasons to keep your Personal Data.
  4. To restrict: in certain cases listed in article 18 of the GDPR, you can ask Stonly to restrict the processing of your Personal Data.
  5. To transfer: you have the right to data portability, in a structured, commonly used, and machine-readable format. You are free to transmit your Personal Data to a recipient of your choice without Stonly being able to oppose it. However, this right only applies if the processing of your Personal Data is based on your consent or on the execution of a contract, and if the processing is carried out by automated means.
  6. To oppose: when the processing of your Personal Data is based on Stonly’s legitimate interest, you have the possibility to oppose to this processing. Stonly will then stop the processing of your Personal Data unless there is a legitimate reason which prevail over your interests. You also have the right to object at any time to the processing of your Personal Data for marketing purposes. Finally, you have the right to unsubscribe from our newsletter simply by clicking on the "Unsubscribe" link at the bottom of each newsletter.
  7. Setting out instructions on data handling after your death: these instructions, which may be revoked at any any time, may concern the retention, deletion, or communication of your Personal Data after your death. When it comes to specific instructions, you can send them directly to Stonly (Section 11). You can appoint a person responsible for their execution. In the absence of a designation, or unless otherwise instructed, in the event of the death of the designated person, your heirs will have the power to carry out your instructions.
  8. Filing a complaint: you are always entitled to file a complaint with the competent data protection authority (e.g. the Commission nationale de l'informatique et des libertés (CNIL) in France).

11. Contact

If you wish to exercise some or all of the above rights or to receive some additional information, you can send a request to Stonly Data Protection Officer (Jean Roman), accompanied by a copy of a signed proof of your identity and any other information necessary to confirm your identity and process your request (your postal address for example):

A response will be sent to you within one (1) month of receipt of your request.

12. Modification of the Privacy Policy

Stonly reserves the right to modify this Privacy Policy, at any time, according in particular to the legal and regulatory context and the recommendations, opinions, and decisions of the CNIL, the European Committee for Data Protection and the French and European jurisdictions.

See our Data Processing Addendum

Last update : January 2024