Stonly is a new medium for help and how-to content; solving the universal need for businesses, publishers, teachers - everyone, really - to teach audiences and users more effectively. Stonly empowers content creators to make interactive, step-by-step guides which can be embedded anywhere. Stonly (or "we", "us", "our") strives to preserve the confidentiality and security of the personal data that it processes, i.e. any information that makes it possible to identify, directly (surname, first name, profile photo, etc.) or indirectly (IP address, etc.) a natural person (the "Personal Data"). To this end, we have put in place strict procedures and made strong commitments which are described in this document (the "Privacy Policy").
The Privacy Policy applies as soon as you voluntarily communicate your Personal Data (i.e. it applies when you communicate your Personal Data by subscribing to our newsletter, by requesting or scheduling a demo, by giving you email address to get resources or content, by submitting a support inquiry or directly emailing to Stonly for information or by creating a client account, but it also applies when Stonly collects your Personal Data to manage the platform user access, to manage the after-sale service, and to analyze statistics regarding the website) or as soon as Stonly collects it.
Stonly acts as data controller, i.e. Stonly is the entity responsible for processing your Personal Data. Information about Stonly is available on the Legal Notice.
Stonly has made protection of Personal Data and privacy one of its priorities. We have thus chosen to work towards greater transparency.
Stonly is committed to processing your Personal Data in the strict respect of the Regulations (as defined below), this Privacy Policy and, when applicable, the lawful instructions of our clients - data controllers. Thus, and pursuant to the principle of data minimization, Stonly ensures to process only Personal Data strictly necessary regarding the specified, explicit, and legitimate purposes for which they are processed. The processing will only be carried out for the time necessary to achieve these purposes and within the framework of strict security and confidentiality measures.
The regulations applicable to the processing of Personal Data cover all national and European laws and regulations in force and in particular (i) the European Data Protection Regulation 2016/679 of 27 April 2016 (the "GDPR"), (ii) the French provisions of Law No. 78-17 of January 6, 1978 as amended, (iii) the European Directive 2002/58/EC of July 12, 2002 and (iv) guidelines, opinions, recommendations, advice of the supervisory authorities, certifications, approvals and final court decisions (altogether, the "Regulations").
Stonly operates three kinds of processing of Personal Data:
5.1.1 If you are a client of Stonly or if, in general, you have a commercial relationship with us, we may collect and process Personal Data of your employees / collaborators / service providers or platform users (name, first name(s), business email address, telephone number, status within the client’s company, browsing data) for the following purposes:
Purposes | Legal basis |
Managing the platform user access | the execution of the contract entered into between Stonly and you |
Managing client relationship (contracts, invoicing, loyalty program, after-sales service/user assistance, satisfaction surveys, management of unpaid invoices, etc.) | Stonly’s compliance with its legal obligations |
Sending newsletters | Stonly’s legitimate interest regarding the continuation of the commercial relationship |
Managing requests for access, rectification and opposition rights | Stonly’s compliance with its legal obligations |
Personal Data processed for the purposes of receiving our newsletter is kept until you unsubscribe via the “unsubscribe” link included in each newsletter.
Your Personal Data is only stored by our services for the time strictly necessary, namely two (2) years from the end of the contractual relationship between Stonly and you or, as regards the data strictly necessary for Stonly to comply with its legal obligations, for the applicable statute of limitations.
The guides created by a user can be kept available even after the user account has been deleted without any further storage of Personal Data.
Stonly only communicates your Personal Data to the recipients who are located in France, the United Stated and/or in the United Kingdom and who need to have access to it to the extent necessary for the accomplishment of the tasks entrusted to them:
5.1.2 When you consult a client’s guide, Stonly may process visitors’ anonymized data on its own behalf for the following purpose:
Purposes | Legal basis |
Analytics for product improvement | Stonly’s legitimate interest regarding the proper execution of the services it provides |
Usage-based billing | The execution of the contract entered into between Stonly and the owner of the Stonly guide |
The Personal Data processed as part of the anonymization process is kept for one (1) year.
Stonly only communicates your Personal Data to the recipients who are located in the European Union and who need to have access to it to the extent necessary for the accomplishment of the tasks entrusted to them:
5.1.3 When you (or your employer) are prospects of Stonly and/or when you visit our website, you may (i) communicate your name, first name(s), email address, browsing data etc. to us in order to subscribe to our newsletter and/or request additional information about Stonly’s services (e.g. by contacting Stonly’s support, downloading materials or asking for a scheduled demonstration) or (ii) authorize Stonly to place cookies on your terminal.
Your Personal Data is processed for the following purposes:
Purposes | Legal basis |
Subscription to our newsletter and/or request additional information about Stonly’s services | Stonly’s legitimate interest of initiating a commercial relationship |
Manage your visit of our website. For more information, please refer to Section 6 below. | Your consent or; and limited to functional cookies and/or cookies required for the running of our website, Stonly’s legitimate interest of ensuring the proper performance of the website. For further details, please refer to Section 6 below. |
Managing requests for access, rectification, and opposition rights | Stonly’s compliance with its legal obligations |
Personal Data processed for the purposes of receiving our newsletter is kept until you unsubscribe via the “unsubscribe” link included in each newsletter..
Personal Data processed for the purposes of managing request for access, rectification, and opposition rights are kept for the duration required to perform the said purposes; unless a longer retention period is required to preserve evidence during the applicable statute of limitations and/or exercise rights during any proceedings, litigation or investigation.
Stonly only discloses your Personal Data to recipients who are located in the European Union and/or in the United States and/or in the United Kingdom and who need to have access to it to the extent necessary for the accomplishment of the tasks entrusted to them:
When Stonly acts as a data processor, it is on behalf and on the instructions of its clients, through several Stonly features:
Feature | Type of data processed | Purpose | Location / duration of processing |
Guide Insights | Guide browsing activity, including inputs | Provide insights about guide activity to customer | Stonly servers (France), duration of contract + 2 years |
Contact Forms | Contact form content and attachment | Forward content of contact form to customer | Stonly servers, Email provider (France), maximum 1 month |
Targeting | Targeting events and properties sent by customer | Personalise content shown to end-users using stored properties and events | Stonly servers (France), duration of contract + 2 years |
Interface Rules | Full content of the page | Personalise content shown to end-users using local properties and events | Device of the user, duration of the session |
Some of these processing activities require the use of sub-processors. We maintain a full list of sub-processors on www.trust.stonly.com/subprocessors
"Cookies" are small data files placed on your device when you browse web pages subject to the choices you have made, in order to store and receive identifiers and other browsing information.
Cookies are used on the website and any Stonly’s services to (i) facilitate your browsing, (ii) offer you personalised ads and (iii) compile visit statistics:
You may at any time set your browser to express and modify your wishes regarding cookies, in particular by refusing certain cookies.
You can also use the interface that we make available to you via the cookie banner that appears when you first connect to the website or after any deletion of your cookies.
We remind you that, by disabling targeted advertising cookies and/or statistic cookies:
The Personal Data collected via our cookies are kept for one (1) year.
We ask the recipients of your Personal Data to act in compliance with the Regulations and, in particular, to pay close attention to the confidentiality of your Personal Data.
The Personal Data collected may be processed outside the European Union by our data processors. In this case, Stonly takes the necessary steps with its data processors and partners to ensure an adequate level of protection to your Personal Data, in accordance with the Regulations. To do so, we ensure that our processors and partners (i) are located in a country ensuring an adequate level of protection, or (ii) have signed a contract with Us that includes the "standard data protection clauses" adopted by the European Commission.
You can find the adequacy decisions of the European Commission here.
If you would like further information on the “standard data protection clauses”, please see below:
To provide the highest level of security for your Personal Data, Stonly implements appropriate physical, technical and organizational measures to prevent any alteration or loss of your Personal Data.
These measures are kept up to date on www.trust.stonly.com/controls
Pursuant to the Regulations, you have the following rights regarding the processing of your Personal Data by Stonly, in its capacity as data controller:
If you wish to exercise some or all of the above rights or to receive some additional information, you can send a request to Stonly Data Protection Officer (Jean Roman), accompanied by a copy of a signed proof of your identity and any other information necessary to confirm your identity and process your request (your postal address for example):
A response will be sent to you within one (1) month of receipt of your request.
Stonly reserves the right to modify this Privacy Policy, at any time, according in particular to the legal and regulatory context and the recommendations, opinions, and decisions of the CNIL, the European Committee for Data Protection and the French and European jurisdictions.
See our Data Processing Addendum
Last update : January 2024