GDPR Notice

Scalivy is committed to complying with Regulation (EU) 2016/679 (GDPR). This notice supplements our Privacy Policy with specific information required by the GDPR.

Data Controller

Scalivy
Address: [À REMPLIR]
Email: contact@scalivy.com

Legal Bases for Processing

• Contract performance (Art. 6.1.b): account management, service delivery
• Legitimate interest (Art. 6.1.f): platform security, fraud prevention, service improvement
• Consent (Art. 6.1.a): optional marketing communications, non-essential cookies
• Legal obligation (Art. 6.1.c): retention of accounting and legal documents

Data Transfers Outside the EU

Some of our service providers are based outside the European Union (notably Vercel, based in the United States). These transfers are covered by Standard Contractual Clauses (SCCs) adopted by the European Commission, providing an adequate level of protection.

Your Rights (Arts. 15–22 GDPR)

• Right of access (Art. 15): obtain a copy of your personal data
• Right to rectification (Art. 16): correct inaccurate data
• Right to erasure (Art. 17): request deletion of your data
• Right to restriction (Art. 18): limit processing in certain cases
• Right to data portability (Art. 20): receive your data in a structured format
• Right to object (Art. 21): object to processing based on legitimate interest
• Right to withdraw consent (Art. 7): at any time, without affecting prior processing

To exercise your rights: contact@scalivy.com. We will respond within 30 days.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. In France, this is the CNIL: cnil.fr.

Data Security

Scalivy implements appropriate technical and organizational measures to protect your personal data: data encryption in transit (TLS), hashed passwords (bcrypt), row-level security (multi-tenant isolation), and restricted access audit logs.