Your Data Privacy
Privacy Notice for AlphaLens
Deckmatch, Inc. DBA AlphaLens ("AlphaLens," "we," "us," or "our") will, as part of our business, process personal data.
We are committed to processing personal data in a safe, reassuring and trustworthy manner. Our processing as the controller of personal data is based on our activities and the purpose of our business. Information about the personal data we process about you, the legal basis for the processing, the purpose of the processing, how long we process the personal data, and related matters is included below.
For residents of California, please refer to our Privacy Notice for California Residents.
If you have questions about processing your personal data, please contact us at the contact details provided below.
1. Responsible for the Processing of Personal Data
AlphaLens is responsible for processing personal data described here, meaning we decide why and how the personal data is processed (the data controller). We may also process personal data in other ways mentioned below, but we will inform you of any personal data processing that applies in other ways than through this notice.
Our processing as a data controller of personal data is based on the business we run and the purpose of our business, namely providing the AlphaLens competitive intelligence platform and other related activities. See more below about the purpose of processing individual personal data.
We also act as a data processor on behalf of our customers when providing certain services, including processing pitch decks, custom research questions, and CRM integrations. See Section 4 below for more information about our role as a data processor.
Contact details for us as data controller:
Entity name: Deckmatch, Inc. DBA AlphaLens
Email: contact@alphalens.ai
2. Why and What Kind of Personal Data Do We Collect and Use
We collect and use your personal data for different purposes depending on who you are and how we get in touch with you.
All processing of personal data will be in accordance with this Privacy Notice, the privacy regulation in force at any given time, including local privacy regulation and the General Data Protection Regulation (GDPR).
You will find information on the personal data we process about you, the purpose and the legal basis of the processing, how long we process the personal data, and related matters in this section.
"Personal data" is any information related to a natural person, such as you.
"Processing" means anything that is done with personal data, such as collection, registration, organisation, structuring, storage, adaptation or change, retrieval, consultation, use, disclosure by transfer, dissemination, or any other form of making available, compilation or alignment, limitation, deletion or destruction.
If we are a data processor, meaning we process personal data on behalf of others (who are the data controller), such as our customers, you may request information about the processing from the data controller. You can still contact us about the processing of your personal data, and we will refer you to the data controller. See Section 4 below about our role as a data processor.
2.1 Communication and Contact
We process personal data about those who contact us to answer and document the communication, as well as contact others not covered by the processing elsewhere in this Privacy Notice. This applies to all forms of communication, physical and digital, written and oral.
In such cases, we process the name, telephone number, email address and any personal data that may result from the communication, including history and logs about the inquiry.
The processing is based on our necessary legitimate interest in processing related to the above (see GDPR Article 6 (1) f). Our legitimate interest is to have contact with others as part of our business and in documenting our business, as well as replying to those who contact us and registering such contact. We have assessed that this is necessary for us to handle inquiries we receive, and that the data subjects' privacy does not override these interests.
It is voluntary to provide us with personal data, but it will be necessary to provide us with the information to answer inquiries.
We process the personal data until we expect that there will be no further follow-up of the contact, typically for two years.
2.2 Email and Other Business Solutions
We use email as a communication solution and other business solutions, such as document storage and cooperation solutions, that will contain personal data. The processing is based on our necessary legitimate interest in processing personal data via email (see GDPR Article 6 (1) f) in order to have a work tool and communication solution, and that the data subjects' privacy does not override these interests. Personal data processing depends on the purpose of the email and what is included in it. Emails and other information are deleted when they are no longer needed, and we have measures in place to ensure regular deletion.
2.3 Services
We collect and process personal data regarding the provision of our service, AlphaLens. AlphaLens is a competitive intelligence platform that provides semantic search across products and companies, enabling users to conduct market research, competitive analysis, and related activities.
Access to AlphaLens is provided through subscription agreements with our customers. In such processing, we collect and process the following personal data:
- Contact information on the users of our customers who are in contact with us and who are using the service, including name, work email address, company information, and account credentials.
- User activity and queries within the platform, including search queries, natural language research questions, product lookups, saved searches, and API usage logs.
- Technical logs, security logging on the website and in connection with services for security reasons, the development of the service, and statistics, including IP addresses, device information, browser type, and access times.
The above data is processed with the customer as controller and based on the controllers' purpose for processing and legal basis for processing, typically GDPR Article 6 (1) f if the customer has a legitimate interest in the processing and considers that its interest overrides the data subject's privacy, or GDPR Article 6 (1) b where the processing is necessary for the performance of a contract.
We will also process personal data related to technical logs and security logging in connection with services for security reasons, the development of the service, and statistics. As we decide the purpose of the processing (to provide and secure the service) and the means of the processing (the security measures to impose), we are the controller of such personal data. The processing is based on our duty to comply with the privacy regulations to secure personal data, see GDPR Article 6 (1) c, cf. Article 32, and our duty to secure your personal data according to the agreement with the customer.
2.4 Data Processor Services
In addition to our role as data controller, we also act as a data processor on behalf of our customers for certain services. When providing these data processor services, our customers are the data controllers and we process personal data according to their instructions and purposes.
Our data processor services include processing pitch decks and related documents that customers upload to our platform, where we may extract, analyse, store, and enrich information contained within such documents. We also process custom research questions and inquiries submitted by customers, which may contain personal data related to individuals at companies being researched.
We integrate with our customers' customer relationship management systems and other business tools, processing personal data as necessary to provide these integration services. Any personal data contained in decks, questions, or CRM data is processed solely on behalf of and according to the instructions of our customers.
For data processor services, we have entered into data processing agreements with our customers to regulate our processing of personal data on their behalf. If you wish to exercise your rights regarding personal data processed through these services, you should contact the relevant customer who is the data controller. See Section 4 below for more information.
2.5 Third-Party Data Enrichment
As part of our service, we collect data from other sources to be matched with data provided by customers or to provide enriched competitive intelligence. Such data includes information from the internet and publicly available sources, such as company websites, LinkedIn, product databases, and other public records. This data is connected to information in our platform, stored, and provided in output and reports to customers.
The processing is based on our necessary legitimate interest (GDPR Article 6 (1) f) in providing comprehensive competitive intelligence services, and we consider that this interest is not overridden by the data subjects' privacy, particularly as we process only publicly available business information.
2.6 Communications and Information on Services
We may send you information on the services you or your organisation have purchased or are using, such as technical conditions, upgrades, new functionality, and other service-related updates. This includes emails that may be automatically generated by our services. This information is part of the services we provide and may be important to you or your organisation.
The information will be provided regardless of whether you have consented, as it is our necessary and legitimate interest to inform our customers of the services they are purchasing (see GDPR Article 6 (1) f). The purpose of the processing is to keep you updated about the services. Consequently, you may not be able to unsubscribe from service-related information.
We only process personal data that allows us to send information, such as your email address and your telephone number. The email address and your telephone number are not used for anything other than sending out the information or contacting you, and we will not share, transfer or provide the information with anyone else except as described in this notice. The personal data is processed as long as you use our services.
2.7 Newsletter and Marketing
If you request information or sign up for our newsletters, we may send you information about our products and services, partner products, newsletters and other information and marketing. As a consequence, we will process your name and email address.
The processing of personal data is based on your consent (GDPR Article 6 (1) a) where the information is considered marketing. For information on service-related communications, please see above. You can withdraw your consent at any time by using the link in the newsletter or contacting us to stop receiving newsletters.
The processing of the personal data takes place until you have received the requested information, have withdrawn your consent, or if you object to receiving such information. Your personal data will then be deleted from our marketing lists.
2.8 Business Customers, Suppliers, Partners, and Prospects
We process personal data about contact persons of existing and potential business customers, suppliers, and other partners to manage our relationship with them, prepare, implement, and document services, and evaluate the use of services. In these cases, we will process names, contact information, company names, job titles, and information related to the contact with the company in which the person in question works.
The processing of personal data is based on our necessary legitimate interest (GDPR Article 6 (1) f) in managing the relationship with our customers, partners and suppliers, and we consider that our interest is not overridden by the data subject's privacy.
We also store and disclose information where we have a legal obligation to do so, for example, under accounting and tax legislation. We may store information for as long as we believe it may be necessary to document matters relating to services. In many cases, it will be necessary for us to obtain personal data to enter into agreements with customers and suppliers, among other things, to document that an agreement has been entered into. If we do not receive the information we need, we will not be able to enter into agreements.
It is voluntary for contact persons to provide us with personal data. If we collect personal data from others, it will mainly apply to contact information (including name, address, telephone number and email address), position, function, employer, and any competence and references where relevant. The source for such information will be the contact person, employer, publicly available sources, or other legitimate means.
We store the personal data until the relationship with the customer, supplier, or partner ceases or until the contact person is no longer the contact person, with the exceptions mentioned above.
2.9 Recruitment
When recruiting for new positions with us, we process CVs, applications, certificates and references. Processing of personal data takes place on the basis of consent that you have given if processing takes place through a recruitment solution, or on the basis that it is necessary and within our legitimate interest to recruit new employees.
The basis for processing personal data when recruiting is that the processing is necessary to make assessments of possible job seekers prior to entering into a possible employment agreement (GDPR Article 6 (1) b). If assessments are made in this regard, such as contacting persons who are not listed as a reference or examining backgrounds, personal data is processed on the basis of our necessary legitimate interest in ensuring that we find the correct candidate for the position (GDPR Article 6 (1) f).
For the latter, we have considered that the individual data subject's privacy does not override our legitimate interest in recruiting new employees. We recommend you not enter special categories of personal data, such as health, religion, political opinion, union membership, or similar information in your application.
Information in the recruitment process is deleted as soon as the recruitment is completed if you have not agreed to further storage.
2.10 Social Media
We have contact with stakeholders and others through social media. Among other things, we have established a LinkedIn page, where we are responsible for processing personal data in connection with LinkedIn. Personal data will be processed through our LinkedIn page if you publish posts on the page, comment on posts, or like or follow the page. Our purpose for processing personal data through LinkedIn is to have contact with you who wish to communicate with us or interact on our LinkedIn page in other ways.
In this context, your name and link to other information that you have posted on LinkedIn associated with your name or account on LinkedIn are processed. In addition, everything you share through posts and comments on our LinkedIn page and the fact that you have liked or followed our page is processed. What you share on our LinkedIn page is up to you and voluntary.
We ask you not to share personal information in posts or comments on our page, and especially not to share personal information about others, for example by tagging or mentioning people.
We process personal data on social media because we believe we have a legitimate interest in communicating with the outside world through social media and want to process personal data in this context (GDPR Article 6 (1) f). We have considered it so that this is necessary for us to communicate with the outside world and handle inquiries we receive and that the data subject's privacy does not come before these interests.
The data will be processed as long as postings and comments are available on social media, and you can delete this at any time.
2.11 Use of Websites, Cookies and Similar Technologies
We will use cookies or similar technology to collect information when you visit or interact with our website. We use the information collected to improve the customer experience on websites and services, to adapt and develop the website, and to offer functionality in the services. We also use the information to provide visitors with recommendations and service adjustments that are as relevant to you as possible. This will both be given on the basis of visitors' behaviour, such as services used, links clicked on, or information read, and on the basis of the behaviour of other users with similar usage patterns.
The information collected will be your IP address, the type of browser you use, your internet provider, operating system, date and time of website visits and services, and similar technical information. The information is stored in your browser's internal memory or related to a series of numbers or digits that can identify your browser or device that uses the website (referred to as cookies below for simplicity). The information will then be related to other information collected.
You have the ability to prevent us from placing cookies in your browser. Many browsers or devices are set to accept cookies automatically, but you can choose to change the settings yourself so that the cookies are not accepted. The disadvantage of disabling cookies in your browser is that the web pages will not work optimally. The reason is that the purpose of most cookies we use is to provide functionality on the services.
Personal data is also used to improve our websites, compile statistics and understand the use of the pages. As far as practicable, we try to do this with anonymous information without knowing that the information is specifically related to the individual visitor.
We will process the personal data mentioned above on the basis of your consent (GDPR Article 6 (1) a) for non-essential cookies. The information will be processed until you withdraw your consent, which may be done by adjusting your cookie preferences or contacting us at the contact information above.
We process the personal data mentioned above on the basis of our necessary legitimate interest (GDPR Article 6 (1) f) for essential cookies necessary to provide website functionality, and we consider that this interest is not overridden by the data subject's privacy. However, we safeguard the privacy of visitors to the website by only using the information for statistics where individuals are not identified. The information will be processed for as long as it is necessary for the purposes mentioned above.
The cookies and similar technologies we use are listed at the end of this Privacy Notice.
3. Retention and Deletion of Personal Data
We keep and store personal data for as long as is necessary for the purpose for which the personal data was collected, and we delete the data under requirements in regulations. For how long we process individual types of data is included above under the specification of the different processes.
Instead of deleting the personal data, it may be relevant to anonymise the personal data in some cases. By anonymisation, all data that may identify or potentially identify data subjects (individual persons) are removed from data sets.
This means, for example, that personal data that we process based on your consent will be deleted if you withdraw your consent. Personal data that we process in connection with subscription agreements you have with us is deleted when the agreement is terminated and all obligations arising from the contractual relationship are fulfilled, such as legal obligations related to accounting and follow-up of customer-related matters. We retain certain data for a period following the end of the subscription for legal compliance purposes, typically five years. Personal data related to our fulfilment of legal obligations is deleted as soon as the legal obligations have been fulfilled, such as the obligation to keep accounts.
4. Processing Personal Data as Part of Services
Customers who use our services are data controllers for certain personal data processed by use of the services and are responsible for the processing of that personal data when using the services. This includes personal data contained in pitch decks, custom research questions, and CRM data that customers provide to us or instruct us to access. We will then process personal data on behalf of the customer and are the data processor. A data processing agreement has been entered into between our customers and us to regulate our processing of personal data on behalf of the customers.
As it is our customers that are then responsible for the processing (data controller), you must contact our customer to enforce your rights regarding such data. See Section 8 below for more information about your rights.
The information in this privacy notice will also apply to our processing of personal data about our customers' data subjects with regard to the disclosure and transfer of personal data and security and technical matters. For deletion of personal data processed as a data processor, it depends on when our customer chooses to delete the information or instructs us to delete it. We will never use information from our services processed as a data processor without this being instructed or approved by our customers.
We send out emails to contact persons at users of our services and our customers to provide information about the services, such as technical conditions, upgrades, new functionality, and similar matters, in addition to emails that are automatically generated by our services.
5. Disclosure or Transfer of Personal Data
We do not disclose or transfer personal data to others in cases other than those mentioned in this notice and unless there is a legal basis for such disclosure or transfer. Examples of such a basis will typically be an agreement with or consent from the data subject or a legal basis that requires us to publish the information. The latter applies to obligations such as tax reporting (if necessary), accountant or auditor requirements, as well as others that we need in our business such as banking services.
We use data processors to process personal data on our behalf. In such cases, we have entered into data processing agreements with the data processors to safeguard your rights and security for your personal data at all stages of the processing. Our subprocessors include cloud hosting providers, payment processors, and customer relationship management tools.
If it is required by law or there is a suspicion that a crime has been committed in connection with the use of our services, personal data may be disclosed to public authorities.
If personal data may be subject to transfer to another organisation in connection with a merger, financing, reorganisation or dissolution transaction of all or part of our business, we will only do so if the parties involved have entered into an agreement where the collection, use and sharing of personal data is limited to the purposes of the transaction, including a provision as to whether or not the transaction will proceed, and the personal data shall only be used by the parties involved to complete the transaction. If another company buys our business or assets, this company will have access to the personal data collected by us and will assume the rights and obligations regarding your personal data as described in this privacy notice.
6. Transfer of Personal Data to Recipients in Countries Outside the EEA
It is our objective that all processing of personal data shall be carried out within the EEA, but it may be that we use suppliers or process personal data outside the EEA. In such cases, transfer and processing outside the EEA will take place in countries approved by the EU Commission as providing adequate protection or under a valid legal basis for the transfer of personal data under GDPR Chapter V. If transfer to countries approved by the EU Commission does not take place, the transfer will only take place after guarantees set out in Article 46 (2) of the GDPR, such as Standard Contractual Clauses. You can get information on the lawful basis used for the transfer if you contact us.
7. Security of Processing
We prioritise the security of personal data in our business and will implement all required technical and organisational measures to secure your personal data. All processing will, where possible, be encrypted and not available to anyone other than those who need personal data for performing their tasks (the "need-to-know" principle).
We ensure that the personal data is correct, accessible and handled according to the degree of sensitivity of the information. We also use a variety of security technologies and information security procedures to protect your personal data from unauthorised access, use or disclosure. Where necessary, risk assessments are carried out.
We have entered into data processor agreements with all our suppliers who process personal data, where they assume the same degree of security as we ensure in our processing of personal data.
We restrict access to personal data to the staff or third parties who process the personal data on our behalf. These parties are subject to a duty of confidentiality.
Routines have been established for handling breaches of information security, and we will, if there are breaches that pose a risk to personal data, notify the supervisory authority as soon as possible and no later than 72 hours after the breach is discovered. If the breach entails a high probability of risk to the privacy of the data subjects affected by the breach, they will also be notified. If the breach comprises personal data where we are data processor, the data controller (such as our customers) will be responsible for giving notification on the breach, and we will assist them in doing so.
8. Your Rights When We Process Personal Data About You
You will find a description of your rights when we process personal data about you below. To exercise your rights, you must contact us using the contact information above, or otherwise as described below.
We strive to respond to your inquiry as soon as possible and no later than 30 days. If it takes longer than 30 days, you will be notified.
In some cases, we will request you to confirm your identity or provide additional information before you can exercise your rights to make sure that we only give access to your personal data to you and not someone who pretends to be you.
Your rights set forth below apply where we are responsible for the processing. If we are a data processor for our customers, and you use services from one of our customers or your data is processed through services provided to our customers, the customer is responsible for the processing of personal data (data controller). You must then contact the party from whom you receive the services or whose services resulted in the processing of your data in order to exercise your rights related to the processing of your personal data. Your rights will then essentially be as described below.
8.1 Information
You have the right to get information about the personal data we process about you. Through this policy, you get information on the processing of personal data. You can also contact us if you want more information.
8.2 Access to Your Personal Data
You have the right to request access to the personal data we process about you. Contact us if you want such access.
8.3 Correction and Deletion
You can also ask us to correct any personal data or ask us to delete personal data. We will as far as possible accommodate a request to delete personal data, but we cannot do this if the data is necessary for us to retain for legal or contractual reasons.
8.4 Processing Based on Your Consent
If we process personal data based on your consent, you can withdraw the consent at any time. The easiest way to withdraw your consent is as informed to you when you give your consent or to contact us.
8.5 Right to Object or Restrict the Processing
You have the right to have your processing restricted or stopped in certain cases, see further in Article 21 of the GDPR.
8.6 The Right to Data Portability
For personal data that you have provided to us, which is necessary to carry out an agreement with us, and which is processed automatically (meaning not manually by us), you can request that the personal data be disclosed or transferred to another provider in a structured, commonly used and machine-readable format (data portability).
8.7 Automated Processing, Including Profiling
There will be no automated processing, including profiling, based on your personal data that may have legal effects or that significantly affect those to whom personal data applies. See GDPR Article 22 no. 1 and 4.
9. Complaints
If you suspect that our processing of personal data is not in accordance with what we have described here or that we in other ways violate the privacy legislation, you can file a complaint with the relevant supervisory authority. However, we ask you to contact us first to address the matter as soon as possible.
For residents of California, you may file a complaint with the California Attorney General's office. For residents of other U.S. states, please refer to your state's relevant data protection authority or Attorney General. For residents of the European Union or United Kingdom, you may contact your local Data Protection Authority.
You will find information about your rights and how to contact the relevant supervisory authority on their respective websites.
10. Changes
Should there be a change in our services or changes in the regulations on the processing of personal data, it may cause the information in this notice to be updated. We will post any changes on alphalens.ai/privacy, and significant changes will take effect upon posting.
Attachment: Cookies and Similar Technologies Used
We use the following cookies or similar technology on our website:
- Sentry.io
- Posthog (Website analytics and usage statistics)