The Hooky service, a product of the company ToolMonsters (SIRET 93210633900017), allows its users to retrieve information on the performance of media campaigns conducted with influencers on social networks (LinkedIn, Instagram, Twitter, TikTok, YouTube). Users can download a CSV file with the results of these campaigns, including the number of likes, comments, views, shares, engagement rate, and sentiment analysis of the comments. Once the page is closed, no data is stored.
We only collect the user’s email and password for login purposes via Firebase. This information is used solely for authentication and secure access to the service. No other personal data, including those related to targeted links, is collected or stored. Data is protected according to security standards applied by Firebase and is not shared with third parties.
We use cookies to check if the user is logged in or not. These cookies do not store any personal data other than the information necessary to maintain the active session.
Users' personal data (email and password) are stored and protected via Firebase. We implement security measures to protect this information from unauthorized access.
While we strive to provide accurate data regarding campaign performance, we cannot guarantee the accuracy or completeness of the information provided. Users agree that the use of the results is at their own risk. In case of inaccuracies or errors in the provided data, our responsibility will be limited to correcting or clarifying the information as much as possible, but we will not be responsible for the consequences arising from the use of this data.
Users are fully responsible for the use of the data generated by the service. We shall not be held liable for any decisions made by users based on the provided results, including situations where the information is inaccurate, incomplete, or misinterpreted. Our responsibility is limited solely to providing campaign results, and users are encouraged to conduct their own analyses before making decisions based on this data.
Access to the service is granted for an indefinite period unless terminated by the user or by us. We reserve the right to suspend or terminate access to the service at any time without notice in the event of non-compliance with these Terms.
The service does not store any data related to campaign results once the user closes the page. All extracted information is deleted immediately after the session. However, we reserve the right to retain connection and usage logs for security purposes, such as preventing abuse or fraudulent activities, in accordance with our legal obligations.
We reserve the right to modify these Terms of Service at any time. Users will be informed of any major changes. By continuing to use the service after changes, the user agrees to the new terms.
In the event of a dispute, these Terms are governed by French law, and any disputes will be subject to the competent courts in France. For users located outside of France, by using this service, you agree that any claims or disputes will be governed by French law, regardless of the laws applicable in your country of residence.
We shall not be held liable for delays or failures in the performance of our obligations due to events of force majeure, as defined by the applicable law.
The service uses third-party services to extract campaign-related data from social networks. We are not responsible for the availability or performance of these third-party services.
Users agree not to use the service for illegal or unauthorized activities. Any misuse may result in the immediate termination of access to the service. In this context, connection and usage logs may be retained to detect and prevent such abusive use. These logs will be processed in compliance with our data protection policy.
The results provided by the service are for informational purposes only and should not be considered professional advice. We disclaim any liability regarding the use of this information.
For questions or issues related to the use of the service, users can contact us at [email protected].
We are committed to complying with the General Data Protection Regulation (GDPR) regarding the collection and processing of users’ personal data (email and password). Users are also responsible for GDPR compliance concerning the data they collect and process through our service. By using our service, users agree to comply with applicable data protection laws, ensuring that any use of the retrieved data is GDPR-compliant and that they have obtained necessary consents, if applicable.
Users of our service are responsible for the use of data extracted through campaigns conducted with influencers on social networks. They agree to use this data in accordance with the policies of the relevant social platforms (LinkedIn, Instagram, Twitter, TikTok, YouTube) and in compliance with applicable laws and regulations, including GDPR. In particular, users must ensure that any obtained information does not infringe on the rights of influencers or affected individuals.
By using our service to generate reports on campaigns involving influencers, users declare and warrant that they have obtained the explicit consent of the influencers involved for the use of their names and other personal data, in accordance with GDPR requirements. We do not collect or process influencers' personal data. The responsibility for obtaining and documenting this consent rests entirely with the users of our service.
Both Parties commit to complying with all legal and regulatory obligations related to the protection of personal data, particularly Law 78-17 of January 6, 1978, in its latest amended version, known as the "Informatique et Libertés" law, and Regulation EU 2016/679 of the European Parliament and Council of April 27, 2016, known as the "GDPR" (together referred to as the "Applicable Regulation").
For the management of the contractual relationship between the Parties, each Party processes the personal data of its contacts within the other Party as a data controller under the Applicable Regulation for the duration of this Agreement. This processing is necessary for the proper execution of this Agreement and only involves identification data (e.g., name, first name, email address, phone number) of the contacts. This data is retained for the time strictly necessary to manage the contractual relationships between the Parties.
The Parties' personnel, their auditing services (including statutory auditors), and their subcontractors may have access to the collected personal data.
This processing may lead to the exercise of rights by the contacts of the Parties under the Applicable Regulation, including the right to: (i) obtain access to and, if necessary, rectification or deletion of their data, (ii) request the erasure or restriction of the processing, (iii) object to the processing on legitimate grounds, (iv) request data portability to recover and retain their data, and (v) lodge a complaint with a competent supervisory authority.
In the course of providing the Services, the Provider may process personal data on behalf of the Client as a data processor, while the Client acts as the data controller under the Applicable Regulation. The characteristics of the processing are described in Appendix X of this Agreement.
The Provider agrees to only process personal data for the purposes listed in Appendix X and in accordance with the documented instructions of the Client, including with respect to the transfer of data outside the European Union. The Provider agrees to inform the Client if, in its opinion, an instruction violates the Applicable Regulation. The Provider reserves the right to suspend processing if an instruction, in their opinion, violates the Applicable Regulation. The Client will be promptly informed of this suspension and will have a reasonable period to modify the instruction to ensure compliance. If the Client does not modify the instruction or maintains the instruction in question, the Provider reserves the right to terminate the Agreement without notice and without incurring any charges or refunds. This suspension does not entitle the Client to any refund for the Services during the suspension period. If the Client does not modify but maintains the instruction in question, the Provider reserves the right to terminate the Agreement without notice and without charge.
Furthermore, if the Provider is required to transfer data to a third country or an international organization by applicable law, the Provider must inform the Client of this legal obligation before processing, unless the relevant law prohibits such information for important public interest reasons.
The Provider agrees to implement appropriate technical and organizational measures to ensure the security and integrity of personal data, including backup and recovery in case of a physical or technical incident. The Provider will also ensure that authorized persons processing personal data are bound by confidentiality obligations.
The Provider is authorized to engage subcontractors ("Subsequent Subcontractor(s)") listed in Appendix X of the Agreement to perform specific processing activities. In case of changes to the list of authorized Subsequent Subcontractors, the Provider will notify the Client in advance and in writing. This notice will clearly identify the processing activities to be subcontracted, the identity, and contact details of the Subsequent Subcontractor. The Client has 15 days from the date of receipt of this notice to raise any legitimate and reasoned objections. If no objections are raised within this period, the Client will be deemed to have accepted the use of the Subsequent Subcontractor. In case of persistent objections from the Client, the Parties will meet in good faith to discuss a resolution. The Provider may choose to (i) not use the Subsequent Subcontractor or (ii) take corrective measures requested by the Client regarding the objections raised and continue using the Subsequent Subcontractor. If neither option is reasonably possible, and if the Provider cannot engage another subcontractor for legitimate reasons, either Party may terminate this Agreement with 30 days' notice.
The Subsequent Subcontractor is bound by the same obligations under this Agreement and on behalf of and according to the Client’s instructions. It is the Provider's responsibility to ensure that the Subsequent Subcontractor offers sufficient guarantees regarding the implementation of appropriate technical and organizational measures in compliance with the Applicable Regulation. If the Subsequent Subcontractor fails to fulfill its data protection obligations, the Provider remains fully liable to the Client for the Subsequent Subcontractor's performance of its obligations.
The Provider is authorized to transfer personal data processed under this Agreement to countries outside the European Union, provided that appropriate safeguards are implemented, such as the Standard Contractual Clauses (SCCs) defined in Chapter V of the GDPR. The Provider agrees to comply with all obligations regarding the transfer of personal data in accordance with the GDPR.
The Provider agrees to:
At the end of the Agreement, the Provider agrees, at the Client's option, to delete the personal data or return it to the Client without keeping a copy, unless required by the Applicable Regulation. The Client has one month from the end of the Agreement to make its choice. After this period, the Provider will delete all personal data.
The Provider will make available to the Client, upon request, all necessary information and documentation to demonstrate compliance with its obligations and to facilitate audits. The Client may conduct audits once per year, at its own expense, to verify the Provider's compliance with the obligations in this section. The Client will notify the Provider of the audit at least two weeks in advance. The identity of the auditor must be mutually agreed upon by both Parties. The Provider reserves the right to refuse the auditor’s identity if they belong to a competing company. The audit must be conducted during the Provider’s business hours and in a way that minimally disrupts its activities. The audit may not compromise (i) the technical and organizational security measures deployed by the Provider, (ii) the security and confidentiality of other clients' data, and (iii) the proper operation and organization of the Provider's production. The Parties will agree on the audit scope in advance, where possible. The audit report will be sent to the Provider, allowing the Provider to provide any observations or remarks in writing, which will be attached to the final audit report. Each audit report will be treated as confidential information.
The Client authorizes the Provider to process personal data collected during the services (including connection and identification data) for the purpose of improving the Provider's services, including generating statistics on how the solution is used by users. The Provider will act as a data controller under the Applicable Regulation and agrees to comply with legal data protection requirements in this context.
The Client agrees to:
Authorized Subsequent Subcontractors | Subcontracted Processing Activities | Location of Processing | Guarantees |
---|---|---|---|
Firebase | Hosting and data storage | United States | Standard Contractual Clauses |
Apify | Campaign data processing | United States | Standard Contractual Clauses |
BrightData | Campaign data processing | United States | Standard Contractual Clauses |