# Privacy Policy

_Last Update: June 2026_

This Privacy Policy describes how European Perspective processes personal data in two distinct contexts: when you visit the STAAN website, and when you access the STAAN API as a client.

## 1. Who are we?

European Perspective, a simplified joint-stock company (société par actions simplifiée), located at 42 avenue de la Porte de Clichy, 75017 Paris, acts as data controller within the meaning of Article 4.7 of the GDPR.

You can reach the DPO at: [dpo@qwant.com](mailto:dpo@qwant.com), or by post:

> Data Protection Officer\
> 42 avenue de la Porte de Clichy\
> 75017 Paris, France

## 2. What data do we collect on the STAAN website?

This section applies to any person visiting the STAAN website.

### 2.1 What data do we collect?

We collect the following categories of data:

- Data you voluntarily provide via the contact form (name, surname, company, email address, etc.).
- Technical data collected automatically when you browse the website: audience measurement cookies strictly necessary for the proper functioning of the website, used solely for statistical purposes (via Piwik Pro).
- Search queries entered via the Web Search interface: when you use the search bar on our website to test the STAAN API, your query is processed by European Perspective. We collect the search query itself and technical information about your device. This data is collected in an anonymised form.

### 2.2 Why do we collect this data?

Your data is processed for the following purposes:

- Responding to your requests submitted via the contact form. **Legal basis:** legitimate interests.
- Ensuring the proper functioning of the website and generating visit statistics. **Legal basis:** legitimate interests.
- Processing search queries entered via the Web Search interface, in order to return search results and ensure the proper functioning of the API. This data is anonymised and used for statistical and technical performance purposes. **Legal basis:** legitimate interests.
- Maintaining the website's security. **Legal basis:** legitimate interests.

### 2.3 How long do we retain your data?

- Contact form data: 2 years from the last interaction.
- Audience measurement data (Piwik Pro): 25 months.
- Anonymised search query data: 25 months.

### 2.4 What about cookies?

This website uses one audience measurement cookie provided by Piwik Pro, used solely to generate statistical data about website usage. No advertising or tracking cookies are used. You may accept or refuse this cookie via the cookie banner displayed on your first visit to the website.

## 3. What data do we collect on the STAAN API?

This section applies to clients of the STAAN API who have access to the console.

### 3.1 What data do we process?

We process your personal data in particular so that you can access the API, so that we can invoice your usage, and so we can respond to your support requests.

| Purpose of Processing | Categories of Personal Data Processed | Legal basis for processing | Retention period |
| --- | --- | --- | --- |
| **Creation and Management of Client accounts** | Name, first name, email address, phone number, Client ID, API Key | Necessary for the performance of the contract | 1 year after the deletion of the Account |
| **Customer support** | Client ID, name, first name, email address, phone number, other information shared by the Client | Necessary for the performance of the contract | 1 year after the deletion of the Account |
| **Processing of information requests via the contact form** | Name, first name, email address, other information shared by the Client | Legitimate interest | 2 years after the last interaction |
| **Billing** | Billing address, billing contact, payment method | Necessary for the performance of the contract | Legal retention period: 10 years (Article L.123-22 of the French Commercial Code) |
| **Detection of resource abuse (cookies)** | IP address, Terminal Data, signals such as “mouse movements”, “page scrolls” or “clicks” | Legitimate interest | 30 days |

### 3.2 Are API requests personal data?

European Perspective considers that requests sent to the Staan search API do not constitute personal data within the meaning of the GDPR. Staan acts as a technical intermediary: we process requests transmitted by our clients' systems and services, and return the results from our index to them in the same way that a search engine processes a search.

However, we offer you the option to enable **Zero Data Retention**, ensuring that none of your requests will be stored.

European Perspective does not collect any identifier or data allowing a request to be linked to a person or their devices.

### 3.3 What are the client's responsibilities?

The Client is solely responsible for complying with applicable data protection legislation, including displaying the privacy policy relating to requests submitted by end users through the API.

### 3.4 Who are our subprocessors?

| Sub Processor | Purpose | Duration | Countries | Transfer mechanism | Processed Data |
| --- | --- | --- | --- | --- | --- |
| **OVH FRANCE** | Infrastructure provider to host our Search API. Account provisioning and management | Duration of the Contract | France | — | Query logs, Customer account, Market Search ID |
| **Notion** | Ticket resolution / Support processing | After contract termination | US | CCT | First and last name, contact information, other data for ticket resolution |
| **Batch** | Management of Client account | Duration of the contract | France | — | ID, name, email, phone number |
| **Slack** | Internal communication | Duration of the agreement | US | SCCs | ID, name, email |
| **Piwik Pro** | Audience statistics and A/B testing | Duration of the Contract | EU | — | Browsing events (page views, outlinks), IP address (obfuscated), device type and OS (anonymized) |
| **Datadome** | Detection of resource abuse | Duration of the Contract | France | — | IP address, Terminal Data, signals such as “mouse movements”, “page scrolls” or “clicks” |

## 4. What are your rights?

In accordance with the French Data Protection Act and with the GDPR, you have the following rights regarding your personal data:

- **Right of access** — to your data in an intelligible format
- **Right to rectification** — to update inaccurate or incomplete data
- **Right to erasure** — when the data is no longer necessary for the initial purpose, when you have withdrawn consent, when the data is unlawfully processed, or when erasure is required by law
- **Right to object** — to the use of your data for direct marketing purposes or for other purposes based on legitimate interests
- **Right to data portability** — to request that your data be provided in a structured, commonly used, machine-readable, and interoperable format
- **Right to withdraw consent** — where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out prior to withdrawal

To exercise any of these rights, contact the DPO:

- By email: [dpo@qwant.com](mailto:dpo@qwant.com)
- By post: Délégué à la Protection des Données, 42 avenue de la Porte de Clichy, 75017 Paris

You also have the right to submit a complaint to the data protection authority in your country (in France: CNIL — [www.cnil.fr](http://www.cnil.fr)).

## 5. Can this policy be updated?

We may update this policy from time to time. Any changes will be posted on this page. _Last updated: June 2026._