lemlist Privacy Policy


lemlist Privacy Policy

as of June 7th, 2023

Privacy and security are of utmost importance to lemlist (hereinafter known as “lempire”, “Provider,” “us”,“we”, “the App” or “the Site”) and we strive to ensure that our technical and organizationalmeasures in place respect your data protection rights.

This Privacy Policy describes how we manage, process and store personal data submitted in the context ofproviding our services. “Personal data” refers to any informationrelating to an identifiable individual or his or her personal identity.

It appliesto the processing of personal data carried out on lemlist.com and completes the legal notice and the General Conditions of Use that canbe consulted by users at the following address.


We use the personal datasubmitted to us only in accordance with Regulation (EU) 2016/679 of 27 April2016 on the protection of natural persons with regard to the processing ofpersonal data and on the free movement of such data (the "GDPR")and the French Data Protection Act of 6 January 1978 (referred together as the“Applicable Regulation”).

The data controller

Whenbrowsing our Website, or for the customer relationship management, the datacontroller is lempire SAS, a company registered under France law number 823 475082 with the Paris Trade & Companies Register and having its registeredoffice at 128 rue La Boétie, 75008 Paris, France (“We” or “Us”).

However,when we provide our services to our clients, we process personal data on theirbehalf and for their own purposes. Our clients act therefore as datacontrollers in accordance with Article 4 of GDPR while we act as data processor.

If you have any question, please contact our Data Protection Officer: privacy@lempire.com.

Personal Data Collected

When you subscribe to our services, the following data is collected and managed : First name, last name, email, phone number, Intra-community VAT number (whenapplicable), mailing address, country, IP address(es) and domain name, login,password.
By using our services, the followingdata is collected and managed : log-in data and browsing data when youauthorize it, order history, complaints, incidents, information onsubscriptions and messages on our site.
Some data is collected automatically by reason of your activity on the site(see paragraph on cookies below).
The data submitted should not include any sensitive personal data, such asgovernment identifiers (i.e. social security, driving licence, or taxpayer identification numbers), complete credit card or complete personal bank cardnumbers, medical records or particulars connected with applications for care ortreatment associated with private individuals.


Your personal data is processed to meet one or several of the followingpurposes. Each purpose is associated with a legal basis, the list of which canbe found below.

Based on our legitimate interest of offering you a safe, optimum, efficient, and personalized experience, we carry out processing operations for the following purposes :

  • To solve any problems and improve the use of our sites and services.
  • To personalize, assess, and improve our services, content, and materials.
  • To analyze the volume and history of your use of our services.
  • To inform you about our services as well as our partners’ services and/or promotional offers.
  • To sign up to our newsletters, use case studies and marketing material.

On the performance basis of a contract to which you are a party, we carry out processing operations for the following purposes:

  • To provice our services.
  • To facilitate performance, including verifications relating to you.

On the bases of your consent, we carry outprocessing operations for the following purposes:

  • To use cookies, as described in our cookies policy.

Based on the compliance with our legal andregulatory obligations, we carry out processing for the following purposes:

  • To prevent, detect and investigate any activities that are potentially prohibited, unlawful, contrary to good practices and to ensure compliance with our terms of use and sending policy.
  • To answer to exercise of rights.


Personal data relating to you collected on ourwebsite are destined for lemlist’s own use and may be forwarded to lemlist’spartner companies so that we may obtain assistance and support in the contextof carrying out our services.
lemlist ensures that it has in place clear dataprotection requirements for all its third-party providers.
We do not sell or rent your personal data tothird parties for marketing purposes whatsoever.
In addition, lemlist does not disclose yourpersonal data to third parties, except if:

  • you (or your accountadministrator acting on your behalf) requests or authorized disclosure thereof.
  • the disclosure is required toprocess transactions or supply services which you have requested (i.e. to checkyou are employing best practices in your mailings or for the purposes ofprocessing an acquisition card with credit-card issuing companies) ;
  • lemlist is compelled to do soby a government authority or a regulatory body, in the case of a court order, asummons to appear in court or any other similar requisition from a governmentor the judiciary, or to establish or defend a legal application ;
  • or the third party is asubcontractor or sub-processor of lemlist in the carrying out of services(lemlist uses the services of an Internet provider, a telecommunicationscompany, a host provider, CRM tools, customer support client tools, invoicestools, payment tools, analytics tools).


Your personal data is kept for the periods set out below :

  • Personal data collected for the execution of the     services as well as information about how and when you use the services: The time     needed to provide to you our services, and in no event no longer than 3     years after closing your account (unless otherwise required by law).
  • Personal data collected in order to send     newsletters, requests and direct marketing: 3 years from data collection or last active contact with the prospect.
  • Personal data collected for evidentiary purposes: Duration of the statutory limitation period (generally 5 years).
  • Personal data collected as part of your data subject’s rights: If we ask you for proof of identity, we only retain it for the time necessary to verify your identity. Once the verification has been carried out, the proof is deleted.

If you exercise your right to object to direct marketing: we keep this information for 3 years. The information allowing the management of your requests to exercise your rights under the GDPR will be kept for 3 years from the date of the request.


The host serverson which lemlist processes and stores its databases are located exclusivelywithin the European Union.

Regarding thetools we use (see article “Third party disclosures” on recipients of thecollected data, concerning our processors), your personal data could betransferred outside the European Union. The transfer of your data within thisframework is secured by the following safeguards:

  • These data are transferred to a country which has     been deemed to offer an adequate level of protection by the European Commission.
  • Or we have concluded with our processors a     specific contract governing the transfer of your data outside the European     Union, based on the standard contractual clauses approved by the European     Commission between a data controller and a processor.


Within the framework of its services, lemlistattributes the very highest importance to the security and integrity of itscustomers’ personal data.

Thus and in accordance with the GDPR, lemlistundertakes to take all pertinent precautions in order to preserve the securityof the data and, in particular, to protect them against any accidental orunlawful destruction, accidental loss, corruption, unauthorized circulation oraccess, as well as against any other form of unlawful processing or disclosureto unauthorized persons.

To this end, lemlist implements industry standard security measures toprotect personal data from unauthorized disclosure. Using industry recommendedmethods of encoding, lemlist takes the measures necessary to protectinformation connected with payments and credit cards.

Moreover, in order to avoid in particular all unauthorized access, toguarantee accuracy and the proper use of the data, lemlist has put theappropriate electronic, physical and managerial procedures in place with a viewto safeguarding and preserving the data gathered through its services.

Notwithstanding this, there is no absolutesafety from piracy or hackers. That is why in the event a breach of securitywere to affect you, lemlist undertakes to inform you thereof without unduedelay and to use its best efforts to take all possible measures to neutralizethe intrusion and minimize the impacts. Should you suffer any loss by reason ofthe exploitation by a third party of a security breach, lemlist undertakes toprovide you with every assistance necessary so you are able to assert yourrights. Moreover if, by some exceptional case, the direct loss incurred arosedue to fault or gross negligence by lemlist, you will be able to seekcompensation within the limit of liability referred to in our Terms ofUse.

You should keep in mind that any user, customer,or hacker who discovers and takes advantage of a breach in security renders himor herself liable to criminal prosecution and that lemlist will take allmeasures, including filing a complaint and/or bringing court action, topreserve the data and the rights of its users and of itself and to limit theimpacts.


In accordance with the French Data ProtectionLaws and the European General Data Protection Regulation 2016/679 (GDPR) you haveseveral rights related to the collection of your personal data:

  • Right to be informed: This is precisely why we have drafted this privacy policy.
  • Right of access: You have the right to access all your personal data at any time.
  • Right to rectification: You have the right to rectify your inaccurate, incomplete or obsolete personal data at any time.
  • Right to restriction of processing: You have the right to restrict the processing of your personal data in certain cases stated in art.18 of the GDPR.
  • Right to erasure (‘right to be forgotten’): You have the right to demand that your personal data be deleted and to prohibit any future collection.
  • Right to file a complaint to a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a breach of applicable regulations.
  • Right to define instructions related to the retention, deletion and communication of your personal data after your death.
  • Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR provides that you may withdraw your consent at any time. Such withdrawal will not affect the lawfulness of the processing carried out     before the withdrawal.
  • Right to data portability: You have the right to receive the personal data you have provided us in a standard machine-readable format and to require their transfer to the recipient of your choice.
  • Right to object: You have the right to object to the processing of your personal data. Please note however that we may continue to process your personal data despite this opposition for legitimate reasons or for     the defence of legal claims.

How to exercice your rights :

You can exercise these rights by sending us asupport ticket directly on the support chat (either on the website or on theapp) or, by sending an email at privacy@lemlist.com. Your requests will beprocessed within 30 days. We may require that your request be accompanied by aphotocopy of proof of identity or authority.
You are also able at any time to modify personaldata by logging into your account and navigating to “User Settings”.

Right to refer to the supervisory authority :

If you believe, after having contacted us, thatyour rights on your data are not respected, you can address a complaint to thecompetent Supervisory authority of your country of residence.

In France, where our head office is located, thecontrol authority is the CNIL.

Newsletters and marketing emails :

For those of you that have expressly opted in toreceive our lemlist newsletters, you are easily able to unsubscribe byfollowing the “unsubscribe” links included in every email sent.

Testimonials :

lemlist publishes a list of Customers & Testimonials on its sites with information on our customers’ names and jobtitles. lemlist undertakes to obtain the authorizationof every customer before publishing any testimonial on its websites. If you wish to be removed from this list, youcan send us an email to privacy@lemlist.com and we will deleteyour information promptly.

Third party data :

In the context of using our services, namelycreating emailing campaigns and contact lists, lemlist has access to theinformation contained in the email contact lists you create in your account, aswell as the subject and content of the emails that you send out via ourservices. This data is stored on secure servers and only alimited number of people are authorized to access your contact lists, inparticular for the purpose of providing support services. You are easily able to recover your contactlists from your lemlist account at any time, by clicking on the “export”button. You may also modify and or delete contacts at any time from youraccount. In no case does lemlist sell, share or rent outyour contact lists to third parties, nor does it use them for any purposesother than those set forth in this policy. We will use the information fromyour contact lists only for legal requirements, to invoice and collectsummaries for our own statistics and for the purposes of providing you withcustomer support services. As creator of the contact lists and associatedemail campaigns, you are considered the data controller within the meaning ofthe GDPR, and lemlist is acting only as a data processor. In thiscapacity, you are responsible in particular for:

  • complying with all current regulations in force, including the data protection laws,
  • making all the declarations necessary to the relative data protection authority,
  • obtaining the explicit consent of the persons concerned when collecting their personal data,
  • ensuring your authority to use the personal data collected in accordance with the defined end purposes and refraining from any unauthorized use.

If a recipient of your emails sent via ourservices requests us to modify or delete his/her personal data, we will honorthat request after proper verification and will inform you of it.


lemlist reserves the right to update this Privacy Policy at any time, inparticular pursuant to any changes made to the laws and regulations in force.

Any modifications made will be notified to you via our website or by email,to the extent possible, thirty (30) days at least before any changes come intoforce. We would recommend that you check these rules from time to time to stayinformed of our procedures and rules relating to your personal information.


If you have questions, you can email at Data Protection Officer directlyat: privacy@lemlist.com or by mail to:

lempire SAS, Attn: Data Protection Officer / Legal Department, 128rue La Boétie, 75008 Paris, France.


1. What is a Cookie?

‍When browsing our sites, cookies, pixels, tags and other trackers (hereafter referred to as “Cookies”) are installed on your computer. A cookie is a small file, often encrypted, that is stored in your browser or device and is identified by a name. It is installed when you visit a site or application. Each time you return to the said site or application, the Cookie is retrieved from your browser or device. This ensures that each time you visit the site or application, the browser is recognized. The installation of these Cookies is likely to enable us to access your browsing data and/or personal data concerning you.

2. Cookies Identification

Technical and functional Cookies

Technical and functional Cookies are necessary for the proper functioning of the Site and to provide you with our services. They are used throughout your navigation, in order to facilitate it and to carry out certain functions. For example, a technical Cookie may be used to store your responses to a form or your preferences regarding the language or layout of the Site, where such options are available.

We use the following technical and functional Cookies:


Advertising Cookies

Advertising Cookies may be created not only by our sites but also by other websites and applications that serve ads, announcements, widgets or other elements displayed on the page.
These Cookies can be used, among other things, to personalize and measure the effectiveness of advertising or to carry out targeted advertising.

We use the following Advertising Cookies:


Analytical Cookies

These Cookies allow us to measure the number of visits, page views and user activity. If necessary, they may collect your IP address to know the city from which you are connecting. Analytical Cookies allow us to generate statistics on the use and navigation of our Site in order to improve our performances. The Cookies used also allow us to identify navigation problems and eventually to solve them.

We use the following Analytical Cookies:


3. Your Cookies preferences

Cookies that can be installed without consent

Some cookies do not require your consent, such as:

  • Technical or functional Cookies that are necessary for the operation of the site;
  • Certain Cookies for audience measurement or Cookies that enable testing different versions of the site for the purpose of optimizing editorial choices.

Acceptance or refusal of Cookies subject to your express consent

All other Cookies require your consent. These include Advertising Cookies, Social Networking Cookies, Content Personalization Cookies and some Audience Analysis Cookies. You may freely choose to accept or decline the use of these Cookies.

You can accept or refuse these Cookies the first time you browse the Site.

Your choices to accept or refuse these Cookies will be retained for a period of six (6) months.

You are free to withdraw your consent and more generally to change your preferences at any time via the link "Manage cookies" at the bottom of each page.

Your browser settings

It is also possible to set your browser to accept or reject certain Cookies.

Cookie’s name
Cookie’s function
Shelf life
Used by Intercom (Support) to identify users
9 months
Used by Intercom (Support), to identify user sessions
1 week
To store cookie consent preferences
Used by Cloudfare to route user traffic for this site
3 months
Cookie’s name
Cookie’s function
Shelf life
Used by Poptin to identify old user
Used by Poptin to identity user sessions
Used by Poptin to identify user sessions for Poptin display settings
30 minutes
Used by Poptin to anonymously track visitors to display popups with better accuracy
1 day
Used by Poptin to save user IP address
1 year
Used by Poptin to provide a unique visitor ID
1 year
Used by Poptin to save user country code
1 year
Used by Poptin as original referrer
2 minutes
Used by Facebook to deliver a series of advertisement products
3 months
Used by Google Adsense to store and track conversions
3 months
Used by GooUsed by Google Adsense to uniquely track individual AdWords clicksgle Adsense to store and track conversions
Cookie’s name
Cookie’s function
Shelf life
Used by Google Analytics to count pageviews
1 day
Used by Google Analytics to register a unique ID that is used to generate statistical data on how the visitor uses the website
2 years
Used by Segment to store last visit
1 year
Used by Poptin to anonymously track visitors to display popups with better accuracy
1 year
Used by Segment to identity user
1 year
Used by Segment to group visits
1 year
Used by Cloudflare to route user traffic for this Site.
90 days
Used by Hotjar to determine generic cookie path
Used by Hotjar to store a unique user ID
1 year
Used by Hotjar to store unique visits
Used by Hubspot to store time of visit
13 months
Used by Hubspot to store and track a visitor’s identity
13 months
Used by Refiner to understand who our customers and visitors are
1 year
Used by ShareThis to store and track audience reach
1 week
Used by ShareThis to determine the pages visited, amount of time spent, etc
6 months
Used by Google Analytics and Google Ads to store and count pageviews
90 days
Used by Amplitude for session tracking