1. Introduction/Controller

This privacy policy applies with regard to the processing of personal data by Ahrefs Pte Ltd (“Ahrefs”) (UEN No. 201227417H) 16 Raffles Quay #33-03 Hong Leong Building Singapore 048581 in connection with the provision of all Ahrefs websites (currently ahrefs.com), including the services provided via these websites.

2. Data protection officer

[email protected]

EU Representative

VeraSafe Ireland Ltd.

Unit 3D North Point House North Point Business Park

New Mallow Road

Cork T23AT2P

Ireland

3. Categories of personal data

1. Data collected automatically

The following data regarding the use of and the interactions with our services and your communications with us is automatically collected when you use our website and services:

  • information about the browser (type and version used, language)

  • the Internet service provider

  • the IP address

  • date and time of access request

  • time zone

  • access status/HTTP status code

  • the data volume transferred

  • websites from which you arrive at our website

  • websites accessed by you through our website

  • type of device and operating system

  • Universally unique identifier (UUID)

2. Data provided voluntarily

We collect personal data when you voluntarily provide it to us. Such personal data includes:

  • Registration, subscription and data relating to your contractual relationship with us

    • type of registration (data owner, data provider, data user)

    • company information (Legal Entity Identifier (LEI), company name)

    • user details (name, email address, telephone number, password)

    • transaction information (name, address, payment method)

  • Where you contact us via email or social media (your email address, social media account ID, profile photo)

  • The content of any messages you send to us, including any prompt or input which you may send to us in using our website including the tools provided on our website.

  • Answers to questions we ask you (for example when we provide customer support).

If you choose not to provide us with such personal data, you may not be able to enter into a contractual relationship with us and the provision of services by us may be delayed or impossible.

3. Personal data collected in connection with the use of cookies and similar technologies

We use cookies, web beacons and similar technologies to collect the following usage- and device-related personal data when you access our website and use our services from the devices used for this purpose:

  • websites/webpages visited, access time, frequency and duration of visits, links clicked, interaction with advertisements

  • user segment or category

  • IP address, model or device type, operating system and version, browser type and settings

  • identifiers (device ID, advertisement ID, individual device token)

  • cookie-related data (e.g. cookie ID)

Further information on our use of cookies and similar technologies is provided in Section 5 of this Privacy Policy.

5. Use of cookies and similar technologies and analytics

When you use our website and/or services, we and selected third parties may use cookies and similar technologies in order to provide you with a better, faster and safer user experience. Cookies are small text files that are automatically created by your browser and stored on your device. We use cookies and similar technologies that remain on your device only as long as your browser is active (session cookies), as well as cookies and similar technologies that remain on your device longer (persistent cookies). Detailed information can be found in our Cookie Notice.

The cookies and similar technologies have the following functions:

  • enable provision of our website/services (technically necessary)

  • improvement of user experience (e.g. saving font size and form data entered)

  • optimization of website/services (e.g. monitoring of error messages and loading times)

6. Storage duration and deletion

Unless otherwise required by law (e.g., statutory retention obligations), we store personal data only as long as it is necessary to serve the purpose for which that personal data was collected. When retention of personal data is no longer necessary for legal (e.g., under tax or trade law) or business purposes, it is deleted from our systems or anonymized.

7. Cross-border data transfer

Your personal data may be transferred to other countries. Some of the recipient countries may be outside of the European Union/European Economic Area and may provide a different level of protection compared to the laws in your jurisdiction and with regard to which an adequacy decision by the European Commission does not exist. The countries which provide an adequate level of data protection from a European data protection law perspective include Andorra, Argentina, Canada, Faeroe Islands, Guernsey, the State of Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, United Kingdom, the Eastern Republic of Uruguay and the United States (commercial organisations participating in the EU-US Data Privacy Framework). With regard to data transfers to recipients outside of the European Union/European Economic Area and outside the aforementioned countries we provide appropriate safeguards, in particular, by way of entering into data transfer agreements adopted by the European Commission (e.g. Standard Contractual Clauses (2021/914/EU)) with the recipients or taking other measures to provide an adequate level of data protection, where this is required under applicable law. We will provide you with a copy of the respective measure we have taken upon request (for contact details see II. above).

8. Rights of the data subject

Under applicable data protection law you may be entitled to the following rights (though these rights may be restricted by applicable law):

  1. Right of access: You may have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. The right of access includes, among other things, the purposes of the processing, the categories of the personal data to be processed, and the recipients or categories of recipient to whom the personal data will be disclosed. However, this right is not unrestricted as the rights of other persons may limit your right of access. In certain circumstances you have the right to receive a copy of the personal data processed by us. For further copies requested by you, we charge a reasonable fee, where relevant calculated on the basis of administrative costs.
  2. Right to rectification or correction: You have the right, where relevant, to request the rectification or correction of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including through the provision of a supplementary statement.
  3. Right to erasure / deletion (right to be forgotten): Subject to certain preconditions, you have the right to request us to erase personal data concerning you and we may be obliged to erase such personal data.
  4. Right to restriction of processing: Subject to certain preconditions, you have the right to request that we restrict the processing of your personal data. In that case, the data concerned will be marked and only processed by us for certain purposes.
  5. Right to data portability: Subject to certain preconditions, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit that data to a different controller without hindrance from us.
  6. Right to object: Subject to certain preconditions, you have the right to object at any time to the processing of your personal data by us on grounds arising from your particular situation, and we can be required not to process your personal data any longer.If personal data is processed for direct marketing purposes, you have an additional right to object at any time to the processing of personal data in relation to you for the purpose of such marketing. This also applies to profiling where this is connected to direct marketing. In that case, the personal data will no longer be processed by us for these purposes.
  7. The right to appeal: Some US residents in certain states have the right to appeal our denial of your request, which you may exercise by responding to the message we send to you communicating our denial stating that you appeal our decision. In these cases, we will reconsider your request and then notify you of our decision.

You may also have the right to withdraw your consent at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal) and to make a complaint to a data protection supervisory authority.

To exercise your rights, please contact us using the contact details provided under Section 2 of this Privacy Policy. We may request additional information from you to verify your identity and complete your request.

9. California residents

We provide the following notice at collection to California resident website visitors. See our California Consumer Privacy Act.

What Categories of Personal Information Do We Collect?

Non-Sensitive Personal Information:

Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name or other similar identifiers.

Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, address, telephone number, credit card number, debit card number, or any other financial information, but excluding publicly available information that is lawfully made available to the general public from federal, state, or local government records.

Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an internet website application, or advertisement.

Geolocation data.

Audio, electronic, visual, thermal, olfactory, or similar information.

Sensitive Personal Information:

A consumer's account log-in in combination with any required security or access code, password, or credentials allowing access to an account.

For What Purposes Do We Collect and Use Personal Information?

We use non-sensitive personal information about our website visitors as reasonably necessary and proportionate as described in Section IV above. We use sensitive personal information for the provision of our services and not for the purpose of inferring characteristics about a consumer. We do not "sell" or "share" personal information, as defined under the CCPA.

What Criteria Do We Consider When Retaining Personal Information?

In general, with respect to each category of personal and sensitive personal information about website visitors, we retain each category as noted in Section VI above.

10. Changes to our Privacy Policy

We may change this Privacy Policy from time to time. We encourage you to check this page for any changes. You can tell when Privacy Policy was last updated by looking at the date at the top of this page.