Close this search box.


1. Preamble

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“RGPD”) sets out the legal framework applicable to the processing of personal data.

The RGPD strengthens the rights and obligations of data controllers, processors, data subjects and data recipients.

Processing of personal data resulting from the consultation, browsing and use of the website [to be completed] (hereinafter referred to as the “Site”) and the services it offers are governed by this privacy policy.

For a better understanding of the present policy, it is specified that :

  • the “data controller”: Naaia (hereinafter referred to as “Naaia” or “we”);
  • processor” means any natural or legal person who processes personal data on behalf of naaia ;
  • data subjects”: refers to customers, prospects and partners of naaia (hereinafter referred to as “customers, prospects and partners” or “you”);
  • recipients”: refers to the natural or legal persons who receive personal data from naaia. Data recipients may therefore include both naaia employees and external organizations (partners, exhibitors, banks, speakers, etc.).

2. Object

The purpose of this policy is to satisfy the information obligation to which naaia is bound pursuant to Article 12 of the RGPD and to formalize the rights and obligations of naaia’s customers, prospects and partners with regard to the processing of their personal data.

3. Scope

This policy applies to all processing of personal data relating to customers, prospects and partners.

Naaia makes every effort to ensure that data is processed within the framework of precise internal governance. The processing of personal data may be managed directly by naaia or through a subcontractor specifically appointed by naaia.

This policy is independent of any other document that may apply within the contractual relationship between naaia and customers, prospects and partners.

4. Treatment identification

 4.1 Types of data collected and purposes

The personal data processed by Naaia is mainly collected from its customers, prospects and partners when using the Site, but also when executing the contracts that bind us.

We undertake to respect the principle of data minimization, which consists of collecting only the data strictly necessary for the purpose of the processing carried out by Naaia.

Consequently, we only collect and use the following personal data:

Data type
Person concerned
Legal basis

E-mail address

Contact details: telephone, address

Prospects / Internal site visitors


Newsletter subscription and receipt of promotional offers

Manage unsubscribe and unsubscribe requests.

Demonstration supply

Consent if prospect

Legitimate interest if customer

Login data Prospects / Website visitors Statistics Consent

identification data (IP address),

acceptance data (click).

Site visitors Technical data management Legitimate interest or consent depending on data

Identification (Last name, first name)

Contact details: e-mail, telephone

Site visitors

Managing and improving relationships ;

To enable the Site to function;

Respond to requests from users of the Site and provide them with any useful information (contact form);

Send publications, press releases and information to users at their request;

Prospecting and sales events.



 4.2 Data recipients – authorization and traceability

naaia ensures that data is only accessible to authorized internal or external recipients.

Internal recipients
External recipients

authorized personnel in the relevant naaia (customer/prospect/partner relationship management), administrative and IT departments, as well as their line managers;

authorized staff of audit departments (statutory auditors, departments responsible for internal audit procedures, etc.).

any competent supervisory authority, accountants, court officers and ministerial officers;

the organization in charge of managing the “Do Not Contact” list;

authorized subcontractor personnel.

Recipients of customer, prospect and partner personal data are bound by a confidentiality obligation.

In addition, personal data may be communicated to any authority legally empowered to deal with it. In this case, Naaia is not responsible for the conditions under which the staff of these authorities access and use the data.


  4.3 Shelf life

The duration of data retention is defined by Naaia with regard to the legal and contractual constraints which weigh on it and failing that according to its needs and in particular according to the following principles:

Shelf life
Customer data For the duration of the contractual relationship with naaia, plus 5 years from the closure of the account or termination of the business relationship for data and documents relating to customer identity.
Statistics Duration of statistical study
Site usage data

For the duration of the services provided by naaia and 1 year after the last intervention

Cookies: 13 months

Data relating to prospects 3 years from the date of collection by naaia or last contact with the prospect
Technical data 1 year

After the set deadlines, data is either deleted or kept after being anonymized, notably for statistical purposes. They may be kept for pre-litigation and litigation purposes.

Customers, prospects and partners are reminded that deletion or anonymization are irreversible operations and that naaia is subsequently unable to restore them.

5. Personal rights management

  5.1 Access and copy rights

You have the right to ask us whether we are processing your personal data. You can also ask us to provide you with a copy of your data being processed.

However, if additional copies are required, we may require you to pay the cost of the new copy.

If you submit your request electronically, the information requested will be provided in a commonly used electronic format, unless you request otherwise.

You are hereby informed that this right of access and copying does not apply to information or data that is confidential or for which communication is not authorized by law.

The right of access must not be exercised in an abusive manner, i.e. on a regular basis with the sole aim of destabilizing the proper performance of our services.

  5.2 Right of rectification

You have the right to ask us to rectify any data concerning you that may be obsolete or incorrect. To do this, please specify the data to be corrected and the data to be replaced.

  5.3 Right to erasure

The right to erasure is not applicable in cases where processing is carried out to meet a legal obligation.

Apart from this situation, you may request the deletion of your data in the following limited cases:

  • your data is no longer required for the purposes for which it was collected or otherwise processed;
  • you object to processing carried out by us on the basis of a legitimate interest when there is no compelling legitimate reason for such processing;
  • you object to the processing of your data for canvassing purposes;
  • your data has been processed unlawfully.
  5.4 Right to limitation and portability

You are informed that these rights are not intended to apply insofar as the conditions required by the applicable regulations for each of them are not fulfilled with regard to the processing of personal data by us.

  5.5 Right of objection

You are entitled to exercise your right to object only to processing based on Naaia’s legitimate interests, provided that you give a reason relating to your particular situation. In such a case, Naaia may refuse your request if it has compelling legitimate reasons that override your personal interest and, in particular, the reason you gave for your request.

  5.6 Post-mortem rights

We inform you that you have the right to formulate directives concerning the conservation, deletion and communication of your post-mortem data.

  5.7 Exercising rights

The above rights may be exercised, at the option of the interested party, by e-mail to the following address:

Please note that only the person concerned by the processing may exercise the rights set out above. In case of doubt, we may ask you for a copy of your current identity document. Failure to do so may result in your application being rejected.

We do our best to respond to requests within a reasonable time and, at best, within one month of receipt of the request.

However, if the processing of requests proves complex, or if we are faced with a large number of requests to exercise rights simultaneously, the processing time may be extended to two months.

6. Additional provisions

  6.1 Subcontracting

We may use any subcontractor of our choice to process the personal data of our customers, prospects and partners.

Within the meaning of the RGPD, a processor is any natural or legal person who processes personal data on behalf of the controller. In practice, these are the service providers with whom we work and who handle the personal data we process;

In this case, we ensure that the processor complies with its obligations under the RGPD and undertake to sign a written contract with all our processors imposing on them the same data protection obligations that we impose on ourselves. In addition, we reserve the right to audit our subcontractors to ensure their compliance with the provisions of the RGPD.

  6.2 Processing register

We undertake, in our capacity as data controller, to keep an up-to-date register of all processing activities carried out, which includes the processing of data relating to our customers, prospects and partners.

This register is a document or application that lists all the processing operations we carry out as data controller.

In addition we undertake to provide the CNIL, at its first request, with information enabling it to verify the compliance of data processing with current data protection regulations.

  6.3 Safety measures

We implement the physical or logical technical security measures we deem appropriate to protect against the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of data.

These measures include the following:

  • individual access with complex login and password, regularly renewed,
  • security measures for accessing customer databases, including rights management procedures,
  • traceability system,
  • confidentiality clause,
  • maintaining the security and confidentiality of processed data, in particular to prevent it from being distorted, damaged or accessed by unauthorized third parties,
  • secure servers.

In any event, we undertake, in the event of a change in the means used to ensure the security and confidentiality of your personal data, to replace them with means of superior performance. No development can lead to a reduction in the level of safety.

  6.4 Data breach

We undertake to notify the CNIL of any data breach that we may suffer, in accordance with the conditions laid down in the regulations governing personal data.

Our contacts with customers, prospects and partners are informed of any data breach that could pose a high risk to their privacy.

  6.5 Cross-border flows

We reserve the right to implement cross-border flows outside the EU of the data we process, of which you will be informed. In such a case, we will ensure that your rights are respected and, if necessary, we will sign one or more contracts with the recipient country(ies) to regulate these flows.

7. Contacts

  7.1 RGPD representative

Naaia has appointed an RGPD referent who can be contacted via the following email and postal addresses:

E-mail address:

If customers, prospects and partners wish to obtain particular information or wish to ask a particular question, they will be able to contact the RGPD referent, who will give them an answer within a reasonable timeframe with regard to the question asked or the information required.

  7.2 Right to lodge a complaint with Cnil

Customers, prospects and partners concerned by the processing of their personal data are informed of their right to lodge a complaint with a supervisory authority, namely the CNIL in France, if they consider that the processing of personal data concerning them does not comply with European data protection regulations, at the following address:

CNIL – Complaints department
3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Tél : 01 53 73 22 22


  7.3 Evolution

The present policy may be modified or amended at any time in the event of changes in legislation, case law, CNIL decisions and recommendations or usage.

Any new version of the present policy will be brought to the attention of customers and contacts by any means defined by naaia, including electronic means (e.g. distribution by e-mail or online).

Close this search box.