Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) establishes the legal framework applicable to the processing of personal data.<\/p>\n\n
The GDPR strengthens the rights and obligations of data controllers, processors, data subjects, and data recipients.<\/p>\n\n
The processing of personal data resulting from the consultation, navigation, and use of the website [www.naaia.ai] (hereinafter referred to as the “Site”) and the services it offers is governed by this privacy policy.<\/p>\n\n
For a proper understanding of this policy, it is specified that:<\/p>\n\n
The purpose of this policy is to fulfill the information obligation to which Naaia is subject pursuant to Article 12 of the GDPR and to formalize the rights and obligations of Naaia’s customers, prospects, and partners with regard to the processing of their personal data.<\/p>\n\n
This policy is intended to apply in the context of the implementation of all personal data processing relating to customers, prospects, and partners.<\/p>\n\n
Naaia makes every effort to ensure that data is processed within a precise internal governance framework. The processing of personal data may be managed directly by Naaia or through a processor specifically designated by Naaia. <\/p>\n\n
This policy is independent of any other document that may apply within the contractual relationship between Naaia and customers, prospects, and partners.<\/p>\n\n
The personal data processed by Naaia is primarily collected from its customers, prospects, and partners when using the Site, but also during the performance of contracts that bind us.<\/p>\n\n
We undertake to respect the principle of data minimization, which consists of collecting only the data strictly necessary for the purposes of the processing implemented by Naaia.<\/p>\n\n
Consequently, we only collect and use the following personal data:<\/p>\n\n Naaia ensures that data is only accessible to authorized internal or external recipients.<\/p>\n\n Recipients of personal data of customers, prospects, and partners are subject to a confidentiality obligation.<\/p>\n\n Furthermore, personal data may be disclosed to any authority legally authorized to access it. In such cases, Naaia is not responsible for the conditions under which the personnel of these authorities access and use the data. <\/p>\n\n The data retention period is defined by Naaia in light of the legal and contractual constraints it faces and, failing that, according to its needs and in particular according to the following principles:<\/p>\n\n After the specified periods, data is either deleted or retained after being anonymized, particularly for statistical purposes. It may be retained in the event of pre-litigation and litigation. <\/p>\n\n Customers, prospects, and partners are reminded that deletion or anonymization are irreversible operations and that Naaia is subsequently unable to restore them.<\/p>\n\n You have the right to ask us whether we are actually processing data concerning you. You may also request that we provide you with a copy of your data being processed. <\/p>\n\n However, in the event of requests for additional copies, we may require you to bear the cost of such additional copies.<\/p>\n\n If you submit your request electronically, the requested information will be provided to you in a commonly used electronic form, unless otherwise requested.<\/p>\n\n You are informed that this right of access and copy cannot apply to confidential information or data, or to information for which the law does not authorize disclosure.<\/p>\n\n The right of access must not be exercised abusively, i.e., performed regularly for the sole purpose of disrupting the proper performance of our services.<\/p>\n\n You have the right to ask us to rectify certain data concerning you that may be obsolete or incorrect. To do so, you must specify the data to be rectified and the data with which we should replace it. <\/p>\n\n The right to erasure does not apply in cases where processing is implemented to comply with a legal obligation.<\/p>\n\n Outside of this situation, you may request the erasure of your data in the following limited cases:<\/p>\n\n You are informed that these rights are not intended to apply insofar as the conditions required by applicable regulations for each of them are not met with regard to the processing we perform on personal data.<\/p>\n\n You are authorized to exercise your right to object only for processing based on Naaia’s legitimate interest, provided that you state a reason relating to your particular situation. In such a case, Naaia may not grant your request if it advances legitimate and compelling grounds that prevail over your personal interest and, in particular, over the reason you invoked in support of your request. <\/p>\n\n We inform you that you have the right to formulate directives concerning the retention, erasure, and disclosure of your data after death.<\/p>\n\n The aforementioned rights may be exercised, at the choice of the data subject, by email at the following address: contact@naaia.ai<\/p>\n\n Please note that only the person concerned by the processing may exercise the rights provided above. Consequently, in case of doubt, we may ask you for a copy of your current identity document. Otherwise, your request may be refused. <\/p>\n\n We make every effort to respond to requests within a reasonable timeframe and, at best, within one month of receiving the request.<\/p>\n\n However, in cases where processing requests proves complex or we face a high number of simultaneous requests to exercise rights, the processing period may be extended to two months.<\/p>\n\n We may engage any processor of our choice in connection with the processing of personal data of our customers, prospects, and partners.<\/p>\n\n Within the meaning of the GDPR, a processor means any natural or legal person who processes personal data on behalf of the data controller. In practice, this refers to service providers with whom we work and who handle the personal data we process; <\/p>\n\n In such cases, we ensure that the processor complies with its obligations under the GDPR and undertake to sign a written contract with all our processors imposing the same data protection obligations on them as those we impose on ourselves. Furthermore, we reserve the right to conduct an audit of our processors to ensure their compliance with GDPR provisions. <\/p>\n\n We undertake, in our capacity as data controller, to maintain an up-to-date register of all processing activities carried out, which includes processing relating to data of our customers, prospects, and partners.<\/p>\n\n This register is a document or application that allows us to record all processing activities we implement as data controller.<\/p>\n\n We undertake to provide the CNIL, upon first request, with information enabling it to verify the compliance of processing activities with applicable data protection regulations.<\/p>\n\n We implement physical or logical technical security measures that we deem appropriate to combat the destruction, loss, alteration, or unauthorized disclosure of data, whether accidental or unlawful.<\/p>\n\n These measures primarily include:<\/p>\n\n In any event, we undertake, in the event of changes to the means used to ensure the security and confidentiality of your personal data, to replace them with means of superior performance. No evolution may lead to a regression in the level of security. <\/p>\n\n We undertake to notify the CNIL of any data breach we may suffer under the conditions prescribed by personal data regulations.<\/p>\n\n Our contacts with our customers, prospects, and partners are informed of any data breach that could pose a high risk to their privacy.<\/p>\n\n We reserve the right to implement cross-border flows outside the EU of the data we process, of which you will be informed. In such cases, we will ensure respect for your rights and sign, if necessary, one or more contracts to regulate these flows with the recipient country(ies). <\/p>\n\n Naaia has designated a GDPR officer who can be contacted via the following email and postal addresses:<\/p>\n\n Email address: contact@naaia.ai<\/p>\n\n If customers, prospects, and partners wish to obtain specific information or ask a particular question, they may contact the GDPR officer, who will provide them with a response within a reasonable timeframe in relation to the question asked or information required.<\/p>\n\n Customers, prospects, and partners concerned by the processing of their personal data are informed of their right to lodge a complaint with a supervisory authority, namely the CNIL in France, if they believe that the processing of personal data concerning them does not comply with European data protection regulations, at the following address:<\/p>\n\n CNIL \u2013 Complaints Department<\/strong> This policy may be modified or amended at any time in the event of legal or case law developments, CNIL decisions and recommendations, or changes in practices.<\/p>\n\n Any new version of this policy will be brought to the attention of customers and contacts by any means determined by Naaia, including electronic means (distribution by email or online, for example).<\/p>\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" 1. Preamble Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal… Lire la suite<\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"simple-page","meta":{"footnotes":""},"class_list":["post-1397","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/naaia.ai\/en\/wp-json\/wp\/v2\/pages\/1397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/naaia.ai\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/naaia.ai\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/naaia.ai\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/naaia.ai\/en\/wp-json\/wp\/v2\/comments?post=1397"}],"version-history":[{"count":1,"href":"https:\/\/naaia.ai\/en\/wp-json\/wp\/v2\/pages\/1397\/revisions"}],"predecessor-version":[{"id":1398,"href":"https:\/\/naaia.ai\/en\/wp-json\/wp\/v2\/pages\/1397\/revisions\/1398"}],"wp:attachment":[{"href":"https:\/\/naaia.ai\/en\/wp-json\/wp\/v2\/media?parent=1397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Type of Data<\/strong><\/td> Data Subject<\/strong><\/td> Purpose<\/strong><\/td> Legal Basis<\/strong><\/td><\/tr><\/thead> Email addressContact details: telephone, address<\/td> Prospects \/ Website visitorsCustomers<\/td> Newsletter subscription and receipt of promotional offersManagement of unsubscribe and opt-out requestsProvision of demonstrations<\/td> Consent if prospectLegitimate interest if customer<\/td><\/tr> Connection data<\/td> Prospects \/ Website visitors<\/td> Statistics<\/td> Consent<\/td><\/tr> identification data (IP address),acceptance data (click).<\/td> Site visitors<\/td> Management of technical data<\/td> Legitimate interest or consent depending on the data<\/td><\/tr> Identification (Last name, first name)Contact details: email, telephone<\/td> Site visitors<\/td> Management and improvement of relationships;Enable the Site to function;Respond to user requests and provide them with useful information (contact form);Enable users to receive publications, press releases, and information upon request;Commercial prospecting and activities.<\/td> Consent<\/td><\/tr><\/tbody><\/table><\/figure>\n\n \u00a0<\/h3>\n\n
4.2 Data Recipients \u2013 Authorization and Traceability<\/h2>\n\n
Internal Recipients<\/strong><\/td> External Recipients<\/strong><\/td><\/tr><\/thead> authorized personnel of the relevant Naaia department (customer\/prospect\/partner relationship management), administrative services, IT services, and their line managers;authorized personnel of control services (auditors, services responsible for internal control procedures, etc.).<\/td> any competent supervisory authority, accountants, legal auxiliaries, and ministerial officers;the organization responsible for managing the telephone canvassing opt-out list;authorized personnel of processors.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n \u00a0<\/h3>\n\n
4.3 Retention Period<\/h2>\n\n
Processing<\/strong><\/td> Retention Period<\/strong><\/td><\/tr><\/thead> Customer data<\/strong><\/td> For the duration of contractual relations with Naaia, plus 5 years from account closure or termination of the business relationship for data and documents relating to customer identity<\/td><\/tr> Statistics<\/strong><\/td> Duration of the statistical study<\/td><\/tr> Data relating to Site usage<\/strong><\/td> For the duration necessary to perform the services provided by Naaia and 1 year after the last interventionCookies: 13 months<\/td><\/tr> Prospect data<\/strong><\/td> 3 years from their collection by Naaia or from the last contact from the prospect<\/td><\/tr> Technical data<\/strong><\/td> 1 year<\/td><\/tr><\/tbody><\/table><\/figure>\n\n 5. Management of Data Subject Rights<\/h2>\n\n
5.1 Right of Access and Right to a Copy<\/h3>\n\n
5.2 Right to Rectification<\/h3>\n\n
5.3 Right to Erasure<\/h3>\n\n
\n
5.4 Right to Restriction and Portability<\/h3>\n\n
5.5 Right to Object<\/h3>\n\n
5.6 Post-Mortem Rights<\/h3>\n\n
5.7 Exercise of Rights<\/h3>\n\n
6. Additional Provisions<\/h2>\n\n
6.1 Subcontracting<\/h3>\n\n
6.2 Processing Register<\/h3>\n\n
6.3 Security Measures<\/h3>\n\n
\n
6.4 Data Breach<\/h3>\n\n
6.5 Cross-Border Flows<\/h3>\n\n
7. Contacts<\/h2>\n\n
7.1 GDPR Officer<\/h3>\n\n
7.2 Right to Lodge a Complaint with the CNIL<\/h3>\n\n
\u00a0<\/h3>\n\n
7.3 Updates<\/h3>\n\n