PRIVACY POLICY - GDPR

PRIVACY POLICY - GDPR

PRIVACY POLICY - GDPR

1- Introduction

Protecting your personal data is crucial to us. We commit to only collecting data necessary for ensuring optimal service, maintaining its confidentiality and security, including when engaging with service providers, and facilitating the exercise of your rights over your data. Thus, we comply with all applicable provisions regarding privacy and personal data protection, notably the law of January 6, 1978, as amended, relating to data processing, files, and freedoms, as well as the EU Regulation 2016/679 of April 27, 2016, concerning the protection of individuals with regard to the processing of personal data and the free movement of such data. This privacy policy outlines the personal data we collect, how it is used, and your rights in this respect. It applies to any user who accesses our AI platform and uses the services offered by our AI platform. We reserve the right to modify this privacy policy at any time. The most current version of this policy governs our use of your information and will always be available on our platform. If we were to make a substantial modification to this privacy policy, we commit to notifying you via your email address.

2- DATA CONTROLLER

Article 24 of the GDPR establishes the responsibility of the data controller for personal data processing. This article specifies in its first two points that:

"Taking into account the nature, scope, context, and purposes of the processing as well as the risks, of varying likelihood and severity, for the rights and freedoms of natural persons, the data controller shall implement appropriate technical and organizational measures to ensure and be able to demonstrate that processing is performed in accordance with this Regulation. These measures shall be reviewed and updated as necessary.Where proportionate in relation to processing activities, the measures referred to in paragraph 1 shall include the implementation of appropriate data protection policies by the data controller."

Ween.ai is considered the data controller for your personal data and is responsible for implementing appropriate technical and organizational measures to ensure the processing of your data in accordance with the GDPR. Ween.ai, a simplified joint-stock company with a share capital of 1,200 Euros, is registered in the Paris Trade and Companies Register under number 949372023, with its registered office located at 10 RUE DE PENTHIÈVRE 75008 PARIS.

3- DATA WE COLLECT

In the context of using our services and navigating our platform, Ween.ai collects several categories of data, details of which are provided below. These data originate from the information you provide when you register on the platform, when you use the platform to analyze your qualitative customer data, or when you communicate with Ween.ai. These personal pieces of information include:

Identification data (first name, email).

Qualitative data of your clients obtained with their consent, which are then anonymized and processed by the AI platform.

Exchanges conducted via the Assistance function.

Information about your interests to share with your teams.

Any limitation on the collection of these data may limit your ability to use certain features of our services.

4- PURPOSE

Ween.ai processes your personal data for specific, explicit, and legitimate purposes. In particular, these data are intended for:

Generating reports via the AI platform based on the qualitative data of your clients, whose consent was previously obtained by you;

The overall use and improvement of our services based on Machine Learning;

Communicating with you;

Responding to injunctions from legal authorities, particularly to combat fraud and more generally any criminally reprehensible activity.

5- LEGAL BASIS FOR PROCESSING

Ween.ai processes most of your personal data within the framework of the contract you agreed to when registering on the platform, through the acceptance of our general terms of use and/or, where applicable, sales. However, we may process certain data about you based on your consent, due to legal obligations, or to respond to our legitimate interest in processing them.

6- RECIPIENTS OR CATEGORIES OF RECIPIENTS

Ween.ai is the recipient of the collected personal data. We may also need to share certain information for legal reasons or in case of a dispute. Finally, we only communicate your personal data to companies or third parties in the following circumstances:

When necessary for external processing needs and/or improvement of our AI platform, and only in these cases, we transmit this data to our trusted providers who process it on our behalf, following our instructions or under a contractual agreement, in accordance with this privacy policy and respecting any other appropriate security and confidentiality measures. We may transfer your personal data to them only for the purposes set out below. In particular, we use our providers responsible for hosting, securing our information systems, and, where applicable, processing the qualitative data provided (including Open.AI). The list of our subcontractors can be communicated to you by sending your request to contact@Ween.ai.

We retain or disclose your information if we believe it is reasonably necessary to comply with any legal or regulatory obligation, any legal process or administrative request, to protect the safety of a person, to address any issue of a fraudulent, security, or technical nature, improve our AI platform, or to protect the rights or property of our users.

Ween.ai commits not to resell your data and not to transmit your personal data to any third party that may use it for its own purposes, especially for commercial and/or direct advertising purposes, without your express consent. Therefore, Ween.ai does not disclose personal information outside the situations described in this privacy policy.

7- TRANSFER OF DATA OUTSIDE THE EU

All our servers where your data is stored and those of the providers used for exchanging and storing these data are located in Europe.

In the event that Ween.ai resorts to using subcontractors located outside the European Union, we commit to ensuring that these subcontractors present protection measures recognized as sufficient under the GDPR. This may include subcontractors located in any other country recognized by the European Union as providing an adequate level of protection for personal data ("Adequacy Decision"), subject to a data transfer agreement conforming to the standard contractual clauses adopted by the European Commission, or any other measure of protection recognized as sufficient by the European Commission.

8- DATA RETENTION PERIOD

Ween.ai retains your information as long as your account remains active, unless you request the deletion of your information or your account. In some cases, we may retain information about you due to legal requirements or for other purposes, even if you delete your account.

Furthermore, anonymized qualitative data, as well as data necessary to establish the proof of a right or a contract in compliance with a legal obligation, may be subject to an intermediate archiving policy for a period corresponding to legal limitation periods (including the common law period of 5 years).

9- DATA SECURITY

Ween.ai implements appropriate technical and organizational measures to ensure the security, confidentiality, integrity, and availability of services and to protect data against destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored, or otherwise processed, or unauthorized access to such data.

Ween.ai commits to deploying all available means to ensure the security and confidentiality of this data, particularly through the following measures:

Most of our services are encrypted using HTTPS technology;

Access to your account is secured through a username and a password chosen by you.

Access to personal data is strictly limited to employees and clients of Ween.ai who need to access it in order to process it on our behalf. These individuals are subject to strict confidentiality obligations.

10- YOUR RIGHTS

In accordance with personal data protection regulations, you have the right to:

Access (Article 15 of the GDPR),

Rectification (Article 16 of the GDPR),

Erasure (Article 17 of the GDPR),

Restriction of processing (Article 18 of the GDPR),

Portability (Article 20 of the GDPR),

Opposition (Articles 21 and 22 of the GDPR).

10.1- Right of Access

‍You have the ability to obtain from Ween.ai confirmation as to whether or not personal data concerning you are being processed and, when they are, access to the said data as well as the following information:

The purposes of the processing;

The categories of data;

The recipients or categories of recipients to whom the data have been or will be communicated;

When possible, the envisaged period for which the data will be stored, or, when not possible, the criteria used to determine that period;

The existence of the right to request from Ween.ai rectification or erasure of personal data, or restriction of processing of your data, or the right to object to such processing;

The right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés);

Where the data are not collected from you, any available information as to their source; the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

When data are transferred to a third country or an international organization, you have the right to be informed of the appropriate safeguards relating to the transfer.

Your right to obtain a copy of your data should not adversely affect the rights and freedoms of others.

10.2 Right to Rectification

You have the opportunity to obtain from Ween.ai the prompt rectification of personal data concerning you that are inaccurate. You also have the ability to have incomplete data completed, including by providing a supplementary statement.

To facilitate the exercise of this right, we encourage you to make these modifications and additions directly on your account. If you believe that other data concerning you need to be changed or completed and you are unable to make these changes yourself, we invite you to request it directly from us by contacting us.

10.3- Right to Erasure, also known as the "Right to be Forgotten"

You have the right to obtain from Ween.ai the erasure, as soon as possible, of personal data concerning you when one of the following grounds applies, as provided by Article 17 of the GDPR:

The data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by Ween.ai;

You have withdrawn your consent on which the processing is based, and there is no other legal ground for the processing;

You exercise your right to object under the conditions mentioned below, and there are no overriding legitimate grounds for the processing;

The data have been unlawfully processed;

The data must be erased for compliance with a legal obligation;

The data have been collected in relation to the offer of information society services to a child.

The GDPR stipulates that: "the data subject shall have the right to obtain from the data controller the erasure of personal data concerning them without undue delay, and the data controller shall have the obligation to erase personal data without undue delay where one of the specified grounds applies."

10.4- Right to Restriction of Processing

You have the right to obtain from Ween.ai the restriction of processing of your data when one of the following applies:

Ween.ai is verifying the accuracy of the data following your contestation of the accuracy of the data;

The processing is unlawful, and you oppose the erasure of the data and instead request the restriction of their use;

Ween.ai no longer needs the data for processing purposes, but they are still required by you for the establishment, exercise, or defense of legal claims;

You have objected to processing pending the verification of whether the legitimate grounds of Ween.ai override your reasons.

10.5- Right to Data Portability

You have the right to receive from Ween.ai the personal data concerning you, in a structured, commonly used, and machine-readable format when:

The processing is carried out using automated processes;

The processing of the data is based on consent, or on a contract.

When exercising your right to data portability, you have the right to have the data transmitted directly from Ween.ai to another data controller that you designate when this is technically feasible.

Your right to the portability of your data must not adversely affect the rights and freedoms of others.

10.6- Right to Object

You have the right to object at any time, for reasons related to your particular situation, to the processing of data concerning you based on the legitimate interest of Ween.ai. In such a case, Ween.ai will no longer process the data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Note that you do not need to pay any fees to access your personal data or exercise your rights. However, we may charge reasonable fees if your request is clearly unfounded, repetitive, or excessive. We may also contact you to request additional information regarding your request in order to respond to you. Responses will be provided within one month. Exceptionally, this period may be exceeded by one month if your request is particularly complex.

11- RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

The competent supervisory authority for any requests concerning us is the National Commission on Informatics and Liberty (CNIL). If you wish to contact the CNIL regarding any requests, their contact details are as follows:

CNIL (COMMISSION NATIONALE DE L’INFORMATIQUE ET DES LIBERTÉS)3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07Phone: 01 53 73 22 22(Monday to Thursday from 9 am to 6:30 pm / Friday from 9 am to 6 pm)Fax: 01 53 73 22 00

If you wish to file a complaint with the CNIL, you can use the online complaint submission form available at: https://www.cnil.fr/fr/plaintes.

If you have a question about your data protection and freedom rights, you can visit the CNIL website at www.cnil.fr.

1- Introduction

Protecting your personal data is crucial to us. We commit to only collecting data necessary for ensuring optimal service, maintaining its confidentiality and security, including when engaging with service providers, and facilitating the exercise of your rights over your data. Thus, we comply with all applicable provisions regarding privacy and personal data protection, notably the law of January 6, 1978, as amended, relating to data processing, files, and freedoms, as well as the EU Regulation 2016/679 of April 27, 2016, concerning the protection of individuals with regard to the processing of personal data and the free movement of such data. This privacy policy outlines the personal data we collect, how it is used, and your rights in this respect. It applies to any user who accesses our AI platform and uses the services offered by our AI platform. We reserve the right to modify this privacy policy at any time. The most current version of this policy governs our use of your information and will always be available on our platform. If we were to make a substantial modification to this privacy policy, we commit to notifying you via your email address.

2- DATA CONTROLLER

Article 24 of the GDPR establishes the responsibility of the data controller for personal data processing. This article specifies in its first two points that:

"Taking into account the nature, scope, context, and purposes of the processing as well as the risks, of varying likelihood and severity, for the rights and freedoms of natural persons, the data controller shall implement appropriate technical and organizational measures to ensure and be able to demonstrate that processing is performed in accordance with this Regulation. These measures shall be reviewed and updated as necessary.Where proportionate in relation to processing activities, the measures referred to in paragraph 1 shall include the implementation of appropriate data protection policies by the data controller."

Ween.ai is considered the data controller for your personal data and is responsible for implementing appropriate technical and organizational measures to ensure the processing of your data in accordance with the GDPR. Ween.ai, a simplified joint-stock company with a share capital of 1,200 Euros, is registered in the Paris Trade and Companies Register under number 949372023, with its registered office located at 10 RUE DE PENTHIÈVRE 75008 PARIS.

3- DATA WE COLLECT

In the context of using our services and navigating our platform, Ween.ai collects several categories of data, details of which are provided below. These data originate from the information you provide when you register on the platform, when you use the platform to analyze your qualitative customer data, or when you communicate with Ween.ai. These personal pieces of information include:

Identification data (first name, email).

Qualitative data of your clients obtained with their consent, which are then anonymized and processed by the AI platform.

Exchanges conducted via the Assistance function.

Information about your interests to share with your teams.

Any limitation on the collection of these data may limit your ability to use certain features of our services.

4- PURPOSE

Ween.ai processes your personal data for specific, explicit, and legitimate purposes. In particular, these data are intended for:

Generating reports via the AI platform based on the qualitative data of your clients, whose consent was previously obtained by you;

The overall use and improvement of our services based on Machine Learning;

Communicating with you;

Responding to injunctions from legal authorities, particularly to combat fraud and more generally any criminally reprehensible activity.

5- LEGAL BASIS FOR PROCESSING

Ween.ai processes most of your personal data within the framework of the contract you agreed to when registering on the platform, through the acceptance of our general terms of use and/or, where applicable, sales. However, we may process certain data about you based on your consent, due to legal obligations, or to respond to our legitimate interest in processing them.

6- RECIPIENTS OR CATEGORIES OF RECIPIENTS

Ween.ai is the recipient of the collected personal data. We may also need to share certain information for legal reasons or in case of a dispute. Finally, we only communicate your personal data to companies or third parties in the following circumstances:

When necessary for external processing needs and/or improvement of our AI platform, and only in these cases, we transmit this data to our trusted providers who process it on our behalf, following our instructions or under a contractual agreement, in accordance with this privacy policy and respecting any other appropriate security and confidentiality measures. We may transfer your personal data to them only for the purposes set out below. In particular, we use our providers responsible for hosting, securing our information systems, and, where applicable, processing the qualitative data provided (including Open.AI). The list of our subcontractors can be communicated to you by sending your request to contact@Ween.ai.

We retain or disclose your information if we believe it is reasonably necessary to comply with any legal or regulatory obligation, any legal process or administrative request, to protect the safety of a person, to address any issue of a fraudulent, security, or technical nature, improve our AI platform, or to protect the rights or property of our users.

Ween.ai commits not to resell your data and not to transmit your personal data to any third party that may use it for its own purposes, especially for commercial and/or direct advertising purposes, without your express consent. Therefore, Ween.ai does not disclose personal information outside the situations described in this privacy policy.

7- TRANSFER OF DATA OUTSIDE THE EU

All our servers where your data is stored and those of the providers used for exchanging and storing these data are located in Europe.

In the event that Ween.ai resorts to using subcontractors located outside the European Union, we commit to ensuring that these subcontractors present protection measures recognized as sufficient under the GDPR. This may include subcontractors located in any other country recognized by the European Union as providing an adequate level of protection for personal data ("Adequacy Decision"), subject to a data transfer agreement conforming to the standard contractual clauses adopted by the European Commission, or any other measure of protection recognized as sufficient by the European Commission.

8- DATA RETENTION PERIOD

Ween.ai retains your information as long as your account remains active, unless you request the deletion of your information or your account. In some cases, we may retain information about you due to legal requirements or for other purposes, even if you delete your account.

Furthermore, anonymized qualitative data, as well as data necessary to establish the proof of a right or a contract in compliance with a legal obligation, may be subject to an intermediate archiving policy for a period corresponding to legal limitation periods (including the common law period of 5 years).

9- DATA SECURITY

Ween.ai implements appropriate technical and organizational measures to ensure the security, confidentiality, integrity, and availability of services and to protect data against destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored, or otherwise processed, or unauthorized access to such data.

Ween.ai commits to deploying all available means to ensure the security and confidentiality of this data, particularly through the following measures:

Most of our services are encrypted using HTTPS technology;

Access to your account is secured through a username and a password chosen by you.

Access to personal data is strictly limited to employees and clients of Ween.ai who need to access it in order to process it on our behalf. These individuals are subject to strict confidentiality obligations.

10- YOUR RIGHTS

In accordance with personal data protection regulations, you have the right to:

Access (Article 15 of the GDPR),

Rectification (Article 16 of the GDPR),

Erasure (Article 17 of the GDPR),

Restriction of processing (Article 18 of the GDPR),

Portability (Article 20 of the GDPR),

Opposition (Articles 21 and 22 of the GDPR).

10.1- Right of Access

‍You have the ability to obtain from Ween.ai confirmation as to whether or not personal data concerning you are being processed and, when they are, access to the said data as well as the following information:

The purposes of the processing;

The categories of data;

The recipients or categories of recipients to whom the data have been or will be communicated;

When possible, the envisaged period for which the data will be stored, or, when not possible, the criteria used to determine that period;

The existence of the right to request from Ween.ai rectification or erasure of personal data, or restriction of processing of your data, or the right to object to such processing;

The right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés);

Where the data are not collected from you, any available information as to their source; the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

When data are transferred to a third country or an international organization, you have the right to be informed of the appropriate safeguards relating to the transfer.

Your right to obtain a copy of your data should not adversely affect the rights and freedoms of others.

10.2 Right to Rectification

You have the opportunity to obtain from Ween.ai the prompt rectification of personal data concerning you that are inaccurate. You also have the ability to have incomplete data completed, including by providing a supplementary statement.

To facilitate the exercise of this right, we encourage you to make these modifications and additions directly on your account. If you believe that other data concerning you need to be changed or completed and you are unable to make these changes yourself, we invite you to request it directly from us by contacting us.

10.3- Right to Erasure, also known as the "Right to be Forgotten"

You have the right to obtain from Ween.ai the erasure, as soon as possible, of personal data concerning you when one of the following grounds applies, as provided by Article 17 of the GDPR:

The data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by Ween.ai;

You have withdrawn your consent on which the processing is based, and there is no other legal ground for the processing;

You exercise your right to object under the conditions mentioned below, and there are no overriding legitimate grounds for the processing;

The data have been unlawfully processed;

The data must be erased for compliance with a legal obligation;

The data have been collected in relation to the offer of information society services to a child.

The GDPR stipulates that: "the data subject shall have the right to obtain from the data controller the erasure of personal data concerning them without undue delay, and the data controller shall have the obligation to erase personal data without undue delay where one of the specified grounds applies."

10.4- Right to Restriction of Processing

You have the right to obtain from Ween.ai the restriction of processing of your data when one of the following applies:

Ween.ai is verifying the accuracy of the data following your contestation of the accuracy of the data;

The processing is unlawful, and you oppose the erasure of the data and instead request the restriction of their use;

Ween.ai no longer needs the data for processing purposes, but they are still required by you for the establishment, exercise, or defense of legal claims;

You have objected to processing pending the verification of whether the legitimate grounds of Ween.ai override your reasons.

10.5- Right to Data Portability

You have the right to receive from Ween.ai the personal data concerning you, in a structured, commonly used, and machine-readable format when:

The processing is carried out using automated processes;

The processing of the data is based on consent, or on a contract.

When exercising your right to data portability, you have the right to have the data transmitted directly from Ween.ai to another data controller that you designate when this is technically feasible.

Your right to the portability of your data must not adversely affect the rights and freedoms of others.

10.6- Right to Object

You have the right to object at any time, for reasons related to your particular situation, to the processing of data concerning you based on the legitimate interest of Ween.ai. In such a case, Ween.ai will no longer process the data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Note that you do not need to pay any fees to access your personal data or exercise your rights. However, we may charge reasonable fees if your request is clearly unfounded, repetitive, or excessive. We may also contact you to request additional information regarding your request in order to respond to you. Responses will be provided within one month. Exceptionally, this period may be exceeded by one month if your request is particularly complex.

11- RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

The competent supervisory authority for any requests concerning us is the National Commission on Informatics and Liberty (CNIL). If you wish to contact the CNIL regarding any requests, their contact details are as follows:

CNIL (COMMISSION NATIONALE DE L’INFORMATIQUE ET DES LIBERTÉS)3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07Phone: 01 53 73 22 22(Monday to Thursday from 9 am to 6:30 pm / Friday from 9 am to 6 pm)Fax: 01 53 73 22 00

If you wish to file a complaint with the CNIL, you can use the online complaint submission form available at: https://www.cnil.fr/fr/plaintes.

If you have a question about your data protection and freedom rights, you can visit the CNIL website at www.cnil.fr.

1- Introduction

Protecting your personal data is crucial to us. We commit to only collecting data necessary for ensuring optimal service, maintaining its confidentiality and security, including when engaging with service providers, and facilitating the exercise of your rights over your data. Thus, we comply with all applicable provisions regarding privacy and personal data protection, notably the law of January 6, 1978, as amended, relating to data processing, files, and freedoms, as well as the EU Regulation 2016/679 of April 27, 2016, concerning the protection of individuals with regard to the processing of personal data and the free movement of such data. This privacy policy outlines the personal data we collect, how it is used, and your rights in this respect. It applies to any user who accesses our AI platform and uses the services offered by our AI platform. We reserve the right to modify this privacy policy at any time. The most current version of this policy governs our use of your information and will always be available on our platform. If we were to make a substantial modification to this privacy policy, we commit to notifying you via your email address.

2- DATA CONTROLLER

Article 24 of the GDPR establishes the responsibility of the data controller for personal data processing. This article specifies in its first two points that:

"Taking into account the nature, scope, context, and purposes of the processing as well as the risks, of varying likelihood and severity, for the rights and freedoms of natural persons, the data controller shall implement appropriate technical and organizational measures to ensure and be able to demonstrate that processing is performed in accordance with this Regulation. These measures shall be reviewed and updated as necessary.Where proportionate in relation to processing activities, the measures referred to in paragraph 1 shall include the implementation of appropriate data protection policies by the data controller."

Ween.ai is considered the data controller for your personal data and is responsible for implementing appropriate technical and organizational measures to ensure the processing of your data in accordance with the GDPR. Ween.ai, a simplified joint-stock company with a share capital of 1,200 Euros, is registered in the Paris Trade and Companies Register under number 949372023, with its registered office located at 10 RUE DE PENTHIÈVRE 75008 PARIS.

3- DATA WE COLLECT

In the context of using our services and navigating our platform, Ween.ai collects several categories of data, details of which are provided below. These data originate from the information you provide when you register on the platform, when you use the platform to analyze your qualitative customer data, or when you communicate with Ween.ai. These personal pieces of information include:

Identification data (first name, email).

Qualitative data of your clients obtained with their consent, which are then anonymized and processed by the AI platform.

Exchanges conducted via the Assistance function.

Information about your interests to share with your teams.

Any limitation on the collection of these data may limit your ability to use certain features of our services.

4- PURPOSE

Ween.ai processes your personal data for specific, explicit, and legitimate purposes. In particular, these data are intended for:

Generating reports via the AI platform based on the qualitative data of your clients, whose consent was previously obtained by you;

The overall use and improvement of our services based on Machine Learning;

Communicating with you;

Responding to injunctions from legal authorities, particularly to combat fraud and more generally any criminally reprehensible activity.

5- LEGAL BASIS FOR PROCESSING

Ween.ai processes most of your personal data within the framework of the contract you agreed to when registering on the platform, through the acceptance of our general terms of use and/or, where applicable, sales. However, we may process certain data about you based on your consent, due to legal obligations, or to respond to our legitimate interest in processing them.

6- RECIPIENTS OR CATEGORIES OF RECIPIENTS

Ween.ai is the recipient of the collected personal data. We may also need to share certain information for legal reasons or in case of a dispute. Finally, we only communicate your personal data to companies or third parties in the following circumstances:

When necessary for external processing needs and/or improvement of our AI platform, and only in these cases, we transmit this data to our trusted providers who process it on our behalf, following our instructions or under a contractual agreement, in accordance with this privacy policy and respecting any other appropriate security and confidentiality measures. We may transfer your personal data to them only for the purposes set out below. In particular, we use our providers responsible for hosting, securing our information systems, and, where applicable, processing the qualitative data provided (including Open.AI). The list of our subcontractors can be communicated to you by sending your request to contact@Ween.ai.

We retain or disclose your information if we believe it is reasonably necessary to comply with any legal or regulatory obligation, any legal process or administrative request, to protect the safety of a person, to address any issue of a fraudulent, security, or technical nature, improve our AI platform, or to protect the rights or property of our users.

Ween.ai commits not to resell your data and not to transmit your personal data to any third party that may use it for its own purposes, especially for commercial and/or direct advertising purposes, without your express consent. Therefore, Ween.ai does not disclose personal information outside the situations described in this privacy policy.

7- TRANSFER OF DATA OUTSIDE THE EU

All our servers where your data is stored and those of the providers used for exchanging and storing these data are located in Europe.

In the event that Ween.ai resorts to using subcontractors located outside the European Union, we commit to ensuring that these subcontractors present protection measures recognized as sufficient under the GDPR. This may include subcontractors located in any other country recognized by the European Union as providing an adequate level of protection for personal data ("Adequacy Decision"), subject to a data transfer agreement conforming to the standard contractual clauses adopted by the European Commission, or any other measure of protection recognized as sufficient by the European Commission.

8- DATA RETENTION PERIOD

Ween.ai retains your information as long as your account remains active, unless you request the deletion of your information or your account. In some cases, we may retain information about you due to legal requirements or for other purposes, even if you delete your account.

Furthermore, anonymized qualitative data, as well as data necessary to establish the proof of a right or a contract in compliance with a legal obligation, may be subject to an intermediate archiving policy for a period corresponding to legal limitation periods (including the common law period of 5 years).

9- DATA SECURITY

Ween.ai implements appropriate technical and organizational measures to ensure the security, confidentiality, integrity, and availability of services and to protect data against destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored, or otherwise processed, or unauthorized access to such data.

Ween.ai commits to deploying all available means to ensure the security and confidentiality of this data, particularly through the following measures:

Most of our services are encrypted using HTTPS technology;

Access to your account is secured through a username and a password chosen by you.

Access to personal data is strictly limited to employees and clients of Ween.ai who need to access it in order to process it on our behalf. These individuals are subject to strict confidentiality obligations.

10- YOUR RIGHTS

In accordance with personal data protection regulations, you have the right to:

Access (Article 15 of the GDPR),

Rectification (Article 16 of the GDPR),

Erasure (Article 17 of the GDPR),

Restriction of processing (Article 18 of the GDPR),

Portability (Article 20 of the GDPR),

Opposition (Articles 21 and 22 of the GDPR).

10.1- Right of Access

‍You have the ability to obtain from Ween.ai confirmation as to whether or not personal data concerning you are being processed and, when they are, access to the said data as well as the following information:

The purposes of the processing;

The categories of data;

The recipients or categories of recipients to whom the data have been or will be communicated;

When possible, the envisaged period for which the data will be stored, or, when not possible, the criteria used to determine that period;

The existence of the right to request from Ween.ai rectification or erasure of personal data, or restriction of processing of your data, or the right to object to such processing;

The right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés);

Where the data are not collected from you, any available information as to their source; the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

When data are transferred to a third country or an international organization, you have the right to be informed of the appropriate safeguards relating to the transfer.

Your right to obtain a copy of your data should not adversely affect the rights and freedoms of others.

10.2 Right to Rectification

You have the opportunity to obtain from Ween.ai the prompt rectification of personal data concerning you that are inaccurate. You also have the ability to have incomplete data completed, including by providing a supplementary statement.

To facilitate the exercise of this right, we encourage you to make these modifications and additions directly on your account. If you believe that other data concerning you need to be changed or completed and you are unable to make these changes yourself, we invite you to request it directly from us by contacting us.

10.3- Right to Erasure, also known as the "Right to be Forgotten"

You have the right to obtain from Ween.ai the erasure, as soon as possible, of personal data concerning you when one of the following grounds applies, as provided by Article 17 of the GDPR:

The data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by Ween.ai;

You have withdrawn your consent on which the processing is based, and there is no other legal ground for the processing;

You exercise your right to object under the conditions mentioned below, and there are no overriding legitimate grounds for the processing;

The data have been unlawfully processed;

The data must be erased for compliance with a legal obligation;

The data have been collected in relation to the offer of information society services to a child.

The GDPR stipulates that: "the data subject shall have the right to obtain from the data controller the erasure of personal data concerning them without undue delay, and the data controller shall have the obligation to erase personal data without undue delay where one of the specified grounds applies."

10.4- Right to Restriction of Processing

You have the right to obtain from Ween.ai the restriction of processing of your data when one of the following applies:

Ween.ai is verifying the accuracy of the data following your contestation of the accuracy of the data;

The processing is unlawful, and you oppose the erasure of the data and instead request the restriction of their use;

Ween.ai no longer needs the data for processing purposes, but they are still required by you for the establishment, exercise, or defense of legal claims;

You have objected to processing pending the verification of whether the legitimate grounds of Ween.ai override your reasons.

10.5- Right to Data Portability

You have the right to receive from Ween.ai the personal data concerning you, in a structured, commonly used, and machine-readable format when:

The processing is carried out using automated processes;

The processing of the data is based on consent, or on a contract.

When exercising your right to data portability, you have the right to have the data transmitted directly from Ween.ai to another data controller that you designate when this is technically feasible.

Your right to the portability of your data must not adversely affect the rights and freedoms of others.

10.6- Right to Object

You have the right to object at any time, for reasons related to your particular situation, to the processing of data concerning you based on the legitimate interest of Ween.ai. In such a case, Ween.ai will no longer process the data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Note that you do not need to pay any fees to access your personal data or exercise your rights. However, we may charge reasonable fees if your request is clearly unfounded, repetitive, or excessive. We may also contact you to request additional information regarding your request in order to respond to you. Responses will be provided within one month. Exceptionally, this period may be exceeded by one month if your request is particularly complex.

11- RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

The competent supervisory authority for any requests concerning us is the National Commission on Informatics and Liberty (CNIL). If you wish to contact the CNIL regarding any requests, their contact details are as follows:

CNIL (COMMISSION NATIONALE DE L’INFORMATIQUE ET DES LIBERTÉS)3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07Phone: 01 53 73 22 22(Monday to Thursday from 9 am to 6:30 pm / Friday from 9 am to 6 pm)Fax: 01 53 73 22 00

If you wish to file a complaint with the CNIL, you can use the online complaint submission form available at: https://www.cnil.fr/fr/plaintes.

If you have a question about your data protection and freedom rights, you can visit the CNIL website at www.cnil.fr.