Alviss

Privacy policy

1. Who are we?

1.1 Person in charge of processing

The following information is communicated to you so that you can take note of the commitments in terms of protection of personal data of :

ALVIS.AI, a simplified joint stock company with registered office at 29 rue Oudry 75013 Paris which acts as data controller for the processing of personal data referred to in this document, hereinafter referred to as "the Data Controller" or "we".

1.2 Our data processing and freedom policy manager

The Data Controller has appointed a person responsible for the data processing and freedom policy that you can contact at the following address

- by e-mail to the following address pavel@alviss.ai; or

- by mail at the following address 29 rue Oudry 75013 Paris.

2. The personal data that we process and the origin of the data

Within the framework of the processing of personal data, the Data Controller collects and processes the following data:

-  title, surname, first name(s), user name, e-mail address, photograph, profession;

In addition, we use the data you provide directly when you create a user account on the website www.alviss.ai. or with your consent. During each of your visits, we may collect, in accordance with the applicable legislation and with your consent, where appropriate, information relating to :

- the devices on which you use our services;

- or the networks from which you access our services, such as your IP addresses, connection data, types and versions of web browsers used, types and versions of your browser plug-ins, operating systems and platforms, data concerning your browsing path on the Site, including your path on the Site, the content you access or consult, etc...

Among the technologies used to collect this information, we notably use cookies.

3. Purposes and legal basis of our data processing

3.1 The purposes of our treatments

The treatments that we implement are implemented to ensure the following purposes:

Consent of the registered visitors of the Internet Site	Account Creation Management of the contents on the site Management of comments on the Site Content Management of newsletters (newsletter)
Consent of all visitors to the website	Geolocalisation Management of the cookies on the Internet Site
Execution of the contract or execution of pre-contractual measures	Account management Claims and termination management Management of banking information
Legal obligation (GDPR, art. 21)	Management of the right of opposition
Legitimate interest in improving the services of ALVISS.AI	Management of the commercial relationship Fraud and delinquency management Carrying out statistical analyses of Site use Measures of system operation Conducting satisfaction surveys

3.2 The legal basis of our treatments

We only implement data processing if at least one of the following conditions is met :

- your consent to the processing operations has been obtained;

- the existence of the legitimate interest of ALVISS.AI, or that of a third party, justifies that we implement the processing of personal data concerned: ALVISS.AI analyzes the data of the publications and users of the platform in order to promote the democratization of the process of publication and dissemination of these data. ALVISS.AI seeks to provide the best information to users adapted to their profession and interests. ALVISS.AI also uses certain personal data for the management of the Site;

- the execution of a contract that binds us requires ALVISS.AI to implement the processing of personal data concerned;

- we are bound by legal and regulatory obligations that require the implementation of the processing of the personal data concerned.

3.3. Legitimate interests pursued

Legitimate interests that are pursued by the Data Controller may include enabling business continuity, improving the consumer experience, building consumer loyalty, and understanding consumer expectations.

4. Recipients of your data

The personal data that we collect, as well as those that are collected subsequently, are intended for us in our capacity as Data Controller.

We ensure that only authorized persons have access to these data. Our subcontractors / service providers may receive this data in order to perform the services we entrust to them.

Your personal data may be reconciled, pooled or shared among all the parent, sister and subsidiary entities of the Data Controller.

They may be communicated to these entities for the purposes set out in this information notice. These operations are carried out on the basis of instruments that comply with the applicable regulations and are capable of ensuring the protection and respect of your rights.

5. Transfers of your data

As part of the services offered, we transfer your personal data to recipients located in the following countries: United States.

Each of these transfers is governed by legal instruments in accordance with the applicable legal framework.

Some countries listed benefit from an adequacy decision, which means that they offer your personal data a degree of protection equivalent to that which is in force on the territory of the European Union.

The data controller benefits from one of the derogations provided for in Article 49 of the GDPR.

The transfer made to other countries benefits from the derogations provided for in Article 49 of the GDPR because the transfer is carried out on the basis of the derogation (g) of Article 49 of the GDPR.

6. The periods for which we keep your data

The retention periods we apply to your personal data are proportionate to the purposes for which they were collected.

Accordingly, we organize our data retention policy as follows:

Purposes	Shelf life
Management of newsletters (newsletter)	Until unsubscribed by the visitor or three years from the last contact.
Management of cookies on the website Measurement of system operation	13 months maximum from the consent of the person concerned
Management of subscription and/or contract execution - Account creation	For the duration of the contractual relationship and for a period of 3 years from the last contact. After the execution of the contract, in intermediate archiving, to meet a legal accounting obligation (10 years) and to constitute proof in the event of litigation and within the limit of the applicable limitation period of five years.
Geolocation management	Until withdrawal of consent
Management of payment claims	13 months from the debit date or 15 months in the case of deferred debit cards. The data thus retained for evidentiary purposes must be kept in an intermediate archive and used only in the event of a dispute over the transaction.
Managing Comments and Notices on the Site	Until the account is deleted by the user. And in the absence of any movement on the account within 2 years, the account is considered inactive. The User concerned is then warned and the account is deleted within 6 months from the warning.
Managing Comments and Notices on the Site	Until the account is deleted by the user or the content is deleted. Anonymized thereafter.
Management of banking information	Until full payment
Management of the right of opposition	In order to guarantee its effectiveness, the information allowing this right to be taken into account must be kept for at least 3 years. This data may not be used for any other purpose than the management of the right of opposition and only the data necessary to take into account the right of opposition must be kept (e.g.: e-mail address).
Fraud and delinquency management	The data relating to Users on misuse, fraudulent content, will be kept in the active database for 12 months. The data relating to unpaid invoices will be kept until payment of the amounts due. At the end of this period, the data will be kept in intermediate archiving on an independent external base, accessible only to authorized employees and for specific requests, within the 5-year limitation period.
Carrying out statistical analyses of Site use	Anonymized
Conducting satisfaction surveys	3 years from the last contact
Exercise of the right of persons (excluding the right of opposition)	1 year from the request to exercise the right

7. The rights you are entitled to

7.1 How to exercise your rights

You may exercise your rights

- by email at pavel@alviss.ai, or

- by mail at the following address: 29 rue Oudry 75013 Paris.

To do so, you must clearly indicate your surname(s) and first name(s), the address to which you would like the reply to be sent.

As a matter of principle, you may exercise all your rights free of charge. However, with regard to the right of access, you may be asked to pay a reasonable fee based on administrative costs for any copy of the data you request.

As regards the right to information, the Data Controller will not be obliged to act upon it when you already have the information you request.

The Data Controller will inform you if he cannot comply with your requests.

These rights are not absolute and are subject to different conditions under:

- the applicable local personal data protection or privacy law; and

- the laws and regulations that apply to you.

The Data Controller wishes to inform you that the non-notification or modification of your data may have consequences in the processing of certain requests in the context of the execution of contractual relations and that your request for the exercise of your rights will be kept for follow-up purposes for 6 years concerning the exercise of the right to object and 1 year concerning the exercise of the other rights.

All the rights you benefit from are detailed below.

7.2 Your right to information

You acknowledge that this information notice informs you of the purposes, legal framework, interests, recipients or categories of recipients with whom your personal data is shared, and the possibility of a data transfer to a third country or to an international organization.

In addition to this information and with the aim of guaranteeing fair and transparent treatment of your data, you declare that you have received additional information concerning :

- how long your personal data will be kept;

- the existence of the rights that are recognized for your benefit and the modalities of their exercise.

If we decide to process data for purposes other than those indicated, you will be informed of the new purposes.

7.3 Your right to access and rectify your data

By exercising this right, you have the confirmation that your personal data are or are not processed and when they are processed, you have access to your data as well as to information concerning:

- the purposes of the processing;

- the categories of personal data concerned;

- the recipients or categories of recipients, in particular recipients who are established in third countries;

- where possible, the intended period of retention of the personal data or, where this is not possible, the criteria used to determine this period;

- the existence of the right to ask the Controller for the correction or deletion of your personal data, the right to request a limitation of the processing of your personal data, the right to object to such processing;

- the right to lodge a complaint with a supervisory authority;

- information on the source of the data when they are not collected directly from the data subjects;

- the existence of automated decision making, including profiling, and in the latter case, useful information concerning the underlying logic, as well as the importance and the expected consequences of this processing for the data subjects.

You may request that your personal data be corrected or completed, as appropriate, if they are inaccurate, incomplete, ambiguous or out of date.

7.4 Your right to have your data deleted

You may request us to delete your personal data when one of the following reasons applies:

- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

- you withdraw the consent previously given ;

- you object to the processing of your personal data when there is no legal ground for such processing;

- the processing of personal data does not comply with the provisions of the applicable laws and regulations;

- your personal data was collected when you were a minor.

Nevertheless, the exercise of this right will not be possible when the retention of your personal data is necessary under the law or regulation and in particular for example for the establishment, exercise or defence of legal rights.

7.5 Your right to limit data processing

You may request the limitation of the processing of your personal data in the cases provided for by laws and regulations.

7.6 Your right to object to data processing (unsubscribe)

You have the right to object to the processing of personal data concerning you when the processing is based on the legitimate interest of the Data Controller.

In the case of direct communication, this right may be exercised by any means, in particular by clicking on the unsubscribe links at the bottom of the communications sent.

7.7 Your right to the portability of your data

You have the right to the portability of your personal data.

The data on which this right can be exercised are:

- only your personal data, which excludes anonymized personal data or data that does not concern you;

- declarative personal data as well as personal operating data;

- personal data that does not infringe the rights and freedoms of third parties such as those protected by business secrecy.

This right is limited to processing based on consent or a contract as well as to personal data that you have personally generated.

This right does not include derived or inferred data, which are personal data created by the Data Controller.

7.8 Your right to withdraw your consent

Where the data processing we implement is based on your consent, you may withdraw it at any time. We will then stop processing your personal data without jeopardizing the previous operations for which you consented.

7.9 Your right of recourse

You have the right to lodge a complaint with the competent supervisory authority, without prejudice to any other administrative or jurisdictional recourse.

7.10 Your right to set post-mortem guidelines

You have the possibility to define guidelines for the storage, deletion and communication of your personal data after your death with a trusted third party, certified and responsible for enforcing the wishes of the deceased, in accordance with the requirements of the applicable legal framework.