Article 24 of the GDPR establishes the responsibility of the data controller for personal data processing. This article specifies in its first two points that:
"Taking into account the nature, scope, context, and purposes of the processing as well as the risks, of varying likelihood and severity, for the rights and freedoms of natural persons, the data controller shall implement appropriate technical and organizational measures to ensure and be able to demonstrate that processing is performed in accordance with this Regulation. These measures shall be reviewed and updated as necessary.Where proportionate in relation to processing activities, the measures referred to in paragraph 1 shall include the implementation of appropriate data protection policies by the data controller."
Ween.ai is considered the data controller for your personal data and is responsible for implementing appropriate technical and organizational measures to ensure the processing of your data in accordance with the GDPR. Ween.ai, a simplified joint-stock company with a share capital of 1,200 Euros, is registered in the Paris Trade and Companies Register under number 949372023, with its registered office located at 10 RUE DE PENTHIÈVRE 75008 PARIS.
In the context of using our services and navigating our platform, Ween.ai collects several categories of data, details of which are provided below. These data originate from the information you provide when you register on the platform, when you use the platform to analyze your qualitative customer data, or when you communicate with Ween.ai. These personal pieces of information include:
Any limitation on the collection of these data may limit your ability to use certain features of our services.
Ween.ai processes your personal data for specific, explicit, and legitimate purposes. In particular, these data are intended for:
Ween.ai is the recipient of the collected personal data. We may also need to share certain information for legal reasons or in case of a dispute. Finally, we only communicate your personal data to companies or third parties in the following circumstances:
All our servers where your data is stored and those of the providers used for exchanging and storing these data are located in Europe.
In the event that Ween.ai resorts to using subcontractors located outside the European Union, we commit to ensuring that these subcontractors present protection measures recognized as sufficient under the GDPR. This may include subcontractors located in any other country recognized by the European Union as providing an adequate level of protection for personal data ("Adequacy Decision"), subject to a data transfer agreement conforming to the standard contractual clauses adopted by the European Commission, or any other measure of protection recognized as sufficient by the European Commission.
Ween.ai retains your information as long as your account remains active, unless you request the deletion of your information or your account. In some cases, we may retain information about you due to legal requirements or for other purposes, even if you delete your account.
Furthermore, anonymized qualitative data, as well as data necessary to establish the proof of a right or a contract in compliance with a legal obligation, may be subject to an intermediate archiving policy for a period corresponding to legal limitation periods (including the common law period of 5 years).
Ween.ai implements appropriate technical and organizational measures to ensure the security, confidentiality, integrity, and availability of services and to protect data against destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored, or otherwise processed, or unauthorized access to such data.
Ween.ai commits to deploying all available means to ensure the security and confidentiality of this data, particularly through the following measures:
In accordance with personal data protection regulations, you have the right to:
You have the ability to obtain from Ween.ai confirmation as to whether or not personal data concerning you are being processed and, when they are, access to the said data as well as the following information:
Your right to obtain a copy of your data should not adversely affect the rights and freedoms of others.
You have the opportunity to obtain from Ween.ai the prompt rectification of personal data concerning you that are inaccurate. You also have the ability to have incomplete data completed, including by providing a supplementary statement.
To facilitate the exercise of this right, we encourage you to make these modifications and additions directly on your account. If you believe that other data concerning you need to be changed or completed and you are unable to make these changes yourself, we invite you to request it directly from us by contacting us.
You have the right to obtain from Ween.ai the erasure, as soon as possible, of personal data concerning you when one of the following grounds applies, as provided by Article 17 of the GDPR:
The GDPR stipulates that: "the data subject shall have the right to obtain from the data controller the erasure of personal data concerning them without undue delay, and the data controller shall have the obligation to erase personal data without undue delay where one of the specified grounds applies."
You have the right to obtain from Ween.ai the restriction of processing of your data when one of the following applies:
You have the right to receive from Ween.ai the personal data concerning you, in a structured, commonly used, and machine-readable format when:
When exercising your right to data portability, you have the right to have the data transmitted directly from Ween.ai to another data controller that you designate when this is technically feasible.
Your right to the portability of your data must not adversely affect the rights and freedoms of others.
You have the right to object at any time, for reasons related to your particular situation, to the processing of data concerning you based on the legitimate interest of Ween.ai. In such a case, Ween.ai will no longer process the data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
Note that you do not need to pay any fees to access your personal data or exercise your rights. However, we may charge reasonable fees if your request is clearly unfounded, repetitive, or excessive. We may also contact you to request additional information regarding your request in order to respond to you. Responses will be provided within one month. Exceptionally, this period may be exceeded by one month if your request is particularly complex.
The competent supervisory authority for any requests concerning us is the National Commission on Informatics and Liberty (CNIL). If you wish to contact the CNIL regarding any requests, their contact details are as follows:
CNIL (COMMISSION NATIONALE DE L’INFORMATIQUE ET DES LIBERTÉS)3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07Phone: 01 53 73 22 22(Monday to Thursday from 9 am to 6:30 pm / Friday from 9 am to 6 pm)Fax: 01 53 73 22 00
If you wish to file a complaint with the CNIL, you can use the online complaint submission form available at: https://www.cnil.fr/fr/plaintes.
If you have a question about your data protection and freedom rights, you can visit the CNIL website at www.cnil.fr.