1. Data controller

CO2 AI, a French simplified joint-stock company (SAS) registered under number 949 056 766 RCS Nanterre, with its registered office at 14 rue Beffroy, 92200 Neuilly-sur-Seine, France (“CO2 AI” or “we”), is the controller of your personal data.

2. What data do we collect about you?

We collect the following personal data:

– Data you (or your organization) give us. This is information you give us when you submit a request demo form (e.g., your name and email address), when you subscribe to join our email list while you submit the request demo form, by corresponding with us (e.g., by email) or when you subscribe to our services on behalf of your organization. It includes information you provide when you report a problem with the Site. If you contact us, we will keep a record of that correspondence.The information we request from you that is necessary to respond to your requests is identified by an asterisk or equivalent on the collection forms or is otherwise specified as such at the time of collection. If you do not complete the required fields or provide information marked as mandatory, we will not be able to provide you with the requested services or respond to your requests.

– Data we collect automatically. When you visit our Site, data is automatically recorded via your browsing traces either directly via server event logs (the log files) or indirectly via third-party cookies. This is your browsing data. This data includes data relating to your connection to the Site (IP address, activity etc.) and data relating to the equipment you are using (type of equipment, operating system and settings).

– Data we collect indirectly. We may collect professional information about you from (a) your public profiles on a professional social network that you use and (b) your private profiles if we are linked to those networks. It may also include data that is publicly available and/or provided by partners, third parties or service providers in connection with the matching or provision of data.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

This Site and our services are not designed for or intended for minors. We do not knowingly solicit or collect personal data from minors. Persons under the age of 18 may not do business with CO2 AI. If we discover that we have collected information from a minor, we will delete it. Please contact us at the contact information indicated in Section ‎6 below if you believe you have provided us with information about a minor.

3. Why do we process your personal data?

We only process your personal data where we have a lawful basis to do so, for the following purposes:

Processing necessary for our legitimate interests:

– Improving the Site content and navigation and maintaining a secure environment;
‍
– Execution of subscription agreements: provision of subscribed services, invoicing and payments, compliance with contractual commitments;
‍
– Managing the commercial relationship with our existing customers;
‍
– Sending marketing communications to our existing and potential clients, in order to make us known and develop our activity;
‍
– Compiling business statistics, after having made your data anonymous or in any case after having implemented processes intended to prevent your re-identification;
‍
– Defending our interests in the event of a dispute or legal action.

Processing performed with your consent:

– Tailoring and personalizing the Site and its content, improving the Site and service experience, conduct research to improve Site conversion and interaction content, improving navigation, improving search results, recommending content based on industry/company/interest/location/searches, improving/understanding needs for existing service improvements/roadmaps, developing new services

Processing necessary to comply with our legal obligations: some of your data is also processed to comply with our legal obligations and to defend our interests in the event of litigation or legal action.

4. How long will your personal data be processed?

We keep your personal data for the time strictly necessary for the purposes set out herein and in accordance with applicable regulations. In particular:

– Data processed for the management of contracts and customer relationship: for the duration of the contractual relationship, as long as you are our point of contact at our customer.

– E-marketing options: If you are our point of contact at the client company, we will send you marketing communications until you unsubscribe by using the unsubscribe link provided in the communications. If your organization is not yet a client, your data will be deleted 3 years after your last interaction (click) with an email we sent you.

Please note that your data may be retained for longer periods of time, for example to establish proof of a right or to comply with a legal obligation. In any case, your data is not kept beyond what is strictly necessary for the purposes for which it is processed. When your data is no longer required, we will ensure that it is deleted or anonymized.

5. Where is your personal data processed?

Your processed personal data is hosted in the European Union.

6. With whom do we share your personal data?

We share your personal data only with:

– our duly authorized personnel, who need access to your data in the course of their duties in connection with the purposes described above;
‍
– our service providers who act as data processors;
‍
– our external advisors (lawyers, auditors, etc.), when necessary for our legitimate interests; and
‍
– public or judicial authorities, when we are legally obliged to do so or to protect our rights or the rights of third parties.

We may also share your personal data with third parties in connection with a potential or actual sale or restructuring of our company or certain of our assets, in which case your data may be part of the transferred assets.

Please note this list is non-exhaustive and there may be other examples where we need to share with other parties where justified by our legitimate interest, permitted by applicable law, or necessary for compliance with a legal obligation to which we are subject.

In this context, your personal data may be transferred outside the European Economic Area (EEA), to countries not offering a level of protection of personal data equivalent to that offered within the EEA, such as the US. In the absence of an adequacy decision of the European Commission, the transfer of your personal data will be made pursuant to standard contractual clauses adopted by the European Commission, as appropriate. You can obtain a copy of the relevant safeguard by contacting us at the contact details set out in Section ‎6 “Contact”, although some details may be redacted for confidentiality reasons.

7. What are your rights?

In accordance with applicable data protection laws, you have the right to:

– withdraw your consent to any processing of your data based on your consent at any time;
‍
– ask us to confirm whether we are processing your data and, if so, to inform you of the characteristics of the processing, allow you to access it and obtain a copy;
‍
– ask us to correct or complete your data if it is incorrect or incomplete;
‍
– ask us to delete your data or to limit the processing;
‍
– ask us to provide you with your data in a structured, commonly used and machine-readable format, or you can request that it be transmitted directly to another controller;
‍
– set out instructions (general or specific) as to what happens to your data after your death;
‍
– object to any processing of your data that is based on our “legitimate interest”. If you exercise this right, we must cease processing unless we demonstrate imperative and legitimate grounds that override your fundamental rights and freedoms, or for the establishment, exercise or defense of legal claims; and
‍
– object at any time to the processing of your data for commercial prospection purposes.

You can exercise your rights by contacting us at the email address indicated in in Section ‎6 “Contact”.

You also have the right to lodge a complaint with the competent supervisory authority regarding the processing of your data. In France, the supervisory authority for the protection of personal data is the CNIL (www.cnil.fr).

8. Contact

If you have further questions on the topic of data protection, or if you want to exercise your data protection rights, please contact us via: dpo@co2ai.com.

9. Updating the Privacy policy

We may amend this Privacy Policy from time to time, in particular to comply with any legislative or regulatory, case law, editorial or technical developments. We will notify you in the event of a material change.