This policy describes the data processing carried out by AAIS, a simplified joint-stock company located at 13 rue du Mont Verdun, 69410 Champagne au Mont D’or, and registered with the Lyon Trade and Companies Register under number 6201Z, in the context of the use of the website https://www.aais.ai/ (the Website) and the implementation of its phishing simulation, data breach analysis, and cybersecurity training solutions (the Solutions).
AAIS and Personal Data
For the purposes of this policy, personal data has the meaning defined in Article 4 of the General Data Protection Regulation (GDPR).
This data is collected, recorded, and stored in compliance with the provisions of the law relating to data processing, files, and freedoms of January 6, 1978 in its current version, as well as with the provisions of Regulation (EU) No. 2016/679 (GDPR).
Nature of the processing and data collected for which AAIS acts as a data controller - applicable legal bases
Nature of the main processing activities carried out as a data controller and applicable legal bases:
|Types of Data
|Contact Requests Management
|Name, First Name; Function / Employer; Content of the request
|Quote Requests Management
|Name, First Name, Company Name, Email, Phone Number, Products, Language, Company Size
|Contract and pre-contractual measures
|Subscription to the Newsletter
|Until consent is withdrawn
|Demo Requests Management
|Email and phone number
|Free Trial Requests Management
|Names, First Names, Email, and phone number
|Offer of Training Services
|Name, participant&aposs first name, Name of the client to which the participant belongs, Nature of the training followed, Date and duration of the training
|Administrator Account Management and Creation
|Names, First Names, Function, Employer&aposs contact information, Professional contact details (email/phone/employer&aposs name/address), Username and password, Login data
|Until account closure
|Contracts and pre-contractual measures
|Monitoring of Inactive Accounts
|Account data, Time since last use
|Contracts and pre-contractual measures
|Management of Requests to Exercise Rights under the GDPR
|Name, First Name, Nature of the encountered issue, Content of the request, Data covered by a request if applicable, Consent acquisition methods
|Duration of pre-litigation and litigation processing
|Legal and regulatory obligations
Only data necessary for the mentioned processing is subject to processing.
Nature of the processing and data collected for which AAIS acts as a data processor
Transfer of personal data outside the European Union
AAIS does not transfer personal data outside the European Union.
In the event that a client or a subcontractor is located outside the European Union or in a country benefiting from an adequacy decision, AAIS will conclude standard contractual clauses of the European Commission with this client or subcontractor to frame the conditions of the transfer and access to personal data.
Security and confidentiality of personal data
AAIS takes all necessary measures to ensure that access to personal data is strictly limited to individuals who need access as part of the provision of its services.
Notably, AAIS ensures that individuals authorized to process personal data for the provision of services commit to respecting an obligation of confidentiality or are subject to an appropriate obligation of confidentiality.
AAIS also commits to implementing sufficient and appropriate technical measures to preserve the integrity and confidentiality of personal data and to protect them against accidental or unlawful destruction, loss, alteration, dissemination, or unauthorized access, as well as against any other form of unlawful processing. These measures must ensure, considering the state of the art and the costs related to their implementation, an appropriate level of security in view of the risks presented by the processing and the nature of the personal data to be protected. AAIS uses secure means of communication to process personal data.
Rights of individuals
AAIS collects the personal data mentioned in this policy from the representatives of its clients, visitors to the Site, and users of its solutions.
Individuals concerned have the right to access, rectify, and erase their personal data, which can be exercised by sending an email to the address: [email protected]
In case of difficulties in the processing of their personal data, concerned individuals can contact the CNIL or any competent authority.
Some cookies are strictly necessary for the functioning of the Site and the Solutions.