Personal Data Protection Policy
Website « www.aicet.eu »
Applicable as of 1st December 2025
- PREAMBLE
This policy is that of the company Numalis (hereinafter « NUMALIS »), a simplified joint-stock company (SAS) with a share capital of €149,760, whose registered office is located at Bureaux du Polygone, 265 avenue des Etats du Languedoc, 34000 Montpellier, France, registered with the Montpellier Trade and Companies Register under number 814 614 020.
NUMALIS’s contact details are as follows:
- Tel: + 33 (0)4 67 15 10 78
- Email: administration [at] numalis.com
NUMALIS specializes in the design, development, and publishing of computer programmes and the provision of IT services, particularly in the field of artificial intelligence. As part of its activity, it develops and publishes innovative software offering tools for explainability, robustness testing, and validation of Artificial Intelligences (AI). NUMALIS notably publishes the « AICET » solution, a solution allowing the optimisation of design, training, testing, and validation of artificial intelligence models.
NUMALIS publishes this website www.aicet.eu (hereinafter the « Site ») dedicated to the « AICET » solution, allowing persons accessing it (hereinafter the « Users ») to:
- Access information about the « AICET » solution and the company’s activity;
- Contact NUMALIS via a contact form;
- Book an appointment with NUMALIS for a demonstration of the solution;
In this context, NUMALIS is required to process personal data concerning Users.
NUMALIS undertakes, within the framework of the personal data processing it carries out, to comply with all regulations regarding personal data, in particular the General Data Protection Regulation (EU) No. 2016/679 of 27 April 2016 regarding the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the « GDPR »), the Law No. 78-17 of 6 January 1978 relating to information technology, files and freedoms known as the revised « French Data Protection Act » (Loi Informatique et Libertés), the Law for a Digital Republic No. 2016-1321 of 7 October 2016, and the decrees issued for their application (hereinafter the « Regulations relating to personal data protection »).
NUMALIS limits the collection of personal data to what is strictly necessary in application of the data minimisation principle.
In application of the Regulations relating to personal data protection, this policy explains to Users the processing of Personal Data concerning them carried out by NUMALIS, and informs them about:
- The personal data collected by NUMALIS;
- The reasons why NUMALIS processes this data (purposes and legal bases);
- The duration for which NUMALIS retains this data (retention periods);
- The third-party recipients of this data and any data transfers carried out;
- The rights they have over their Personal Data;
- The cookies deposited during the use of the Site.
NUMALIS reserves the right to modify this policy at any time, in order to provide up-to-date information on the personal data processing it carries out.
- GLOSSARY
« Legal Basis »: refers to the basis on which the processing is founded. Processing is only lawful if, and to the extent that, it falls under one of the six bases provided for by the GDPR (Art. 6).
« Data Protection Officer » or « DPO »: refers to the natural or legal person who advises and assists NUMALIS in compliance with the Regulations relating to Personal Data Protection.
« Personal Data » or « Data »: refers to any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
« User »: refers to any person who navigates the Site and uses it.
« Policy »: refers to this personal data protection policy.
« Data Controller »: refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing. Within the framework of this Policy, NUMALIS acts as the data controller.
« Processing »: refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
Within the framework of this Policy, the Data Controller is the company NUMALIS. NUMALIS’s contact details are as follows:
SAS NUMALIS
Bureaux du Polygone, 265 avenue des Etats du Languedoc, 34 000 Montpellier, France
Tel: + 33 (0)4 67 15 10 78 / Email: administration [at] numalis.com
- IDENTITY AND CONTACT DETAILS OF THE DATA PROTECTION OFFICER
NUMALIS has appointed a Data Protection Officer whose contact details are as follows:
Data Protection Officer
Bureaux du Polygone, 265 avenue des Etats du Languedoc, 34 000 Montpellier, France
rgpd [at] numalis.com
- PERSONAL DATA COLLECTED
NUMALIS collects the following Personal Data on or via the Site when Users:
- Browse the Site;
- Contact NUMALIS, particularly via the contact form;
- Book an appointment with NUMALIS for a demonstration of the « AICET » solution;
| Data Categories | Data Collected |
|---|---|
| Identity and contact details | Surname, first name and title, email address, phone number, full address, internal client code assigned by us. |
| Professional life | Profession, economic category, activity. |
| Relationship follow-up data | Requests for documentation, trials, information on NUMALIS products and/or services, correspondence, exchanges with the sales department, reviews of products and services, any complaints, requests for technical support. |
| Connection data / Metadata | Anonymised User ID, Page visited and referring page, dates and times of connection, location (country), actions performed on the Site (e.g., features most used by the User, interactions, durations, clicks, etc.), etc. |
| Device configuration information | Operating system, browser, device (computer, tablet, mobile), screen resolution. |
- PURPOSE OF DATA COLLECTED
Users’ Personal Data is processed by NUMALIS solely for the purposes described in the table below.
This processing may be carried out for various reasons, determined by NUMALIS:
- To perform a contractual obligation (Legal basis: performance of a contract)
- To comply with a legal obligation (Legal basis: legal obligation)
- Because it has a legitimate interest in processing them (Legal basis: legitimate interest)
- Because the User has given their consent (Legal basis: consent)
Data is retained for the time necessary to achieve the pursued purposes, in accordance with the retention periods specified in the table below. These periods are extended by the retention period necessary to meet legal, accounting, financial, and tax obligations, for dispute resolution, and notably, to prevent potential illegal behaviour. They are defined in accordance with the recommendations of the French Data Protection Authority (CNIL).
| Purpose | Legal Basis | Retention Period |
|---|---|---|
| Contact and follow-up of the relationship with Users Processing User information requests, tracking prospecting actions, establishing contact, appointment booking, etc. |
Legitimate interest of NUMALIS to develop its commercial activity and respond to requests for information relating to its products and/or services | Up to 3 years from the last contact with the User |
| Prospecting to professionals (B2B) | Legitimate interest of NUMALIS to send its commercial offers to professionals likely to be interested in the products and/or services it provides | Up to 3 years from our last contact with you. You can object to our prospecting operations. |
| Prospecting to consumers (B2C) Prospecting related to products or services similar to those already provided |
Legitimate interest of NUMALIS to propose related products or services to persons who have already consumed products and/or services |
Up to 3 years from the last contact with the User. You have the right to object to receiving our commercial prospecting |
| Prospecting to consumers (B2C) Prospecting by email or SMS (except for similar products or services) |
Consent |
Up to 3 years from the last contact with the User or until withdrawal of consent You can withdraw your consent at any time |
| Prospecting to consumers (B2C) Telephone prospecting |
Consent |
Up to 3 years from the last contact with the User or until withdrawal of consent You can withdraw your consent at any time We inform you of the existence of the « Bloctel » telephone anti-solicitation list, on which you can register here: https://www.bloctel.gouv.fr/ |
| Newsletter sending Sending documentation (white papers, guides, etc.) |
Consent |
Up to 3 years from the last contact with the User or until withdrawal of consent You can withdraw your consent at any time |
| Management of an opposition list | Legitimate interest of NUMALIS to know which persons it is no longer authorised to prospect. | For 3 years from the exercise of the right to object |
| Management of GDPR rights requests | Legal obligation | For 5 years from the request to exercise the right |
| Management of complaints and litigation | Legitimate interest of NUMALIS to establish proof of a right or the proper performance of its contractual obligations where applicable | For the entire duration of the limitation period applicable to the relationship (e.g.: up to 5 years for civil limitation) |
| Log journaling / IT system security | Legitimate interest of NUMALIS to ensure traceability of access and actions performed on the Site, notably to detect malicious behaviour and preserve the security of its information system and the Site | 1 year |
| Purposes of data processing collected via cookies and trackers (Audience and performance measurement, generation of navigation statistics, detection of navigation problems) See the Cookie Policy for details of cookies used and their purposes |
Legitimate interest of NUMALIS to ensure the proper technical functioning of the Site, understand its performance, understand how users use it, generate statistics or Consent for the deposit of certain cookies (notably audience measurement) See the Cookie Policy (Article 12 of the Policy) |
Data collected via audience measurement cookies is kept for a maximum duration of 25 months Other data collected via cookies is kept for a maximum duration of 6 months |
When « Consent » is listed in the « legal basis » column of the table, this means that NUMALIS may process the Data for the relevant purpose only if the User gives their express consent to do so, notably by ticking a box inviting them to do so on the Site.
The User may withdraw their consent at any time by contacting NUMALIS at the contact details indicated in this Policy or by any technical means made available (unsubscribe link in the newsletter or prospecting actions in particular).
- RECIPIENTS OF PERSONAL DATA
Personal Data collected by NUMALIS on or via the Site is processed by:
- Its teams
Data may be communicated to all NUMALIS teams who need it to carry out their missions.
Example: the sales team for prospecting operations, the technical department for development and maintenance, the customer service department to handle requests for information on products and services, etc.
- Its technical subcontractors (hosting, software publishers, etc.)
NUMALIS uses different technical service providers for different reasons:
| Identity of the subcontractor | Reasons for subcontracting |
|---|---|
| Infomaniak | Site Hosting |
- Administrative and judicial authorities
NUMALIS may be required to communicate certain Data to administrative or judicial authorities when it receives a judicial requisition or when the law requires it.
No transmission of Personal Data to third parties is carried out for commercial purposes.
- DATA TRANSFERS OUTSIDE THE EUROPEAN UNION
Some of NUMALIS’s technical subcontractors may process certain Data outside the European Union. Where this is the case, NUMALIS ensures beforehand that the subcontractors in question take adequate guarantees compliant with the GDPR.
List of possible data transfers outside the European Union and adequate guarantees taken:
| Recipient concerned by the transfer outside the EU | Adequate guarantees | Countries concerned by the transfer |
|---|---|---|
| Infomaniak | Adequacy decision with Switzerland | Switzerland |
- SECURITY OF PERSONAL DATA
In accordance with the provisions of Article 32 of the GDPR, NUMALIS implements the necessary technical and organisational means to guarantee a level of security adequate and compliant with the state of the art, notably to prevent the theft, loss, alteration, disclosure, or unauthorised modification of Data, depending on the sensitivity thereof and the processing purposes pursued.
However, NUMALIS draws Users’ attention to the fact that the Internet is not a completely secure environment, and it cannot guarantee the absence of Data breaches nor be held responsible in the event of Data breaches due to force majeure reasons beyond its control.
- USERS’ RIGHTS OVER THEIR PERSONAL DATA
Under the conditions provided for by the Regulations relating to personal data protection, Users have the following rights:
| Right of access | Right to request access to all Data concerning them. |
| Right to rectification | Right to request the correction of Data concerning them if it is inaccurate. |
| Right to object | Right to request the cessation of use of Data concerning them when such Data is processed due to a legitimate interest. Right to request the cessation of receiving commercial prospecting. |
| Right to withdraw consent | Where processing is based on prior consent, right to withdraw consent at any time. NUMALIS will cease to use the Data for the processing in question (unless another legal basis, notified to the User, justifies continuing to process the data). |
| Right to erasure | Right to request the erasure of Data concerning them so that NUMALIS ceases to use it. |
| Right to restriction | Right to request the temporary cessation of the use of Data concerning them while requiring it to be kept temporarily. |
| Right to portability | Right to request an export of Data concerning them in a reusable format and, where possible, to request its transmission to another body that can reuse it. |
| Right not to be subject to automated individual decision-making | Right not to be subject to a decision based solely on automated processing producing legal effects concerning them or significantly affecting them. |
| Right to define directives concerning your data in the event of death | Right to define, update, or revoke directives relating to the retention, erasure, or communication of Data concerning them after their death. |
Any User may exercise their rights by:
- By email to the address rgpd [at] numalis.com indicating their surname, first name, and email address.
- By post to the address: SAS NUMALIS, Bureaux du Polygone, 265 avenue des États du Languedoc, 34000 Montpellier, France
A response to a simple request will be sent within a maximum period of one (1) month following the date of receipt of the request. In the event of a complex request, a response will be sent within a maximum period of three (3) months following the date of receipt of the request.
NUMALIS may object to manifestly abusive requests, notably by their number, their repetitive or systematic nature.
- COMPLAINT TO THE FRENCH DATA PROTECTION AUTHORITY (CNIL)
Any User has a right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) if they consider that the processing of their Data constitutes a violation of the Regulations relating to personal data protection.
Complaints can be submitted to the CNIL at the following address: www.cnil.fr/fr/plaintes.
- COOKIE POLICY
This part applies to data collected by means of cookies deposited during the use of the Site.
What is a cookie?A cookie is a small file deposited or read on your terminal (PC, tablet, smartphone).
Cookies allow information related to your navigation on the Site to be memorised on your terminal.
Who deposits the cookies?Some cookies are deposited by NUMALIS.
NUMALIS also uses Google Analytics and MS Clarity cookies, which are third-party cookies published by Google and Microsoft.
What types of cookies are used?NUMALIS deposits different types of cookies on the Site:
- Technical cookies
Technical cookies are deposited for the proper functioning of the Site.
These cookies are exempt from prior consent collection due to their technical nature.
| Cookie Name | Purpose | Cookie Lifespan |
|---|---|---|
| wp-wpml_current_language | Storage of language preferences | Session |
| axeptio_cookies | Storage of consent and cookie configuration preferences of users | 12 months |
| axeptio_authorized_vendors | List of vendors/services authorised by users | 12 months |
| axeptio_all_vendors | Storage of the complete list of vendors/services available on the site | 12 months |
| cw_conversation | Managing conversation state (chat) for the Chatwoot widget | 12 months |
| _chatwoot_session | Maintaining the chat session for the Chatwoot service | Session |
| SRVGROUP | Server load balancing and session management | Session |
| _lscache_vary | Caching and performance optimisation | 2 days |
- Audience measurement cookies
Audience measurement cookies are deposited for the purposes described below.
| Cookie Name | Purpose | Cookie Lifespan |
|---|---|---|
| _ga_ | Storage and counting of page views and site usage | 13 months |
| _ga | Distinction of users | 13 months |
| _clck | Retains the Clarity user identifier and preferences, specific to this site, attributed to the same user identifier. | 13 months |
| _clsk | Links multiple page views by a user into a single Clarity session recording | 13 months |
It is possible to withdraw your consent to the use of cookies by configuring it on the cookie manager made available on the Site.
Transfers outside the European UnionSome companies depositing cookies may host Data outside the European Union. Where this is the case, NUMALIS ensures beforehand that these companies take adequate guarantees compliant with the GDPR.
List of possible data transfers outside the European Union and adequate guarantees taken:
| Recipient Identity | Adequate guarantees taken |
|---|---|
| Standard Contractual Clauses of the European Commission | |
| Microsoft | Standard Contractual Clauses of the European Commission |