Privacy Policy
Privacy policy
for the app.outmind.fr platform
Privacy policy
www.outmind.ai
Privacy policy for the Outmind platform

The purpose of this privacy policy is to inform you about how we collect and process the information you provide to us. We invite you to read it carefully to understand our practices regarding the processing of your personal data. This privacy policy relates solely to our platform accessible via app.outmind.fr and all the elements arising from it.
1. Purpose
The purpose of these clauses is to define the conditions under which Outmind (the "Subcontractor") undertakes to carry out the personal data processing operations defined below on behalf of the Customer (the "Data Processor").
As part of their contractual relationship, the parties undertake to comply with the regulations in force applicable to the processing of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 applicable as of 25 May 2018 (hereinafter, "the European Data Protection Regulation" or "the EDPPR").
2. Description of the processing being outsourced
Purpose of the Processing:
The Service Provider provides a service for the analysis and indexing of documents, messages and information in any format, integrating character recognition, data recognition based on the Authorized User's requests (including Personal Data) and necessary for the display and formatting of such information, for research purposes and to put the Authorized User in touch with a relevant internal contact. In addition, the Service Provider may perform a hosting service for such Data (including Personal Data) in the form of one or more indexes.

‍Duration ofProcessing:
Duration of the contractual relationship between the Parties, until deletion or return of the Personal Data, as requested by the Data Processor.

‍Nature ofProcessing:
Personal Data will be subject to the following basic processing activities: Collection; Organization; Retention; Consultation by the Customer; Dissemination by the Customer; Comparison; Hosting; Maintenance and IT support; Data entry; Recording; Modification.

‍Finalityof Processing:
Creation of user accounts, Support, Research end-uses for users.

‍Typesof Personal Data Processed
The Personal Data Processed concerns the following categories of data: First name, Last name, email address, telephone number (if electronic signature or double authentication factor) of Authorized Users and Customer contacts (CRM).

‍Categoriesof Data Subjects:
The categories of Data Subjects affected by the Processing are the Customer and the Authorized Users of the Outmind Platform.

The present clauses take effect retroactively upon commissioning and will remain in force until the end of the contractual relationship between the Processor and the Subcontractor.
3. Obligations of the processor to the controller
The Subcontractor undertakes to:
- Process the data solely for the sole purpose(s) for which it is subcontracted.
- Process the data in accordance with the Data Controller's documented instructions appended to this contract. If the Subcontractor considers that an instruction constitutes a breach of the European Data Protection Regulation or any other provision of Union or Member State law relating to data protection, it shall immediately inform the Data Controller.
- Not use data from APIs of third-party tools (such as Google Worskspace APIs) to develop, improve, or train generalized AI and/or ML models.
- Unless specifically authorized otherwise by the Data Controller, to process data exclusively within the territory of an EEA Member State. The Subcontractor undertakes not to disclose, make accessible or transfer any data of the Controller, even for routing purposes, to any processing entity or Subcontractor established in a third country outside the EEA, except with the prior written consent of the Controller. The Data Controller reserves the right to carry out any checks it deems necessary in order to confirm that the obligations arising from this article have been fulfilled.

In the event of a transfer outside the European Economic Area (EEA) authorized by the Data Controller, this transfer may only take place to the extent strictly necessary for the performance of the services, and provided that this transfer is made to a country whose legislation on the protection of Personal Data has been recognized by the European Commission as offering an equivalent level of protection, or is governed by standard contractual clauses issued by the European Commission, or is carried out on the basis of any other alternative basis recognized by the European Data Protection Regulation, subject to the Data Controller's prior written agreement to such alternative basis.
4. Subcontracting
The Subcontractor is authorized to call upon the following entities (hereinafter, the "Subsequent Subcontractor") to carry out the following activities:

The Subcontractor may call upon another Subcontractor (hereinafter, "the Subsequent Subcontractor") to carry out specific processing activities. In this case, it shall inform the Data Controller in advance and in writing of any changes envisaged concerning the addition or replacement of other subsequent Subcontractors. This information must clearly indicate the processing activities subcontracted, the identity and contact details of the Subcontractor and the dates of the subcontract. The Data Controller has a minimum of fifteen (15) days from the date of receipt of this information to present any objections. This subcontracting may only be carried out if the Data Controller has not raised any objections within the agreed period. In this respect, a list of the Subcontractor's subsequent subcontractors is given below:

Name of subcontractor

Type of intervention

Location of intervention

Identity of subcontractor

Contact details

Amazon Web Services EMEA SARL
Collection, hosting and processing
Paris, France
Amazon Web Services EMEA SARL, Succursale Française, 1 1855 38 Avenue John F. Kennedy, Luxembourg
DPO for AWS EMEA SARL: aws-EU-privacy@amazon.com
Intercom
Collection, hosting and processing
Dublin, Ireland
INTERCOM, 2nd Floor, Stephen Court, 18-21 Saint Stephen's Green, Dublin
DPO: dataprotection@intercom.io
Elastic Cloud
Collection, hosting for monitoring purposes
Belgium
Elasticsearch B.V. Keizersgracht 281 1016 ED Amsterdam The Netherlands
The Netherlands
dpo@elastic.co
ElasticsearchB.V.Attn: Privacy TeamKeizersgracht 2811016 ED AmsterdamThe Netherlands
PostHog
Collection and hosting for monitoring and bug-finding purposes
Frankfurt, Germany
PostHog Inc, 2261 Market Street #4008, San Francisco, CA 94114
EU Representative: privacy@posthog.com.
The subsequent Subcontractor is required to comply with the obligations of this contract on behalf of and in accordance with the instructions of the Data Controller. It is the responsibility of the initial Subcontractor to ensure that the subsequent Subcontractor presents the same sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the European Data Protection Regulation. If the subsequent Sub-Contractor fails to meet its data protection obligations, the original Sub-Contractor remains fully liable to the Data Controller for the performance by the other Sub-Contractor of its obligations.

The Sub-Contractor is responsible for the signature and compliance with the requirements of this article by subsequent Sub-Contractors:
- guarantee the confidentiality of personal data processed under this contract
- ensure that persons authorized to process personal data under this contract (i) undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality and (ii) receive the necessary training in the protection of personal data
- take into account, with regard to its tools, products, applications or services, the principles of data protection by design and data protection by default.
5. Duty to inform Concerned Parties
It is the Data Controller's responsibility to provide information to Data Subjects at the time of data collection.
6. Exercising individual rights
Insofar as possible, the Subcontractor shall assist the Data Controller in fulfilling its obligation to comply with requests to exercise the rights of Data Subjects: right of access, rectification, erasure and opposition, right to restrict processing, right to data portability, right not to be subject to an automated individual decision (including profiling), right to withdraw consent, right to decide what happens to their data after their death.
The Subcontractor undertakes to respond promptly and without delay to any request from the Data Controller relating to the exercise of the rights of Data Subjects and, if the Data Controller so requests, to pass on the latter's instructions to its own Subcontractors.
7. Notification of personal data breaches
Le Sous-Traitant notifie au Responsable de Traitement toute Violation de données à caractère personnel sans délai et au maximum vingt-quatre (24) heures après en avoir pris connaissance. Cette notification est accompagnée de toute documentation utile afin de permettre au Responsable de Traitement, si nécessaire, de notifier cette Violation à l’autorité de contrôle compétente.
Le Sous-Traitant met en place et maintient pendant toute la durée du Contrat, et obtient de chacun de ses Sous-Traitants qu’ils mettent en place et maintiennent pendant toute la durée du Contrat, un processus et des procédures de gestion des incidents de sécurité (y compris notamment des Violations de données à caractère personnel) et de gestion de la continuité des prestations conformes aux standards de l’industrie. Le Sous-Traitant communique au Responsable de Traitement le nom et les coordonnées de l’un de ses employés qui intervient comme principal interlocuteur du Responsable de Traitement en matière de sécurité et est disponible en cas de besoin 24h/24 et 7J/7 pour prendre en charge tout incident de sécurité. Toute demande du Responsable de Traitement relative à la sécurité doit être traitée avec diligence et de manière prioritaire par le Sous-Traitant.
Sans limitation des autres droits et recours du Responsable de Traitement, en cas d’incident de sécurité ou de Violation de données à caractère personnel avéré(e) ou présumé(e), le Sous-Traitant en avisera le Responsable de Traitement sans délai et au plus tard dans les 24 heures après la survenance de l’incident de sécurité ou de la Violation de données à caractère personnel.
Immédiatement après ladite notification, les Parties coordonneront leurs actions afin d’enquêter sur l’incident de sécurité concerné. Le Sous-Traitant s’engage à coopérer pleinement, à ses frais, avec le Responsable de Traitement afin de l’aider à gérer la situation, notamment, sans que cela ne soit limitatif :
- en l’aidant pour toute enquête ;
- en fournissant au Responsable de Traitement ou au tiers indépendant désigné par le Responsable de Traitement un accès physique aux installations et opérations concernées ;
- en organisant des entretiens avec les employés du Responsable de Traitement et toutes autres personnes appropriées ; et
- en fournissant tous les registres, journaux, dossiers, communications de données et autres documents pertinents nécessaires pour se conformer aux lois, réglementations et standards de l’industrie ou tels que requis par le Responsable de Traitement.
Le Sous-Traitant fournira également toute l’aide raisonnable nécessaire au Responsable de Traitement en cas de notification que ce dernier pourrait être contraint ou pourrait choisir de faire relativement à une violation de données à caractère personnel. Le Sous-Traitant s’engage à ne pas informer les tiers, y compris les Personnes Concernées, de toute Violation de données à caractère personnel sans avoir obtenu le consentement préalable et écrit du Responsable de Traitement, sauf dans les cas prévus par le Règlement européen sur la protection des données. Par ailleurs, le Sous-Traitant reconnaît que le Responsable de Traitement est seul habilité à déterminer :
- si la Violation de données à caractère personnel doit ou non être notifiée à toute personne, autorité de régulation, autorité administrative ou à toute autre personne en vertu du Règlement européen sur la protection des données ; et
- le contenu de ladite notification. Lorsque le Règlement européen sur la protection des données exige du Responsable de Traitement qu’il notifie la violation de données à caractère personnel aux Personnes Concernées, il est entendu que le Sous-Traitant supporte l’ensemble des coûts associés à ladite notification. Le Sous-Traitant prend les mesures appropriées, à ses frais, pour atténuer les conséquences de tout incident de sécurité et y remédier, et apporte toutes les modifications jugées nécessaires afin d’éviter que pareil Incident ne se reproduise. Le Sous-Traitant aide, à ses frais, le Responsable de Traitement à restaurer les données du Responsable de Traitement en cas de perte de données occasionnée par tout manquement à ses obligations au titre du Contrat.
Le Sous-Traitant coopère et fournit au Responsable de Traitement l’assistance nécessaire s’agissant de toute plainte formulée par une Personne Concernée ou de toute enquête ou requête émanant d’une autorité de régulation en vertu du Règlement européen sur la protection des données ou de toute autre réglementation applicable.
Le Sous-Traitant remboursera au Responsable de Traitement les coûts réellement encourus par celui-ci afin d’apporter une réponse à tout incident de sécurité et d’atténuer les dommages occasionnés par celui-ci, y compris, entre autres, le coût des enquêtes, des notifications et/ou des mesures correctives. Lorsque le Règlement européen sur la protection des données impose au Responsable de Traitement de notifier une Violation de données à caractère personnel, le Sous-Traitant prend en charge les frais liés à cette notification.
Il est de convention expresse entre les Parties qu’en cas de Violation de données à caractère personnel, les dommages suivants sont considérés comme directs :
- les frais raisonnables et nécessaires d’enquête et de remédiation ;
-les coûts raisonnables et nécessaires de notification lorsqu’un telle notification est requise par la réglementation applicable et
- les pénalités, dommages et intérêts, montants payés au titre de transaction, remboursements, compensation, et autres coûts liés au respect d’obligations résultant d’un jugement, d’une transaction ou de la réglementation applicable (les « Pertes ») dans la mesure où ces Pertes sont dues à un manquement du Sous-Traitant à ses obligations contractuelles.
- Le Sous-Traitant tient, et met à la disposition du Responsable de Traitement, un registre des incidents de sécurité y compris notamment des violations de données à caractère personnel et documente toute information pertinente concernant les circonstances de ces incidents et Violations, les dommages et les mesures correctives prises afin d’atténuer leurs effets, ainsi que les actions et mesures prises afin d’éviter toute répétition de pareils incidents ou Violations.
8. Assisting the processor in complying with the controller's obligations
The Subcontractor shall cooperate with the Data Controller and shall make every effort to help the Data Controller prove that it complies with any legislative or regulatory obligations provided for in particular by the European Data Protection Regulation.
9. Safety measures
Le Sous-Traitant reconnaît que la sécurité est un critère fondamental pour le Responsable de Traitement, et que le respect, par le Sous-Traitant, des exigences de sécurité définies dans les présentes constitue une obligation essentielle et déterminante du consentement du Responsable de Traitement au présent contrat.
Le Sous-Traitant doit tenir compte de la sensibilité des données du Responsable de Traitement et des risques auxquels celles-ci sont exposées pour définir les mesures de sécurité adéquates permettant de traiter ces risques et rendre les risques résiduels acceptables. Lorsque la prestation implique le Traitement de données à caractère personnelles, ces mesures tiennent compte des risques pour les Personnes Concernées générés par le Traitement.
Les mesures de sécurité mises en place par le Prestataire doivent, dans tous les cas, tenir compte de l’état de l’art technologique et être conformes aux standards de sécurité en vigueur.
Les mesures et dispositions de protection ne doivent en aucun cas être moins rigoureuses que celles mises en place par le Sous-Traitant pour ses propres données y compris ses données à caractère personnel et informations confidentielles et doivent dans tous les cas tenir compte des indications fournies par les autorités chargées de la protection des données à caractère personnel.
Le Sous-Traitant s’engage expressément à mettre en place toutes mesures visant à :
- garantir la confidentialité, l’intégrité, la disponibilité et la traçabilité des données du Responsable de Traitement et tenir à jour une documentation écrite décrivant les mesures de sécurité techniques et organisationnelles mises en œuvre à cet effet ;
- permettre la détection, la résolution et la notification dans les délais requis par le Règlement européen sur la protection des Données Personnelles des incidents de sécurité et Violations de données à caractère personnel.
- rétablir rapidement la disponibilité et l’accessibilité des données du Responsable de Traitement en cas d’incident de sécurité physique ou technique ;
- assurer le stockage des données du Responsable de Traitement séparément de ses propres données ou des données appartenant à d’autres clients ou prestataires,
- ne rendre les données du Responsable de Traitement traitées accessibles et lisibles que par le personnel habilité et autorisé à cet effet, du fait de son travail et de ses fonctions, en se limitant au minimum strictement nécessaire à l’accomplissement de leurs tâches. Le Sous-Traitant s’engage à fournir au Responsable de Traitement une liste des personnes habilitées et un journal des connexions en réponse à toute demande formulée par ce dernier, 
- veiller à ce que toute personne qu’il autorise à accéder aux données à caractère personnel traitées dans le cadre de l’exécution du Contrat soit tenue par une obligation de confidentialité aussi contraignante que celle figurant aux présentes et résultant d’un engagement écrit ou d’une obligation légale.

La liste des mesures, procédures et politiques de sécurité mises en place par le Sous-traitant figure au sein de notre PASQ (Plan Assurance Sécurité Qualité) accessible sur simple demande.
Toute modification majeure de ces mesures et politiques doit être documentée et présentée au Responsable de Traitement pour évaluation. Ces modifications ne doivent en aucune façon réduire le niveau de sécurité des prestations pendant la durée du Contrat.
Sans préjudice de la faculté du Responsable de Traitement d’effectuer lui-même ou faire effectuer en son nom et pour son compte, un audit, le Sous-Traitant doit contrôler régulièrement le caractère conforme et suffisant des mesures techniques et organisationnelles de sécurité mises en place et être en mesure de démontrer leur application et leur efficacité, ainsi que la conformité aux politiques de sécurité (la politique tiers et sa propre politique de sécurité) en soumettant ses systèmes d’information à des tests et audits réguliers effectués par des tiers indépendants. 

Sur demande, le Sous-Traitant peut exposer une fois par an au Responsable de Traitement les résultats de ces tests et audits en produisant une copie du rapport de tests et d’audit.
Le Sous-Traitant s’engage à mettre en œuvre les mesures de sécurité suivantes : 
- le chiffrement des données à caractère personnel du Responsable de Traitement sur les divers environnements (test, pré-production, production) ;
- les mesures permettant de s’assurer que toute personne physique agissant sous l’autorité du Sous-Traitant qui accède à des données à caractère personnel du Responsable de Traitement ne puisse les traiter que conformément aux instructions écrites du Responsable de Traitement ;
- la purge des données à caractère personnel du Responsable de Traitement au-delà de la durée de rétention des données à caractère personnel prévue aux présentes ;
- un dispositif de détection des Violations des données à caractère personnel ;
- une traçabilité des connexions (logs de connexions) aux données à caractère personnel du Responsable de Traitement au cours des 2 derniers mois sauf accord contraire des Parties.
10. Fate of data
Upon completion of the services relating to the Processing of such data, the Subcontractor undertakes to:
- Destroy all personal data within a maximum period of thirty (30) days,
- At any time, at the written request of the Data Controller, and at the latest within thirty-five (35) calendar days following the end of the Contract, the Subcontractor undertakes to return, in a readable or interoperable form agreed between the Parties, the Data Controller's personal data and to destroy all copies (paper or electronic) of the Data Controller's personal data that it may hold. Upon request, the Subcontractor must certify the effective destruction of the Data Controller's personal data within fifteen (35) calendar days of the Data Controller's request or the end of the Contract.

The Data Controller reserves the right to carry out any verification it deems necessary in order to confirm the performance of these obligations.
This article will remain in force after the expiration or termination of the Contract for any reason whatsoever.
11. Register of categories of Processing activities
The Subcontractor declares that it keeps a written register of all categories of Processing activities carried out on behalf of the Data Controller, including:
- the name and contact details of the Data Controller on whose behalf it acts, of any Subcontractors and, where applicable, of the Data Protection Officer;
- the categories of Processing carried out on behalf of the Data Controller;
- where applicable, transfers of personal data to a third country or to an international organization, including identification of such third country or international organization and, in the case of transfers referred to in the second subparagraph of Article 49(1) of the European Data Protection Regulation, documents attesting to the existence of appropriate safeguards;
- as far as possible, a general description of technical and organizational security measures, including inter alia, as appropriate:
a) encryption of personal data;
b) means to guarantee the constant confidentiality, integrity, availability and resilience of Processing systems and services;
c) means to restore the availability of and access to personal data within an appropriate timeframe in the event of a physical or technical incident;
d) a procedure to regularly test, analyze and evaluate the effectiveness of technical and organizational measures to ensure the security of Processing.
12. Documentation
The Subcontractor shall make available to the Data Controller the documentation necessary to demonstrate compliance with all its obligations and to allow audits, including inspections, to be carried out by the Data Controller or another auditor appointed by it, and to contribute to such audits.
13. Audit
Throughout the term of the Contract, the Data Controller may itself or through an independent third party at its own expense - subject to fifteen (15) working days' notice - carry out tests and audits of all or part of the services, including with authorized Subcontractors, in order to ensure compliance with the stipulations of the Contract, in terms of:
- compliance with Security Policies,
- quality of service,
- maintenance of appropriate security measures, in particular to protect the integrity and confidentiality of the Data Controller's data.

Where the services involve the Processing of personal data, the audit may also cover verification of the European Data Protection Regulation and verification of:
- the places where personal data is Processed and/or stored;
- transfers of personal data outside the European Economic Area;
- measures taken to ensure the security of personal data and to combat Personal Data Breaches.

The Sub-Contractor undertakes to authorize the Data Controller, or the companies appointed by the latter to whom the audit is entrusted, to access the information necessary to carry out their mission and to access the sites where the services are provided.
The Sub-Contractor will cooperate fully (and, in the case of Sub-Contractors and representatives, will ensure that they cooperate) with the Data Controller and, as the case may be, the Data Controller's audit representatives, including giving them access to the premises, personnel, physical and technical environments, equipment, software, documentation, data, records and systems relating to the services, and to any useful information to the extent reasonably necessary to carry out the audit.
An audit report shall be sent to the Subcontractor.
The Subcontractor also authorizes the Data Controller to carry out or have carried out security tests to verify that the Subcontractor's systems are not vulnerable (for example due to a configuration fault or failure to update) and to detect any changes that could expose the data to risks of intrusion.

In addition, the Data Controller may carry out any investigation on the Internet enabling the detection of proven Personal Data Violations.
If it transpires following the audit and test measures described above that the security measures implemented by the Subcontractor are not appropriate or sufficient, or if these audits or tests reveal certain shortcomings or non-compliances with the requirements set out in this Contract and/or applicable legal requirements and/or current standards, the Sub-Contractor will take corrective action within a timeframe to be agreed between the Parties, depending on the seriousness of the breach observed, without prejudice to the Data Controller's additional rights to claim damages and/or terminate the Contract.
14. Obligations of the Data Controller towards the Subcontractor
The Data Controller undertakes to:
1. Provide the Subcontractor with the data referred to in these clauses
2. Document in writing any instructions concerning the Processing of data by the Subcontractor
3. Ensure, beforehand and throughout the Processing, that the Subcontractor complies with the obligations set out in the European Data Protection Regulation
4. Supervise the Processing, including carrying out audits and inspections of the Subcontractor.
Privacy policy for www.outmind.ai

The purpose of this privacy policy is to inform you about how we collect and process the information you provide to us. We invite you to read it carefully to understand our practices regarding the processing of your personal data. This privacy policy relates solely to our website www.outmind.ai and all elements thereof.
1. General provisions
In accordance with the RGPD regulation, "Processing" consists of any operation or set of operations carried out or not using automated processes and applied to personal data or sets of data.

Use of the Site or the platform by Users may result in the communication of personal data. This data is processed by Outmind, in its capacity as Data Controller, or by service providers acting in the name and on behalf of Outmind, in accordance with the purposes set out below.
2. Processing of personal data
Regulation No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), which entered into force on 25 May 2018, is a mandatory European regulation that recasts and strengthens the rights and protection of personal data of natural persons.

Under the above-mentioned Regulation, "personal data" means any information relating to an identified or identifiable natural person. For the purposes of this Privacy Policy, capitalised terms have the same meaning as defined in the Terms and Conditions of Use of the Site.
3. Purpose of the processing of personal data
The purpose of the data processing carried out by Outmind on its website is in particular to :
- Respond to the request made by the User via the contact form and ensure its follow-up;

- Process an order or a request for quotation; - Establish a correspondence;
- Apply for a position;
- Measure the audience of the site and the rate of visits to the various pages.
4. Collection of Personal Data
The Site Manager asks all Users to communicate a certain amount of personal information (surname, first name, e-mail address) in order to be able to identify them, to answer their questions concerning the operation and use of the Outmind product and, if necessary, to offer them a quote for the use of the product. During your visits, we may collect information relating to the devices on which you use our services, such as your IP addresses, connection data, and the type and version of Internet browser you use. To collect this information, we use cookies, as defined in our General Terms of Use.
Personal data is only accessible to authorized personnel.
5. Consent
By accessing the Site, the User declares that he/she has read and given his/her free, specific, informed and unambiguous consent to the processing of personal data concerning him/her.

Consent is given by the positive act by which the User has ticked the box proposing the Privacy Policy in the hypertext link. This consent is an indispensable condition to carry out certain operations on the Site or to allow the User to enter into a contractual relationship with Outmind.

The User consents that the Data Controller processes and collects, in accordance with the methods and principles included in this Privacy Policy, his/her personal data that he/she communicates on the Site or in the course of the services offered by Outmind, for the purposes indicated above.

Outmind is authorized to use the Data for its own account, in order to parameterize, improve, enrich its indexing and document search algorithms which are at the heart of the operation of the Outmind Services and the Solution, and to retain full ownership of the learning results of the algorithms, without the User being able to claim any right on the said results. In the context of this processing, the User's personal data is neither read nor kept, except in the context of the provisions set out in article 7.
6. How long the Users' personal data will be kept
In accordance with the provisions of Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, amending Article 32 of the Data Protection Act of 6 January 1978, personal data shall be kept in a form which permits identification only for a period which does not exceed the period necessary for the purposes for which it is collected and processed.
The User's personal data is kept on an active basis for the time necessary to achieve the purposes referred to above and for a period of 3 (three) years after the User's last contact. Personal data relating to Users who have become Customers are only kept for one year after the end of the contractual relationship.
7. Recipients of data and disclosure to third parties 
Outmind has implemented the necessary measures to ensure the protection of personal data, in terms of integrity, confidentiality and availability.
Outmind limits the use of personal data to the provision or enhancement of functionality for the user, in a manner visible to the user.

Accordingly, Outmind only transfers data to other persons if this is necessary to provide or improve user functionalities occupying an important place in the interface. Outmind may also transfer data if necessary to comply with applicable law or in connection with a merger, acquisition or sale of assets, after notifying users. Any other transfer or sale of user data is excluded.

We do not use or transfer user personal data to serve advertising, including targeted, personalized or interest-based advertising.

Personal data may not be transferred to Outmind's employees, collaborators, subcontractors or suppliers, or other professional bodies, except in one of the following cases:
- Upon the user's consent for specific purposes;
- If necessary for security reasons (e.g. to investigate a bug or abuse);
- To comply with applicable law;
- For use limited to internal operations, only if the data (including derivations) have been previously aggregated and anonymized.

The data controller has authorized the use of subcontractors:

8. User Rights 
In accordance with the law, the User has at any time the right to oppose, access and rectify data concerning him/her. In particular, the User is hereby informed: of the identity and contact details of the person responsible for the data collected and processed, of his/her rights (access, rectification, deletion, opposition, limitation, etc.) and of the nature of the data to be processed.) on personal data, the purpose and processing, the legitimate interests pursued, the recipients or categories of recipients of the data collected and processed, the storage period of the data collected and processed, the possible transfers of data to countries outside the EU, the right to withdraw consent at any time, the right to lodge a complaint with a supervisory authority, and whether replies are obligatory or voluntary.

A. Right of access
In accordance with article 15 of the Regulation n°2016/679 of 27 April 2019, the User may access all data held by Outmind in the context of the performance of its tasks, and in particular information relating to the purpose of the processing, the recipients or categories of recipients to whom the data were transmitted, the period of conservation of the data, ... The User may exercise this right by writing to : Outmind, 73 Rue Léon Bourgeois, 91120 Palaiseau, France or by sending your request by e-mail to hello@outmind.fr

B. Right of rectification
In accordance with Article 16 of Regulation n°2016/679 of 27 April 2016 (RGPD), the User has the right to rectify, complete, update, block or delete information concerning him/her when an error or accuracy in his/her data has been detected or in the presence of data whose collection, use, communication or storage is prohibited. The User may exercise this right by writing to : Outmind, 73 Rue Léon Bourgeois, 91120 Palaiseau, France or by sending a request by e-mail to hello@outmind.fr

C. Right to erasure
The User has the right to withdraw his consent to the processing of his personal data in accordance with the provisions of the RGPD (French Data Protection Act) amending the Data Protection Act of 6 January 1978. The User may obtain the deletion of his/her personal data in the cases listed in article 17 of the Rules by written request addressed to Outmind. In accordance with Article 19 of the Regulation, the Data Controller shall notify each recipient to whom the personal data have been disclosed of any restrictions on the processing carried out, unless such disclosure proves impossible or involves a disproportionate effort. The controller shall provide the data subject with information on these recipients if so requested by the data subject.

D. Right of opposition
Pursuant to Article 21 of the GDPR, the User may object, on legitimate grounds, to being included in the file and to data concerning him being used for commercial prospecting purposes. In that case, Outmind will no longer process personal data, unless there are legitimate and compelling reasons for the processing, or for establishing, exercising or defending legal claims.

E. Filing a claim In
accordance with the provisions of the GDPR (French Data Protection Act) modifying the Data Protection Act of January 6, 1978, to exercise his rights or file a claim, the User may contact Outmind, 73 Rue Léon Bourgeois, 91120 Palaiseau, France, or send his request by e-mail to hello@outmind.fr.

The User may also at any time submit a complaint to the Commission Nationale Informatique et Libertés located at 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07. Tel: 01 53 73 73 22 22 (Monday to Thursday from 9am to 6.30pm / Friday from 9am to 6pm). Fax: +33 (0)1 53 73 73 22 00.
9. Cookies
In accordance with article 13 of Outmind's general conditions of use, our website uses cookies to help provide you with the best possible environment. Access to the Site by the user can only take place on condition that the user has expressed his or her agreement, after having received prior information on the purpose of cookies and the means available to him or her to oppose them by means of a consent collection banner.
Our cookies help us with the following:
- Not to forget the user parameters during and between visits
- To improve the speed/security of the website
- To continuously improve our website .

We do not use cookies for the following purposes:
- Collect any personally identifiable information (without your express permission)
- Collect any sensitive information (without your express permission)
- Communicate data to advertising networks
- Communicate personally identifiable data to third parties
- Pay sales commissions ...
10. Limitation of liability of the Data Controller
The Website may contain links to other websites owned by third parties not related to Outmind. Outmind is not responsible for the content of these sites and their compliance with the Law and Regulations.

In order to improve the user experience, the website may contain hyperlinks to other websites hosted by third parties. These hyperlinks do not imply that Outmind endorses, promotes or is affiliated with the sites concerned. All such sites have their own policies and practices regarding online content and Outmind has no control over or responsibility for their content. Therefore, Outmind disclaims any responsibility for these sites. These hyperlinks are posted solely for your information and ease of navigation.
11. Applicable law and jurisdiction 
This Privacy Policy is subject to French law. Any dispute, litigation or action between Outmind and a User relating to the interpretation or execution of the present Terms and Conditions will be submitted to the French courts.
12. Contact
For any question and/or complaint, in particular regarding the clear and accessible nature of this Privacy Policy, the User may contact the data controller:
- By email: hello@outmind.fr
- By post: Outmind, 73 Rue Léon Bourgeois, 91120 Palaiseau, France.
We unleash knowledge
to empower people.
General terms and conditions
Privacy Policy
Legal Notice
ContactJobboard
About us
Security
Outmind AICustomer reviews
White Paper
Our partners
Disclosure
PressBlog
Categories
Knowledge ManagementCollaborative tools - WorkspaceSearch your server
Comparisons
AlternativesEDMEnterprise searchKnowledge base
Copyright © 2022 Outmind