Purpose

This Policy is established by Edmond Daoust, (hereinafter referred to as "the data controller").

The purpose of this Policy is to inform visitors to the website hosted at the following address: https://chat.eddaoust.com (hereinafter referred to as the "website") about how data is collected and processed by the data controller.

This Policy is part of the data controller's commitment to act with complete transparency, in compliance with national regulations and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation").

The data controller pays particular attention to the protection of the privacy of its users and is therefore committed to taking the necessary reasonable precautions to protect the personal data collected against loss, theft, disclosure or unauthorized use.

"Personal data" is defined as all personal data relating to the user, i.e. any information that allows the user to be identified directly or indirectly as a natural person.

If the user wishes to react to any of the practices described below, they may contact the data controller at the postal address or email address specified in the "contact details" section of this Policy.

What data do we collect?

The data controller collects and processes, in accordance with the methods and principles described below, the following personal data:

• ◦ their domain (automatically detected by the data controller's server), including the dynamic IP address;
• ◦ their email address if the user has previously disclosed it, for example by sending messages or questions on the website, by communicating with the data controller by email, by participating in discussion forums, by accessing the restricted part of the website by means of identification, etc.;
• ◦ all information concerning the pages that the user has consulted on the website;
• ◦ any information that the user has voluntarily provided, for example as part of information surveys and/or registrations on the website, or by accessing the restricted part of the website by means of identification.

It is possible that the data controller may also collect non-personal data. This data is qualified as non-personal data because it does not allow the direct or indirect identification of a particular person.

This data may therefore be used for any purpose, for example to improve the website, the products and services offered or the advertisements of the data controller.

In the event that non-personal data is combined with personal data, so that identification of the persons concerned would be possible, this data will be treated as personal data until it is no longer possible to link it to a particular person.

Collection Methods

The data controller collects personal data in the following manner:

• ◦ Cookies

Purposes of Processing

Personal data is only collected and processed for the purposes mentioned below:

• ◦ to manage and control the execution of the services offered;
• ◦ sending and tracking orders and invoices;
• ◦ sending promotional information about the data controller's products and services;
• ◦ sending promotional material;
• ◦ answering the user's questions;
• ◦ compiling statistics;
• ◦ improving the quality of the website and the products and/or services offered by the data controller;
• ◦ providing information on new products and/or services of the data controller;
• ◦ for commercial prospecting purposes;
• ◦ to better identify the user's interests.

The data controller may carry out processing that is not yet provided for in this Policy. In this case, the data controller will contact the user before reusing their personal data, in order to inform them of the changes and give them the opportunity, if necessary, to refuse this reuse.

Legitimate Interests

Some of the processing carried out by the data controller is based on the legal basis of the legitimate interests of the data controller. These legitimate interests are proportionate in relation to the respect for the rights and freedoms of the user. If the user wishes to be informed of the details of the purposes based on the legal basis of legitimate interests, they are advised to contact the data controller (see the section on "contact details").

Retention Period

In general, the data controller only retains personal data for as long as is reasonably necessary for the purposes pursued and in accordance with legal and regulatory requirements.

The personal data of a customer is retained for a maximum of 10 years after the end of the contractual relationship that binds this customer to the data controller.

At the end of the retention period, the data controller will do everything possible to ensure that the personal data has been made unavailable and inaccessible.

Application of Rights

For all the rights listed below, the data controller reserves the right to verify the identity of the user for the application of the rights listed below.

This request for additional information will be made within one month from the submission of the request by the user.

Access to Data and Copy

The user may obtain free of charge the written communication or a copy of the personal data concerning them that has been collected.

The data controller may require the payment of reasonable fees based on administrative costs for any additional copy requested by the user. When the user submits this request electronically, the information is provided in a commonly used electronic form, unless the user requests otherwise.

Unless otherwise provided by the General Data Protection Regulation, the copy of the data will be communicated to the user no later than one month after receipt of the request.

Right to Rectification

The user may obtain, free of charge, as soon as possible and no later than one month, the rectification of their personal data that is inaccurate, incomplete or irrelevant, as well as the completion of such data if it is incomplete.

Unless otherwise provided by the General Data Protection Regulation, the request to exercise the right to rectification is processed within one month of its submission.

Right to Object to Processing

The user may, at any time, for reasons relating to their particular situation, object free of charge to the processing of their personal data when:

• ◦ the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
• ◦ the processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, unless the interests or the fundamental rights and freedoms of the data subject which require the protection of personal data prevail (in particular when the data subject is a child).

The data controller may refuse to implement the user's right to object when it establishes the existence of compelling legitimate grounds for the processing, which override the interests or the rights and freedoms of the user, or for the establishment, exercise or defense of legal claims. In the event of a dispute, the user may file a complaint in accordance with the "Complaints and Claims" section of this Policy.

The user may also, at any time, without justification and free of charge, object to the processing of their personal data when their data is collected for direct marketing purposes (including profiling).

When personal data is processed for scientific or historical research purposes or for statistical purposes in accordance with the General Data Protection Regulation, the user has the right to object, for reasons relating to their particular situation, to the processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out in the public interest.

Unless otherwise provided by the General Data Protection Regulation, the data controller is required to respond to the user's request as soon as possible and no later than one month and to justify its response when it intends not to follow up on such a request.

Right to Restriction of Processing

The user may obtain the restriction of the processing of their personal data in the following cases:

• ◦ when the user disputes the accuracy of the data and only for the time that the data controller can verify it;
• ◦ when the processing is unlawful and the user prefers the restriction of the processing to erasure;
• ◦ when, although no longer necessary for the purposes of the processing, the user needs it for the establishment, exercise or defense of legal claims;
• ◦ during the time necessary to examine the validity of an objection request submitted by the user, in other words, the time that the data controller takes to verify the balance of interests between the legitimate interests of the data controller and those of the user.

The data controller will inform the user when the restriction of processing is lifted.

Right to Erasure (Right to be Forgotten)

The user may obtain the erasure of the personal data concerning them when one of the following grounds applies:

• ◦ the data is no longer necessary in relation to the purposes of the processing;
• ◦ the user has withdrawn their consent to the processing of their data and there is no other legal basis for the processing;
• ◦ the user objects to the processing and there is no overriding legitimate ground for the processing and/or the user exercises their specific right to object in relation to direct marketing (including profiling);
• ◦ the personal data has been unlawfully processed;
• ◦ the personal data must be erased to comply with a legal obligation (under Union law or the law of the Member State) to which the data controller is subject;
• ◦ the personal data has been collected in relation to the offer of information society services to children.

However, the erasure of data is not applicable in the following cases:

• ◦ when the processing is necessary for the exercise of the right to freedom of expression and information;
• ◦ when the processing is necessary to comply with a legal obligation which requires the processing provided for by Union law or by the law of the Member State to which the data controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the data controller;
• ◦ when the processing is necessary for reasons of public interest in the area of public health;
• ◦ when the processing is necessary for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes and insofar as the right to erasure is likely to make it impossible or seriously impair the achievement of the objectives of the processing in question;
• ◦ when the processing is necessary for the establishment, exercise or defense of legal claims.

Unless otherwise provided by the General Data Protection Regulation, the data controller is required to respond to the user's request as soon as possible and no later than one month and to justify its response when it intends not to follow up on such a request.

Right to "Data Portability"

The user may at any time request to receive their personal data free of charge in a structured, commonly used and machine-readable format, in particular to transmit it to another data controller, when:

• ◦ the data processing is carried out using automated procedures; and when
• ◦ the processing is based on the user's consent or on a contract concluded between the user and the data controller.

Under the same conditions and in the same manner, the user has the right to obtain from the data controller that the personal data concerning them be transmitted directly to another data controller of personal data, provided that this is technically possible.

The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

Recipients of the Data and Disclosure to Third Parties

The recipients of the data collected and processed are, in addition to the data controller itself, its employees or other subcontractors, its carefully selected commercial partners, located in the European Union, who collaborate with the data controller in the marketing of products or the provision of services.

In the event that the data is disclosed to third parties for direct marketing or commercial prospecting purposes, the user will be informed beforehand so that they can choose whether to accept the transfer of their data to third parties.

Since this transfer is based on the user's consent, the user may, at any time, withdraw their consent for this specific purpose.

The data controller complies with the applicable legal and regulatory provisions and will in all cases ensure that its partners, employees, subcontractors or other third parties having access to this personal data comply with this Policy.

The data controller discloses the user's personal data in the event that a law, a judicial procedure or an order from a public authority makes this disclosure necessary.

No transfer of personal data outside the European Union is carried out by the data controller.

Security

The data controller implements appropriate technical and organizational measures to ensure a level of security of the processing and the data collected that is appropriate to the risks presented by the processing and the nature of the data to be protected. It takes into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks to the rights and freedoms of users.

The data controller always uses encryption technologies that are recognized as industry standards within the IT sector when transferring or receiving data on the website.

The data controller has implemented appropriate security measures to protect and prevent the loss, misuse or alteration of the information received on the website.

In the event that the personal data controlled by the data controller is compromised, the data controller will act quickly to identify the cause of this breach and take appropriate remedial measures.

The data controller will inform the user of this incident if the law requires it.

Complaints and Claims

If the user wishes to react to any of the practices described in this Policy, they are advised to contact the data controller directly.

The user may also file a complaint with their national supervisory authority, whose contact details are listed on the official website of the European Commission: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

In addition, the user has the possibility to file a complaint with the competent national courts.

Data Protection Officer

The data protection officer of the data controller is Edmond Daoust.

His contact details are as follows: contact@eddaoust.com.

Contact Details

For any questions and/or complaints relating to this Policy, the user may contact the data controller:

By email: contact@eddaoust.com.

Modification

The data controller reserves the right to modify the provisions of this Policy at any time. The modifications will be published directly on the data controller's website.

Applicable Law and Jurisdiction

This Policy is governed by the national law of the data controller's principal place of establishment.

Any dispute relating to the interpretation or execution of this Policy shall be submitted to the courts of this national law.

This version of the Policy is dated 08/07/2025.

Back