Privacy Notice

Last updated: 16.05.2024

1. About this Notice

1.1

This Privacy Notice ("Notice") explains how we (as defined below) collect, share and use any information that, alone or in combination with other information, relates to you ("Personal Data") when you ("you" and "your") use our website https://panoramic.make.org (the "Website").

1.2

This Notice also sets out the rights that you have in relation to the Personal Data that we process about you and how you can exercise them.

1.3

MAKE.ORG treats compliance with its privacy obligations seriously. This is why we have developed this Notice, which describes the standards that MAKE.ORG applies to protect Personal Data.

1.4

For the purposes of this Notice, MAKE.ORG (Société par Actions Simplifiée with registered office at 13 rue de la Bucherie, Paris (75005) and registered with the Trade and Companies Register of Paris under number 820 016 095, and with VAT ("MAKE.ORG", "us", "we", or "our" ) acts as the data controller for the Personal Data that is collected via the Website. As a data controller, MAKE.ORG is responsible for ensuring that the processing of Personal Data complies with applicable data protection law, and specifically with the General Data Protection Regulation.

1.5

Please take the time to read this Notice carefully. If you have any questions or comments, please contact us at contact-en@make.org.

2. What Personal Data does MAKE.ORG collect and why?

2.1

The types of Personal Data that we may collect about you, and the reasons why we process it, include:

Purposes for which we collect it	Personal Data we collect	Legal grounds for processing
Enabling citizens to access the content displayed on our website and to question Artificial Intelligence	Unique identification number (visitor_id), content of questions asked via our website	Legitimate interest of MAKE.ORG Where applicable, your consent for cookies provided via the consent management platform.
Improving and optimising our website, better understanding of users' needs and expectations	Please consult the information we provide (/cookies) on cookies and our consent management platform.	Legitimate interest of MAKE.ORG Where applicable, your consent for cookies provided via the consent management platform.
To provide, administer, maintain and analyse the AI service provided by the site	Unique identification number (visitor_id), content of questions asked via open promt and answers provided by AI.	Legitimate interest of MAKE.ORG
Answer your questions when you contact us	Names, e-mail addresses, enquiries	Our legitimate interest in responding to your questions and requests (or in taking pre-contractual measures if we subsequently conclude a contract)

3. Who does MAKE.ORG share your Personal Data with?

Within the limits of their respective functions, the following may have access to Personal Data:

• Those responsible for operating the service, those responsible for handling users and complaints, logistics and IT managers and their line managers ;
• Sub-processors - in this case a contract is signed, between the sub-processors and Make.org, which details the responsibilities of the sub-processors in terms of protecting data security and confidentiality ;
• Campaign partners, whose users will have been informed of their participation.
• Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
• To any other person if you have provided your prior consent to the disclosure.

4. How we protect your privacy?

4.1

We will process Personal Data in accordance with this Notice, as follows:

1. Fairness : We will process Personal Data fairly. This means that we are transparent about how we process Personal Data and that we will process it in accordance with applicable law.
2. Lawfulness : We will process Personal Data on lawful grounds only.
3. Purpose limitation : We will process Personal Data for specified and legitimate purposes, and will not process it in a manner that is incompatible with those purposes, unless permitted by applicable data protection laws.
4. Data minimization : We will process Personal Data that is adequate, relevant and limited to what is necessary to achieve the purposes for which the data are processed.
5. Data accuracy : We take appropriate measures to ensure that the Personal Data that we hold about you is accurate, complete and, where necessary, kept up to date. However, it is also your responsibility to ensure that your Personal Data is kept as accurate, complete and current as possible by informing MAKE.ORG us promptly of any changes or errors.
6. Data security : We use appropriate technical and organisational measures to protect the Personal Data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data.
7. Limited Retention : We keep your Personal Data in a form that allows us to identify you for as long as necessary to achieve the purposes for which we are processing your data and do not store your data for longer, unless we must comply with applicable laws.

5. Data storage, retention and deletion

5.1

Personal Data we collect from you are stored in our servers located in France.

5.2

We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for instance, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

5.3

When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for instance, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

6. International transfers of data

6.1

We transfer the personal data collected to OpenIA in connection with the use of the services offered on Panoramic.ai.

6.2

Specifically, our servers are located in France, and our group companies and third-party service providers and partners operate outside of the European Union. This means that when we collect your Personal Data we may process it outside of the European Union.

6.3

However, we have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Notice. They include the implementation of data transfer agreements based on the European Commission's Standard Contractual Clauses.

7. Your data protection rights

7.1

You have the following data protection rights:

1. If you wish to access, correct, update or request deletion of your Personal Data, you can do so at any time by contacting us using the following contact details contact-en@make.org.
2. In addition, in certain circumstances, as stipulated in the applicable data protection legislation, you can object to processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data. Again, you can exercise these rights by contacting us using the following contact details contact-en@make.org.
3. If we have collected and process your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
4. If you have a complaint or concern about how we are processing your Personal Data then we will endeavour to address such concern(s). If you feel we have not sufficiently addressed your complaint or concern, you have the right to complain to a data protection authority about our collection and use of your Personal Data.
5. You have the right to define general or specific directives regarding the use and disclosure of your personal information after your death according to the French Data Protection Act.

7.2

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

8. Linking to other websites

8.1

The Website may contain hyperlinks to websites owned and operated by third parties. These Websites have their own privacy policies and we invite you to review them. They will govern the use of Personal Data you submit whilst visiting these Websites.

We do not accept any liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.

9. Updates to this Notice

9.1

We may update this Notice from time to time in response to changing legal, technical or business developments. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Notice changes if and where this is required by applicable data protection laws.

9.2

You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.

10. How to contact us

The Data Protection Officer appointed in accordance with Article 37 of the General Data Protection Regulation is Fieldfisher Belgium, contact-be@make.org, l'Arsenal, Bd Louis Schmidt 29 box 15, 1040 Brussels, Belgium.