Privacy Notice
Last updated: 20.12.2024
About this Notice
1.1 This Privacy Notice ("Notice") explains how we (as defined below) collect, share and use any information that, alone or in combination with other information, relates to you ("Personal Data") when you ("you" and "your") use our website https://panoramic.make.org/ (the "Website").
1.2 This Notice also sets out the rights that you have in relation to the Personal Data that we process about you and how you can exercise them.
1.3 MAKE.ORG treats compliance with its privacy obligations seriously. This is why we have developed this Notice, which describes the standards that MAKE.ORG applies to protect Personal Data.
1.4 This Privacy Policy explains how MAKE.ORG and MAKE.ORG GMBH (collectively referred to as "MAKE.ORG", "us", "we", or "our") handle your personal data as joint controllers.
We are committed to protecting your privacy and ensuring that your personal data is processed in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
Who We Are :
MAKE.ORG (Société par Actions Simplifiée) with registered office at 13 rue de la Bucherie, Paris (75005) and registered with the Trade and Companies Register of Paris under number 820 016 095, and with VAT.
And MAKE.ORG GMBH located at Karl-Marx-Str. 12, 12043 Berlin, Germany, registered at the District Court of Berlin (Charlottenburg) and registered under HRB 242008 B, and with VAT.
This Policy does not apply to personal data we process in the role of a data processor or service provider on behalf of our clients or customers.
1.5 Please take the time to read this Notice carefully. If you have any questions or comments, please contact us at contact-fr@make.org.
What Personal Data does MAKE.ORG collect and why?
2.1 The types of Personal Data that we may collect about you, and the reasons why we process it, include:
| Purposes for which we collect it | Personal Data we collect | Legal grounds for processing | Legitimate interest (where applicable) |
|---|---|---|---|
| Enabling users to access the content displayed on our website and to question Artificial Intelligence | Unique identification number (visitor_id), content of questions asked via our website | Legitimate interest. Where applicable, your consent for cookies provided via the consent management platform. | Facilitating the ability for users to view and interact with the content presented on our website, while also providing them with the opportunity to engage with Artificial Intelligence |
| Improving and optimising our website | Technical Data: includes information about how you use our website, products and services. Here the cookies we have: Essential websites cookies: cookiefirst-consent, cookiefirst-id Performance and functionality cookies: YouTube, Analytics and customisation cookies: unique identification number (visitor_id) Social networking cookies: Facebook pixel, Twitter pixel | Legitimate interest. Where applicable, your consent for cookies provided via the consent management platform. | To ensure the website operates seamlessly and to enhance its performance to the highest possible standards |
| To provide, administer, maintain and analyse the AI service provided by the site | Unique identification number (visitor_id), content of questions asked at a quick action or open promt and answers provided by AI, LLM response time | Legitimate interest | To ensure the effective delivery, management, upkeep, and evaluation of the artificial intelligence service offered by the website |
| Answer your questions when you contact us | Names, e-mail addresses, enquiries | Our legitimate interest in responding to your questions and requests (or in taking pre-contractual measures if we subsequently conclude a contract) | To make sure MAKE.ORG can keep in touch with the users and answer all questions raised via panoramic |
Within the limits of their respective functions, the following may have access to Personal Data:
Those responsible for operating the service, those responsible for handling users and complaints, logistics and IT managers and their line managers ;
Sub-processors - in this case a contract is signed, between the sub-processors and MAKE.ORG, which details the responsibilities of the sub-processors in terms of protecting data security and confidentiality ;
Campaign partners, whose users will have been informed of their participation.
any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
to any other person if you have provided your prior consent to the disclosure.
How we protect your privacy
4.1 We will process Personal Data in accordance with this Notice, as follows:
(a) Fairness: We will process Personal Data fairly. This means that we are transparent about how we process Personal Data and that we will process it in accordance with applicable law.
(b) Lawfulness: We will process Personal Data on lawful grounds only.
(c) Purpose limitation: We will process Personal Data for specified and legitimate purposes, and will not process it in a manner that is incompatible with those purposes, unless permitted by applicable data protection laws.
(d) Data minimization: We will process Personal Data that is adequate, relevant and limited to what is necessary to achieve the purposes for which the data are processed.
(e) Data accuracy: We take appropriate measures to ensure that the Personal Data that we hold about you is accurate, complete and, where necessary, kept up to date. However, it is also your responsibility to ensure that your Personal Data is kept as accurate, complete and current as possible by informing MAKE.ORG us promptly of any changes or errors.
(f) Data security: We use appropriate technical and organisational measures to protect the Personal Data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data.
(g) Limited Retention: We keep your Personal Data in a form that allows us to identify you for as long as necessary to achieve the purposes for which we are processing your data and do not store your data for longer, unless we must comply with applicable laws.
Data storage, retention and deletion
5.1 Personal Data we collect from you are stored in our servers located in France.
5.2 We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for instance, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
5.3 When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for instance, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
International transfers of data
6.1 We transfer the personal data collected to OpenIA, Mistral, Pinecone in connection with the use of the services offered on Panoramic.ai.
6.2 Specifically, our servers are located in France, and our group companies and third-party service providers and partners operate outside of the European Union. This means that when we collect your Personal Data we may process it outside of the European Union.
6.3 However, we have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Notice. They include the implementation of data transfer agreements based on the European Commission's Standard Contractual Clauses.
Your data protection rights
7.1 You have the following data protection rights:
(a)Right of access: You have the right to obtain from us confirmation as to whether or not we process your personal data, and, where this is the case, to access your personal data;
(b) Right to rectification: You have the right to request rectification of inaccurate personal data from us, and the right to have incomplete personal data completed by us;
(c) Right to erasure: You have the right to request erasure of your personal data from us;
(d) Right to restriction: You have the right to request restriction of processing;
(e) Right to data portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format and the right to have your personal data transmitted to another controller without hindrance;
(f) Right to object: You have the right to object to the processing of your personal data at any time where the processing is based on our legitimate interests and we do not have compelling legitimate grounds for the processing which override your rights, interests and freedoms;
(g) Right to withdrawal: You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before your withdrawal; and
(h)Right to lodge a complaint: You have the right to lodge a complaint with the competent data protection supervisory authority regarding the processing of your personal data by us.
French Data Protection Authority : CNIL
7.2 You have the right to define general or specific directives regarding the use and disclosure of your personal information after your death according to the French Data Protection Act.
7.3 We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Linking to other websites
8.1 The Website may contain hyperlinks to websites owned and operated by third parties. These Websites have their own privacy policies and we invite you to review them. They will govern the use of Personal Data you submit whilst visiting these Websites.
8.2 We do not accept any liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.
Updates to this Notice
9.1 We may update this Notice from time to time in response to changing legal, technical or business developments. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Notice changes if and where this is required by applicable data protection laws.
9.2 You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.
How to contact us
10.1 The Data Protection Officer appointed in accordance with Article 37 of the General Data Protection Regulation is Fieldfisher Belgium, contact-be@make.org, l'Arsenal, Bd Louis Schmidt 29 box 15, 1040 Brussels, Belgium.