Privacy Policy

1. Introduction

This Privacy Policy explains how AIDRE TECHNOLOGIES SASU, operating AIETHIQ by AIDRE TECHNOLOGIES, collects, uses, stores and protects personal data in connection with its website, commercial relationships, licensing process, billing and technical operation of the AIETHIQ tool.

AIETHIQ is a professional B2B tool designed to assist organizations in analyzing AI systems, including AI Act scoring, high-risk classification, recommendations and PDF report generation.

AIETHIQ is intended for professional use only.

2. Who we are

The data controller for the personal data described in this Privacy Policy is:

3. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed by AIDRE TECHNOLOGIES in relation to:

• visits to the website www.aiethiqlab.com;
• commercial enquiries and communications;
• licence requests, quotes and contractual exchanges;
• billing, accounting and payment follow-up;
• technical access to updates and licence-related services;
• support or assistance requested by the client.

This Privacy Policy does not apply to personal data that may be entered by the client into the AIETHIQ tool after installation in the client’s own local environment, unless AIDRE TECHNOLOGIES is expressly given access to such data under a separate agreement.

4. How AIETHIQ works

AIETHIQ is installed in the client’s own local environment.

• The client’s answers, assessment results, classifications, recommendations and PDF reports are generated and stored locally within the client’s environment.
• AIDRE TECHNOLOGIES does not host, store or access the client’s answers, AI Act assessment results or generated PDF reports by default.
• The questionnaire, update content and related methodological elements may be hosted or made available by AIDRE TECHNOLOGIES in order to provide the AIETHIQ service and keep the tool up to date.
• When the tool is opened, updates may be integrated automatically without any specific action required by the client.

5. Personal data we may collect

AIDRE TECHNOLOGIES may collect and process the following categories of personal data.

5.1 Business contact data

This may include:

• first name and last name;
• professional email address;
• professional phone number;
• company name;
• job title or role;
• content of messages sent to us.

5.2 Contractual and licensing data

This may include:

• company details;
• name and contact details of the client’s representatives;
• quote and licence information;
• number of licensed workstations, where applicable;
• contractual correspondence;
• licence duration and commercial terms.

The licence is defined on a case-by-case basis in the applicable quote or agreement. Unless otherwise agreed, AIETHIQ is licensed per workstation.

5.3 Billing and accounting data

This may include:

• company name;
• billing address;
• VAT number;
• purchase order details;
• invoice details;
• payment status;
• bank transfer references;
• accounting and tax records.

Billing and accounting are managed through Pennylane. Payments are made manually by bank transfer, unless otherwise agreed in writing.

5.4 Website and technical data

When you visit www.aiethiqlab.com, we may process technical information such as:

• IP address; browser type; device information; pages visited; date and time of visit; technical logs; information necessary for website security and maintenance.

We may also process technical information related to licence activation, licence verification or automatic updates, such as version number, update status, licence identifier, date and time of connection, and technical logs necessary to provide the service.

6. Data we do not collect by default

By default, AIDRE TECHNOLOGIES does not collect, host or store:

• the answers entered by the client into the AIETHIQ assessment tool;
• the client’s AI Act classifications generated locally;
• the client’s scores generated locally;
• the recommendations generated locally;
• the PDF reports generated locally;
• the client’s internal AI system documentation entered into the local tool.

These elements remain in the client’s local environment. AIDRE TECHNOLOGIES does not use client answers, reports or assessment results to train AI models.

7. Purposes of processing

AIDRE TECHNOLOGIES processes personal data for the following purposes:

• responding to enquiries;
• preparing quotes and commercial proposals;
• entering into and managing licence agreements;
• providing access to AIETHIQ updates;
• managing invoicing, accounting and payment follow-up;
• complying with legal, tax and accounting obligations;
• maintaining website security;
• improving the visibility and technical performance of the website;
• providing optional support or assistance when requested by the client;
• protecting the rights and interests of AIDRE TECHNOLOGIES.

8. Legal bases for processing

Depending on the context, AIDRE TECHNOLOGIES processes personal data on the following legal bases:

• Contractual necessity: when processing is required to prepare, enter into or perform a licence agreement;
• Legal obligation: especially for accounting, tax and invoicing requirements;
• Legitimate interest: including business communications, website security, service improvement, licence management and protection of AIDRE TECHNOLOGIES’ rights;
• Consent: where required by applicable law, for example for certain cookies or optional communications.

9. Website analytics and Google Search Console

AIDRE TECHNOLOGIES uses Google Search Console to understand how the website appears in Google Search and to improve search visibility and technical performance.

Google Search Console may provide aggregated information such as search queries, impressions, clicks and average position in Google Search. AIDRE TECHNOLOGIES does not use Google Search Console to identify individual visitors.

If additional analytics or advertising tools are added in the future, this Privacy Policy and, where applicable, the cookie banner will be updated.

10. Cookies

The website may use cookies or similar technologies that are necessary for its proper operation, security or technical performance.

Where required by law, non-essential cookies will only be used with the user’s prior consent. Users may configure their browser to block or delete cookies. However, some parts of the website may not function properly without necessary cookies.

11. Service providers

AIDRE TECHNOLOGIES may use trusted third-party providers for the operation of its website, billing and business administration. These providers may include:

• Vercel, for website hosting and technical deployment;
• Google Search Console, for search performance monitoring;
• Pennylane, for billing, accounting and financial administration.

These providers may process personal data only to the extent necessary to provide their services. AIDRE TECHNOLOGIES takes reasonable steps to work with providers that offer appropriate data protection and security commitments.

12. International transfers

Some technical providers may be located outside the European Economic Area or may rely on subprocessors located outside the European Economic Area.

Where personal data is transferred outside the European Economic Area, AIDRE TECHNOLOGIES seeks to ensure that appropriate safeguards are in place, such as standard contractual clauses or other lawful transfer mechanisms recognized under applicable data protection laws.

13. Data retention

AIDRE TECHNOLOGIES keeps personal data only for as long as necessary for the purposes described in this Privacy Policy. In particular:

• Business contact data may be kept for the duration of the business relationship and for a reasonable period thereafter;
• Contractual data may be kept for the duration of the agreement and for the applicable limitation periods;
• Billing and accounting data are kept for the legal retention periods required under applicable French accounting and tax laws;
• Technical logs are kept for a limited period necessary for security, maintenance and troubleshooting;
• Support-related data is kept for the time necessary to handle the request and protect the legitimate interests of AIDRE TECHNOLOGIES.

Accounting records and supporting documents must generally be kept by companies in France for legally required periods, including periods applicable to accounting, tax and commercial documentation (Service Public Entreprendre).

14. Security

AIDRE TECHNOLOGIES implements reasonable technical and organizational measures to protect personal data against unauthorized access, loss, alteration, disclosure or destruction.

However, the client is responsible for the security of its own local environment in which AIETHIQ is installed, including access management, device security, internal backups, network security and protection of locally generated reports.

AIDRE TECHNOLOGIES is not responsible for unauthorized access, loss or disclosure of data resulting from the client’s own systems, devices, users, networks or internal security practices.

15. Client responsibility for local data

Because AIETHIQ is installed locally, the client remains responsible for:

• the personal data entered into the tool by its users;
• the security of the local installation environment;
• access rights granted to its employees, contractors, lawyers, advisors, auditors or clients;
• storage, sharing and deletion of locally generated reports;
• compliance with its own data protection obligations.

Where the client uses AIETHIQ on behalf of its own clients, including in a legal, consulting, audit or advisory context, the client is responsible for informing its own clients and ensuring that its use of AIETHIQ complies with applicable confidentiality, professional and data protection obligations.

16. No AI training on client data

AIDRE TECHNOLOGIES does not use client answers, client-generated reports, AI Act scores, classifications or recommendations to train AI models.

If this position changes in the future, AIDRE TECHNOLOGIES will update this Privacy Policy and, where required, obtain the appropriate consent or contractual authorization.

17. Your rights

Under applicable data protection laws, individuals may have the following rights regarding their personal data:

• right of access; right to rectification; right to erasure; right to restriction of processing; right to object;
• right to data portability, where applicable;
• right to withdraw consent, where processing is based on consent;
• right to lodge a complaint with a competent data protection authority (in France, the competent authority is the CNIL).

To exercise your rights, you may contact AIDRE TECHNOLOGIES at: contact@aiethiqlab.com. AIDRE TECHNOLOGIES may request additional information to verify your identity before responding to a request.

18. Confidentiality

AIDRE TECHNOLOGIES treats business communications, licence information and support exchanges as confidential, subject to applicable legal obligations.

If the client voluntarily shares information, documents, reports or screenshots with AIDRE TECHNOLOGIES for support or advisory purposes, such information will be handled only for the purpose for which it was shared, unless otherwise agreed.

19. Changes to this Privacy Policy

AIDRE TECHNOLOGIES may update this Privacy Policy from time to time, especially to reflect changes in the AIETHIQ service, applicable law, technical providers or data processing practices. The updated version will be made available on www.aiethiqlab.com.

20. Contact

For any question regarding this Privacy Policy or the processing of personal data, please contact: