Auroramind
PRIVACY POLICY

Privacy Policy

Protection of personal data collected and processed by Auroramind.

Article 1 – Preamble

This Privacy Policy aims to inform users of the auroramind.fr website and Auroramind clients about:

  • the personal data collected;
  • the purposes and legal bases of processing;
  • the identity of the data controller;
  • the recipients of the data;
  • the retention periods;
  • the use of cookies and trackers;
  • the rights available to data subjects.

It complements the Legal Notice and the General Terms and Conditions of Sale of the Auroramind website.

By using the site and/or Auroramind services (training, Aurora Insight offers, booking appointments), you acknowledge having read and accepted this Privacy Policy.

Article 2 – Data controller

2.1 Identity of the data controller

Auroramind

SASU with variable capital of €2,000

26, rue Max de Saint Genest – 42340 VEAUCHE – France

RCS Saint-Étienne: 942 103 458 00017

Intra-community VAT: FR46942103458

Primary contact (personal data)

Email: contact@auroramind.fr

Auroramind primarily acts as data controller for data collected via its site, forms and customer relationship management. For certain B2B missions (AI solution integration, RAG, automations…), Auroramind may act as a processor on behalf of its clients; these aspects are then specified in contracts and/or data processing annexes.

Article 3 – Definition of personal data

Personal data is any information relating to an identified or identifiable natural person, directly or indirectly (name, first name, email address, phone number, online identifier, connection data, etc.), in accordance with the GDPR.

Article 4 – Data collected

4.1 Data collected via the auroramind.fr website

  • Identification and contact information: last name, first name, company name, role, email address, phone number, city/country.
  • Data related to contact/quote/AI audit requests: message content, company information, project type, expressed needs.
  • Appointment booking data (via Calendly or equivalent tool): selected slot, time zone, contact details, information provided in free fields.
  • Browsing data: IP address, browser type, pages viewed, time spent, referral source, etc., via cookies or audience analytics trackers.

4.2 Data collected in the context of training

  • Participant identity and contact details (last name, first name, email, phone);
  • Data related to the client company (company name, SIRET, trainee role);
  • Administrative information (attendance, sign-in sheets, assessments, certificates, OPCO funding where applicable);
  • Connection data to the platforms used (videoconferencing, e-learning, document sharing);
  • Email exchanges and collaborative spaces associated with the training.

4.3 Data collected for Aurora Insight offers (B2B)

  • Identification data of the main contact (last name, first name, role, email, phone);
  • Billing data (billing address, SIRET, information required for accounting);
  • Client account data (history of interventions, exchanges, deliverables, settings);
  • Connection data / possible usage of collaborative or AI spaces provided (dashboards, reports, tickets).

Business data, documents and files provided by the client to Auroramind for AI analyses or tool deployment (RAG, automations, etc.) are processed within a strictly contractual framework, with a high level of confidentiality.

4.4 Payment data

Online payments (training, Aurora Insight packages possibly paid via payment link) are processed via Stripe. Auroramind does not collect or store your full bank card data: this is processed directly by Stripe, acting as a separate data controller, in accordance with its own privacy policy.

Information associated with payments (amount, date, transaction reference, payment method, status) is retained by Auroramind for accounting and contractual management.

4.5 Auroramind collaborative spaces

  • Named access (user account);
  • Stored data: uploaded documents, comments, tickets, activity logs;
  • Standard access duration: 6 months after the end of the mission (unless otherwise agreed or legally required).

Article 5 – Purposes and legal bases of processing

Data collected by Auroramind is processed for the following purposes, on the legal bases defined by the GDPR:

5.1 Performance of a contract or pre-contractual measures

  • Managing contact requests, AI audits or quotes;
  • Registration, organization and follow-up of training (in-person/remote);
  • Management of Aurora Insight contracts and subscriptions (creation, follow-up, termination);
  • Billing, payment follow-up, management of possible unpaid invoices;
  • Provision and administration of Auroramind collaborative spaces.

Legal basis: performance of a contract or pre-contractual measures (Article 6.1.b GDPR).

5.2 Compliance with legal obligations

  • Accounting and tax obligations (retention of invoices, supporting documents);
  • Specific obligations related to professional training (traceability of attendance, certificates, supporting documents).

Legal basis: compliance with legal obligations (Article 6.1.c GDPR).

5.3 Auroramind’s legitimate interest

  • Continuous improvement of the site, user experience and offers (anonymized or pseudonymized statistical analyses);
  • Securing information systems and fraud prevention (logging, security, anti-spam/hacking);
  • Internal organization of customer relationships (exchange history, quality monitoring, feedback).

Legal basis: legitimate interest (Article 6.1.f GDPR), while ensuring that the rights and freedoms of individuals are not infringed.

5.4 Consent

  • Sending newsletters, educational content or commercial offers by email (prospecting);
  • Placement of certain non-essential cookies/trackers (advanced statistics, marketing, retargeting);
  • Potential recording of certain webinars or training sessions if participants clearly consent.

Legal basis: consent (Article 6.1.a GDPR), freely given, specific, informed and withdrawable at any time.

Article 6 – Data recipients

6.1 Internal recipients

Personal data is accessible, within the limits of their respective needs, to the following persons:

  • Auroramind’s director;
  • Employees and/or service providers involved in client files, training, AI projects;
  • Administrative or accounting staff, where applicable.

6.2 Processors and service providers

Auroramind may use service providers acting as processors within the meaning of the GDPR, notably for:

  • website and data hosting (host: CELESTE / Nuxit or equivalent, server located in the EU);
  • appointment booking (Calendly-type tool);
  • online payment (Stripe);
  • sending transactional emails or newsletters (emailing tool if applicable);
  • collaboration tools (Jira, Nextcloud or equivalent);
  • certain technical services (backups, maintenance, monitoring).

Auroramind ensures these providers offer sufficient security and confidentiality guarantees and concludes the contracts required by regulation.

Article 7 – Transfers outside the European Union

Some providers (for example Stripe, Calendly or other SaaS tools used by Auroramind) may be located outside the European Union or operate from third countries. In this case, Auroramind endeavors to ensure that:

  • the destination country benefits from an adequacy decision by the European Commission, or
  • transfers are governed by standard contractual clauses (SCC) or any other GDPR-compliant mechanism, and providers implement an equivalent level of protection.

Links to these providers’ privacy policies are available on their respective websites.

Article 8 – Retention periods

Auroramind retains personal data only for the period necessary for the purposes pursued, increased where applicable by statutory limitation periods. By way of indication:

  • Prospects (B2B/B2C): 3 years after the last active contact in the absence of a contractual relationship.
  • Clients (training / Aurora Insight): for the duration of the contract, then intermediate archiving up to 10 years for accounting and contractual data (legal obligations).
  • Training-related data: sufficient duration to prove the reality of training actions (regulatory obligations).
  • Connection data to collaborative spaces: generally 6 months after the end of the mission or closure of the space.
  • Cookies: 13 months max for non-essential cookies, 25 months for certain anonymized audience measurements (CNIL recommendation).

Article 9 – Rights of data subjects

In accordance with applicable regulations, you have the following rights over your personal data:

  • Right to information: know whether your data is processed and in what context.
  • Right of access: obtain a copy of your data.
  • Right to rectification: correct or complete inaccurate or incomplete data.
  • Right to object: object, for reasons related to your particular situation, to certain processing based on legitimate interest (including prospecting).
  • Right to erasure (“right to be forgotten”): request deletion of your data within GDPR limits.
  • Right to restriction of processing: request temporary suspension of the use of your data.
  • Right to portability: receive your data in a structured, commonly used, machine-readable format, and transmit it to another controller.
  • Right to withdraw consent: at any time, for processing based on consent.

9.1 Exercising your rights

To exercise your rights, you can contact Auroramind:

  • by email: contact@auroramind.fr
  • or by post to: Auroramind, 26, rue Max de Saint Genest, 42340 VEAUCHE – France

Auroramind may request additional information (e.g., ID) to verify your identity. A response will generally be provided within one month of receiving your request.

9.2 Complaint to the CNIL

If you believe, after contacting us, that your rights are not respected, you can lodge a complaint with the competent supervisory authority:

CNIL – Commission Nationale de l’Informatique et des Libertés

3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 – France

Website: www.cnil.fr – “Complaints” section.

Article 10 – Cookies & trackers

10.1 What is a cookie?

A cookie is a small text file placed on your device when visiting a website. It collects information about your browsing to, for example, facilitate site display or measure its audience.

10.2 Types of cookies used on auroramind.fr

  • Strictly necessary cookies: essential for page display, security, and managing basic preferences.
  • Audience measurement cookies: allow measuring traffic, analyzing page performance and improving the site; can be configured or refused via the cookie banner or browser.
  • Marketing / third-party cookies (if present): used for personalization, retargeting or embedding third-party content; placed only with your consent.

10.3 Cookie management

On your first visit, a banner allows you to accept, refuse or customize non-essential cookies. You can change your preferences at any time via the cookie manager (link at the bottom of the page) or through your browser settings. Refusing certain cookies may slightly degrade the user experience but does not prevent access to the site.

Article 11 – Data security

Auroramind implements reasonable technical and organizational measures to protect personal data against loss, alteration, unauthorized disclosure or unauthorized access. This includes: access controls, strong passwords, encryption of exchanges (HTTPS), backups, environment segmentation, logging of access and interventions.

No system is completely infallible. In the event of a data breach presenting a risk to the rights and freedoms of individuals, Auroramind will notify the incident to the competent authorities and, where applicable, to the persons concerned, in accordance with the GDPR.

Article 12 – Updates to the Privacy Policy

This Privacy Policy may evolve to reflect regulatory changes, CNIL recommendations, or changes to Auroramind’s services (new platform, new partner, etc.). The date of the last update will be mentioned. In the event of a substantial change, information may be provided via the site or by email.