Privacy Policy

Last updated: 10 October 2025

1) Data Controller
Controller: Atout Organisation Science – AOS®
Website: https://www.atout-org.com/
Postal address: Saint Henri, Rue Anne Gacon, 13016 Marseille, France
Contact: Contact us

2) Personal Data We Collect

This is a brochure (showcase) website. We do not provide user accounts or e-commerce. We only collect limited data:

  • Identification data you voluntarily submit (name, email, phone) via our contact form or by email.
  • Message content (text, attachments) when you contact us.
  • Technical and browsing data (IP address, browser/device information, logs, cookies/trackers – see “Cookies & trackers”).
3) Purposes & Legal Bases
  • Responding to your requests sent via the form or by email. Legal basis: legitimate interest / steps prior to a contract.
  • Website operation, security & improvement (including audience statistics). Legal basis: legitimate interest and/or consent for analytics cookies, as applicable.
  • Compliance with legal obligations (e.g., accounting/tax relating to certain communications). Legal basis: legal obligation.

We do not carry out systematic profiling or automated decision-making.

4) Cookies & trackers

Strictly necessary cookies for the operation of the site do not require consent. Audience measurement (analytics) cookies may be exempt from consent if configured in accordance with the supervisory authority’s recommendations.

5) Data Recipients

Access is limited to duly authorised AOS teams and, where necessary, to processors acting on our behalf (e.g., hosting/OVH, maintenance, analytics or email providers). We may also disclose data to public authorities where required by law.

We do not sell your personal data to third parties.

6) Retention Periods
  • Contact requests: up to 3 years after the last interaction.
  • Technical logs: for the time strictly necessary for security and diagnostics.
  • Cookies/trackers: up to 13 months for cookies subject to consent, then deletion or anonymisation.
7) International Transfers

Data are primarily hosted within the EU (e.g., EU hosting). If certain processors transfer data outside the EEA (for example, analytics or email tools), AOS ensures that appropriate safeguards are in place (e.g., European Commission Standard Contractual Clauses) or relies on an adequacy decision, as applicable.

8) Your Rights

In accordance with the GDPR and applicable laws, you may request:

  • Access to your data;
  • Rectification of inaccurate or incomplete data;
  • Erasure in certain cases (“right to be forgotten”);
  • Restriction of processing;
  • Objection to processing, including for direct marketing;
  • Portability (structured, commonly used and machine-readable format);
  • Withdrawal of your consent at any time for processing based on consent.

To exercise your rights, please contact us. You also have the right to lodge a complaint with the CNIL (France).

9) Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction.

10) Updates to this Policy

We may update this Privacy Policy to reflect legal, technical or organisational changes. The effective date appears at the top of this page.

See also: Legal Notice

Menu