The data controller responsible for processing your personal data under Article 4(7) of the GDPR is:
Given the limited scope of our processing activities, no Data Protection Officer (DPO) has been formally appointed. All data-related questions are handled directly by the management.
This Privacy Policy describes how AAI Maquine collects, uses, stores, and protects personal data of visitors and prospective clients of the website aai-maquine.com.
For the purposes of this policy, "personal data" means any information relating to an identified or identifiable natural person, as defined in Article 4(1) of the GDPR.
We follow the principle of data minimisation (Article 5(1)(c) GDPR): we only collect data that is strictly necessary for our stated purposes.
| Category | Data Collected | Source |
|---|---|---|
| Contact Form | First name, last name, company name, email address, area of interest, free-text message | Provided by you |
| Email Correspondence | Email address, name, content of exchanges | Provided by you |
| Technical Logs | IP address, browser type, timestamps (kept by hosting provider for security/abuse prevention) | Automatically by host |
We do not collect sensitive data (Article 9 GDPR), data concerning minors, financial data, or behavioural/profiling data.
Each processing activity is grounded in a specific legal basis under Article 6 of the GDPR:
| Purpose | Legal Basis (Art. 6) |
|---|---|
| Respond to your enquiry and arrange a discovery call | Pre-contractual measures at your request — Art. 6(1)(b) |
| Send commercial proposals and execute consulting engagements | Performance of a contract — Art. 6(1)(b) |
| Comply with accounting, tax, and legal obligations | Legal obligation — Art. 6(1)(c) |
| Maintain security of the website and detect abuse | Legitimate interest — Art. 6(1)(f) |
| Send occasional follow-up emails to prospects | Consent — Art. 6(1)(a) — withdrawable at any time |
We retain personal data only for as long as necessary for the purposes for which it was collected, in accordance with Article 5(1)(e) of the GDPR:
Your personal data is accessed only by the management of AAI Maquine. We do not sell, rent, or share your data with third parties for commercial purposes.
For strictly necessary technical operations, we rely on the following sub-processors (Article 28 GDPR), each bound by a data processing agreement:
Where a sub-processor processes data outside the European Economic Area (EEA), such transfers are framed by appropriate safeguards under Chapter V of the GDPR — typically the European Commission's Standard Contractual Clauses (SCCs) or an adequacy decision (e.g. the EU–US Data Privacy Framework).
By default, we select providers operating within the EEA whenever feasible.
In accordance with Article 32 of the GDPR, AAI Maquine implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk:
This website uses only strictly necessary technical cookies — used for the proper functioning of the site (e.g. preserving navigation state). These cookies are exempt from prior consent under Article 82 of the French Data Protection Act and CNIL guidelines.
We do not deploy:
For this reason, no cookie consent banner is displayed. Should we introduce non-essential cookies in the future, a CNIL-compliant consent mechanism will be implemented prior to deployment.
Under Articles 15 to 22 of the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at philippe.maquine@gmail.com. We will respond within one month of receipt (Art. 12 GDPR), extendable by two months for complex requests. We may request reasonable proof of identity before acting on your request.
If you consider that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority — in particular, the French data protection authority:
This Privacy Policy may be updated to reflect changes in our practices or legal requirements. The "Last updated" date at the top of the page indicates the most recent revision. Substantial changes will be notified through a visible notice on the website or by direct communication where appropriate.