Website privacy policy

Purpose and scope of the Policy 

HiScale attaches the utmost importance to the protection of privacy and personal data, as well as to compliance with the provisions of Regulation (EU) 2016/679 of April 27, 2016 (RGPD) and applicable French legislation.

In accordance with the RGPD, personal data must be processed lawfully, fairly and transparently.
The purpose of this privacy policy (hereinafter the "Policy") is to provide you with clear information about the processing of personal data concerning you, in the context of your browsing the site www.hiscale.ai and related operations.

Data controller

In the course of our activities, HiScale collects and uses personal data relating to you, an individual (hereinafter "Data Subject"). 

For all Processing, HiScale determines the means and purposes of the Processing. As such, we act as a Processor, within the meaning of the Regulation on Personal Data, and in particular Regulation (EU) 2016/679 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such Data. 

If you have any questions or complaints about HiScale's compliance with this Policy, our DPO is here to answer all your requests, in particular to exercise your rights under the LIL and RGPD, relating to your personal data. You can reach him by e-mail at the following address: dpo@hiscale.agency

What Personal Data do we collect and how? 

When you use our website, or when you contact us, you provide us with certain information about yourself, some of which may identify you ("Personal Data"). This is particularly the case when you browse our site, or when you wish to be contacted. 

The nature and quality of the Personal Data collected about you varies according to the relationship you have with HiScale, the main ones being : 

  • Identification data: this includes any information that would enable us to identify you, such as your surname, first name, telephone number, postal or e-mail address, as well as any information provided by you as part of your contact request and, if applicable, the content of the message, as well as any information communicated subsequently during your exchanges with HiScale.

  • Professional data: workplace, company.

  • Connection data: this is all the information we need to access your personal account, such as password and other information required for authentication and access to an account.

  • Internet data: this corresponds to your browsing data, such as your IP address. 

HiScale ensures that the collection of your personal data is relevant, adequate, not excessive and strictly necessary for its activities. 

You are informed that certain information is essential to benefit from our services. If you do not provide this information, we will not be able to offer you the services concerned.

Why do we collect your Personal Data and how? 

We collect your personal data for specific purposes and on different legal grounds. 


Goals

Personal data collected

Legal basis for processing (Article 6 RGPD)

Shelf life

Respond to your requests via contact or partnership forms

Identification data, contact details, message content

Execution of pre-contractual measures (art. 6-1-b)

Application processing time, then 12 months maximum

Customer relationship management, billing, service execution and support

Identification, contractual and communication data

Contract performance / legal obligations (art. 6-1-b and c)

For the duration of the contract, then archived for 5 years (and 10 years for accounting data).

B2B prospecting and communication (business relations)

Professional data and contact details (email, company, position)

Legitimate interest (art. 6-1-f) - with right to object at any time

3 years from last contact with Hiscale

Send personalized newsletters and marketing communications

Last name, first name, e-mail address

Consent (art. 6-1-a) - may be withdrawn at any time

Until unsubscribed via the link included in each e-mail

Audience measurement, statistical analysis and site optimization (analytical cookies)

Browsing data, truncated IP address

Consent (art. 6-1-a) via Cookiebot banner

13 months maximum for cookies - 25 months for aggregated data

Security, fraud prevention and technical site maintenance

Connection data, server logs, IP addresses

Legitimate interest (art- 6-1-f)

12 months maximum from collection

Do we share your personal data? 

Your data will be transmitted to HiScale's internal services, strictly necessary to carry out our mission.  

It may be transmitted to the following recipients for certain tasks related to the purposes, and within the limits of their respective missions and authorizations: 

  • HiScale Group entities outsourcing activities to another Group entity ; 

  • Service providers and subcontractors we use to carry out a range of operations and tasks (website hosts, company in charge of auditing, IT service provider, etc.).

  • Other business partners.

  • Other scientific research partners in the health field. 

However, this sharing of data is only carried out after obtaining your consent, or if it is necessary for the performance of our contract with you. In addition, they are only given the information they need to provide the service. They are also asked not to use the data for purposes other than those originally intended. We make every effort to ensure that these third parties maintain the confidentiality and security of your data. 

Finally, your data may also be transmitted to legal or regulatory authorities, in order to comply with our legal obligations. 

In the latter two cases, as with our service providers, only the necessary data is supplied. And we do everything in our power to ensure their confidentiality and security. 

We do not sell your data. 

Are your personal data transferred to third countries? 

HiScale endeavors to store Personal Data in France, or at least within the European Economic Area (EEA).  

However, it is possible that the Data we collect when you use our platform or as part of our services may be transferred to other countries. This is the case, for example, if some of our service providers are located outside the European Economic Area. 

In the event of a Transfer of this type, we guarantee that it will be carried out : 

  • To a country offering an adequate level of protection, i.e. a level of protection equivalent to that required by European regulations; 

  • Within the framework of standard contractual clauses ; 

  • Within the framework of internal company rules. 

How long do we keep your Personal Data? 

We retain your Personal Data only for as long as is necessary to fulfil the purpose for which we hold the Data, to meet your needs or to comply with our legal obligations. 

Shelf lives vary depending on a number of factors, such as : 

  • HiScale business needs;

  • Contractual requirements ;

  • Legal obligations ;

  • Recommendations from supervisory authorities. 

How do we guarantee the security of your Personal Data? 

HiScale is committed to protecting the Personal Data we collect or process from loss, destruction, alteration, unauthorized access or disclosure. 

Accordingly, we implement all appropriate technical and organizational measures, depending on the nature of the data and the risks involved in processing it, to preserve the security and confidentiality of your personal data.

These measures may include practices such as limited access to personal data by HiScale employees by virtue of their duties, contractual guarantees in the event of recourse to an external service provider, the performance of privacy impact assessments, regular reviews of practices and procedures on HiScale's information systems, physical and/or logical security measures (secure access, authentication process, back-up copies, antivirus software, firewalls, etc.).

What are your rights? 

You may exercise the following rights with regard to the personal data we collect/process: 

  • A right of access (Article 15 of the RGPD): you have the right to request access to the personal data we hold about you, and you can request a copy (read more) ; 

  • A right of rectification: you can request rectification of any inaccurate data concerning you; 

  • A right of deletion (Article 17 of the GDPR): you can request the deletion of your personal data in certain circumstances (read more) ; 

  • A right to portability (Article 20 of the RGPD) : under certain conditions you can receive all the personal data concerning you that you have provided to us, in a structured format. You also have the right to demand that we transfer them, as far as possible, to another controller (to find out more)

  • A right to object to processing on the grounds of legitimate interests (Article 21 of the RGPD - read more) ; 

  • A right to withdraw consent at any time (Article 7-3 of the RGPD - read more) ;

  • A right to restrict processing (Article 18 of the RGPD) : you have the right to restrict the processing of your data if: 

    • You dispute the accuracy of your data, until we verify its accuracy; 

    • The processing is illegal but you do not want us to delete your data; 

    • We no longer need your personal data for processing purposes, but you do need this data in order to bring, assert or defend against legal claims; 

    • You object to the processing on related grounds pending verification of whether our compelling legitimate grounds for continuing the processing override those interests ;

If such personal data is subject to limitations of this kind, we will only process your data with your consent, or for the purpose of bringing, enforcing or defending against legal claims(read more); 

  • A right to define the fate of your data after your death and to choose whether or not we communicate your data to a third party that you have previously designated (Law for a Digital Republic - read more).

You can exercise all these rights by contacting HiScale's Data Protection Officer (DPO) at the following address: dpo@hiscale.agency

When you send us a request to exercise a right, we ask you to specify as far as possible the scope of the request, the type of right exercised, the personal data processing concerned, and any other useful information, in order to facilitate the examination of your request. In the event of reasonable doubt as to your identity, you may be asked to provide proof of identity.

If, after contacting us, you feel that your rights with regard to your data have not been respected, you may lodge a complaint with the Commission Nationale de l'Informatique et des Libertés(CNIL).

How to contact us 

You can contact us at the following postal address: 80 RUE DU CHATEAU DURBESSON, 84200 CARPENTRAS or by e-mail at the following address dpo@hiscale.agency

Updating this Policy

This policy may be regularly updated to take account of changes in regulations relating to personal data. 

Last update date 29/09/2025.