Website Privacy Policy

Objective and Scope of the Policy 

HiScale places the utmost importance on the protection of privacy and personal data, as well as compliance with the provisions of the Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and applicable French legislation.

In accordance with the GDPR, personal data must be processed in a lawful, fair and transparent manner.
This privacy policy (hereinafter the "Policy") aims to provide you with clear information about the processing of personal data concerning you, while navigating the site www.hiscale.ai and the associated operations.

Data Controller

As part of our activities, HiScale collects and uses personal data related to you, individuals (hereinafter "Data Subject"). 

For all Processing, HiScale determines the means and purposes of the Processing. Thus, we act as the Data Controller in the sense of the regulations concerning personal data, notably the Regulation (EU) 2016/679 concerning the protection of individuals regarding the processing of personal data and the free movement of such data. 

If you have any questions or complaints regarding HiScale's compliance with this Policy, our DPO is here to respond to all your requests, particularly to exercise your rights under the LIL and the GDPR, concerning your personal data. You can contact him by email at the following address: dpo@hiscale.agency

What Personal Data do we collect and how ? 

By using our website, as well as in the framework of your contact requests, you provide us with a certain number of information about yourself, some of which may identify you ("Personal Data"). This is particularly the case when you browse our site or when you wish to be contacted. 

The nature and quality of the Personal Data collected about you vary depending on the relationships you undertake with HiScale, the main ones being : 

  • Identification Data : this includes any information that would allow us to identify you, such as your name, first name, phone number, postal or email address, as well as any information provided by you as part of your contact request, and, where appropriate, the content of the message, as well as any information communicated subsequently during your exchanges with HiScale.

  • Professional life data : workplace, company.

  • Login data : this includes all the information needed to access your personal account, such as the password and other information necessary for authentication and account access.

  • Internet data : this corresponds to your browsing data, such as your IP address. 

HiScale ensures that the collection of your personal data is relevant, adequate, not excessive, and strictly necessary for its activities. 

You are informed that certain information is essential to benefit from our services. If you do not provide us with these, we will not be able to provide you with the concerned services.

Why do we collect your Personal Data and how ? 

We collect your personal data for specific purposes and on various legal bases. 


Purposes

Collected personal data

Legal bases for processing (Article 6 GDPR)

Retention periods

To respond to your requests via contact or partnership forms

Identification data, contact details, content of the message

Execution of pre-contractual measures (art. 6-1-b)

The time needed to process the request, then a maximum of 12 months

Management of customer relationships, invoicing, execution of services and support

Identification data, contractual data and communication

Execution of the contract / legal obligations (art. 6-1-b and c)

During the contract duration, then archived for 5 years (and 10 years for accounting data)

B2B prospecting and communication (professional relationships)

Professional data and contact details (email, company, position)

Legitimate interest (art. 6-1-f) - with the right to object at any time

3 years from the last contact with HiScale

Sending newsletters and personalised marketing communications

Name, surname, email address

Consent (art. 6-1-a) - withdrawal possible at any time

Until unsubscribing via the link included in each email

Audience measurement, statistical analysis and site optimisation (analytical cookies)

Browsing data, truncated IP address

Consent (art. 6-1-a) via the Cookiebot banner

Maximum of 13 months for cookies - 25 months for aggregated data

Security, fraud prevention and technical maintenance of the site

Login data, server logs, IP addresses

Legitimate interest (art. 6-1-f)

Maximum of 12 months from collection

Do we share your Personal Data ? 

Your data is transmitted to HiScale's internal services, strictly necessary for the fulfillment of our mission.  

They may also be transmitted for certain tasks related to the purposes, and within the limits of their respective missions and qualifications, to the following recipients: 

  • Entities of the HiScale Group in the context of outsourcing an activity to another entity of the group  

  • Service providers and subcontractors we use to carry out a set of operations and tasks (website hosts, auditing companies, IT providers, …)

  • Other commercial partners.

  • Other partners in scientific research in the health field. 

However, this data sharing is conducted only after obtaining your consent, or where necessary for the execution of our contract with you. Furthermore, only the information needed for the provision of the service is communicated to them. They are also asked not to use the data for purposes other than those initially intended. We do our best to ensure that these third parties maintain the confidentiality and security of your data. 

Finally, your data may also be transmitted to legal or regulatory authorities, in order to comply with our legal obligations. 

In these last two cases, just like with the service providers, only the necessary data is provided. And we take all measures to preserve their confidentiality and security. 

We do not sell your data. 

Is your Personal Data transferred to Third Countries ? 

HiScale strives to keep Personal Data in France, or at least within the European Economic Area (EEA).  

However, it is possible that the Data we collect when you use our platform or within the scope of our services may be transferred to other countries. This is for example the case if some of our providers are located outside the European Economic Area. 

In the event of such a Transfer, we ensure that it is done : 

  • To a country ensuring an adequate level of protection, that is to say, an equivalent level of protection to what European regulations require  

  • Within the framework of standard contractual clauses  

  • Within the framework of internal company rules. 

How long do we keep your Personal Data ? 

We keep your Personal Data only for the time necessary to achieve the purpose for which we hold this Data, in order to meet your needs or to fulfil our legal obligations. 

The retention periods vary depending on several factors, such as : 

  • The needs of HiScale's activities;

  • The contractual requirements ;

  • The legal obligations ;

  • The recommendations of the supervisory authorities. 

How do we ensure the security of your Personal Data ? 

HiScale is committed to protecting the Personal Data that we collect, or that we process, against loss, destruction, alteration, unauthorized access or disclosure. 

Thus, we implement all appropriate technical and organizational measures, according to the nature of the data and the risks posed by their processing, to preserve the security and confidentiality of your personal data.

These measures may include practices such as limited access to personal data by HiScale staff due to their roles, contractual guarantees in the case of external service providers, conducting privacy impact assessments, regular reviews of practices and procedures on HiScale's information systems, physical and/or logical security measures (secure access, authentication process, backups, antivirus software, firewall, etc.).

What are your rights ? 

Concerning the personal data we collect/process, you can exercise the following rights : 

  • A right of access (Article 15 of the GDPR) : you have the right to request access to the personal data we hold about you, and you can request a copy (learn more) ; 

  • A right of rectification : you may request the rectification of any inaccurate data concerning you ; 

  • A right of deletion (Article 17 of the GDPR) : you may request the deletion of your personal data in certain circumstances (learn more) ; 

  • A right to portability (Article 20 of the GDPR) : under certain conditions, you can receive all the personal data concerning you that you have provided to us, in a structured format. You also have the right to request that we transmit them, where possible, to another controller (learn more) ; 

  • A right to object to processing on legitimate interests (Article 21 of the GDPR – learn more) ; 

  • A right to withdraw consent at any time (Article 7-3 of the GDPR – learn more) ; 

  • A right to limitation of processing (Article 18 of the GDPR) : you have the right to impose restrictions on the processing of your data if : 

    • You contest the accuracy of your data, until we verify its accuracy ; 

    • The processing is unlawful but you do not wish for us to delete your data ; 

    • We no longer need your personal data for processing but you need it to lodge, assert or defend against legal claims ; 

    • You are opposed to processing on legitimate grounds while waiting to verify whether our overriding legitimate grounds for processing prevail over those interests ;

If such personal data is subject to limitations of this type, we will only process your data with your consent, or for the purposes of lodging, asserting or defending against legal claims (learn more) ; 

  • A right to define the fate of your data after your death and to choose that we communicate (or not) your data to a third party that you have previously designated (Law for a Digital Republic – learn more).

You can exercise all these rights by simple request to the Data Protection Officer (DPO) of HiScale, at the following address: dpo@hiscale.agency

When you submit a request to exercise rights, you are asked to specify as much as possible the scope of the request, the type of right exercised, the processing of personal data concerned, and any other useful elements to facilitate the examination of your request. Furthermore, in case of reasonable doubt about your identity, a proof of identity may be requested.

If you believe, after contacting us, that your rights regarding your data are not being respected, you can lodge a complaint with the National Commission for Informatics and Freedoms (CNIL).

How to contact us ? 

You can contact us at the following postal address : 80 RUE DU CHATEAU DURBESSON, 84200 CARPENTRAS or by email at the following address dpo@hiscale.agency

Update of this Policy

This policy may be regularly updated to take into account developments in the regulations regarding personal data. 

Date of last update 29/09/2025.