Data Collection and Protection

PRIVACY POLICY

Effective Date: 15th of April 2025

At AutomAssist, we respect your privacy and are committed to keeping secure any information we obtain from you or about you. The following Privacy Policy outlines our practices with respect to Personal Data we collect from or about you when you use our website, applications, and services (collectively, “Services”).

This Privacy Policy shall not govern the content processed by us on behalf of the clients utilizing our commercial offerings, including, but not limited to, our products IDM (Industrial document manager) and AutomInsight, as well as our Application Programming Interface (API). The handling, access, and utilization of such data are subject to the terms and conditions stipulated in the customer agreements pertinent to those offerings.

1. Data controller

If you live in the European Economic Area (EEA) or Switzerland, Automassist, 28 AVENUE DES PEPINIERES, 94260 FRESNES, France, is the controller and is responsible for the processing of your Personal Data as described in this Privacy Policy.

2. Personal Data

We collect personal data relating to you (“Personal Data”) as described below:

We collect the following Personal Data when you create an account or communicate with us.

Account Information: When you create an account with AutomAssist, we collect essential information associated with your account, including your email address and username (collectively, “Account Information”). Additionally, you can voluntarily provide more details by completing your profile under "Personal Information," which may include your first and last name, address, city, postal code, and country.
User Content: When you use our Services, we collect Personal Data that is included in the input, file uploads, or feedback that you provide to our Services (“Content”).
Communication Information: If you communicate with us, we collect your name, contact information, and the contents of any messages you send (collectively, “Communication Information”).
Social Media Information: We have pages on social media sites like Facebook, Instagram, and Linkedin. When you interact with our social media pages, we collect Personal Data that you choose to provide to us, such as your contact details (collectively, “Social Media Information”). Additionally, companies that host our social media profiles may provide us with aggregated information and analytics about our social media activity.
Other Information: We collect other information that you may provide to us, such as when you participate in events or surveys, or provide us with information to establish your age or identity (collectively, “Other Information”).
Personal Data We Receive Automatically From Your Use of the Services: When you visit, use, or interact with the Services, we receive the following information (“Technical Information”):
- Log Data: Information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.
- Usage Data: We may automatically collect information about your use of our Services, such as the types of content that you engage with or view, the features you use and the actions you take, as well as your country, time zone, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
- Device Information: Includes name of the device, device identifiers, operating system, and browser used. Information collected may depend on the type of device you use and its settings.
- Cookies and more: We use cookies and similar technologies to operate and administer our Services, and improve your experience. For details about our use of cookies, please visit our GDPR Notice
- Personal Data Collected from External Sources: We acquire personal data from various external sources, including, but not limited to, publicly accessible data on the internet, specifically for the purpose of refining the models that facilitate our Services. Additionally, we receive data from our trusted partners, which includes security affiliates engaged in safeguarding against fraud, abuse, and other security risks associated with our Services, as well as marketing vendors who furnish us with data concerning prospective clients of our business services.

2.1 Product‐Specific Data Collection

2.1.1 IDM (Industrial Document Manager)

Document Metadata: File names, creation dates, tags, version history, and hierarchy placements.
Document Content: The actual content of uploaded documents, including industrial specifications, operating manuals, etc.
Usage Analytics: Information about how you and your team interact with documents (access frequency, search queries, chat interactions).
QR Code Scanning Data: Information related to when and by whom QR codes are scanned.
Hierarchy Structure Data: Information about your organizational hierarchy (sites, lines, machines, etc.) as configured in IDM.

2.1.2 AutomInsight

Data Stream Information: Connection details for PLCs, SCADA systems, time‐series databases, etc.
Query History: Records of natural‐language questions submitted to the AI engine.
Production Analytics: Aggregated data derived from your industrial systems, including performance indicators.
Alert Configuration: Data about alerts/notifications you have configured.
System Integration Data: Information about your facility’s digital infrastructure gathered during assessment and integration.

3. How we use Personal Data

We may use Personal Data for the following purposes:

To provide and maintain our Services;
To improve and develop our Services and features, as well as carry out research;
To communicate with users, including to send information or marketing about our Services;
To prevent fraud, criminal activity, or misuse of our Services, and to protect the security of our systems and Services;
To comply with legal obligations and to protect the rights, safety, privacy, or property of our users, us, our affiliates, or any third party.

Aggregated or De-Identified Data. We process Personal Data into aggregated or de-identified formats such that it cannot be utilized to ascertain your identity. This transformed data is employed to evaluate the efficacy of our Services, enhance existing features, develop new functionalities, engage in research, and for other analogous activities. Moreover, we may intermittently disseminate or publish such aggregated data, including but not limited to general user demographics, to third parties. The collection of this data is executed via the Services, through cookies, and other methods delineated in this Privacy Policy. We commit to maintaining and utilizing this de-identified information in an anonymous or de-identified state, and will not endeavour to re-identify said information, except as mandated by applicable law.

As noted above, we may use Content you provide us to improve our Services, for example to train the models that power our Services. Fill THIS FORM to opt-out, and read our GDPR Notice to learn more about how we handle your personal data.

3.1 Product‐Specific Data Use

3.1.1 IDM Data Use

Document Management Optimization: Improve organization, accessibility, and search features.
AI Chat Enhancement: Train/improve the AI’s ability to parse industrial documents (subject to opt‐out if desired).
User Experience Improvement: Analyze usage to refine the interface and functionalities in IDM.
Security Monitoring: Track suspicious or unauthorized access or usage patterns.
Version Control Management: Maintain and enhance version history functionalities.

3.1.2 AutomInsight Data Use

Algorithm Training: Enhance AI analytics or anomaly detection (subject to opt‐out).
Query Processing Improvement: Improve the natural language engine for real‐time or historical data queries.
Alert Optimization: Fine‐tune system‐generated alerts and notifications.
Data Integration Enhancement: Streamline data ingestion from PLCs, SCADA, or other industrial data sources.
Reporting Functionality: Build and refine AutomInsight’s reporting features and visualizations.

4. Disclosure of Personal Data

In certain circumstances we may disclose your Personal Data to:

Vendors and Service Providers: In furtherance of our business operational requirements and the execution of specific services and functions, we may disclose Personal Data to vendors and service providers. This group may include providers of hosting services, customer service vendors, cloud computing services, content delivery services, data warehousing services, support and safety monitoring services, email communication software providers, web analytics services, payment processing and transactional services, as well as other information technology service providers. These entities, acting pursuant to our directives, are authorized to access, process, or store Personal Data solely in the context of fulfilling their designated functions on our behalf.
Business Transfers: In the event that we are engaged in strategic transactions, reorganization, bankruptcy proceedings, receivership, or a transition of services to another provider (hereinafter collectively referred to as a "Transaction"), your Personal Data and other related information may be disclosed during the diligence phase to counterparties and individuals assisting with the Transaction. Furthermore, such Personal Data and other information may be transferred to a successor entity or affiliate as a component of the Transaction along with other assets.
Government Authorities or Other Third Parties: We may disclose your Personal Data, including details regarding your interaction with our Services, to government authorities, industry peers, or other third parties in accordance with applicable law under the following circumstances: (i) when mandated by law or based on the good faith belief that such disclosure is necessary to fulfil a legal obligation; (ii) to protect and defend our rights or property; (iii) should we, in our sole discretion, determine that there has been a breach of our terms, policies, or applicable laws; (iv) to detect, prevent, or otherwise address fraud or illegal activity; (v) to safeguard the safety, security, and integrity of our products, employees, users, or the public; or (vi) to guard against legal liability.
Affiliates: We may disclose Personal Data to our affiliates, which are entities that control, are controlled by, or are under common control with AutomAssist. The Personal Data shared with our affiliates will be utilized in a manner that is consistent with this Privacy Policy.
Business Account Administrators: Upon your enrolment in an AutomAssist enterprise or business account, the administrator of that account is permitted to access and manage your AutomAssist account. Additionally, if you register for an account using an email address provided by your employer or associated organization, we may disclose the existence of your account and specific account details, such as your email address, to your employer or organization. This disclosure is intended to facilitate your integration into their business account.
Other Users and Third Parties You Share Information With: Certain functionalities of our services enable you to display or share information with other users. For instance, you may share conversations with other users via shared links or transmit information to third-party applications through custom actions.

4.1 Product‐Specific Data Disclosure

4.1.1 IDM Data Disclosure

QR Code Service Providers: Limited data shared to create or produce physical QR codes.
SharePoint Integration: If you enable SharePoint sync, relevant authentication and document metadata may be shared with Microsoft.
Custom Workflow Partners: If you request specialized IDM workflows.
Support Personnel: May access document structures or metadata (not content, unless explicitly authorized) to resolve technical issues.

4.1.2 AutomInsight Data Disclosure

Data Integration Partners: Third parties that facilitate real‐time data connections.
On‐Premise Deployment Partners: May see system configuration data during installation.
Analytics Providers: Possibly aggregated/anonymized usage data for platform performance improvements.
Support Personnel: May access system configuration or performance data (not raw operational data unless you explicitly permit) to resolve issues.

5. Retention

Retention of Personal Data: We shall retain your Personal Data for the duration necessary to provide our Services to you, as well as for other legitimate business purposes, including but not limited to, dispute resolution, ensuring safety and security, and compliance with legal obligations. The specific retention period for Personal Data will be determined based on various factors, including:

The purpose for which the data is processed, including the necessity to retain the data for the provision of our Services;
The quantity, nature, and sensitivity of the Personal Data;
The potential risk of harm resulting from unauthorized use or disclosure of the Personal Data;
The legal obligations to which we are subject.

In certain instances, the duration for which we retain your data may depend on your settings.

5.1 Product‐Specific Data Retention

5.1.1 IDM Data Retention

Document Content: Retained as long as your account remains active or until you delete. After termination, documents remain for 7 days days before permanent deletion.
Document Metadata: May be retained for up to 7 days after document deletion for system integrity.
QR Code Data: Retained for the life of the account, plus 7 days after termination.
Hierarchy Structure Data: Retained for the life of the account, plus 7 days post‐termination.

5.1.2 AutomInsight Data Retention

Raw Industrial Data: Processed in real time; not stored unless specifically configured for historical analysis.
Analytics Results: Retained for the life of the account, or as configured by you.
Query History: Retained for the life of the account to improve AI.
System Configuration Data: Retained for the account’s life, plus 7 days days after termination.

6. Your rights

You have the following statutory rights in relation to your Personal Data:

Access your Personal Data and information relating to how it is processed.
Delete your Personal Data from our records.
Rectify or update your Personal Data.
Transfer your Personal Data to a third party (data portability).
Limit how we process your Personal Data.
Withdraw your consent, as we rely on consent as the legal basis for processing at any time.
Lodge a complaint with your local data protection authority (CNIL).
You also have the following rights to object:
Object to our processing of your Personal Data for direct marketing at any time.
Object to how we process your Personal Data when our processing is based on our legitimate interests.

You can exercise some of these rights through your AutomAssist account. If you are unable to exercise your rights through your account, please submit your request through [email protected].

Please note these rights may be limited, for example if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information that we are required by law or have compelling legitimate interests to keep.

We hope that we are able to address any questions or concerns you may have. If you have any unresolved complaints with us or our Data Protection Officer, you can reach out to the French Data Protection Commissioner (CNIL) as our lead supervisory authority, or your local supervisory authority (Link).

Accuracy Disclaimer

The Services provided by AutomAssist, including the generation of responses, operate by interpreting a user's request and subsequently predicting the words most likely to follow. It is important to note that the sequence of words deemed most likely may not always represent the most predictively accurate response. Consequently, reliance on the factual accuracy of outputs generated by our models is not advised. Should you identify any factually incorrect information about yourself within the AutomAssist outputs and wish for a correction to be made, you are invited to submit a correction request via [email protected]. Due to the technical complexities inherent in the operation of our models, we cannot guarantee the feasibility of correcting every inaccuracy. If a correction is not possible, you may opt to request the removal of your Personal Data from AutomAssist's outputs by completing THIS FORM.

Rights of Individuals and Response to Requests

AutomAssist, through its language learning capabilities, may occasionally include personal information about individuals, particularly those who are public figures and whose information is prevalently available on public domains. Individuals residing in certain jurisdictions possess the right to object to the processing of their personal information by our models, which can be managed by filling THIS FORM. Furthermore, individuals may have the rights to access, correct, restrict, delete, or transfer personal information that might be incorporated into our training datasets. To exercise these rights, individuals are encouraged to contact us at [email protected].

Limitations and Lawful Grounds for Processing: Please note that pursuant to applicable privacy laws, certain rights may not be absolute. We reserve the right to refuse requests should there be a legitimate legal basis for such refusal. Our commitment remains steadfast in prioritizing the protection of personal information and adhering to all relevant privacy regulations. Should there be concerns that our response to an issue is unsatisfactory, individuals have the right to file a complaint with the appropriate supervisory authority.

6.1 Product‐Specific Data Rights

6.1.1 IDM‐Specific Rights

Industrial Document Rights: You can access, download, modify, or delete your documents at any time.
QR Code Management: Generate, manage, or deactivate QR codes. Once deactivated, codes no longer grant access.
Hierarchy Structure Control: You can modify, reorganize, or delete your organizational hierarchy whenever needed.

6.1.2 AutomInsight‐Specific Rights

Data Stream Control: Connect, disconnect, or adjust real‐time data streams at your discretion.
Analytics Configuration: Configure which data is analyzed, how results are displayed, or how alerts are triggered.
Custom Retention Periods: Control how long your operational data is stored, subject to system capabilities.

7. Children

Our Services are not directed to, or intended for, children under 18. We do not knowingly or intentionally collect Personal Data from children under 18. If you believe that a child under 18 has provided Personal Data to AutomAssist through the Services we provide, please email us at [email protected]. We will treat every reporting seriously and if appropriate, delete the Personal Data from our systems. Users under 18 must have permission from their parent or guardian to use our Services.

Age Restrictions and Data Collection from Children: Our Services are not designed for, nor directed towards, children under the age of 18. We do not knowingly or intentionally collect Personal Data from children under the age of 18. Should you have reason to believe that a child under the age of 18. has submitted Personal Data to AutomAssist via our Services, we urge you to contact us immediately at [email protected]. We take such reports seriously and, where warranted, will take steps to remove the Personal Data from our systems. Users under the age of 18 are required to obtain consent from a parent or guardian prior to using our Services.

8. Legal bases for processing

When we process your Personal Data for the purposes described above, we rely on the following legal bases:

Purpose of processing: To provide, maintain and enhance our Services