Personal Data Protection Policy

1. Preamble

Dydu places the utmost importance on protecting the privacy of individuals. We believe that a privacy policy should be simple, easy to understand, and meet two specific objectives: to inform and protect you.

In accordance with EU Regulation n°2016/679 on the Protection of Personal Data [hereinafter “the Regulation” or “GDPR”], dydu (4-6 quai de la Mégisserie, 75001 PARIS), is responsible for the processing of your personal data, collected on the www.dydu.ai website [hereinafter “the Website”].  

2. Reminder of key concepts

  • “Personal data”: any information relating to an identified or identifiable natural person (hereinafter the “data subject”).
  • “Processing”: any operation applied to personal data, such as collection, recording, storage, alteration, consultation, use, disclosure by transmission, combination, or destruction.
  • “Controller”: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • “Processor”: the natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
  • “Consent” of the data subject: any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of his/her personal data.
  • “Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, disclosure, or unauthorised access to personal data which is transmitted, stored, or otherwise processed.

3. Data processing purposes and methods

The Website User [hereinafter referred to as “the User”] is hereby informed that any information he/she agrees to disclose on the Website can be used for accessing, using, and customising the Website’s Services (hereinafter referred to as the “Services”).

The data collected is mainly intended for dydu’s internal departments. Service providers duly appointed by dydu are also authorised to access the Website and databases insofar as strictly necessary for the provision of Services (cf. article 6 “Subcontracting and Data Transfer”). The User’s contact details will never be shared with third parties, whether free of charge or in return for payment, without the User’s express knowledge and consent.

Dydu also undertakes not to use data collected from the Website for commercial purposes, except with the consent of the Data Subject.  

The data processing methods used on the Website are as follows:

3.1 – The purposes for processing are:

The user can also benefit from a “self-service” bot creation service via the following link. This service can be accessed via a platform that is separate from the Website, and therefore complies with specific and contractual data processing methods. These methods are included in the self-service platform’s general terms and conditions (accessible on the service access page).

3.2 – The following personal data is processed on the Website:

Dydu cannot anticipate any other data that the User may freely share when using our Services (in particular via the comments fields). Nonetheless, this data will be subject to a similar level of protection as the data requested by default on the Website. Dydu advises against providing any unnecessary, intimate, or sensitive personal data (e.g., health, sexual orientation, political opinions) on the Website.

3.3 – The categories of individuals whose personal data is processed are the Website Users. The Website is specifically targeted at any person, natural or legal, acting in a professional capacity and wishing to benefit from information about dydu’s products and services.

3.4 – The amount of time the data is stored varies, depending on the purpose for which it was collected:

4. Rights of the data subject

In accordance with the provisions of Chapter 3 of the GDPR, “Rights of the data subject”, the User has the right to access, rectify, restrict, and erase personal data. This right can be exercised as follows:

  • by post to : DO YOU DREAM UP – 4-6 quai de la Mégisserie – 75001 PARIS
  • by email to: dpo@dydu.ai

In accordance with the provisions of the same chapter, the User may also object to his/her data being processed. Except in the case of a contractual relationship, the data subject may withdraw consent for the processing of his/her data at any time. This right can be exercised via the contact details (postal and email addresses) mentioned above.

Dydu also informs the User that if he/she considers his/her rights have not been respected, he/she may file a complaint at any time with the Commission Nationale Informatique et Libertés (CNIL) via www.cnil.fr/en/home or at the following address:

3 place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 – www.cnil.fr

5. Security

Dydu undertakes to implement all the organisational, technical, and structural measures to ensure the physical and logical security of personal data and to keep them in place until the said data has been deleted. In particular, dydu will actively oppose any unauthorised alteration, destruction, or access to the data.

Dydu recalls that the Internet is not a completely secure environment, and that the Website cannot guarantee the total security of data transmission and storage on this network. Nonetheless, dydu undertakes to improve security measures on a daily basis. Connections, flows, and databases are fully encrypted using advanced technological processes, thus ensuring the utmost security of any data contained on the Website.

Dydu also undertakes to comply with the rules for managing and notifying data breaches, as set out in Articles 33 and 34 of the GDPR (notifications to CNIL and/or Users).

Dydu’s subcontractors also apply these rules. This commitment is an essential part of all our subcontracting agreements.

6. Subcontracting and data transfer

6.1 – Subcontractors

Dydu informs the User that several subcontractors [hereinafter referred to as the “Subcontractor(s)“] are required to ensure the proper functioning of the Website for the following processing operations:

Dydu certifies that all Subcontractors have been assessed and chosen for their level of protection of personal data, in accordance with the requirements of the GDPR and French “Informatiques et Libertés” law of 6th January 1978. Our Subcontractors have undertaken, in the same way as dydu, to comply with the provisions relating to data protection and to allow dydu to meet its legal obligations by any means, particularly with regards to the rights of the data subjects mentioned above.

Our Subcontractors have also undertaken to never subcontract the data entrusted to them without informing and obtaining dydu’s approval, which dydu does not intend to grant, unless it is absolutely necessary and essential to the Services.

6.2 – Data transfers outside the EU

Dydu and the Subcontractors jointly undertake to ensure that personal data collected on the Website is always processed and hosted within the European Union or in a country or organisation with an adequate level of data protection.

The User is hereby informed that his/her professional email address, if used to subscribe to dydu’s newsletter or for dydu’s mailing campaigns, may be transferred to HUBSPOT, a company headquartered in the United States (Cambridge, Massachusetts). The transfer of this data is subject to a process of prior analysis of the transfer risks and guarantees presented by the subcontractor, as well as compliance with standard contractual clauses adopted by the European Commission.

7. Cookies

As mentioned above, some data is collected by means of cookies (small text files placed on the visitor’s browser that store information about the visitor, that can then be accessed by the Website). Dydu uses cookies for the sole purpose of personalising the Website Users’ experience and analysing User visit indicators.

The following cookies and trackers are used on the Website:

Dydu then informs the User that he/she can reject the use of cookies by adjusting the cookie manager settings that are displayed during his/her first connection to the Website and, at any time, via the “Cookie settings” button in the Website footer.

Only “essential cookies”, which are required to ensure the Website functions correctly, cannot be opposed by the User. Similarly, if the User refuses the so-called “functional” cookies, he/she acknowledges that the Website may not function correctly, and that his/her user experience may be greatly disrupted.

Furthermore, dydu informs the User that if, in general, he/she wishes to oppose the collection of cookies, he/she can do so by adjusting the browser settings (cf. CNIL advice).

8. Updates to the personal data processing policy

This policy may be modified or amended at any time by dydu. Any new version will be published on the Website immediately.

Users are invited to regularly consult this personal data privacy policy.