Privacy Policy November 12, 2024 
LightOn services and websites are intended for professional use only and are not intended for use by minors. If you are not a professional user or if you are a minor, you must not use this site or any of LightOn’s services.
LightOn is a company specializing in the creation of “artificial intelligence” computer programs, and more specifically in the creation of “LLM” (large language model) type AI, publisher of the www.lighton.ai website and the services rendered by this website.
LightOn’s registered office is located 2 rue de la Bourse, 75002 Paris, France. Our company is registered in the SIREN directory under number 821100690.
Your privacy and your personal data are of paramount importance to us. At LightOn we have fundamental principles regarding the confidentiality and protection of personal data.

• We only ask or process your personal information if it is essential or if you have given us your consent to do so.
• We do not share your personal data with anyone except to offer LightOn’s services, comply with the law, to assist you or to protect our rights or if you have given us your explicit consent to do so.

You will find below our data use and confidentiality policy which incorporates these principles. LightOn publishes software designed to implement artificial intelligence services and may operate or use certain digital tools accessible via the Internet network, including e-mailing tools and this website (hereinafter, the Sites, or separately, a Site). LightOn’s policy respects the confidentiality of the information we may collect in the course of operating the digital communication services we use or the services, in particular IT services, we offer our customers and users (hereinafter “the Services”), the Sites, our commercial management, our internal management (human resources, accounting, etc.) and the processing of requests made to our company. LightOn undertakes, within the framework of its activities and in accordance with the legislation in force in France and Europe, to ensure the protection, confidentiality and security of the personal data of the users of its services, as well as to respect their privacy. To make it easier to read, this Policy has been crafted at two levels: the main text flow is legally-binding (“legal text”) and “In a nutshell” frames, with text in italics, are non-binding. Our purpose in doing so is to help you have a better understanding of what we mean, how your data is processed, what you can expect from us and what we may expect from you. In a nutshell*: We have written these “in a nutshell” texts so that you can better understand our practices. However, the text to be taken into account, if necessary, is that written outside the “in a nutshell” inserts.* We know that you care about the use and sharing of your personal data, and we appreciate the trust you place in us by providing it to us. Know that we will take the greatest care. By visiting our websites, ordering, using the Services or creating a user account, you are accepting the practices described in this Privacy Policy. _In a nutshell _: By using LightOn’s services, continuing to browse the website, providing contact details, etc., you acknowledge that you have read and accepted this policy.

​

​1​ Data controller

LightOn is responsible for the processing of personal data that it implements on its own behalf, in particular the processing of personal data relating to the management of access to its services, its contractual relations with its customers and its legitimate interests, in particular prevention of fraud, and management of payment incidents, disputes and litigation. In this context, LightOn has completed all the necessary administrative formalities with the competent authorities. We comply with all effective laws and regulations pertaining to the protection of personal data in the countries where it operates, including in particular but not limited to:

• From May 25, 2018, European regulation 2016/679 of April 27, 2016 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95 / 46 / EC (General Data Protection Regulation, often referred to as “GDPR”);
• French law n ° 78-17 of January 6, 1978 relating to data processing, files and freedoms and its developments.

_In a nutshell _: We are responsible for the data you share with us for processing on our behalf. We provide you with our contact details so that you can get in touch with us. For our part, we have done everything that the regulations require us to do.

​

​

​

2 Data Processor

Similarly, as a data processor for our customers that use the applications and software provided by LightOn, we have completed all the necessary administrative formalities with the relevant authorities, in particular European Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, often referred to as GDPR). It should be noted that the data processed through the use of LightOn Services is encrypted. The subscriber to a Service may explicitly grant access to some of the data they have provided and stored via the Services or which is processed within the Services, in particular to employees, service providers or partners, various stakeholders, as well as to LightOn teams, particularly for technical support purposes.  In any event, it is LightOn’s customer that decides to store personal data, which is their own, through the use of one of the Services, to grant access to their data and who has full control over it, including with regard to the documents that are deposited, which only the persons to whom they have given access can consult. Each user of the Services provided by LightOn (hereinafter referred to as a User and in the plural as Users), whether a simple visitor, free user, customer or guest, in particular when invited by a customer, is responsible for the data they provide through the use of the Services and, as such, has the responsibility, where applicable, to provide data in accordance with the regulations.

​

3​ Purpose

​

​3.1​ As Data controller

The processing of personal data by LightOn pursues such legitimate interests as one or more of the following:

• Allow you to use our online services
• Improve our services
• Management of requests for information, in particular relating to the services offered (rates, quotes, terms and conditions, etc.)
• Management of relations with our customers, prospects, visitors of our websites and more generally with our contacts
• Sales prospecting
• Assistance to customers and prospects
• Litigation management
• Recruitment management
• Provision of appropriate information (general, technical or other).
• Management of contribution programs aimed at developing new products or services or improving existing ones.
• Management of relationships with our partners and additional services offered to our customers.
• Optimizing our profitability and the commercial success of the products and offers we provide

LightOn can also process the personal data concerning you within the framework of the contractual or pre-contractual relationship which binds you to LightOn or within the framework of the legitimate interest that LightOn has to process your personal data or when you have given your consent for us to process your personal data. A contractual or pre-contractual relationship, governed by the terms of the contractual documents signed or accepted by you and by us, by our general terms and conditions (of sale, use or service) and any specific conditions attached thereto, exists when you have ordered a product from us, made a request to our services, used one of our services, particularly online, or requested to be put in contact with a professional from our company or our network, when you have expressed an explicit interest in an offer from LightOn, when you have used one of our websites, when you have requested information from us about an offer, service or product, or when you have applied for a job offer. _In a nutshell _: When you provide us with your data for a specific purpose, we process that data to achieve that purpose. We may also process some of your data to carry out analyses and studies to improve our services, to prospect for new customers and users or retain existing ones, and to manage disputes. We need personal data for all of these purposes. We only process other data concerning you if you have given your consent.

​

3.2 As Data Processor

When you use a LightOn application or Service on behalf of a LightOn customer, your relationship with LightOn is governed by the commercial and contractual relationship with that Customer, as well as by any applicable General and Special Terms and Conditions. The Services provided by LightOn enable LightOn’s customers to carry out processing operations that generally pursue at least one of the following objectives, without limitation:

• Provision of a chatbot system that takes into account the customer’s documents and resources in order to develop its responses.
• Provision of the logic enabling users to register, configure and use the application.

LightOn may also use its expertise to conduct studies and analyses of the use of the Services, in particular for the purposes of establishing indicators, revealing trends, carrying out predictive processing, proposing new services, and improving its productivity and that of Users. _In a nutshell __: When you use one of LightOn’s services, both you and we have certain obligations and responsibilities which, where applicable, are detailed in the Terms and Conditions relating to the services provided by LightOn. _ The Services are intended to provide certain services to LightOn’s customers, who retain control over the data they provide or that is provided by users of the applications that LightOn’s customers have authorised to access the applications.

​

​4​ Compliance Service

LightOn has designated a department dedicated to Data Protection. It is possible to contact the person or department in charge of this function at the email address rssi_rgpd@lighton.ai or at LightOn’s postal address, by addressing your mail to the attention of the Data Protection Department.

​

​5​ Retention period of personal data

The personal data collected by LightOn are kept only for the time necessary to accomplish the objective that was pursued during the collection or to meet legal and regulatory provisions. More specifically, the following data retention periods are:

• Data collected when taking out a subscription and during the term of the subscription: during the term of the contractual commitment and up to 3 years after the end of a contract (intermediate archiving according to legal and regulatory obligations and responsibilities, mainly for tax and business related data, up to 10 years after the end of the business relationship)
• Data collected during a request for information, contact, etc. maximum 3 years after the last positive interaction between LightOn and the data subject
• Data collected in connection with the use of our online applications and services: 6 months maximum
• Connection data (IP address, browsing history, etc.): 6 months maximum
• Data processed during recruitment management (including unsolicited applications): 2 years after the last contact with the candidate, unless expressly requested to reduce this period.

_In a nutshell _: We do not keep your data longer than necessary or required by law. For example, some laws require us to keep invoices for orders, quotes, purchase orders, etc,  for 10 years.

​

​

​

6​ Scope of collected data

For the purposes of using the Services, we may need to collect and process the following personal data:

• Civility, surname and first name of persons having purchased a product from LightOn and of persons having contacted us, of job applicants and visitors to our websites, of persons participating in one of our games or contests, etc.
• Where applicable, employers of people who have purchased a product from LightOn when that employer is LightOn’s customer,
• Civility, surname, first name and e-mail address of users of the Services
• E-mail address of persons who have contacted us through a digital channel and of persons who subscribe to our newsletters
• E-mail addresses of job applicants.
• Surname, first name, telephone number and/or postal address of persons who have contacted us and/or placed an order.
• Connection data (IP address, browsing history, technical details of terminals, language and browser characteristics, etc.)
• Data contained in the curriculum vitae and covering letters of job applicants
• Data supplied by individuals during data processing carried out using the Services

Connection data is collected and processed, including the IP address used for the connection: this is necessary in order to assist you, to implement our security measures, and to comply with our legal obligations, particularly with regard to the traceability of access and usage.

​

​6.1​ Locations of processing

The processing that LightOn is likely to carry out on personal data is carried out in data centers hosted by its service providers. Most of the processing directly under the control of LightOn is carried out in France or in the UE. Some processing is carried out by LightOn’s sub-processors, which can take place in various locations. LightOn makes its best to work with service providers, suppliers, sub-processors and subcontractors that carry out processing in the European Union or in a country on the list of countries recognized as suitable by having given the necessary guarantees (for example by adopting programs such as Data Privacy Framework, or by setting up Binding Company Rules (BCR), Standard Contractual Clauses, Data Processing Agreements, etc.). Were it not the case, the contractual relationship between LightOn and such third parties would require the implementation of appropriate guarantees. LightOn works with third parties whose data protection agreements comply with the standard contractual clauses of the European Commission and / or which give all the necessary guarantees. In all cases, and in particular would regulations evolve, LightOn takes all the necessary measures to regulate cross-border data transfers and establishes, when necessary, data protection agreements (DPAs) to guarantee data transfers in accordance with the legislation in force, in particular under the provisions of the CCPA and Article 46 of the GDPR. _In a nutshell _: The data you have entrusted to us are processed in France or in a country whose law requires respect for the basic principles of loyalty, transparency and confidentiality, or by a service provider which gave all the guarantees necessary for you and us to be reassured.

​

​6.2​ Recipients of processed data

LightOn may possibly transmit the personal data that you have provided or that it has collected to its employees, service providers or affiliated organizations which 

1. need to be aware of this information in order to process it on behalf of LightOn or to provide services for the purposes mentioned above, and 
2. which have agreed not to disclose them to third parties.

These potential recipients include companies that host LightOn websites (see legal notices) and companies that provide technical services enabling the implementation of the Services. LightOn may also use the services of providers that provide accounting, emailing, marketing agency, companies specializing in research and analysis, as well as satisfaction surveys, which may need to use personal data concerning you to carry out our missions or the missions that you have entrusted to us. A complete list of LightOn’s sub-processors may be obtained on demand. LightOn will not rent or sell personal data to third parties without the explicit consent of the data subjects or following an explicit action on the part of the data subject.  Apart from its employees, contractors, and affiliated organizations, as indicated above, LightOn only discloses personal data in the event of a subpoena, court order or other governmental order, or when LightOn believes that this disclosure is necessary to protect the property or rights of LightOn, a third party or the general public. If you are a registered user on a LightOn site or have an access to the Services and have provided your email address and have not opposed receive communications from LightOn, LightOn may occasionally send you an email to notify you of new features, to ask for your opinion or keep you informed of news from LightOn and its offers. We can also use our various blogs to communicate this type of information. LightOn takes all reasonable and necessary measures to protect your personal data against unauthorized access, use, modification or destruction of personal (or potentially personal) data. _In a nutshell _: The data you have provided us will only be transmitted if absolutely necessary or if you have given us permission to do so. The recipients of your data, including us, give all the necessary guarantees so that you are reassured.

​

​6.3​ Transfer of processed data to third parties

The data that you provide or that are collected by LightOn or on its behalf are not transmitted to third parties, except, potentially, to the recipients mentioned in Article 6.2. _In a nutshell _: We do not transmit your data, except in the cases that we have already mentioned.

​

​6.4​ Transfer of data to a third country outside of the European Union

Some of the data that you provide or that is processed by LightOn or on its behalf may be transmitted to third parties operating outside the European Union. These third parties, mentioned in section 6.2 have all adhered to the appropriate programs and / or have given the necessary guarantees for the protection of personal data. _In a nutshell _: We do not transmit your data, except in the cases that we have already mentioned. When we transmit them, it is to service providers that operate in a country whose law requires compliance with the basic principles of loyalty, transparency and confidentiality, or to service providers that give all the guarantees necessary for you to be reassured. .

​

​6.5​ Business development

If you have already used our Services or ordered goods or services from us, and you have not opted out of receiving communications from us via SMS or email, LightOn may send you emails or SMS messages to alert you to offers for goods or products similar to those you have already ordered or purchased from us, to let you take advantage of our offers, to announce new features, to ask for your opinion, or simply to keep you informed about LightOn news and offers. You always have the option to opt out of receiving such communications by following the unsubscribe links in our emails, using a STOP SMS function if we have sent you an SMS, clicking on an unsubscribe link in an email you have received, via your customer account on one of our websites, etc. All digital communication for commercial or information purposes from LightOn (email, text message, etc.) contain a link or instructions to object to future similar communications. _In a nutshell _: If you have provided us with your email address or mobile number and have given us permission to do so, are a professional who may benefit from our offers or are a customer of ours, and if you have not objected, we may send you informational or promotional emails and text messages. You can refuse to receive such emails and text messages at any time.

​

​6.5.1​ Newsletters and digital messages

You may receive communications from LightOn such as e-mails, newsletters, SMS, etc. because your address is on our subscribers list. When your e-mail address is in this list, this is because of the context of your professional activity (B2B communications related to your professional activities) or as a registered user of LightOn, or if your e-mail address has been submitted to this list either directly by you, noticeably on LightOn web site, or based on public information such as your Linkedin profile and various other public data. If you want to update your email preferences or unsubscribe from one or several of our mailing lists, please click on the link provided at the end of any of the emails we send for business development reasons or use our notifications and email preference form if such a form is available to you.

​

​

​

7​ Exercising your right of access, correction and opposition

As a customer or user of our Services, websites and web applications and as a user whose personal data are processed in the course of the use of our Services and web applications, you have the right:

• To request that the data processed concerning you be deleted from our files. This is known as the right to be forgotten. However, we cannot delete your data as long as there is a commercial relationship between us (e.g. an order that has not been fully processed), a warranty relating to one of your purchases, or as long as there is a dispute between you and us or, more generally, as long as we need your data to perform a contract or fulfil one of our obligations.
• To object to the collection and processing of data concerning you when it is not strictly necessary. If you are a client or user of the LightOn Services:
  • Your email address is necessary for us to send you information, confirmation emails, password recovery or activation emails, to access the application, etc.
  • Your profile data is necessary to create and manage your profile and to provide the Services, in particular by establishing your centers of interests and provide you suggestions for what matches the best for your use of the Services 
• To access and retrieve the data collected about you in a standard electronic format;
• To modify your data, in particular by yourself by editing the data in your user account;
• To request a limitation of their processing - for example by refusing any use for prospecting purposes, , or by requesting that a retention period be extended (e.g. for a recorded conversation) in order to manage a potential dispute or litigation;

Furthermore, as a candidate who has applied for a job at our company, you have the right to:

• request that the data you provided during your application, including your CV and cover letter, be deleted from our files. As long as an applicant has not made this request, and within a limit of two years after the last contact with the applicant, it is in our legitimate interest to retain the applicant’s data in order to ensure the best match between the positions offered and the people who can fill those positions.

These rights can be exercised by contacting us at the contact details mentioned above, writing an e-mail to ssi_rgpd@lighton.ai or that are available on our website. You also have the right to lodge a complaint with a supervisory authority and to take legal action, particularly if your requests to exercise your rights have not been dealt with within one month of being lodged. In France, the supervisory authority is the CNIL, which can be contacted via the appropriate forms on its website cnil.fr. _In a nutshell _: You have control over the data you have entrusted to us. You can consult them, rectify them, ask that they be erased or that they be used only for certain things and not for others, for example that they be not used to send you information or commercial offers. Whenever possible, we will do our best to accommodate your requests as quickly as possible.

​

​8​ Data storage in the event of death

You can formulate directives relating to the storage, erasure and communication of your personal data after your death in accordance with articles 84 and 85 of French law 78-17 of 6 January 1978 as amended. These guidelines can be general or specific. You can formulate your advance directives by contacting through rgpd_rssi@lighton.ai _In a nutshell : _You have control over the data you have provided us and you can give us instructions that will be applied after your death, if we still have data about you at that time, which we hope will be as late as possible). For example, you can ask us to erase your data or to send it to a specific person.

​

​

​

9​ Data security

LightOn takes all reasonable and necessary measures to protect the processed data against unauthorized access, use, modification or destruction of personal (or potentially personal) data. _In a nutshell _: The data that you provide us or that you provide during your use of the LightOn Services is processed with care and we take many measures to protect and cherish it. For example, we encrypt your data on networks and on storage means, we only give access to this data to people who need this access, we monitor the computers that store and process it, we carry out regular backups, etc. We have commitments relating to the security of our services and we have put in place physical, administrative and technical measures to prevent unauthorized access to your data. Our security policies cover security management for internal operations and our services. These policies govern all areas of security applicable to the Services and apply to all LightOn employees as well as our service providers and contractors which need to have access to this data. In a nutshell_ : We are very concerned about the security of the data that you entrust to us_ We quickly assess and respond to incidents that create suspicion of unauthorized data manipulation. Our teams, including the global information security team, are informed of these incidents and, depending on the nature of the activity, define the processes and intervention methods to deal with the incidents. If we determine that your data has been misappropriated or otherwise incorrectly acquired by a third party, we will inform you as soon as possible, as well as the supervisory authority (e.g. the CNIL in France). In a nutshell:_ Our teams monitor and supervise all suspicious activity and are mobilized to ensure that there is as little as possible_

​

​

​

10​ Sub-processing

LightOn only uses subprocessors that provide sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of applicable regulations and guarantees the protection of the rights of the data subject. . _In a nutshell _: When we need sub-processors, for example to host your data or process your orders, we only choose sub-processors who have given us sufficient guarantees for you and us to be reassured

​

​

​

11​ Asset disposal

If LightOn, or substantially all of its assets, is sold, or in the unlikely event of LightOn going out of business or bankruptcy, user information would be one of the assets transferred to a third party or acquired by it. You acknowledge that such transfers may take place and that any purchaser of LightOn may continue to use your personal data in accordance with this privacy policy. _In a nutshell _: If our company is sold or passed on, your data will be passed on to the new processor, as it is one of our most valuable assets. But we guarantee that this data will then be processed at least as well by their new processor as by us.

​

​

​

12​ Trackers and cookies

Please refer to the document “Cookie Policy” for complete information on cookies and trackers.

​

​

​

13​ Recording of telephone conversations and online chats

LightOn may record a portion of calls to its services. These recordings are used for our legitimate interests and, unless you object, for the following purposes:

• Training our staff;
• Monitoring advice and the quality of customer relations;
• The creation of factual elements to be used in the prevention and resolution of disputes, litigation and pre-litigation;
• Protecting employees in the event of verbal aggression or incivility;
• Experimenting with management and quality monitoring objectives and analyzing conversations using artificial intelligence techniques.

They may also be used to comply with our legal obligations for :

• Managing requests to exercise your rights;
• Implementing control measures, particularly in the fight against fraud and corruption.

Telephone recordings are intended for authorized persons only, and may be transmitted and/or accessed by persons involved in the setting up and analysis of telephone conversations. They are kept for a maximum of 30 days, except in the event of litigation, when they are kept for the duration of the litigation and until the expiry of any appeal procedures. When you communicate with our services via online chat (internal messaging chat box), the entirety of what you communicate may be kept for the duration of 2 months maximum. The purposes of this data retention are:

• Improving the chatbot service, in particular via machine learning technologies.
• Employee skills development;
• Monitoring advice and the quality of customer relations;
• The creation of factual elements to be used in the prevention and resolution of disputes, litigation and pre-litigation;
• Protecting employees in the event of verbal aggression or incivility;
• Experimentation with quality management and monitoring objectives, as well as conversation analysis using artificial intelligence techniques.

This data is intended only for authorized persons and may be transmitted and/or accessed by persons involved in setting up and analyzing conversations via instant messaging (chat). We recommend that you never enter confidential information via this tools. All the data you send us can be stored anonymized as far as possible. As anonymization techniques are generally at least partly automated, we recommend that you do not provide any personal (and even less sensitive) data via online chat tools. In particular, you should never provide payment information such as credit card numbers.

​

​

​

14​ Advertising

We do not display advertising on our sites.

​

​

​

15​ Changes to this Privacy Policy

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy. In some cases, we may provide you with additional notice, such as adding a statement to our homepage or sending you an email notification. We encourage you to review the Privacy Policy whenever you access the Services to stay informed about our information practices and the ways you can help protect your privacy. Your use of the LightOn site and the LightOn app after any changes to the privacy policy constitute your acceptance of those changes. _In a nutshell _: We may make changes to how we process your data, but with a level of protection that will be at least equivalent to that set out in this policy. These changes are mostly minor. We do not systematically burden you with our new data usage policies by asking you to accept them again, but we are happy for you to come and read the applicable policy from time to time. And remember that if you ever disagree with our policy, or if you have a question, or if you want to exercise one of your rights, simply write to us at rgpd_rssi@lighton.ai.

​

​

​

16​ Intellectual property

Our websites are published by LightOn. LightOn is the owner of all related intellectual property rights. It is forbidden to copy or download all or part of its content, except with the express prior authorization of the owners or assignees of said parts and said content. This website and all its content (including documents, photos, logos, trademarks and information of any kind) are protected by various rights, including copyright. LightOn grants users of the Sites and Services permission to view, but not to reuse, all or part of the content of the Sites or Services for any purpose whatsoever. The re-use of all or part of the Sites or Services, including this document, is strictly forbidden. This document has been written based on elements provided by the company SysStreaming, which has granted LightOn the necessary rights to use them. Any unauthorized re-use of all or part of the content of this document would thus violate the rights of LightOn and SysStreaming, who may reserve the right to seek compensation for any damages thus suffered. All reproduction rights are reserved, including for downloadable documents (pdf documents as well as logos, photos, information of any kind, etc.). Any downloadable documents are also protected by copyright. We may ask for your email address to enable you to access such content, in particular for the purposes of tracing access and any unauthorized re-use of our downloadable content, which is our legitimate interest. Any total or partial representation of the Sites, any reuse of any content of the Sites or Services, by any organization whatsoever, without the express authorization of LightOn or the rightful owners where applicable, is prohibited and would constitute an infringement punishable by articles L.335-2 et seq. of the French Intellectual Property Code. The databases used by LightOn are protected by the provisions of the law of July 1, 1998 transposing the European directive of March 11, 1996 on the legal protection of databases into the Intellectual Property Code. Similarly, any recording, broadcasting, translation or adaptation, in whole or in part, of any element of the Sites or Services is prohibited without the express prior authorization of LightOn.

​

17​ Hyperlinks

The Sites and Services may give access to other pages or websites, in particular those of partners or that are results of search queries, which may have their own legal notices, which should be consulted and respected. The creation of hypertext links pointing to the content of the Sites is authorized provided that they are accessible by opening a new window. Under no circumstances may any content of the Sites be included within another site or imply or infer that the content may not be that of LightOn. LightOn reserves the right to request the removal of any link that it deems to be non-compliant. LightOn can in no way be held responsible for the information disseminated on sites with which hypertext links will have been installed as well as any damages of any nature whatsoever resulting in particular from their access. Any hypertext links on the Site directing users to other websites are not the responsibility of LightOn. In a nutshell_ : Links to our site are allowed if you notify us, don’t try to make it look like the content is yours and we don’t object._