Confidentiality policy


The company OSO-AI (hereinafter referred to as” OSO-AI ”) is a company specialized in the computer programming business sector. OSO-AI has developed and markets a solution consisting of a remote surveillance and alert device based on software technology equipped with “machine learning” whose function is to identify, isolate and analyze sounds, in order to detect abnormal or emergency situations and thus trigger an alert in Residential Establishments for Dependent Elderly Persons (EHPAD) or Homes & Nursing Homes (FAM-MAS).
This privacy policy (hereinafter the” Politics ”) is intended to inform visitors and users (hereinafter collectively referred to as the” Users ”) of the website (hereinafter the” Site ”) on the conditions for the processing of their Personal Data collected in the context of the use of the Site or via the address et provided on the Site, and to describe the conditions for complying with the rules for the protection of their Personal Data.
This Policy has been developed in order to ensure that OSO-AI operates in accordance with national, European and international legislation relating to the protection of Personal Data and, in particular:
  • Regulation (EU) No. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (known as” General Data Protection Regulation ” or” RGPD ”); and
  • French law no. 78-17 of 6 January 1978 as amended, relating to information technology, files and freedoms (the” Data Protection Act ” or” LIL ”).
The GDPR and the LIL are hereinafter referred to collectively as the” Applicable regulations ”).
OSO-AI carries out all the necessary checks in order to implement its compliance with the Applicable Regulations.
OSO-AI has appointed a Data Protection Officer (” DPO ”) in order to implement its compliance with the Applicable Regulations. For any questions regarding the protection of Personal Data, the OSO-AI DPO can be contacted by email at the following address:


What is “Personal Data” or “Personal Data” : any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”, i.e., the User).
An “identifiable natural person” is deemed to be any natural person who can be identified, directly or indirectly, in particular by reference to:
  • to an identifier, such as a name, an identification number, location data, an online identifier;
  • to one or more specific elements specific to its physical, physiological, genetic, genetic, psychological, economic, cultural or social identity.
What is a “Treatment” : it is any operation or set of operations carried out or not carried out using automated processes and applied to data or sets of personal data, such as collection, registration, organization, structuring, conservation, adaptation or modification, adaptation or modification, extraction, consultation, modification, extraction, consultation, modification, extraction, consultation, use, use, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, adaptation or modification, extraction, consultation, modification, extraction, consultation, use, use, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, limitation, deletion or destruction.
What is a “Data Controller” : it is any natural or legal person who determines, alone or jointly with others, the purposes and means of a treatment. When OSO-AI processes Users' Personal Data, for example for commercial prospecting purposes, OSO-AI acts as data controller.
What is a “Subcontractor” : this is any natural or legal person who processes personal data on behalf of the data controller. The IT service provider (host) that hosts the Personal Data of Users collected by OSO-AI intervenes in the processing on its behalf and is qualified as a subcontractor within the meaning of the Applicable Regulations.

Principles for the protection of personal data

This Policy is based on compliance with the principles described below, established by the Applicable Regulations.
As the Data Controller that it implements as part of the management of the Site, and in particular via the contact forms, OSO-AI is responsible for respecting these principles and must be in a position to demonstrate its compliance at any time.
The implementation and respect of these principles are essential and must be monitored regularly by the persons responsible for issues related to the Processing of Personal Data within OSO-AI.

Legality, loyalty and transparency

Personal Data must be processed in a lawful, loyal and transparent manner in relation to the Person Concerned by the Processing of Personal Data.

Limitation of purposes

Personal Data must be processed for specific, explicit and legitimate purposes, and not be further processed in a manner that is incompatible with these purposes.

Data minimization

Personal Data must be adequate, relevant and limited to what is necessary for the purposes for which they are processed.


Personal Data must be accurate and, if necessary, kept up to date; all reasonable steps must be taken to ensure that Personal Data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.

Limitation of conservation

Personal Data must be kept in a form that allows the identification of Data Subjects for a period of time that does not exceed that required for the purposes for which they are processed. They may be stored for longer periods of time insofar as they will be processed exclusively for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes, provided that appropriate technical and organizational measures are implemented in order to guarantee the rights and freedoms of the person concerned.

Integrity and confidentiality

Personal Data must be processed in such a way as to ensure appropriate security, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Personal data processed by OSO-AI

Data collected as part of the use of the OSO-AI Site

The Personal Data collected and processed by OSO-AI as Data Controller are those that may be collected as part of the use of the Site by the User.
The Personal Data of Users that may be processed by OSO-AI is identification data of Users, namely:
  • Marital status (name, first name, age, gender, date of birth);
  • Personal contact details (postal address, email address, telephone number);
  • Professional information (Data contained in a CV for example);
  • Any other Data transmitted by a User as part of a contact.
This Personal Data is collected via OSO-AI contact forms or through email exchanges with OSO-AI, via the address and/or any other generic OSO-AI address such as, as well as during exchanges with OSO-AI staff members, especially during exhibitions and fairs.
In addition, OSO-AI collects and processes the following Personal Data:
  • User connection data, such as the IP address, the operating system used or the type of browser;
  • Data contained in a log file (date and time of connection, actions performed).

Purposes of data processing

OSO-AI acts as Data Controller for the Processing of Users' Personal Data in the context of the use and management of the Site, including in particular the establishment of contact by Users.
OSO-AI collects and processes Users' Personal Data for the following purposes:
  • Management of requests and contacts from Users via the Site published by OSO-AI, including:
    • Develop quotes and commercial proposals according to the needs expressed by the User;
    • To collect information on the needs of the User and to provide advice;
  • Promote the products and services marketed by OSO-AI, in particular the IT solution “ARI”/“OSO-Box”, in particular electronically;
  • Manage the contractual relationship and the customer relationship;
  • Receiving and processing applications sent to OSO-AI by candidates for employment;
  • Carry out marketing operations using the data collected via the cookies placed during the User's navigation on the Site;
  • Carry out statistics in order to improve the functionalities and performance of the Site and to know how the User uses the OSO-AI Site thanks to the data collected via cookies.
Users' Personal Data is strictly confidential and is processed by OSO-AI for the sole purposes described above.
OSO-AI expressly undertakes not to process Personal Data subsequently for purposes that are incompatible with the purposes mentioned above.
In addition, OSO-AI undertakes not to disclose, transfer, rent or transmit Users' Personal Data to third parties other than the host of the Site Data.

Legal basis (s) for Data Processing

OSO-AI acts as a Data Controller within the meaning of the Applicable Regulations when it processes Users' Personal Data in the context of the use of the Site and in particular when the User contacts OSO-AI. The legal basis for this treatment is:
  • Consent, when it is given by the User to Oso-aide in a free, specific, informed and unequivocal manner for one or more specific purposes, such as:
    • Commercial prospecting actions by electronic means;
    • the deposit of certain categories of cookies when browsing the Site, in accordance with the information in the Cookie Management Policy;
  • Legitimate interests of OSO-AI as Data Controller, in particular for:
    • The carrying out of commercial prospecting operations not subject to the User's consent;
    • The processing and responses to applications submitted to OSO-AI by Users;
  • The execution of a contract or pre-contractual measures as part of:
    • The development of quotes and commercial proposals at the request of Users;
    • Manage the contractual relationship, provide information and respond to requests from Users.

Data Retention Period

Personal Data collected by OSO-AI is only kept for the time strictly necessary to achieve the purposes for which they were collected in accordance with the Applicable Regulations.
At the end of this period, Users' Personal Data will be archived by OSO-AI for evidentiary purposes for the period necessary for the establishment, exercise or defense of a right in court, or in order to allow OSO-AI to comply with its legal and/or regulatory obligations, then will be deleted by OSO-AI at the end of this period.
A summary table showing the shelf lives applied by OSO-AI is attached at the end of this Policy.

Hosting the OSO-AI Site

The User acknowledges and accepts that the hosting services of the Site are subcontracted to an external service provider as part of the hosting of the latter.
However, the host who acts on behalf of OSO-AI has no right to access and use Personal Data collected from Users through the Site. The intervention of the host is limited to purely technical services.
The host acts as a Subcontractor of OSO-AI, in accordance with the instructions sent to it by OSO-AI, and is bound by a written contract defining its obligations under the conditions required by article 28 of the RGPD. The data is hosted within the European Union.

Personal Data Security Measures

OSO-AI is committed to protecting Users' Personal Data through reinforced security measures intended to guarantee a high level of processing security. Indeed, as Data Controller, OSO-AI implements technical and organizational security measures in accordance with the requirements of the Applicable Regulations and industry standards, in order to ensure the protection of Data processed by OSO-AI against their destruction, loss, alteration, and disclosure to unauthorized third parties, to ensure the restoration of the availability of Personal Data and access to them within appropriate time frames in the event of a physical or technical incident.
However, the User must be aware that despite all the security measures implemented, no data transmission on the Internet is 100% secure and that all information communicated online may be potentially intercepted and used by persons other than the desired recipient.
OSO-AI also ensures that its subcontractors, in particular the data host, comply with their data security obligations prior to any data communication.

Users' rights to their personal data

In accordance with the Applicable Regulations, all Users have rights to the Personal Data concerning them processed by OSO-AI. The User may exercise his rights or ask any question relating to the protection of his Personal Data to the OSO-AI DPO, at the following address: The User is invited to indicate precisely the subject of his request and the Personal Data concerned. Proof of identity may be requested.
The User's rights to their Personal Data are as follows:
  • Right of access to Personal Data concerning him and to information relating to Processing (purposes, categories of data concerned, recipients, storage period, etc.);
  • Right to rectification of his Personal Data in the event of erroneous or incomplete information;
  • Right to erasure (right to be forgotten) of his Personal Data that would no longer be necessary for the purposes pursued, or (ii) for which the User has exercised his right to oppose the Processing;
  • Right to withdrawal the consent of their Personal Data, which allows the User to withdraw their consent at any time by informing OSO-AI by email;
  • Right to limitation the Processing of his Personal Data, when (i) the User contests their accuracy or (ii) when the Data retention period has come to an end but the User needs to keep this Data for the establishment, exercise or defense of a legal right or (iii) when the User objects to one of the Processing of his Personal Data;
  • Right to portability of his Personal Data, namely the right to receive his Personal Data that is the subject of Processing in a usable format and/or to request that they be transmitted to another data controller;
  • Right to object to the Processing of his Personal Data for legitimate reasons specific to him, subject to the closure of the Account.
Except in the case where the request seems excessive or if it requires disproportionate efforts, OSO-AI, as Data Controller, has the obligation to respond to Users' requests to exercise their rights as soon as possible and at the latest one (1) month after receiving the request.

Transfer of personal data processed by OSO-AI

The Applicable Regulations strictly and precisely regulate the international transfers of Personal Data. OSO-AI prohibits any transfer of Personal Data to a third country that would not be considered adequate by the European Commission, without the establishment of appropriate guarantees within the meaning of article 46 of the RGPD (in particular the European Commission's Standard Contractual Clauses), so that Users' Personal Data is properly protected when transferred to a place located outside the European Union.


Activities/purposes of the treatmentShelf lifeReference texts
Management of contacts, management of prospects and other requests sent to OSO-AI by Users 3 years from their collection or the last contact from the User (prospect), whether the latter intervenes by a new request sent to OSO-AI or a click on a hypertext link contained in an email. Beyond that, archiving for a period of 5 years necessary to save the proof of a right or an act.Deliberation No. 2021-131 of September 23, 2021 adopting a framework relating to the processing of personal data implemented for the purposes of managing commercial activities. Art. 2224 of the Civil Code
Customer relationship managementDuration of the commercial relationship between OSO-AI and the User. Beyond that, archiving for a period of time necessary to save the proof of a right or an act.Deliberation No. 2021-131 of September 23, 2021 adopting a framework relating to the processing of personal data implemented for the purposes of managing commercial activities. Art. 2224 of the Civil Code
Application processingDuration necessary to process the application, then storage for a maximum of 2 years from the date of collection in a CV-library in order to be able to contact the candidate again, unless the candidate objects. Recommendations from the CNIL, taken from its guide dedicated to Recruitment
Realization of statistics, audience measurements and performance Retention of data collected via cookies for a maximum period of 25 months in accordance with the cookie management policy