Privacy Policy

This Privacy Policy applies to the personal data collected and processed when you access and browse the upmeet.ai website (the “Website”) and when you use the related services (the “Services”). Individuals wishing to subscribe to the Services must register (the “Users”) using the form provided for this purpose. The Website and the Services are owned by VRM, a société par actions simplifiée (simplified joint-stock company) with a share capital of €1,391.00, whose registered office is located at 259, rue Saint-Honoré, Paris, 75001, France, and registered with the Paris Trade and Companies Register under number 900 192 519. In this context, we inform you that we may: - Collect data about you for our own purposes, acting in our capacity as data controller (hereinafter “VRM Data”); - Collect, on behalf of the company or organization employing you (hereinafter the “Organization”), data about you (hereinafter the “Client Data”). In such a case, we act as a processor for your Organization. This data is distinct from VRM Data because VRM does not use it for its own purposes and only follows your Organization’s instructions regarding its collection and processing, as well as for the exercise of your rights. Regarding the Client Data, please note that we have entered into a data processing agreement with your Organization that complies with the requirements of Regulation (EU) 2016/679, known as the GDPR. The nature of the operations carried out on the Client Data through the Services involves processing oral exchanges between persons using the Upmeet solution, transcribing them, and summarizing them. The purpose of this Personal Data Protection Charter is to inform you of how VRM, (i) in our capacity as data controller, collects, processes, and uses your VRM Data and (ii) in our capacity as processor for the Client Data. We will use your personal data solely for the purposes set out below and in accordance with the requirements of the GDPR. By browsing the Website and/or subscribing to and using our Services, you consent to the collection, storage, processing, and use of your data by VRM as described in this Privacy Policy. If you do not wish us to collect your personal data, we invite you not to access the Website and not to register or use our Services. You may withdraw your consent to the data processing that concerns you at any time. In this case, you will no longer be able to access the Website or register or use our Services.

In our capacity as data controller, we collect the following VRM Data: • The data you provide to us: o First and last name; o Country, language of communication; o The Organization for which you work; o Phone number and email address; o Encrypted username and password used to identify you on the Website; • Certain data relating to your use of and navigation on the Website: frequency and intensity of use, number and duration of your connections; • Certain data relating to your use of our Services: frequency and intensity of use, number and duration of your connections; • Data automatically collected on the Website: these are cookies, which are files placed on your device when you access the Website. You have full control over how cookies are stored on your device, by configuring your internet browser. You can delete these cookies. In our capacity as processor, we collect Client Data on behalf of your Organization, including: - Your identity (first and last name); - The sound of your voice when you use the Services; - The transcription of your voice when using the Services; - Your contact information (email address, telephone number); - Any personal data stated by Users (and meeting participants) when using the Services. Your Organization has access to tools to control and manage the Client Data via an online module called the “back office.” For further information, please contact your Organization.

We collect your VRM Data for the following purposes: • For people browsing the Website: • To manage and improve your access to and navigation on the Website; • To generate statistics and metrics on the Website’s traffic; • For Users: • To manage and improve our Services; • To manage your subscriptions to the Services; • To generate statistics and usage metrics of the Services; • To carry out marketing operations, such as sending newsletters. In our capacity as processor, we collect Client Data on behalf of your Organization. Your Organization collects Client Data in particular to make it easier to take notes during meetings and other gatherings by automatically transcribing and summarizing them with artificial intelligence. For more information on the purposes of this collection, we invite you to contact your Organization and to consult the data processing charter for data collected on behalf of your Organization at the following address: https://www.upmeet.ai/subcontracting-charter/ .

We collect and process your VRM Data on the following legal grounds: • They are necessary to allow your access to and navigation on the Website; • They are necessary for the provision of our Services; • They are necessary for us to comply with our legal obligations. For further information on the legitimate interest pursued by your Organization when collecting your Client Data, we invite you to contact your Organization and to consult the data processing charter for data collected on behalf of your Organization at the following address: https://www.upmeet.ai/subcontracting-charter/ .

The retention period varies depending on the nature of the VRM Data collected: Retention Period for VRM Data • Data provided when registering on the Platform. - In the case of a free trial registration on the Platform: 3 years from the date of data collection. - In the case of registration on the Platform under an access agreement concluded with your Organization: 5 years from the end of the agreement with your Organization. • Data related to Website traffic measurement obtained via cookies: 6 months • Identification documents provided as part of the exercise of your rights related to the collection and processing of your data: 12 months • Data retained as part of our tax obligations: 10 years The retention period for Client Data is determined by your Organization. For more information, we once again invite you to contact them.

We do not share your personal data with third parties for commercial purposes. As a strict exception, we share your Client Data with processors that provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR. Your Organization may share Client Data with third parties. For more information, we invite you to contact your Organization.

Your personal data are stored within the European Union with trusted providers with whom we have concluded agreements guaranteeing an adequate level of protection.

You have extensive rights related to the collection and processing of your personal data. We are particularly committed to respecting these rights, which you can exercise at any time. You have the following rights: • Right of access: you may view the personal data we have collected about you. • Right to rectification: if your data are inaccurate, you may ask us to correct them. • Right to erasure (right to be forgotten): you may request the deletion of data that are not necessary for your access to the Website and your use of the Services. If your data are no longer necessary for the purposes mentioned above, you may also request that we delete those data. • Right to restriction of processing: you may exercise this right if you believe the data concerning you are inaccurate, or if you need them for the establishment, exercise, or defense of a legal claim. If you exercise this right, your data will be retained but can no longer be used. • Right to data portability: you may retrieve all your data in a structured, commonly used, and machine-readable format. You may then keep them or transfer them to any other person of your choice. • Right to object: you may object to certain processing of your personal data, such as receiving our newsletter. You can exercise this right directly from your personal area. • Right to determine the fate of your data after your death: you may tell us whether you wish your data to be retained, deleted, or disclosed to a third party of your choice.

Concerning VRM Data, you can send us an email at the following address: rgpd@upmeet.ai . Concerning Client Data, you can contact your Organization directly. You may also send us an email at the following address: rgpd@upmeet.ai. We will do our best to respond to your request, in our capacity as your Organization’s processor, and will then apply its instructions. Finally, you have the option to lodge a complaint with the CNIL (French Data Protection Authority) by email, postal mail, or directly on the cnil.fr website.

We take the utmost care to protect the security, confidentiality, and integrity of your personal data. To this end, we have adopted appropriate technical and organizational measures to ensure a level of security appropriate to the risk. In particular, we use TLS encryption for communications between the Services and the servers hosting your data. Stored data (your personal data and your meetings) are encrypted using the AES-256 encryption method. Concerning the security of Client Data, we invite you to contact your Organization.