Nown Control
Privacy Policy
Effective Date: 10 June 2026
What is the purpose of our Privacy Policy?
Nown SAS, which manages the Nown Control platform, places great importance on the protection and confidentiality of your personal data, which we view as a mark of our commitment to integrity and trust.
As such, our Privacy Policy clearly demonstrates our commitment to ensuring that Nown SAS complies with applicable data protection regulations, and more specifically, with the General Data Protection Regulation (“GDPR”).
In particular, our Privacy Policy aims to inform you about how and why we process your personal data in connection with the services we provide to you.
Who is our Privacy Policy intended for?
Our Privacy Policy applies to you, regardless of your place of residence, provided that you are at least 18 years old and are a user of our Nown Control platform.
If you are under the legal age specified above, you are not authorized to use our services without the prior and explicit consent of one of your parents or the holder of parental authority, which must be sent to us via email at privacy@nown.co.
If you believe we hold personal data about your children without your consent, please contact us at the dedicated address listed above.
Why do we process your personal data, and on what legal basis?
We process your personal data primarily for the following reasons:
- To use and benefit from our service and all its features in accordance with our Terms of Service.
- To manage user accounts (e.g., account creation, access to the service, and account deletion) based on our Terms of Use.
- To verify the accuracy of the information provided during your registration based on the performance of the contract.
- To post comments regarding the management of your files based on our Terms of Service.
- To communicate with our support team via our chat/chatbot in accordance with our Terms of Service.
- To receive our technical emails (e.g., password changes, etc.) based on our legitimate interest in ensuring the security of your account and providing you with the information necessary for the proper functioning of the service.
- To download and import documents onto our platform based on our Terms of Service.
- To ensure and enhance the security and quality of our services on a daily basis (e.g., statistics, data security, etc.) based on our legal obligations, our Terms of Service, and our legitimate interest in ensuring the proper functioning of our services.
Your data is collected directly from you as soon as you become a user of our Nown Control platform, and we commit to processing your data only for the reasons described above.
What personal data do we process, and for how long?
We have summarized below the categories of personal data and their respective retention periods:
- Professional identification data (e.g., last name, first name, job title, company, etc.) and contact information (e.g., email address and work phone number, etc.) are retained for the entire duration of service provision, plus the applicable statutory limitation periods, which are generally 5 years.
- Email address used to receive our technical messages is retained until your account is deleted.
- Connection data (e.g., logs, IP address, etc.) retained for a period of 1 year.
- Images and photographs are retained until your account is deleted.
Upon expiration of the applicable retention periods, the deletion of your personal data is irreversible, and we will no longer be able to provide it to you after this period. At most, we may only retain anonymous data for statistical purposes.
Please also note that in the event of a dispute, we are required to retain all data concerning you for the entire duration of the case, even after the retention periods described above have expired.
What rights do you have to control the use of your personal data?
Applicable data protection regulations grant you specific rights that you may exercise at any time and free of charge to control how we use your data.
- The right to access and obtain a copy of your personal data, provided that such a request does not conflict with trade secrets, confidentiality, or the secrecy of correspondence.
- Right to rectify personal data that is inaccurate, outdated, or incomplete.
- The right to object to the processing of your personal data when such processing is based on our legitimate interest, unless there are legitimate and compelling reasons that justify such processing and override your interests, rights, and freedoms.
- Right to request the erasure (“right to be forgotten”) of your personal data that is not essential to the proper functioning of our services.
- Right to restrict the processing of your personal data, which allows you to document the use of your data in the event of a dispute regarding the legitimacy of such processing.
- Right to data portability, which allows you to retrieve a portion of your personal data in order to easily store or transfer it from one information system to another.
- Right to provide instructions regarding the disposition of your data in the event of your death, either directly by you, through a trusted third party, or through a beneficiary.
For a request to be considered, it must be submitted directly by you or your representative to privacy@nown.co.
Requests cannot be made by anyone other than you or your representative. We may therefore ask you to provide proof of identity if there is any doubt regarding the identity of the requester, as well as proof of representation.
We will respond to your request as soon as possible, with a maximum response time of one month from receipt, unless the request is technically complex or we receive a large number of requests at the same time. In such cases, the response time may be up to three months.
Please note that we may refuse to respond to any excessive or unfounded request, particularly if it is repetitive in nature.
Who has access to your personal data?
Your personal data is processed by our teams and our technical service providers for the sole purpose of operating our service.
We would like to clarify that we vet all our technical service providers before hiring them to ensure that they strictly comply with applicable data protection regulations.
FURTHERMORE, WE GUARANTEE THAT WE NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR BUSINESS PARTNERS.
Can your personal data be transferred outside the European Union?
The personal data processed by our Nown Control platform is hosted exclusively on servers located within the European Union.
Furthermore, we do our utmost to use only technical tools whose servers are also located within the European Union. If this is not the case, we ensure that they implement the appropriate safeguards required to guarantee the confidentiality and protection of your personal data.
How do we protect your personal data?
We implement the following technical and organizational measures to ensure the security of your personal data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration, or disclosure.
| Technical security measures | Organizational security measures |
|---|---|
| Password database separate from user credentials (front-end), Encryption of user passwords (front-end), Encryption of user passwords (back-end), Automatic user account logout (front-end) after a period of inactivity, Automatic user account logout (back-end) after a period of inactivity, Two-factor user authentication (back-end), Complex passwords required for users (back-end) upon login, Encryption of the "users" database at rest and in transit, HTTPS protocol, Access logging, Complex passwords for Nown SAS team devices, Duplication of the user database on backup servers, Encryption at rest and in transit, RLS, authentication, PII stripping. | Access badges, Information Systems Charter, Authorization and Password Management Policy, Data Breach Management Procedure, Data Subject Rights Management Procedure, Code of Conduct, Team awareness and training twice a year, Access controls, role-based permissions, onboarding/offboarding, principle of least privilege, etc. |
Do we use cookies when you browse our platform?
We guarantee that we do not use any advertising or statistical cookies in the operation of our platform.
We only use technical cookies necessary for the proper functioning of our platform, which we recommend you do not disable and which do not require a cookie banner.
However, if you still wish to object to their use, you can adjust your browser settings by following these instructions: Chrome, Microsoft Edge, Safari, Firefox, and Opera.
Who can you contact for more information about the use of your personal data?
To best ensure the protection and integrity of your data, we have officially appointed an independent Data Protection Officer (“DPO”) with our supervisory authority.
You can contact our DPO at any time, free of charge, at privacy@nown.co to obtain more information or details about how we process your data.
How can you contact the CNIL?
You may contact the “Commission nationale de l’informatique et des libertés” (CNIL) at any time using the following contact information: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07, or by phone at 01.53.73.22.22.
Can the Privacy Policy be modified?
We may modify our Privacy Policy at any time to adapt it to new legal requirements as well as to new data processing activities we may implement in the future.