Book a demo
Demo
Demo
Demo
How it works
Solutions
Smart Dashboard
Consulting
Integration
Customer
Smart Answer AI Help Center
Smart Agents AI Agents
Consultants
Smart Knowledge AI advisor knowledge base
Smart Copilot AI Copilot Advisor
Our technology
Empowering your customers
Help Center
Decision trees
Context-sensitive help box
Deploying an AI chatbot
Pre-sales AI chatbot
Chatbot IA SAV
Supporting your advisors
Knowledge base
Chatbot AI
Keeping knowledge up to date
Knowledge manager
Knowledge AI Assistant
Our integrations
Safety on our platform
Customers
Resources
Resources center
Webinars
Press
Blog
FREN
Green rectangles on a white background with subtle gray accents and a circular design element.
LEGAL PAGES

Privacy policy

Added on 09/09/2025

1. Who are we?

The present Charter informs you of Smart Tribune's commitments regarding the protection of personal data.

In the context of the personal data processing described in this document, Smart Tribune (whose legal name is JCS WEB), a simplified joint stock company located at 19 rue du quatre Septembre 75002 Paris, acts as Data Controller.

As Smart Tribune is concerned about the protection, respect and confidentiality of your personal data, a dedicated email address has been set up for any request you may have on this subject: rgpd@smart-tribune.com

2. What Personal Data is processed and for what purposes?

2.1 Type of personal data collected

Smart Tribune Solutions are designed primarily for e-commerce sites, and are therefore not intended to collect sensitive data. On the other hand, the Solution has a free input zone and may be required to process sensitive data supplied directly by the visitor. This is why Smart Tribune helps its customers set up safeguards to ensure that only the necessary information is collected.

Smart Tribune nevertheless collects and processes personal data about you and your use of our Services. This data is presented below, by type.

Customer :

  • Civil status,
  • Identification data (last name, first name, company, business details, email address, telephone number....),
  • Financial, billing and payment information (payment, reimbursement),
  • Identifiers, logs,
  • Any other information you share with us in the context of your customer relationship.

Smart Tribune Solution user :

  • Data relating to visitors to the customer's website (unique visitor identifier, IP address, technical data, browsing data, etc.).
  • Data relating to chat conversations (conversation content, number of chats, duration, date, response to satisfaction survey if applicable),
  • Data relating to customer employees using the solution (surname, first name, alias, user name, position held with the customer, connection data, logs)
  • Any other information you share with us in the context of your use of the Solution

Prospect :

  • Civil Status
  • Identification data (Last name, first name, job title, email address....)
  • Any other information you share with us in the context of your interest in our Solutions.

Smart Tribune website user :

  • Strictly necessary cookies
  • Functional cookies
  • Performance cookies
  • Marketing cookies.

2.2 Data processing purposes

Smart Tribune processes data for the following purposes:

  • For our customers :
    • Provide the Services requested under the Subscription contract (create, configure and maintain your Smart Tribune Solutions).
    • Assist you in your use of the Services.
    • Contact you to invite you to our webinars, keep you informed of our latest features and developments, send you our newsletter or other commercial communications.
    • Manage our customer relations with you (contracts, invoices....)
    • Handle overdue payments, disputes and pre-litigation, respond to requests from public authorities, combat money laundering and the financing of terrorist activities.
    For Solution users:
    • To create an archive file for legal purposes, in particular for managing litigation and pre-litigation.
    • To provide accurate, reliable services, and to improve them.
    • To create new services and/or functionalities;
    • To create new services involving the use of artificial intelligence models, it being understood that Personal Data may be used to train the artificial intelligence model.
    For our prospects :
    • Contact you for a demonstration of our Solutions and send you commercial communications.
    For Smart Tribune users:
    • Strictly necessary cookies: to ensure the proper functioning of the Services.
    • Functional cookies: to store information you have already entered on the Site and to personalize and optimize your experience on it.
    • Performance cookies: to help us understand how the Services are used and to anonymously report this information.
    • Marketing cookies: to track your use of the Services and help us improve your user experience.

2.3 Legal basis for our processing operations

We only process data if at least one of the following conditions is met:

  • Your consent to the processing operations has been obtained ;
  • The existence of Smart Tribune's legitimate interest, or that of a third party, justifies our implementing the personal data processing concerned;
  • The performance of a contract between you and us requires us to process the personal data concerned;
  • We are bound by legal and regulatory obligations that require the processing of personal data.

3. Sharing your data with third parties

The personal data we collect, as well as those collected subsequently, are intended for us in our capacity as Data Controller.

In connection with the use of the Services, some of your Personal Data may be processed by Third Parties for the purpose of carrying out some of the processing operations listed above. Where we share such data with Third Parties, we take care to work only with companies that protect and secure your Personal Data and comply with applicable law in the same way as we do.

The categories of third parties with whom we may share your data are as follows:

  • Smart Tribune staff (HR, marketing, accounting, etc.);
  • Our subcontractors, who can be of two types:
    • Our suppliers, who process personal data on our behalf, in order to help us provide you with the Services and information that you have requested or that we believe may be of interest to you;
    • Our partners and specialist service providers, including systems integrators, software publishers and developers, to enable them to provide you with the Services you have requested or which they believe may be of interest to you;
  • Credit and fraud prevention agencies, government agencies and departments or any other third parties necessary to meet our legal obligations and protect our business.

If you wish to obtain more information on the conditions of treatment existing between Smart Tribune and its Subcontractors, please refer to Appendix 1.

4. Hosting your personal data

Hosting is on Amazon Web Services, and we also have partnerships with Microsoft Azure, OVH, WPServeur and Hetzner. Data is stored on servers located within the European Union.

In order to perform the Services, we may transfer some of your Personal Data to third-party service providers located or using servers located outside the European Union (the "EU") and the European Economic Area (the "EEA"). In such cases, we take care to :

  • They are located in a country considered to have an adequate level of protection for personal data by the European Commission or,
  • If they are located in the United States or in another country outside the EEA, that they comply with contractual provisions guaranteeing an equivalent level of protection (such as the standard contractual clauses drawn up by the European Commission).

5. Data retention periods

The retention periods we apply to your personal data are proportionate to the purposes for which they were collected. Accordingly, we organize our data retention policy as follows:

  • For customers and suppliers: legal requirements of 5 years plus the duration of the Contract.
  • Accounting documents: 10 years
  • For prospects: 3 years from last exchange
  • Cookies: 13 months from acceptance
  • Newsletters: until unsubscribed
  • For webinars: for the duration of the webinar + 3 years
  • For applicants: 2 years after refusal of application
  • Duration required to meet legal or regulatory obligations to which Smart Tribune may be subject

6. Your rights and how to exercise them

Your rights are set out below. If you have any questions about your personal data or wish to exercise any of your rights, you can contact us directly by email at rgpd@smart-tribune.com, or by post at the following address:  

Smart Tribune, 19 rue du quatre septembre, 75002 Paris

To do so, and in accordance with applicable regulations, you must clearly indicate your first and last name(s), the address to which you wish the reply to be sent, and enclose a photocopy of an identity document bearing your signature.

In principle, you may exercise all your rights free of charge. However, you may be asked to pay a reasonable fee based on administrative costs for any copy of the data you request.

Your right to information

With regard to the right to information, Smart Tribune will not be obliged to respond if you already have the information you are requesting. In any case, you will be informed by return e-mail or by post if Smart Tribune is unable to comply with your requests.

Smart Tribune wishes to inform you that the non-information or modification of your data may have consequences in the processing of certain requests within the framework of the execution of contractual relations and that your request to exercise your rights will be kept for follow-up purposes.

You acknowledge that this information notice informs you of the purposes, legal framework, interests, recipients or categories of recipients with whom your personal data is shared, and of the possibility of data being transferred to a third country or to an international organization.

If we decide to process data for purposes other than those indicated, we will provide you with all the information relating to these new purposes.

Your right to access and correct your data
You have the right to access and correct your personal data.

As such, you have confirmation that your personal data is or is not being processed, and when it is, you have access to your data and information about it:

  • Purposes of processing ;
  • Categories of personal data concerned;
  • Recipients or categories of recipients and international organizations to whom personal data have been or will be disclosed, in particular recipients established in third countries;
  • Where possible, the intended retention period for personal data or, where this is not possible, the criteria used to determine this period;
  • The existence of the right to ask the controller to rectify or erase your personal data, the right to request a limitation of the processing of your personal data, the right to object to such processing ;
  • The right to lodge a complaint with a supervisory authority;
  • Information on the source of the data when it is not collected directly from the data subjects;
  • The existence of automated decision-making, including profiling, and in the latter case, useful information concerning the underlying logic, as well as the importance and expected consequences of this processing for the data subjects.

You may request that your personal data be corrected or completed if it is inaccurate, incomplete, ambiguous or out of date.

Your right to erasure of your data
You can ask us to erase your personal data when one of the following reasons applies:

  • Personal data is no longer required for the purposes for which it was collected or otherwise processed;
  • You withdraw the consent previously given ;
  • you object to the processing of your personal data if there are no legal grounds for such processing;
  • The processing of personal data does not comply with applicable legislation and regulations;
  • Your personal data has been collected in connection with the provision of information society services to children under the age of 16.

However, the exercise of this right will not be possible when the retention of your personal data is required by law or regulation and in particular, for example, for the establishment, exercise or defense of legal claims.

Your right to limit data processing
You may request that we limit the processing of your personal data in the cases provided for by legislation and regulations.

Your right to object to data processing
You have the right to object to the processing of personal data concerning you when the processing is based on the legitimate interests of the controller or when the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

Your right to data portability
Since May 25, 2018, you have had the right to portability of your personal data. The data on which this right can be exercised are the following:

  • Only your personal data, which excludes anonymized personal data or data that does not concern you;
  • Declarative personal data and the personal operating data mentioned above;
  • Personal data that does not infringe the rights and freedoms of third parties, such as those protected by business secrecy.

This right is limited to processing based on consent or on a contract and to personal data that you have personally generated. It does not include derived or inferred data, which are personal data created by Smart Tribune.

Your right to withdraw your consent
When the data processing operations we carry out are based on your consent, you may withdraw it at any time. We will then cease to process your personal data, without affecting any previous operations for which you have given your consent.

Your right to lodge a complaint
You have the right to lodge a complaint with Cnil on French territory, without prejudice to any other administrative or jurisdictional recourse.

Your right to define post-mortem directives
You have the possibility of defining directives relating to the conservation, erasure and communication of your personal data after your death, with a trusted, certified third party responsible for ensuring that the wishes of the deceased are respected, in accordance with the requirements of the applicable legal framework.

CONCLUSION

🤝To summarize, your Personal Data are communicated to us in order to:

  • Subscribe to one of Smart Tribune's solutions,
  • Provide you with the Services requested under the Subscription contract (create, configure and maintain your Smart Tribune Solutions),
  • Assist you in your use of the Services,
  • Invite you to our webinars and other customer events,
  • Contact us to keep you informed of our latest features and developments,
  • To send you our newsletter and other commercial communications,
  • Manage our customer relations with you (contracts, invoices....).

In this context, if you refuse to send us your personal data, we inform you that this refusal will result in the impossibility of carrying out and providing the Smart Tribune Solution (service), participating in the webinar and receiving the newsletter.

Appendix 1: Agreement on the protection of personal data

Preamble
This Appendix applies to the processing of personal data by Smart Tribune and the Subcontractor in the context of the provision by Smart Tribune of a SaaS selfcare service. This document constitutes an independent document intended to define the respective obligations of the Parties in order to ensure compliance with current legislation in terms of personal data processing and respect for privacy.

1. Purpose

The purpose of this appendix is to define the conditions under which the Subcontractor undertakes to carry out the personal data processing operations defined below on behalf of the Data Controller (Smart Tribune) and the Subcontractor's obligations in this respect.

In the context of their contractual relationship, the parties undertake to comply with the regulations in force applicable to the processing of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 applicable since May 25, 2018 (hereinafter, "the European Data Protection Regulation" or "EDPR").

2. Description of the processing being outsourced

The Subcontractor processes, on behalf of the Controller, the personal data required to provide the Solution(s) ordered by the Customer (selfcare services).

> Type of treatment

The types of operations carried out on data include the following: collection, recording, organization, structuring, storage, adaptation, modification, consultation, anonymization, encryption.

> The purpose of processing

The purpose(s) of the processing are: the design of the Solution by the Subcontractor for the Customer.

> Category of persons concerned

The categories of people concerned are:

  • Authorized personnel of the Data Controller. Authorized personnel are understood to mean employees of the Data Controller as well as any natural person mandated by the Data Controller to use the solution or to ensure the implementation of the commercial relationship with the Subcontractor (purchasing, invoicing, project management, etc.).
  • End Users (i.e. the customer's websites using the Solution/application)

> Type of personal data

The personal data processed are:

  • For the Data Controller's staff:
    • Civil status,
    • Identification data (last name, first name, company, business details, email address, telephone number....),
    • Identifiers, logs,
    • Any other information shared with us in the context of the customer relationship.
    For users:
  • Data relating to visitors to the customer's website (unique visitor identifier, IP address, technical data, browsing data, etc.).
  • Data relating to chat conversations (conversation content, number of chats, duration, date, response to satisfaction survey if applicable),
  • Data relating to customer employees using the solution (surname, first name, alias, user name, position held with the customer, connection data, logs)
  • Any other information shared with us in the context of your use of the Solution

For the performance of the service covered by this contract, the Data Controller shall provide the Subcontractor with the information specified in the special conditions.

> Treatment duration

Unless otherwise agreed between the Parties, the Processing Period depends on the completion of the Smart Tribune Service (including the duration of the Subscription).

3. Subcontractor's obligations to the Controller

The Subcontractor undertakes to:

  1. Process data solely for the purpose(s) for which it is outsourced.
  2. For the duration of the Contract, to the extent possible, process and host Personal Data in data centers located in the European Union.
  3. Process the data in accordance with the instructions given by the Data Controller in the appendix to this contract.
    1. If the Processor considers that an instruction constitutes a breach of the European Data Protection Regulation or of any other provision of Union or Member State law relating to data protection, it shall immediately inform the Data Controller.
    2. In addition, if the Processor is required to transfer data to a third country or to an international organization under Union law or the law of the Member State to which it is subject, it must inform the controller of this legal obligation prior to processing, unless the law concerned prohibits such information for important reasons of public interest.
  4. To guarantee the confidentiality of personal data processed under this Contract, the Subcontractor will, as far as possible, anonymize and encrypt any data provided by users that has not already been anonymized by the Data Controller.
  5. Ensure that persons authorized to process personal data under this Agreement undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality and receive the necessary training in the protection of personal data.
  6. Take into account the principles of data protection by design and data protection by default for its tools, products, applications and services.
  7. To provide the customer with the assistance and information required to carry out a data protection impact analysis, should this prove necessary.
  8. Subcontracting: the Subcontractor may call upon another subcontractor (hereinafter, "the Subsequent Subcontractor") to carry out specific processing activities.

In any event, the Subcontractor shall remain solely liable to the Data Controller for all obligations resulting from this Appendix.

It is the responsibility of the Processor to ensure that the subsequent Processor presents sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the RGPD. If the Subsequent Processor fails to meet its data protection obligations, the Original Processor remains fully liable to the Processor for the other Processor's performance of its obligations.

The sub-processor remains free to modify the above list, but must inform the Data Controller in advance and in writing of any planned changes concerning the addition or replacement of other sub-processors. This information must clearly indicate the subcontracted processing activities, and the identity and contact details of the subsequent subcontractor.

The Data Controller has a minimum of 8 (eight) calendar days from the date of receipt of this information to present his objections. This subcontracting may only be carried out if the Data Controller has not raised any objections within the agreed period.

4. Subcontractor's obligations

The Subcontractor undertakes to comply with the Regulations and generally to ensure that the Data :

  • Be processed lawfully, fairly and transparently.
  • Collected for specific, explicit and legitimate purposes
  • Be adequate, relevant and limited to what is necessary for the Purposes. The Subcontractor therefore undertakes to anonymize or "pseudonymize" the Data as far as possible within the scope of the Contract.
  • Only be kept, in a form that enables the Data Subjects to be identified, for as long as is necessary for the Purposes pursued. In particular, the Subcontractor undertakes to provide the subsequent Subcontractor, and to keep up to date throughout the duration of the Contract, with all written information and instructions necessary for the performance of the Processing (in particular a precise description of the Purposes, the associated retention periods, the type of Data to be processed, and the categories of Data Subjects).
  • To obtain, where applicable, the consent of the persons concerned for the processing of their Data and to inform them of their right as well as of the fact that the Subcontractor furthermore undertakes, depending on the sector of activity in which it operates, in particular when it is a regulated sector and/or when the Services relate to or implement particular Data within the meaning of the RGPD (such as Health Data, Data of minors), to alert the subsequent Subcontractor to the specific rules applicable to it with regard to the protection and security of the said Data and to provide it with any useful written instructions and documentation to this effect. The same applies if the subsequent Subcontractor is an administration, public institution, organization or other legal entity governed by public or similar law.

The Subcontractor also undertakes to draw up and update, if necessary, a data protection impact analysis, in accordance with CNIL instructions, and to pass it on to the subsequent Subcontractor if the latter so requests.

In addition, if the Subcontractor implements a chatbot, it undertakes to insert a clear and concise warning on the chatbot's home page designed to restrict the entry of sensitive Data by users.

5. Safety measures

The Subcontractor undertakes to ensure the security, integrity and confidentiality of personal data.

As such, it undertakes to design and implement all technical and organizational measures guaranteeing a level of security appropriate to the risk, including, among other things pseudonymization and encryption of personal data means to guarantee the confidentiality, integrity, availability and constant resilience of processing systems and services; the means of restoring availability and access to personal data within an appropriate timeframe in the event of a physical or technical incident; a procedure for regularly testing, analyzing and evaluating the effectiveness of technical and organizational measures to ensure the security of processing.

6. Data subject's right to information

It is the responsibility of the Data Controller to provide information to data subjects at the time of data collection.

7. Exercising individual rights

Data subjects are free to exercise the rights conferred on them with regard to and against the Data Controller. The Parties undertake to cooperate with each other to enable any request to be processed quickly and efficiently, and to be able to respond to the data subject within the statutory period of one (1) month from receipt of the request.

Insofar as possible, the Subcontractor shall assist the Data Controller in fulfilling its obligation to respond to requests to exercise the rights of data subjects (presented in article 6 above).

Where data subjects make requests to the Subcontractor to exercise their rights, and such requests relate solely to processing carried out on behalf of the Data Controller, the latter undertakes to send such requests as soon as they are received, by e-mail, to rgpd@smart-tribune.com.

If the request is made to the Data Controller and the latter is unable to respond without the assistance of the Subcontractor, the Data Controller undertakes to contact the Subcontractor's point of contact as soon as possible.

When the request is made to the Subcontractor and does not specifically concern processing carried out on behalf of the Data Controller, the Subcontractor may reply directly to the data subject without having to inform the Data Controller.

8. Notification of personal data breaches

The Subcontractor shall notify the Data Controller of any personal data breach as soon as possible after becoming aware of it and in the form and content required by the RGPD and in order to enable the Data Controller to notify this breach to the competent supervisory authority. The Data Controller is responsible for informing the data subjects as soon as possible.

9. Data output

At the end of the Subscription, the Subcontractor undertakes, at the option of the Parties :

Destroy all personal data, or

  • Return all personal data to the Data Controller, or
  • Return personal data to the processor designated by the Data Controller.

The return must be accompanied by the destruction of all existing copies in the Subcontractor's information systems.

Should Community law or the law of a Member State require the retention of personal data, the Subcontractor shall inform the Data Controller of this obligation.

The Subcontractor undertakes to provide, at the request of the Data Controller, a certificate of destruction.

10. Keeping the register

The Subcontractor declares that it keeps a written register of all categories of processing activities carried out on behalf of the Controller, including: the name and contact details of the Controller on whose behalf it is acting, of any subcontractors and, where applicable, of the Data Protection Officer; the categories of processing carried out on behalf of the Controller; where applicable, transfers of personal data to a third country or to an international organization, including the identification of such third country or international organization and, in the case of transfers referred to in the second subparagraph of Article 49(1) of the European Data Protection Regulation, documents attesting to the existence of appropriate safeguards.

11. Documentation and auditing

The processor provides the Data Controller with the documentation necessary to demonstrate compliance with all its obligations.

The Data Controller retains the right to carry out an annual audit of the Solution in order to verify the adequacy of the technical and organizational measures implemented by the Subcontractor, subject to notifying its intention within a reasonable period of time (which must not be less than 10 working days), to carry out such an audit during the Subcontractor's working hours.

The costs of the audit are borne by the Data Controller and the Subcontractor will invoice the Data Controller for any human and machine resources required for the audit by the Data Controller.

The results of these audits will be subject to an obligation of confidentiality on the part of both parties.

A man in a dark jacket uses a smartphone, surrounded by green coding symbols and technological devices.
Activate your business knowledge
Start structuring, disseminating and improving your business knowledge.
Book a demo