Your privacy is essential to us. At Actionable, we are committed to protecting your personal data, complying with applicable regulations, and ensuring transparency regarding its processing.

The purpose of this Personal Data Protection Policy (the "Policy") is to explain how we collect, use, and share your personal data during your visit to our website (https://actionable.live/ hereinafter referred to as the "Website") and your use of our platform accessible through the Website (hereinafter referred to as the "Platform"), as well as the rights you have in this regard.

When this Policy refers to "we" or "our," it means Actionable, a simplified joint-stock company with its registered office at 4 Rue Piroux in Nancy (54000), registered with the Nancy Trade and Companies Register under number 985 066 760, which determines the purposes and means of processing your personal data.

We are the "data controller" of your personal data. We process your personal data in compliance with applicable regulations, including Regulation (EU) 2016/679 (General Data Protection Regulation, known as the "GDPR") and the amended French Data Protection Act No. 78-17 (Loi « Informatique et Libertés »).

Personal Data We Collect and Process

We collect information about you, as described below, either directly from you or indirectly through (i) your device, (ii) your use of the Website and the Platform, (iii) the form on our Website, and/or (iv) third parties.

The types of information we collect and process may include, depending on the individuals concerned:

Website Visitors

• Data related to your device and connection, including: IP address, browser type, information about the device used, duration, and number of visits to the pages of the Website.

When you fill out our contact form:

• Identification and contact details, namely your first name, last name, phone number, and email address.

• Data provided by you in the free-text field of the form.

Platform Users

• Data related to your device and connection, including: IP address, browser type, information about the device used, duration, and number of visits to the pages of the Platform.

• Identification and contact details, namely your first name, last name, phone number, and email address.

• Data provided in free-text fields (forms, chat, etc.).

• Platform identification data.

Prospects

• Professional identification and contact details, namely your first name, last name, job title, employer, phone number, and email address.

The collection of data is limited to the information necessary to achieve the purposes described below.

Purposes of Processing and Legal Basis

We process your personal data for the purposes and on the legal bases described below:

Website Visitors

[Contractual Obligation | Legitimate Interest]

• Management of access and security of the Website

• Monitoring Website usage to improve the user experience

• Provision of a Chat & Support solution

Platform Users

[Contractual Obligation | Legitimate Interest]

• Creation of user profiles

• Monitoring Platform usage and improving services

• Assistance

Prospects

[Legitimate Interest]

• Commercial Prospecting

• Newsletters

Website Visitors, Platform Users & Prospects

[Legitimate Interest | Legal and Regulatory Obligations]

• Protecting our information systems

• Preparing or implementing any corporate reorganization, including in the form of a sale, merger, acquisition, or transfer of business or assets

• Complying with our legal and regulatory obligations

We will strive to keep the personal data in our possession up to date. However, you are responsible for promptly informing us of any changes to your personal data.

Disclosures to Third Parties

To achieve the purposes described above, we may disclose your personal data, in compliance with data protection regulations, to the following recipients:

• Our internal departments: Your data may be shared with our internal teams for contract management and IT monitoring purposes.

• Our business partners and service providers: We may engage or rely on other companies to perform specific functions on our behalf. These entities are subject to contractual and legal obligations to protect your privacy and maintain the confidentiality of your data.

Finally, to comply with legal and regulatory obligations, we may also share your personal data with public organizations, judicial or administrative authorities, and regulatory bodies.

Data Retention Period

Your personal data is retained for as long as necessary to achieve the purposes for which it was collected.

To determine the appropriate retention period for your personal data, we consider the quantity, nature, and sensitivity of the personal data, the potential risks associated with unauthorized use or disclosure, the purposes for processing your personal data, and our legal obligations. After this period, your personal data will be deleted or archived in compliance with legal and regulatory requirements.

Technical and Organizational Security Measures

We implement appropriate technical and organizational security measures, including: secure storage, password protection, secure token-based authentication, robust password policies with periodic renewal, regular reviews of access authorizations, access attempt limitations in case of failures, access and incident traceability, regular data backups, encryption of sensitive data (including on mobile devices), antivirus software and firewalls, regular business continuity and disaster recovery tests, penetration testing, automatic locking of inactive sessions, physical locks, and more, to ensure an appropriate level of security relative to the risks associated with the processing and the nature of the personal data to be protected.

Access to personal data is restricted to authorized employees solely for the purpose of performing their professional duties, and they are bound by confidentiality obligations. Regular awareness sessions are conducted to reinforce a culture of data protection among our employees.

Additionally, when engaging subcontractors who may access your data, we carefully evaluate their data protection guarantees. Contracts with these providers include specific clauses on security and confidentiality, and we may conduct audits or inspections to ensure their compliance with their commitments.

Data Location

The recipients of your data are located within the European Union and the United States.

These transfers are carried out in accordance with GDPR requirements, including the implementation of appropriate safeguards such as standard contractual clauses approved by the European Commission.

Your Rights

You have the following rights:

• Right of Access: You may request access to the personal data we hold about you and certain information about how it is processed. In some cases, and upon your request, we may provide you with an electronic copy of your data.

• Right to Rectification: You may request the correction of any inaccurate or incomplete personal data concerning you. You must demonstrate how such information is incorrect.

• Right to Restriction of Processing: In certain circumstances, processing may be restricted. You can make this request at any time, and we will decide how to proceed.

• Right to Object: You may object to any processing based on our legitimate interest, for reasons related to your particular situation.

• Right to Erasure: In certain circumstances, you may request the deletion of your personal data. If we determine, in accordance with the law, that your request is valid, we will delete your personal data as soon as possible.

• Right to Data Portability: In certain circumstances, you may request that we provide your personal data in a commonly used, machine-readable format. If technically feasible, you may also request that we transfer your data to another data controller.

• Right to Provide Instructions for Post-Mortem Data Management: You have the right to define instructions regarding the retention, deletion, and communication of your personal data after your death.

Some of these rights will only apply under certain circumstances. You can exercise these rights:

• By contacting dpo@actionable.live ; or

• By postal mail (although not mandatory, we recommend using registered mail for better tracking): Actionable, 4 Rue Piroux, Nancy 54000, France

When contacting us to exercise your rights, we may ask you to verify your identity before processing your request.

You also have the option to file a complaint regarding the processing of your personal data with the competent data protection authority: the Commission Nationale de l’Informatique et des Libertés (CNIL).

Policy Changes

Policy ChangesThis Policy may be updated periodically to reflect changes in our practices or regulatory requirements. You will be informed of any substantial changes through the updated publication of this Policy on our Website or by any other appropriate means.