Privacy Policy

Unaite is committed to protecting your personal data and respecting your privacy. This policy describes how we collect and process personal data in connection with the Unaite website, our events, and our member content administration tools. It is written to be read alongside our Terms of Service.

We aim to keep data collection to a minimum. We only collect what we need to run the website, organise our events, and manage our content, and we do not sell your personal data.

Unaite is a federation of student societies dedicated to artificial intelligence, based in Paris, France. For the purposes of the General Data Protection Regulation (GDPR) and French data protection law, Unaite acts as the data controller for the personal data described in this policy, except where a third-party platform acts as the controller for data you provide directly to it.

You can reach us about any privacy matter at contact@unaite.fr.

This policy covers personal data we handle through the Unaite website and the services connected to it. Where our events or pages rely on a third-party platform, that platform processes your data under its own privacy policy, and we point you to it in the relevant section below. This policy does not apply to any other website or service that we do not operate.

Depending on how you interact with us, we may collect the following categories of personal data:

• Event interest data. When you sign up to be notified about an event through a form on our site, we collect your email address, and, where you choose to provide it, your name, together with the record of your consent and the date of sign-up.
• Event registration data. When you register for an event hosted on a third-party platform, the information you give to that platform, such as your name, email, and any responses to its questions.
• Submission data. Information you provide when you submit material to a program, such as your name, affiliation, contact details, and the content of the submission itself.
• Member account data. For members with access to the content administration area, the account information held by our authentication provider, such as your name, email address, profile image, and sign-in activity.
• Contact data. Information you include when you email us or otherwise get in touch.
• Technical data. Limited technical information that our hosting and infrastructure providers process to deliver and secure the site, such as IP address, browser type, and request logs.

Many of our events are managed and hosted on Luma, a third-party event platform. When you view an event page, register, or buy a ticket on Luma, you interact directly with Luma, and Luma collects and processes your personal data as a controller under its own terms.

Because that data is collected by Luma rather than by us, we ask you to read Luma’s privacy policy to understand how it handles your information. When an event runs, we receive from Luma the attendee information needed to organise and follow up on the event, and we use that information only for that purpose.

Separately, where we offer a “notify me” form on our own pages, the email and optional name you enter are collected by us and stored as described in this policy, so that we can let you know when the relevant event or program opens.

Parts of the site are reserved for members who administer Unaite content. Access is gated in two layers: authentication is handled by a third-party identity provider, and access to the dashboard is then granted manually by an administrator. We mirror a small set of profile fields from the identity provider into our database to manage access and display who is signed in.

• We process member account data to verify identity, control access, and operate the content administration tools.
• Event interest sign-ups collected through our forms are stored in our database and are visible only to activated members inside the administration area. They are not exposed publicly.
• Member access can be granted, limited, or revoked by an administrator at any time.

We use personal data to:

• Operate, maintain, and secure the website.
• Organise our events and let you know when an event or program opens, where you have asked to be notified.
• Review and process submissions you send to a program.
• Manage member access and the administration of our content.
• Respond to your messages and requests.
• Comply with our legal obligations and protect our rights and the rights of others.

Under the GDPR, we rely on the following legal bases:

• Consent, when you tick the box to let us contact you about events and to process your data for that purpose. You can withdraw consent at any time.
• Legitimate interests, in running and securing the website, organising our events, and managing our content, where those interests are not overridden by your rights.
• Performance of a request, when we process a submission or respond to a message at your initiative.
• Legal obligation, where the law requires us to process or retain certain data.

We share personal data with a limited number of trusted service providers that process it on our behalf, under contracts that require them to protect it. These include:

• Vercel, which hosts and serves the website.
• Clerk, which provides authentication for the member area.
• Supabase, which provides the database where event interest sign-ups and member access records are stored.
• Luma, which hosts our events, as described above, acting as an independent controller for the data you give it.
• Form and email providers that we use to receive submissions and messages.

We do not sell your personal data, and we do not share it with third parties for their own marketing.

The website is hosted by Vercel Inc. As part of delivering the site, Vercel processes technical data such as IP addresses and request logs on our behalf. You can find more detail about Vercel’s data practices in its own privacy documentation.

We keep personal data only for as long as we need it for the purposes set out in this policy, or for as long as the law requires. Event interest sign-ups are kept until you ask us to delete them or until they are no longer relevant. Submission data is kept for the duration of the relevant program and a reasonable period afterwards. Member account records are kept while access is active and removed after access ends, subject to any legal retention requirement.

Some of our service providers are located outside the European Economic Area. Where personal data is transferred outside the EEA, we rely on appropriate safeguards, such as the European Commission’s standard contractual clauses or an adequacy decision, so that your data remains protected.

Subject to the conditions in the GDPR, you have the right to:

• Access the personal data we hold about you.
• Ask us to correct inaccurate or incomplete data.
• Ask us to delete your data.
• Restrict or object to our processing of your data.
• Receive your data in a portable format.
• Withdraw your consent at any time, without affecting processing that took place before withdrawal.

To exercise any of these rights, email us at contact@unaite.fr. You also have the right to lodge a complaint with a supervisory authority. In France, this is the Commission Nationale de l’Informatique et des Libertés (CNIL).

The Unaite website itself does not use advertising or tracking cookies. Our authentication provider sets the cookies that are strictly necessary to keep members signed in to the member area, and our hosting provider may use cookies that are essential to deliver and secure the site. Third-party platforms such as Luma set their own cookies when you visit their pages, under their own policies.

We take reasonable technical and organisational measures to protect personal data against loss, misuse, and unauthorised access. Access to the administration area is restricted and gated, and the list of event sign-ups is not publicly readable. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

The Service is not directed at children below the age of digital consent. We do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us so that we can delete it.

We may update this policy from time to time. When we do, we will change the “last updated” date at the top of this page, and we will announce material changes through the Service where appropriate. We encourage you to review this page periodically.

If you have any questions about this policy or about how we handle your personal data, please contact us at contact@unaite.fr.