Climate School Privacy Policy

Last Update: 06/01/2022

AXA Climate respects your privacy and ensures that all personal data is processed in accordance with the applicable laws and regulations on data privacy, notably the General Data Protection Regulation n°2016/679 (hereinafter the “GDPR”). This privacy policy (hereinafter the “Policy”) applies to the collection, use and disclosure of your Personal Data (as defined below) by AXA Climate collected through the EdApp platform available at:  https://www.edapp.com (hereinafter the “EdApp Platform”) when you access and use the Climate School and/or Online Courses.

By accessing the Climate School and/or Online Courses, you acknowledge that you have read and agreed to the collection and use of your personal data in accordance with this Policy.

You should read this policy carefully to ensure that you are fully informed about what personal data we hold about you and how we use it. The Policy supplements (but remains autonomous from) the privacy policy of the EdApp Platform, available at: https://www.edapp.com/privacy-policy.

The capitalized terms used in this Policy have the same meaning as in our Terms of Use.  

In this context, “Personal Data” means any information relating to an identified or identifiable natural person (a “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

For the purposes of this Policy, as a Data Subject and User of the EdApp Platform, you shall be hereinafter referred to as ‘’You’’/“Your”. AXA Climate, a French simplified joint-stock company (“société par actions simplifiée”) registered with the Paris Trade and Companies Register under the number 493.363.378, acts as a Data controller in the processing of Your Personal Data (i.e. it determines the purposes and means of the processing).

1. What are our commitments?

We process all your personal data in accordance with the terms of this Policy and in compliance with applicable laws and regulations. In particular, we are committed to ensuring that the Personal Data we collect is:
-       processed ina fair, lawful, and transparent manner
-       used inaccordance with the purposes for which it was collected
-       stored insuch a way as to ensure its security and confidentiality, updated as regularly as possible.

2. What personal data do we collect, for which purpose and for how long?

No personal data is collected without your knowledge, is processed for purposes of which you have not been informed nor is retained for a period exceeding what is necessary in light of the processing purpose at stake. We collect and process the following personal data when you access and use the Climate School and/or Online Courses as follows:

3. Do we share your personal data?

As part of our processing activities, we might communicate your personal data to the following categories of recipients:
-       Other entities of the AXA Group and this communication is covered by AXA Group BCR (Binding Corporate Rules) available on the website www.axa.com
-       Our suppliers, service providers, agents and contractors assisting us in meeting the purposes identified herein (e.g. IT service providers hosting your personal data on our behalf, our legal counsels, etc.)
-        Competent courts, public authorities, government bodies and law enforcement forces (in particular, where we must respond to legal or regulatory requests). In this case, We undertake, as far as possible, to notify you (unless we are not authorized to do so in view of any legal, regulatory or judicial obligations which may be incumbent on us).

In any event, and disregarding the recipient at stake, we communicate your personal data on a strict need-to-know basis and only to the extent necessary for meeting the processing purposes identified in this Policy. We always ensure that appropriate technical and organizational security measures have been taken.

4. Do we transfer your personal data outside the EEA?

For the purpose of the processing activities detailed herein, and for the storage of your personal data by EdApp, We might transfer your personal data outside the European Economic Area (“EEA”), including to countries which are not regarded bythe European Commission as ensuring an adequate level of data protection.

In this respect, we have implemented appropriate safeguards to ensure that the level of protection applied to your personal data is not altered by such transfers. Such safeguards consist in: (i) the execution of the new model of standard contractual clauses based on the models issued by the European Commission in the aftermath of the SchremsII decision (EUCJ, Case C-311/18)  ; and (ii) the implementation of Binding Corporate Rules when We transfer Yourpersonal data to entities of the AXA Group.

You can obtain copies of theseappropriate safeguards by sending an email to Our Data Protection Officer (“DPO”),whose contact details are specified below in Section 8 (How can You contactUs?) below.

5. How do we keep your personal data secure?

We are committed to ensuring the security of Your personal data. To keep Your personal data secure, We have implemented technical and organizational measures designed to protect Your personal data against the risk of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Your personal data. We review such measures on a regular basis to check that they remain adequate and relevant to secure Your personal data. When We engage a third party (including our service providers) to collect or otherwise process Personal Data on Our behalf, the third party will be selected carefully and required to use appropriate security measures to protect the confidentiality and security of Personal Data.

6. What are Your rights in relation to Your personal data?

As a Data Subject, You benefitfrom various rights in accordance with the applicable data protectionlegislation, and notably the GDPR, as follows:
- You have the right to request access to Your personal data as well as to request rectification or erasure thereof (whenever possible).
- You are also entitled to request the restriction of the processing carried out with Your personal data or to object to such processing.
- You can request the portability of Your personal data; You will then be provided with a copy of Your personal data in a structured, machine-readable,and commonly used format.
- Where the processing of Your personal data is based on Your consent, You have the right to withdraw that consent at any time.
- You have the right to specify guidelines on the use of Your personal data after Your death.

However, please note that some of the above-mentioned rights are subject to particular requirements resulting from the applicable data protection legal framework. As a result, if Your particular case does not meet the legal requirements to do so, We will not be able to let You exercise the concerned right.

You can exercise Your rights by contacting Our DPO with the contact details specified in Section 8 (How can You contact Us?). In this regard, Your request to exercise your rights must include your name, first name and email address. You should also specify the address to which the reply should be sent.

We will provide you with a response within one (1) month upon receipt of Your request, unless there are particular circumstances.  As part of Our response to Your request, You may be asked to provide further information to confirm Your identity and/or to facilitate locating the Personal Data associated to Your request. In any event, please note that You are entitled to lodge a complaint with the French Data Protection Authority (the “CNIL”) in the event You consider that the processing activities We carry out with Your personal data are unlawful.

7. Updates to the Policy

We will update this Policy from time to time, notably in response to new legal, technical or business developments. When We make any material change to this Policy, We will  measures to inform You accordingly, for example by email and/or by posting a prominent notice on the pages of the Climate School prior to the changes become effective. We will then update the effective date at the top of the Policy.

8. How can you contact us?

Should You have any questions or requests regarding the processing activities We carry out with Your personal data under this Policy, including the exercise of Your rights detailed above, please feel free to contact Us at: privacy.axaclimate@axa.com.