Privacy Policy

Last updated: January 15, 2025

This Privacy Policy (hereinafter the "Policy") aims to inform you about how KOTTBUSSER II (hereinafter "Baywatch" or "we") collects, uses, stores, and protects your personal data when you use our website, our services, or interact with us.

1. General Information

Website publisher:KOTTBUSSER II, Simplified Joint-Stock Company registered with the Paris Trade and Companies Register under number 891 417 883, with registered office at 49 Rue de Ponthieu, 75008 Paris.

Contact email: contact@baywatch.ai

DPO / GDPR contact email: dpo@baywatch.ai

As a data controller, KOTTBUSSER II must comply with applicable regulations, particularly Regulation (EU) 2016/679 (GDPR) and the amended French Data Protection Act of January 6, 1978.

2. Processing purposes

Baywatch processes your personal data for the following purposes:

2.1 Customer/User Relationship Management

- Respond to your contact, information, or support requests.
- Manage your service registration and administer your user account.

2.2 Administrative Management and Legal Obligations

- Comply with our legal and regulatory obligations (billing, accounting, responses to legal requisitions).
- Prevent and combat fraud, abuse, or any illegal activity.

2.3 Baywatch Platform Features

- Enable automated checks, centralization, and analysis of forms for platform users.
- Send notifications to registered or invited users to enable effective use of Baywatch services.

2.4 Continuous Service Improvement

- Collect and analyze data for continuous improvement of offered features.

3. What Data Do We Collect?

For those purposes, we collect:
- Identification data: name, surname, email address, identifiers.
- Platform usage data: actions performed in Baywatch, activity logs.
- Personal data from verified documents: data contained in forms or documents submitted for analysis by users (e.g., data of insured persons, claimants, third parties).

4. Legal Bases for Processing

- Contract performance: managing users and providing access to the Baywatch platform.
- Legal obligations: meeting regulatory requirements.
- Legitimate interest: security, service improvement, fraud prevention.
- Consent: for electronic communications or certain non-essential analyses.

5. Partners and Processors

To provide our services, we work with the following partners and processors:

Partner	Location	Role
Render, inc	Frankfurt, Germany	Hosting of front-end, back-end services, and application infrastructure
Mistral AI	Sweden	Document and response analysis using artificial intelligence
Microsoft Azure(including OpenAI on Azure)	Azure Sweden Central – 805 91 Gävle, Sweden	Document and response analysis via artificial intelligence. Microsoft guarantees that data is not shared with OpenAI or transferred to the United States. Data is exclusively stored and processed in the EU.
Google Workspace (SMTP)	European Union	Sending email notifications to registered or invited users on the platform, strictly related to Baywatch usage.

We ensure that our partners comply with applicable regulations, particularly GDPR.

6. Retention Periods

- User data: retained while the account is active, then deleted after 3 years of inactivity.
- Personal data from verified documents: retained for a period defined by the Client, by default 4 years, then deleted or anonymized.

7. Your Rights

You have the following rights:
- Access, rectification, erasure: access, correct, or delete your data.
- Portability and objection: request a copy or object to specific processing.
To exercise your rights, contact dpo@baywatch.ai

8. Hosting and Enterprise Plan

- Data hosting: By default, data is hosted on servers located in the European Union, through the partners mentioned above (Render).
- Self-hosting option (Enterprise plan): Enterprise plan users can choose to self-host Baywatch or deploy the platform on a private cloud.

9. Security Measures

- Encryption: data protected at rest (AES-256) and in transit (HTTPS).
- Access control: access limited to authorized staff only.
- No reuse: no data is used to train or improve artificial intelligence models.

10. Transfers Outside the European Union

Baywatch does not transfer personal data outside the European Union. Our partners guarantee compliance for data hosted in the EU, with no transfers to third countries.
For services using OpenAI model on Microsoft Azure; Microsoft guarantees that data is not shared with OpenAI or transferred to the United States.

11. Policy Updates

The Policy may be modified to reflect service evolution or meet regulatory requirements. In case of major changes, we will inform you via a notice on the website.

12. Contact Us

For any questions:
- contact@baywatch.ai (general inquiries)
- dpo@baywatch.ai (personal data inquiries)